Why injection attacks make this evidence gap matter
A remote IDV session doesn't have to defeat liveness detection or document forensics to break the process -- it can bypass the camera entirely. Injection attacks feed a virtual camera, a replayed video, or a synthetically generated face directly into the verification pipeline's input stream, downstream of wherever the platform's detectors actually look. A platform can run flawless liveness and document checks against a feed that was never a real camera capture in the first place, and every detector along the way will report a clean pass, because the injected input was built to satisfy them. The gap isn't detection accuracy: it's that most verification records don't carry independent evidence of where the capture came from, so a downstream reviewer has no way to check the platform's "this was a live camera" claim against anything.
C2PA capture-provenance metadata closes part of that gap when present: a camera or capture app can bind a hard-binding hash and a `c2pa.actions` digitalSourceType assertion to the file at the moment of capture, before an injection attack has any surface to act on. Checking that manifest structurally, separate from and prior to the platform's own detector output, gives a session receipt something to attest beyond "the platform's software said pass."
How the two tools fit together
- Run the camera-provenance check against the capture file's C2PA manifest. The check verifies claim well-formedness and hard-binding hash assertion (reusing the art-123 structural validator), then reads the `c2pa.actions` digitalSourceType assertion to flag whether the source is declared `trainedAlgorithmicMedia` (AI-generated) rather than a live capture. This is a structural read of the manifest as supplied, not a trust-list or chain-of-custody determination about the signer.
- Build the session receipt with the IDV/KYC Session Receipt Builder, feeding it the camera-provenance verdict as the capture-chain field alongside the platform's own declared injection-detection verdict, liveness verdict, document-check digest, and device-signal summary. The builder hash-chains all of it -- session metadata, verifier identity and version, timestamp -- into one tamper-evident receipt, with every verifier-sourced field labeled
asserted.