diff --git a/kbs/src/api/src/attestation/intel_trust_authority/mod.rs b/kbs/src/api/src/attestation/intel_trust_authority/mod.rs
index 7947decf7..7104548ce 100644
--- a/kbs/src/api/src/attestation/intel_trust_authority/mod.rs
+++ b/kbs/src/api/src/attestation/intel_trust_authority/mod.rs
@@ -5,10 +5,12 @@
 use super::Attest;
 use anyhow::*;
 use async_trait::async_trait;
+use base64::{engine::general_purpose::STANDARD, Engine};
 use jsonwebtoken::{decode, decode_header, jwk, Algorithm, DecodingKey, Validation};
 use kbs_types::{Attestation, Tee};
 use reqwest::header::{ACCEPT, CONTENT_TYPE};
 use serde::{Deserialize, Serialize};
+use serde_json::json;
 use std::fs::File;
 use std::io::BufReader;
 use std::str::FromStr;
@@ -23,6 +25,7 @@ struct IntelTrustAuthorityTeeEvidence {
 #[derive(Serialize, Debug)]
 struct AttestReqData {
     quote: String,
+    runtime_data: String,
 }
 
 #[derive(Deserialize, Debug)]
@@ -50,7 +53,7 @@ pub struct IntelTrustAuthority {
 
 #[async_trait]
 impl Attest for IntelTrustAuthority {
-    async fn verify(&self, tee: Tee, _nonce: &str, attestation: &str) -> Result<String> {
+    async fn verify(&self, tee: Tee, nonce: &str, attestation: &str) -> Result<String> {
         if tee != Tee::Tdx && tee != Tee::Sgx {
             bail!("Intel Trust Authority: TEE {tee:?} is not supported.");
         }
@@ -61,9 +64,16 @@ impl Attest for IntelTrustAuthority {
             serde_json::from_str::<IntelTrustAuthorityTeeEvidence>(&attestation.tee_evidence)
                 .map_err(|e| anyhow!("Deserialize supported TEE Evidence failed: {:?}", e))?;
 
+        let runtime_data = json!({
+            "tee-pubkey": attestation.tee_pubkey,
+            "nonce": nonce,
+        })
+        .to_string();
+
         // construct attest request data
         let req_data = AttestReqData {
             quote: evidence.quote,
+            runtime_data: STANDARD.encode(runtime_data),
         };
 
         let attest_req_body = serde_json::to_string(&req_data)