- Integrity via SHA‑256 of canonical JSON payload.
- Authenticity via ECDSA (secp256k1) over HASH.
- Replay mitigation via unique
IDand server‑side dedupe. - Key management: rotation, storage in KMS/HSM.
- Not provided: confidentiality (planned in v2), anonymity.