Any product that turns human telemetry into an AI claim — a wearable readiness score, an AFib flag, a recovery number, a blood-pressure estimate, a remote-monitoring alert, a clinical endpoint — is making a statement about a person's body. None of them can prove the reading came from a real on-body sensor, on the real person, in an unspliced stream, read by the stated model. PPR is that proof — signed with ML-DSA-65 (FIPS 204), verifiable offline by a regulator, a court, or a plaintiff's expert.
You keep the data. We keep the proof. We never see a heartbeat.
Across the industry, products moved from raw metrics to AI-generated conclusions in under two years — and the regulators moved with them. When any product says something about someone's body, the first question in the audit, the FDA letter, or the courtroom is the same: prove this came from a real sensor on the real person, and prove nobody edited it.
AI health coaches, readiness and recovery scores, arrhythmia flags, blood-pressure estimates, remote-monitoring alerts — across consumer wearables and clinical devices alike, an AI conclusion about the body is now the product, not the raw metric.
Regulators are now challenging the claim, not the sensor. Recent public examples include an FDA warning letter to a major wearable maker over a blood-pressure feature, and a reported product slowdown over safety and regulatory friction. The pattern is industry-wide.
Device attestation proves a sensor booted. It says nothing about whether the stream behind an AI claim was real, on-body, from the enrolled person, and unspliced. That gap is exactly what a challenger attacks — and today no one can close it.
Market context (public reporting): AI health-companion rollout to all members (Business Wire, Mar 2025) · FDA warning letter re a wearable blood-pressure feature (Jul 2025) · Industry response (CNBC, Jul 2025) · A major AI health-coach slowdown (Bloomberg, Feb 2026).
One primitive, four surfaces — wherever human telemetry becomes an AI claim. In every case the device still "passes" its own attestation, but the AI claim is the thing under audit — and PPR is what makes that claim defensible without you ever handing over raw signal.
An LLM reads a member's biometrics and tells them what their sleep, readiness, or stress "means." When that guidance is questioned — by a member, a partner health plan, or a regulator — there is no receipt that the underlying signal was real, on-body, and unspliced.
PPR receipt attached to the claim
"The AI made it up." The inference is bound to a specific capture stream — a fabricated or borrowed-device reading fails at origin/subject.
"You cherry-picked the good nights." The anti-splice chain fails to reconcile if any interval was excised or reordered.
"You quietly swapped a cheaper model." Model identity is committed in; a substitution won't reconstruct.
Verifiable offline by the member and the relying party — same receipt, same verdict. You never ship raw signal.
The moment a feature crosses from wellness into a health measurement — blood pressure, arrhythmia, oxygen — it draws regulatory scrutiny of the claim, not the sensor. The durable question is provenance: for any given insight, can you show the signal was real, on-body, from that person, and unedited — to a regulator, on demand, without exposing raw data?
PPR receipt attached to the claim
Synthetic injection. A fabricated waveform has no valid transducer capture assertion — origin unhealthy.
Replay of an old healthy month. Hive's fresh challenge is absent from the origin commitment.
After-the-fact editing. The output commitment won't reconstruct if the insight was altered post-hoc.
A signed, offline-verifiable receipt is the difference between "trust our pipeline" and "here is the math" in a regulatory exchange.
The moment an AI health agent draws conclusions from first-party telemetry and third-party sources — partner devices, labs, connected apps — the platform owns a provenance problem across an entire ecosystem, not one device. Every inbound stream is a claim someone can dispute.
PPR receipt at the platform edge
Non-possession is architectural. PPR's wall matches a privacy-first posture — sealing is capture-side; Hive (or any attestor) holds no signal, no plaintext, no salt.
Offline + post-quantum. No dependency on an attestor being online; ML-DSA-65 from day one.
Third-party-source safe. The same receipt binds a claim even when data flows in from an external lab or partner device.
The evidence layer that lets a cautious platform ship health AI it can defend.
FDA's decentralized-trials guidance requires that digital-health-technology data be attributable, complete, and integrity-checked — and that missing-data handling be pre-specified. When an AI derives a digital endpoint or an RPM risk flag, the sponsor must show the data came from the enrolled subject, on-body, with no gaps silently filled. Today that's asserted, not proven.
PPR receipt as the endpoint's evidence
Proxy wear. On-body discontinuity → subject binding won't reconstruct (a caregiver or non-subject wearing the device is caught).
Gap-filling / duplication. Sample-count and timestamp collisions break the chain.
Wrong-interval attribution. Claiming an endpoint from a different span fails — the named stream head isn't the head at that range.
Note: PPR proves origin, custody, and continuity — not diagnosis or endpoint correctness. It is the chain-of-custody layer under the science, not the science.
Regulatory context: FDA — Conducting Clinical Trials With Decentralized Elements (final guidance, 2024) · FDA — Digital Health Technologies for Remote Data Acquisition in Clinical Investigations.
The reason wearable teams stall on provenance is fear of central data risk. PPR removes it by construction: non-possession is enforced in CI, not promised in a policy.
Ring / band / Watch / hospital / trial sponsor. Sealing happens here. Nothing raw leaves.
Holds no signal. Cannot open a commitment — the salt never crossed.
No code path evaluates whether the inference is medically correct. PPR proves origin, custody, and continuity — never truth of the conclusion.
On-body presence is discontinuity detection, not identification. We prove continuity of wear, not who you are.
Hive never holds raw signal, plaintext, or salts. Verification is fully offline — zero network calls, enforced in test.
Every inference lives inside a capture epoch, hash-chained. Break any link and verification fails. The capture tier is committed into the origin binding — it cannot be relabeled or oversold.
# O binds sensor origin — the capture tier is committed IN, load-bearing O = commit(capture_tier ‖ device_attest ‖ cert_chain ‖ revocation ‖ measurement ‖ sensor_id ‖ capture_assertion ‖ capture_assertion_sig ‖ firmware ‖ challenge) B = commit(subject_id ‖ on_body_presence ‖ wear_continuity ‖ enrollment) # Sⱼ — the anti-splice chain: each interval commits to its predecessor Sⱼ = commit(interval_commitmentⱼ ‖ t_start ‖ t_end ‖ sample_count ‖ channels ‖ Sⱼ₋₁) I = commit(model_digest ‖ version ‖ quantization ‖ config ‖ interval_range ‖ output_commit ‖ ts) # Kᵢ — recursive continuity across the epoch Kᵢ = commit(O ‖ B ‖ Sⱼ ‖ I ‖ Kᵢ₋₁) Receipt = Sign_MLDSA65(O ‖ B ‖ Sⱼ ‖ I ‖ Kᵢ ‖ epoch_metadata)
interval_commitment and output_commit are computed holder-side with a holder-side salt. The salt never leaves. Hive signs commitments only.
We tell buyers exactly what grade of evidence a receipt carries — because the tier is committed into the origin binding and can't be sold as something stronger. v1 ships one tier and says so plainly.
| Capture tier | What the capture assertion's trust floor actually is | Status |
|---|---|---|
| holder-ingest-signed | The holder's ingest key asserts the signal arrived through the device SDK — not device silicon. Honest floor, and what v1 ships today. | v1 · shipping |
| secure-element-signed | The device secure element signs the capture assertion — a hardware trust floor. Same receipt schema, stronger evidence. The upgrade path for hardware makers (Oura, Whoop, Apple silicon). | the upgrade |
A relying party (health plan, sponsor, regulator) can set a required tier floor and honestly reject anything weaker. A holder-ingest receipt presented as secure-element fails verification. Origin evidence in the reference build is flagged simulated=true until wired to a live device attestation feed — we never fake a receipt.
Measured on-box against the actual primitives. ML-DSA-65 sizes are exactly the FIPS 204 spec. This runs at wearable-fleet scale.
19/19 tests pass in the reference build: 8 failure modes + quantization-swap + happy path + 9 invariants (non-possession CI, offline verify, tier-relabel, no-diagnosis, non-revealing commitments).
PPR is one primitive in a family. Adopt PPR for physiological provenance today, and the same receipt rail extends across every AI decision your product makes — the proof generalizes.
| Primitive | What it proves | Fit for a wearable / health builder | When |
|---|---|---|---|
| PPR — Physiological Provenance Receipt | An inference over biosignal came from a real, on-body sensor, from the enrolled subject, unspliced, read by the stated model. | The core: provenance under every AI health claim, without possessing raw signal. | now |
| SiGR — Signed Inference Guarantee Receipt | A specific model at a specific config produced a specific output — signed, offline-verifiable. | Extends PPR's model-binding to every AI feature you ship, health or not. | now |
| AFiR — Attested Fragmented Inference Routing | Signed routing of an inference across fragments/providers. | Proof survives when your AI calls out to multiple models or vendors. | now |
| R3Pv — Receipt Proof Vector | Groups many signed receipts into one verifiable vector. | Roll a member's month, or a trial cohort, into a single auditable object. | next |
| Media-Origin Receipt | Signed human / AI / hybrid origin for media. | For coaching content, video guidance, and AI-authored member messaging. | next |
| S2S — Silicon-to-Signature | Binds NVIDIA GPU hardware attestation to every inference served on it. | Hardware-rooted tier for the model side, where inference runs in confidential compute. | next |
Get PPR into your health-claim path, and the same receipt discipline — signed, offline-verifiable, post-quantum — reaches everything the product infers.
Pick one AI feature — a readiness score, a BP insight, an RPM flag, a trial endpoint. We wire PPR capture-side, you keep every raw sample, and you walk out with a signed receipt a regulator or a court can verify offline. No raw data leaves your boundary.
PPR — Physiological Provenance Receipt. Patent Pending. Post-quantum signed (ML-DSA-65 / FIPS 204), verifiable offline. Hive never sees a raw physiological sample. You keep your data. We keep the proof.