PPR for Wearables & Human Telemetry · Patent Pending

Your AI reads a heartbeat. Can you prove it was real?

Any product that turns human telemetry into an AI claim — a wearable readiness score, an AFib flag, a recovery number, a blood-pressure estimate, a remote-monitoring alert, a clinical endpoint — is making a statement about a person's body. None of them can prove the reading came from a real on-body sensor, on the real person, in an unspliced stream, read by the stated model. PPR is that proof — signed with ML-DSA-65 (FIPS 204), verifiable offline by a regulator, a court, or a plaintiff's expert.

You keep the data. We keep the proof. We never see a heartbeat.

The wall: the raw physiological signal never leaves your device or your cloud. Sealing happens capture-side, inside your trust boundary. Only commitments and verdicts cross to Hive — never a sample, never an inference plaintext, never a salt. Enforced in CI. So a provenance layer never becomes a new privacy liability.

The health-claim era just made provenance a liability question.

Across the industry, products moved from raw metrics to AI-generated conclusions in under two years — and the regulators moved with them. When any product says something about someone's body, the first question in the audit, the FDA letter, or the courtroom is the same: prove this came from a real sensor on the real person, and prove nobody edited it.

The claims went live

AI health coaches, readiness and recovery scores, arrhythmia flags, blood-pressure estimates, remote-monitoring alerts — across consumer wearables and clinical devices alike, an AI conclusion about the body is now the product, not the raw metric.

The scrutiny arrived

Regulators are now challenging the claim, not the sensor. Recent public examples include an FDA warning letter to a major wearable maker over a blood-pressure feature, and a reported product slowdown over safety and regulatory friction. The pattern is industry-wide.

The proof is missing

Device attestation proves a sensor booted. It says nothing about whether the stream behind an AI claim was real, on-body, from the enrolled person, and unspliced. That gap is exactly what a challenger attacks — and today no one can close it.

Market context (public reporting): AI health-companion rollout to all members (Business Wire, Mar 2025) · FDA warning letter re a wearable blood-pressure feature (Jul 2025) · Industry response (CNBC, Jul 2025) · A major AI health-coach slowdown (Bloomberg, Feb 2026).

What PPR proves for your product

One primitive, four surfaces — wherever human telemetry becomes an AI claim. In every case the device still "passes" its own attestation, but the AI claim is the thing under audit — and PPR is what makes that claim defensible without you ever handing over raw signal.

AI health companions & coaches readiness · sleep · recovery · stress
Provenance for the AI companion
The exposure

An LLM reads a member's biometrics and tells them what their sleep, readiness, or stress "means." When that guidance is questioned — by a member, a partner health plan, or a regulator — there is no receipt that the underlying signal was real, on-body, and unspliced.

PPR receipt attached to the claim

✓ origin — real device sensor, capture path
✓ subject — enrolled member, on-body continuity
✓ stream — intervals unspliced, chain reconciles
✓ model — the stated coaching model + version
What it kills

"The AI made it up." The inference is bound to a specific capture stream — a fabricated or borrowed-device reading fails at origin/subject.

"You cherry-picked the good nights." The anti-splice chain fails to reconcile if any interval was excised or reordered.

"You quietly swapped a cheaper model." Model identity is committed in; a substitution won't reconstruct.

Verifiable offline by the member and the relying party — same receipt, same verdict. You never ship raw signal.

Medical-grade & regulated features BP · AFib · SpO₂ · medical mode
The receipt for a contested claim
The exposure

The moment a feature crosses from wellness into a health measurement — blood pressure, arrhythmia, oxygen — it draws regulatory scrutiny of the claim, not the sensor. The durable question is provenance: for any given insight, can you show the signal was real, on-body, from that person, and unedited — to a regulator, on demand, without exposing raw data?

PPR receipt attached to the claim

✓ origin — real device sensor, fresh Hive challenge
✓ subject — this person, wear-continuity intact
✓ stream — the exact intervals behind the insight
✗ any replay / synthetic / splice → fails loudly
What it kills

Synthetic injection. A fabricated waveform has no valid transducer capture assertion — origin unhealthy.

Replay of an old healthy month. Hive's fresh challenge is absent from the origin commitment.

After-the-fact editing. The output commitment won't reconstruct if the insight was altered post-hoc.

A signed, offline-verifiable receipt is the difference between "trust our pipeline" and "here is the math" in a regulatory exchange.

Health platforms & multi-source AI aggregators · OS health · third-party data
Provenance that scales to a platform
The exposure

The moment an AI health agent draws conclusions from first-party telemetry and third-party sources — partner devices, labs, connected apps — the platform owns a provenance problem across an entire ecosystem, not one device. Every inbound stream is a claim someone can dispute.

PPR receipt at the platform edge

✓ origin — sealed capture-side, per source
✓ subject — bound to the enrolled account holder
✓ stream — continuity across devices + sources
✓ privacy — nothing raw leaves the boundary
Why it fits a platform

Non-possession is architectural. PPR's wall matches a privacy-first posture — sealing is capture-side; Hive (or any attestor) holds no signal, no plaintext, no salt.

Offline + post-quantum. No dependency on an attestor being online; ML-DSA-65 from day one.

Third-party-source safe. The same receipt binds a claim even when data flows in from an external lab or partner device.

The evidence layer that lets a cautious platform ship health AI it can defend.

Clinical / RPM & decentralized trials DCT · digital endpoints · RPM
Data integrity the FDA already asks for
The exposure

FDA's decentralized-trials guidance requires that digital-health-technology data be attributable, complete, and integrity-checked — and that missing-data handling be pre-specified. When an AI derives a digital endpoint or an RPM risk flag, the sponsor must show the data came from the enrolled subject, on-body, with no gaps silently filled. Today that's asserted, not proven.

PPR receipt as the endpoint's evidence

✓ subject-bound — enrolled participant, unspliced
✓ interval-exact — the span behind the endpoint
✓ tamper-evident — chain reconciliation
✓ auditor-verifiable — offline, no raw-data handover
What it kills

Proxy wear. On-body discontinuity → subject binding won't reconstruct (a caregiver or non-subject wearing the device is caught).

Gap-filling / duplication. Sample-count and timestamp collisions break the chain.

Wrong-interval attribution. Claiming an endpoint from a different span fails — the named stream head isn't the head at that range.

Note: PPR proves origin, custody, and continuity — not diagnosis or endpoint correctness. It is the chain-of-custody layer under the science, not the science.

Regulatory context: FDA — Conducting Clinical Trials With Decentralized Elements (final guidance, 2024) · FDA — Digital Health Technologies for Remote Data Acquisition in Clinical Investigations.

A provenance layer that never becomes a privacy problem.

The reason wearable teams stall on provenance is fear of central data risk. PPR removes it by construction: non-possession is enforced in CI, not promised in a policy.

Capture-side sealing · boundary-crossing commitments only

Your trust boundary
Raw biosignal · holder salts · inference plaintext

Ring / band / Watch / hospital / trial sponsor. Sealing happens here. Nothing raw leaves.

▟ THE WALL ▙
commitments +
verdicts only
Hive (attestor)
Signs commitments · issues the receipt

Holds no signal. Cannot open a commitment — the salt never crossed.

Not a diagnosis

No code path evaluates whether the inference is medically correct. PPR proves origin, custody, and continuity — never truth of the conclusion.

Not biometric identity

On-body presence is discontinuity detection, not identification. We prove continuity of wear, not who you are.

Not possession

Hive never holds raw signal, plaintext, or salts. Verification is fully offline — zero network calls, enforced in test.

The five bindings

Every inference lives inside a capture epoch, hash-chained. Break any link and verification fails. The capture tier is committed into the origin binding — it cannot be relabeled or oversold.

# O binds sensor origin — the capture tier is committed IN, load-bearing
O   = commit(capture_tier ‖ device_attest ‖ cert_chain ‖ revocation ‖ measurement
             ‖ sensor_id ‖ capture_assertion ‖ capture_assertion_sig ‖ firmware ‖ challenge)
B   = commit(subject_id ‖ on_body_presence ‖ wear_continuity ‖ enrollment)
# Sⱼ — the anti-splice chain: each interval commits to its predecessor
Sⱼ  = commit(interval_commitmentⱼ ‖ t_start ‖ t_end ‖ sample_count ‖ channels ‖ Sⱼ₋₁)
I   = commit(model_digest ‖ version ‖ quantization ‖ config ‖ interval_range ‖ output_commit ‖ ts)
# Kᵢ — recursive continuity across the epoch
Kᵢ  = commit(O ‖ B ‖ Sⱼ ‖ I ‖ Kᵢ₋₁)
Receipt = Sign_MLDSA65(O ‖ B ‖ Sⱼ ‖ I ‖ Kᵢ ‖ epoch_metadata)

interval_commitment and output_commit are computed holder-side with a holder-side salt. The salt never leaves. Hive signs commitments only.

Honest by construction

We tell buyers exactly what grade of evidence a receipt carries — because the tier is committed into the origin binding and can't be sold as something stronger. v1 ships one tier and says so plainly.

Capture tierWhat the capture assertion's trust floor actually isStatus
holder-ingest-signedThe holder's ingest key asserts the signal arrived through the device SDK — not device silicon. Honest floor, and what v1 ships today.v1 · shipping
secure-element-signedThe device secure element signs the capture assertion — a hardware trust floor. Same receipt schema, stronger evidence. The upgrade path for hardware makers (Oura, Whoop, Apple silicon).the upgrade

A relying party (health plan, sponsor, regulator) can set a required tier floor and honestly reject anything weaker. A holder-ingest receipt presented as secure-element fails verification. Origin evidence in the reference build is flagged simulated=true until wired to a live device attestation feed — we never fake a receipt.

Real numbers

Measured on-box against the actual primitives. ML-DSA-65 sizes are exactly the FIPS 204 spec. This runs at wearable-fleet scale.

413k/s
commit() throughput · 2.4µs each
106k/s
interval sealing · 500 samples + reconcile + chain each
8.8ms
ML-DSA-65 verify · per receipt
3,309B
signature size · pk 1,952 B · FIPS 204

19/19 tests pass in the reference build: 8 failure modes + quantization-swap + happy path + 9 invariants (non-possession CI, offline verify, tier-relabel, no-diagnosis, non-revealing commitments).

The Hive canon — where it helps you now, and where it goes next

PPR is one primitive in a family. Adopt PPR for physiological provenance today, and the same receipt rail extends across every AI decision your product makes — the proof generalizes.

PrimitiveWhat it provesFit for a wearable / health builderWhen
PPR — Physiological Provenance ReceiptAn inference over biosignal came from a real, on-body sensor, from the enrolled subject, unspliced, read by the stated model.The core: provenance under every AI health claim, without possessing raw signal.now
SiGR — Signed Inference Guarantee ReceiptA specific model at a specific config produced a specific output — signed, offline-verifiable.Extends PPR's model-binding to every AI feature you ship, health or not.now
AFiR — Attested Fragmented Inference RoutingSigned routing of an inference across fragments/providers.Proof survives when your AI calls out to multiple models or vendors.now
R3Pv — Receipt Proof VectorGroups many signed receipts into one verifiable vector.Roll a member's month, or a trial cohort, into a single auditable object.next
Media-Origin ReceiptSigned human / AI / hybrid origin for media.For coaching content, video guidance, and AI-authored member messaging.next
S2S — Silicon-to-SignatureBinds NVIDIA GPU hardware attestation to every inference served on it.Hardware-rooted tier for the model side, where inference runs in confidential compute.next

Get PPR into your health-claim path, and the same receipt discipline — signed, offline-verifiable, post-quantum — reaches everything the product infers.

Pilot PPR on one health claim

Pick one AI feature — a readiness score, a BP insight, an RPM flag, a trial endpoint. We wire PPR capture-side, you keep every raw sample, and you walk out with a signed receipt a regulator or a court can verify offline. No raw data leaves your boundary.

PPR — Physiological Provenance Receipt. Patent Pending. Post-quantum signed (ML-DSA-65 / FIPS 204), verifiable offline. Hive never sees a raw physiological sample. You keep your data. We keep the proof.