To authenticate the legitimate user and to improve the trustworthiness of the host and system data, cryptographic verification technique is used. Its two concrete applications are demonstrated in malware traffic detection and keystroke-based bot identification. The malware may issue network calls to send outbound traffic for denial-of-service attacks, spam, which is not user initiated. We first demonstrate provenance verification approach for blocking outbound traffic. This traffic monitoring framework provides a powerful checkpoint which cannot be bypassed. It differentiates legitimate user traffic and kernel level malware traffic. Cryptographic provenance protocol enforces keystrokes integrity by utilizing on-chip Trusting Computing Platform (TPM). It prevents the forgery of fake key events by malware.