diff --git a/Cargo.lock b/Cargo.lock
index cfbac0bc9..cd5519039 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1515,8 +1515,8 @@ checksum = "0688c2a7f92e427f44895cd63841bff7b29f8d7a1648b9e7e07a4a365b2e1257"
 
 [[package]]
 name = "ear"
-version = "0.1.0"
-source = "git+https://github.com/veraison/rust-ear?rev=cc6ea53#cc6ea5318b91f3038e337bdbaad0e9fb0fa2af2a"
+version = "0.1.2"
+source = "git+https://github.com/veraison/rust-ear?rev=43f7f480d09ea2ebc03137af8fbcd70fe3df3468#43f7f480d09ea2ebc03137af8fbcd70fe3df3468"
 dependencies = [
  "base64 0.21.7",
  "ciborium",
@@ -2343,13 +2343,14 @@ dependencies = [
 
 [[package]]
 name = "jsonwebtoken"
-version = "8.3.0"
+version = "9.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6971da4d9c3aa03c3d8f3ff0f4155b534aad021292003895a469716b2a230378"
+checksum = "5c7ea04a7c5c055c175f189b6dc6ba036fd62306b58c66c9f6389036c503a3f4"
 dependencies = [
  "base64 0.21.7",
+ "js-sys",
  "pem",
- "ring 0.16.20",
+ "ring 0.17.7",
  "serde",
  "serde_json",
  "simple_asn1",
@@ -3107,11 +3108,12 @@ checksum = "19b17cddbe7ec3f8bc800887bab5e717348c95ea2ca0b1bf0837fb964dc67099"
 
 [[package]]
 name = "pem"
-version = "1.1.1"
+version = "3.0.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a8835c273a76a90455d7344889b0964598e3316e2a79ede8e36f16bdcf2228b8"
+checksum = "1b8fcc794035347fb64beda2d3b462595dd2753e3f268d89c5aae77e8cf2c310"
 dependencies = [
- "base64 0.13.1",
+ "base64 0.21.7",
+ "serde",
 ]
 
 [[package]]
diff --git a/Cargo.toml b/Cargo.toml
index 90ec327d4..1dd431cb8 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -29,6 +29,7 @@ clap = { version = "4", features = ["derive"] }
 env_logger = "0.10.0"
 hex = "0.4.3"
 kbs-types = "0.5.3"
+jsonwebtoken = "9"
 log = "0.4.17"
 prost = "0.11.0"
 rstest = "0.18.1"
diff --git a/attestation-service/verifier/Cargo.toml b/attestation-service/verifier/Cargo.toml
index 23d6d12ef..3a3a8a882 100644
--- a/attestation-service/verifier/Cargo.toml
+++ b/attestation-service/verifier/Cargo.toml
@@ -12,7 +12,7 @@ az-snp-vtpm-verifier = [ "az-snp-vtpm", "sev", "snp-verifier" ]
 az-tdx-vtpm-verifier = [ "az-tdx-vtpm", "openssl", "tdx-verifier" ]
 snp-verifier = [ "asn1-rs", "openssl", "sev", "x509-parser" ]
 csv-verifier = [ "openssl", "csv-rs", "codicon" ]
-cca-verifier = [ "ear", "veraison-apiclient" ]
+cca-verifier = [ "ear", "jsonwebtoken", "veraison-apiclient" ]
 
 [dependencies]
 anyhow.workspace = true
@@ -29,7 +29,7 @@ codicon = { version = "3.0", optional = true }
 csv-rs = { git = "https://github.com/openanolis/csv-rs", rev = "b74aa8c", optional = true }
 eventlog-rs = { version = "0.1.3", optional = true }
 hex.workspace = true
-jsonwebtoken = "8"
+jsonwebtoken = { workspace = true, default-features = false, optional = true }
 kbs-types.workspace = true
 log.workspace = true
 openssl = { version = "0.10.55", optional = true }
@@ -40,7 +40,7 @@ sev = { version = "1.2.0", features = ["openssl", "snp"], optional = true }
 sgx-dcap-quoteverify-rs = { git = "https://github.com/intel/SGXDataCenterAttestationPrimitives", tag = "DCAP_1.16", optional = true }
 strum.workspace = true
 veraison-apiclient = { git = "https://github.com/chendave/rust-apiclient", branch = "token", optional = true }
-ear = { git = "https://github.com/veraison/rust-ear", rev = "cc6ea53", optional = true }
+ear = { git = "https://github.com/veraison/rust-ear", rev = "43f7f480d09ea2ebc03137af8fbcd70fe3df3468", optional = true }
 x509-parser = { version = "0.14.0", optional = true }
 
 [build-dependencies]
diff --git a/kbs/src/api/Cargo.toml b/kbs/src/api/Cargo.toml
index 0a7ebeae1..bdecc2d1a 100644
--- a/kbs/src/api/Cargo.toml
+++ b/kbs/src/api/Cargo.toml
@@ -32,7 +32,7 @@ cfg-if.workspace = true
 clap = { version = "4.3.21", features = ["derive", "env"] }
 config = "0.13.3"
 env_logger.workspace = true
-jsonwebtoken = { version = "8", default-features = false, optional = true }
+jsonwebtoken = { workspace = true, default-features = false, optional = true }
 jwt-simple = "0.11.6"
 kbs-types.workspace = true
 lazy_static = "1.4.0"
diff --git a/kbs/src/api/src/attestation/intel_trust_authority/mod.rs b/kbs/src/api/src/attestation/intel_trust_authority/mod.rs
index 2c987acb4..f77d51a0a 100644
--- a/kbs/src/api/src/attestation/intel_trust_authority/mod.rs
+++ b/kbs/src/api/src/attestation/intel_trust_authority/mod.rs
@@ -5,12 +5,13 @@
 use super::Attest;
 use anyhow::*;
 use async_trait::async_trait;
-use jsonwebtoken::{decode, decode_header, jwk, DecodingKey, Validation};
+use jsonwebtoken::{decode, decode_header, jwk, Algorithm, DecodingKey, Validation};
 use kbs_types::{Attestation, Tee};
 use reqwest::header::{ACCEPT, CONTENT_TYPE};
 use serde::{Deserialize, Serialize};
 use std::fs::File;
 use std::io::BufReader;
+use std::str::FromStr;
 
 #[derive(Deserialize, Debug)]
 struct IntelTrustAuthorityTeeEvidence {
@@ -101,8 +102,13 @@ impl Attest for IntelTrustAuthority {
 
         // find jwk
         let key = self.certs.find(&kid).ok_or(anyhow!("Find jwk failed"))?;
-        let alg = key.common.algorithm.ok_or(anyhow!("Get jwk alg failed"))?;
+        let alg = key
+            .common
+            .key_algorithm
+            .ok_or(anyhow!("Get jwk alg failed"))?
+            .to_string();
 
+        let alg = Algorithm::from_str(alg.as_str())?;
         // verify and decode token
         let dkey = DecodingKey::from_jwk(&key)?;
         let token = decode::<Claims>(&resp_data.token, &dkey, &Validation::new(alg))