A hardware-based approach entails storing private keys in secure device modules, such as trusted execution environments or dedicated security chips. This architecture makes tampering significantly more difficult, because the private keys never leave the hardware. When an image is taken, a secure process signs its hash using the hardware-based key, embedding an encrypted signature into the metadata. Verifiers, including media outlets or research institutions, would then validate that signature against the corresponding public key released by the manufacturer or a trusted registry.

When authorized institutions exchange information in a closed and verified manner, data protection principles and built-in privacy (privacy by design) are addressed more effectively than in the current system. Users no not need to store, manage, or send sensitive documents through various portals or programs, making this model more user-friendly than today’s fragmented solutions.