Truepic BlogGlossary: The ABCs of Content Authenticity

As the digital content landscape rapidly evolves, so does our lexicon. We created this helpful glossary of terms to help you navigate the ins and outs of content authenticity.

Coalition for Content Provenance and Authenticity

The Coalition for Content Provenance and Authenticity, also known as the C2PA, is an open technical standard providing publishers, creators, and consumers the ability to trace the origin of different types of media.

As the digital landscape continues to fluctuate, emerging technologies have made it easier than ever to distort, alter, falsify, and recontextualize content, allowing for the proliferation of fake news.

The C2PA is spearheaded by Truepic and Arm alongside other industry leaders, and brings together the efforts of the Content Authenticity Initiative (CAI) and Project Origin. By binding together the efforts of these two groups, the C2PA is focused on developing technical specifications for establishing content provenance and authenticity. The specifications will be informed by scenarios, workflows and requirements gathered from industry experts and partner organizations.

This standard will include a framework for storing and sharing information about the origin and history of digital media, as well as technologies for detecting and preventing tampering or modification of the media.

In an age where misinformation is on the rise, taking full advantage of verification tools, such as digital certificates, controlled capture technology, and cryptography, can help establish provenance and protect your business against cyberattack threats.

Content Authenticity Initiative

The Content Authenticity Initiative (CAI) is a consortium of industry partners that was formed to develop standards and technologies for ensuring the authenticity and integrity of digital media.

The CAI was launched in 2019 by Adobe, the New York Times, and Twitter, and has since grown to include other industry partners, such as Truepic, Qualcomm, and Microsoft. Their efforts are unified by the Coalition for Content Provenance and Authenticity (C2PA) and are fully compliant with the technical specifications released in 2022 by the C2PA.

Control Capture™

Control Capture™ is Truepic’s breakthrough digital content authenticity technology that ensures the integrity of digital photos and videos from point of capture. By using cutting-edge proprietary technology, it secures the capture process so that pixel contents and metadata, including date, time, and location, faithfully represent the what, when, and where of the visual reality before the camera.

Controlled capture technology is important for ensuring the authenticity and provenance of digital content, particularly in situations where the media is being used for legal or official purposes.

It uses sensors and other technologies, such as cryptography, to capture media in a controlled environment and stores the media on a local or cloud-based storage system for later review. This helps prevent tampering of the media and verifies that it’s a reliable record of the events or activities being captured.


Cryptography is the practice of sending and receiving information in a way that is secure against malicious third parties.

For example, if you send a confidential e-mail with sensitive information, you want to be sure that only the intended recipient can view that e-mail. Cryptography technologies allow you to communicate securely when in the presence of potential threats. But how does cryptography work?

There are two primary types of cryptography, symmetric and asymmetric.

Symmetric cryptography is the most commonly used form and can be thought of like this: the sender and recipient both have the same key that allows them to access information between them. When you send a message, it is encrypted. When the recipient receives your message, it is decrypted. However, if a third party were to intercept with the key, they will also be able to read the message.

Asymmetric cryptography, also called public-key cryptography, involves two different keys. A public key is sent out for everyone to encrypt the data and send a message, and then a second private key is used to decrypt the received message. Both keys are required to send and receive the message. This offers a higher level of security.

Cryptography aims to enhance confidentiality, data integrity and authentication, especially in a digital age where malware threats, scammers and digital content manipulation are on the rise.

Derived Asset

A derived asset is a version of an original piece of content that has been modified or edited in some way. Derived assets can be created through a variety of methods, including cropping, resizing, and color correction, altering metadata, or by adding or removing elements from the original media file.

These changes can be very subtle and convincing, which can cause issues if these altered assets pass as true. By ensuring the provenance and authenticity of derived assets, you can help prevent the spread of false or misleading content that is difficult to distinguish from real media. Techniques such as digital certificates, hashing, and watermarking can also be used to ensure the integrity of derived assets and help prevent tampering or modification.

Digital Certificate

A digital certificate is an electronic document issued by a Certificate Authority (CA) that uses cryptography to link ownership of a public key to an entity. Digital certificates are used to verify that the public key does in fact belong to the designated entity, and is securely encrypted, whether that be a website, an individual, organization, device, or server.

The secure nature of digital certificates help verify the identity of a user, device, server, website, or entity within an exchange and enables involved parties to send/receive information securely. They are also tamper-resistant, can be traced back to the issuer, contain the IP address or serial number of a device, have an expiration date, and are presented to someone for validation of something.

Digital certificates work through Public Key Infrastructure (PKI), meaning that they utilize key pairs consisting of one private key and one public key. These are used to encrypt and decrypt and verify authenticity among the involved parties.

Because digital certificates bind an individual to a public key, ensuring reliability and authenticity, it is crucial that they are issued by a trusted authority.


Provenance refers to the history and origin of a piece of digital content, including its creation, modification, and distribution. It can include information about the authors or creators of the content, the location and date of creation, and any changes or updates that have been made to the content over time.

Provenance helps us understand the context and reliability of the content, as well as help establish intellectual property rights and attribute credit to the creators. In digital media, provenance can be tracked and recorded using various methods, such as metadata and digital certificates, to ensure the authenticity and integrity of the content.

The content author always has control over whether provenance data is included. Establishing provenance is increasingly important due to the fact that manipulation software is becoming more sophisticated, and metadata can easily be manipulated and provides no proof of origin.

It’s because of this exact challenge that the Coalition for Content Provenance and Authenticity aims, “…to collectively build an end-to-end open technical standard to provide publishers, creators, and consumers with opt-in, flexible ways to understand the authenticity and provenance of different types of media.”

Public Key Infrastructure (PKI)

A public key infrastructure (PKI) is an established framework for managing, distributing, and awarding/revoking digital certificates.

Through PKI, each digital certificate comes with two keys: a public key and a private key. The private key is linked to an entity’s identity and the public key is used to verify that identity. Many organizations rely on PKI to ensure cryptographic security, issuing and governing digital certificates that confirm the identity of people, devices or applications. By assigning identities to the keys, PKI gives users the confirmation required that who they’re interacting with is indeed the intended recipient.

In an age where digital fraud is on the rise, verification methods that use PKI are increasingly effective in authenticating the parties involved with everything from emails to legal documents.


Tamper-evident means that if something has been tampered with, there will be clear evidence that it has been interfered with. You may see this on envelopes or food packaging, but this applies to digital content authenticity as well. Cryptography adds a tamper-evident layer of protection to a document, ensuring that it has not been altered in any way, such as photo manipulation or editing metadata.

This can take the form of digital signatures, hashing, watermarking, and encryption, all of which come with their own specific techniques. This technology can also be used across a variety of digital media formats such as documents, images, audio files, and video.

Request more information