diff --git a/Cargo.lock b/Cargo.lock
index 9570fd1..c698474 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -4267,9 +4267,9 @@ dependencies = [
 
 [[package]]
 name = "ic_tee_agent"
-version = "0.2.15"
+version = "0.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "24c328ef5242737eced5ded80b431929c82857d093e5e582a43c091aa2fdb937"
+checksum = "5a625dcf022f8597bb1111f5ace4c4839fd507ef0ff34b1a4db52b5671f29936"
 dependencies = [
  "axum-core",
  "base64 0.22.1",
@@ -4307,9 +4307,9 @@ dependencies = [
 
 [[package]]
 name = "ic_tee_gateway_sdk"
-version = "0.2.15"
+version = "0.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1203fe8f4c99186f490233556f9df7a211e9969c0d260f7f24c8554751b10c24"
+checksum = "e5d562c1b2bb36a2adc141c9e657bdac585b695c4ccf64e000a18dd65dbc7a3f"
 dependencies = [
  "candid",
  "ciborium",
diff --git a/Cargo.toml b/Cargo.toml
index 802e195..9871a96 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -51,8 +51,8 @@ ic_cose_types = "0.6"
 ic_cose = "0.6"
 ic_object_store = "0.6"
 ic-agent = "0.39"
-ic_tee_agent = "0.2"
-ic_tee_gateway_sdk = "0.2"
+ic_tee_agent = "0.3"
+ic_tee_gateway_sdk = "0.3"
 num-traits = "0.2"
 object_store = { version = "0.10.2" }
 tokio-util = "0.7"
diff --git a/agents/anda_bot/nitro_enclave/amd64.Dockerfile b/agents/anda_bot/nitro_enclave/amd64.Dockerfile
index 6b0dd13..542eeb5 100644
--- a/agents/anda_bot/nitro_enclave/amd64.Dockerfile
+++ b/agents/anda_bot/nitro_enclave/amd64.Dockerfile
@@ -22,7 +22,7 @@ RUN mv linux-amd64/dnsproxy ./ \
 RUN wget -O ic_tee_daemon https://github.com/ldclabs/ic-tee/releases/download/v0.2.14/ic_tee_daemon
 RUN chmod +x ic_tee_daemon
 
-RUN wget -O ic_tee_nitro_gateway https://github.com/ldclabs/ic-tee/releases/download/v0.2.14/ic_tee_nitro_gateway
+RUN wget -O ic_tee_nitro_gateway https://github.com/ldclabs/ic-tee/releases/download/v0.3.0/ic_tee_nitro_gateway
 RUN chmod +x ic_tee_nitro_gateway
 
 RUN wget -O anda_bot https://github.com/ldclabs/anda/releases/download/v0.4.0/anda_bot
diff --git a/agents/anda_bot/src/handler.rs b/agents/anda_bot/src/handler.rs
index 8573561..2c0f168 100644
--- a/agents/anda_bot/src/handler.rs
+++ b/agents/anda_bot/src/handler.rs
@@ -49,7 +49,7 @@ impl AppState {
             Web3SDK::Web3(_cli) => {
                 // verify signature
                 let caller = if let Some(sig) = UserSignature::try_from(headers) {
-                    match sig.verify_with(self.info.id, unix_ms(), verify_sig) {
+                    match sig.verify_with(unix_ms(), verify_sig, Some(self.info.id), None) {
                         Ok(_) => sig.user,
                         Err(_) => {
                             return false;
diff --git a/anda_engine_server/src/handler.rs b/anda_engine_server/src/handler.rs
index eb3f8c8..d898811 100644
--- a/anda_engine_server/src/handler.rs
+++ b/anda_engine_server/src/handler.rs
@@ -8,7 +8,7 @@ use candid::Principal;
 use ciborium::from_reader;
 use ic_cose_types::to_cbor_bytes;
 use ic_tee_agent::{
-    http::{Content, UserSignature, ANONYMOUS_PRINCIPAL},
+    http::{Content, ContentWithSHA3, UserSignature, ANONYMOUS_PRINCIPAL},
     RPCRequest, RPCResponse,
 };
 use serde_bytes::ByteBuf;
@@ -31,7 +31,7 @@ pub async fn get_information(
     headers: http::HeaderMap,
 ) -> impl IntoResponse {
     let caller = if let Some(sig) = UserSignature::try_from(&headers) {
-        match sig.verify_with(app.default_engine, unix_ms(), verify_sig) {
+        match sig.verify_with(unix_ms(), verify_sig, None, None) {
             Ok(_) => sig.user,
             Err(_) => ANONYMOUS_PRINCIPAL,
         }
@@ -57,11 +57,18 @@ pub async fn anda_engine(
     State(app): State<AppState>,
     headers: http::HeaderMap,
     Path(id): Path<String>,
-    ct: Content<RPCRequest>,
+    ct: ContentWithSHA3<RPCRequest>,
 ) -> impl IntoResponse {
     let id = Principal::from_text(&id).unwrap_or(app.default_engine);
+    let (req, hash) = match ct {
+        ContentWithSHA3::CBOR(req, hash) => (req, hash),
+        ContentWithSHA3::JSON(_, _) => {
+            return StatusCode::UNSUPPORTED_MEDIA_TYPE.into_response();
+        }
+    };
+
     let caller = if let Some(sig) = UserSignature::try_from(&headers) {
-        match sig.verify_with(id, unix_ms(), verify_sig) {
+        match sig.verify_with(unix_ms(), verify_sig, Some(id), Some(hash.as_slice())) {
             Ok(_) => sig.user,
             Err(_) => ANONYMOUS_PRINCIPAL,
         }
@@ -69,19 +76,14 @@ pub async fn anda_engine(
         ANONYMOUS_PRINCIPAL
     };
 
-    match ct {
-        Content::CBOR(req, _) => {
-            log::info!(
-                method = req.method.as_str(),
-                agent = id.to_text(),
-                caller = caller.to_text();
-                "anda_engine",
-            );
-            let res = engine_run(&req, &app, caller, id).await;
-            Content::CBOR(res, None).into_response()
-        }
-        _ => StatusCode::UNSUPPORTED_MEDIA_TYPE.into_response(),
-    }
+    log::info!(
+        method = req.method.as_str(),
+        agent = id.to_text(),
+        caller = caller.to_text();
+        "anda_engine",
+    );
+    let res = engine_run(&req, &app, caller, id).await;
+    Content::CBOR(res, None).into_response()
 }
 
 async fn engine_run(