This disclosure provides systems, devices, apparatus, and methods, including computer programs encoded on storage media, to verify packet validity and control packet usage based on centrally stored and locally cached device profiles and usage policies. A processing device may receive, at an encryption tunnel, an unencrypted packet or a previously encrypted packet. The packet is encrypted with a one or more layers of encryption (e.g., C2 and/or C1). The processing device generates a Passport to accompany the packet, where the Passport is a data file including information to validate the packet and control packet usage. The processing device encrypts the Passport and the packet with an additional layer of encryption (C3) that provides a multi-tiered encryption stack for the packet and outputs, from the encryption tunnel, the Passport and the packet encrypted with the additional layer of encryption.