Back to Lens

Trust and Credentials

Guided Trust System

Guided Trust explains credential confidence in plain language so users can decide quickly when capture evidence is strong, limited, or blocked.

Quick read

Green means trusted capture flow is intact. Orange means capture can continue with reduced confidence. Red means signing is blocked until risk is resolved.

Trust states at a glance

Each state maps to a concrete operational condition, not a generic warning color.

Verified

Device time is aligned and Lens can obtain trusted timestamp evidence. This is the strongest routine trust state.

Limited trust

You are offline or blocked from timestamp infrastructure. Capture can continue only when you explicitly accept limited trust.

Blocked

Large clock drift indicates potential spoofing risk. Lens blocks signing until system time is corrected.

Why states change

Lens evaluates a small set of checks in sequence to decide whether signing can proceed.

  1. Step 1

    Secure Enclave key check: signing identity is hardware-bound and non-exportable.

  2. Step 2

    NTP drift check: device time is compared with trusted sources to detect suspicious drift.

  3. Step 3

    TSA availability check: when reachable, Lens anchors captures with RFC 3161 timestamp evidence.