health.whisper.online · the platform

Your SOC doesn't need another console. Your devices and endpoints need an identity they can prove.

IoMT visibility tools stack up — Claroty, Armis, Ordr, Cynerio, Forescout — each one another dashboard a biomed team babysits, and none of them stops abuse that passes auth: a lifted static key, a mis-scoped FHIR token, a spoofed DICOM AE-Title, a third-party vendor's host that rotates across three clouds. Whisper isn't another console. It's one primitive — the address is the identity — expressed as three planes that plug into the FHIR server, the UDAP trust, and the IoMT platform you already run.

Derive a device or FHIR endpoint's identity once from the key it already holds; name it by the Endpoint.identifier or UDI it already carries; verify it anywhere with dig. That one primitive becomes three planes — identity, an attribution graph that survives IP rotation across organizations, and per-device egress governance — standing on real routable space at AS219419, anchored at the IANA root. Our API is never in the trust path.

whisper verify --trustless — re-derive and check any identity against the IANA DNS root. No account, no Whisper key trusted.

7.44B nodes in the live attribution graph — BGP, DNS, WHOIS, TLS, hosting, threat intel
39.3B fused relationships across that graph
<300ms attribution answers, kept off the hot path
AS219419 our own autonomous system — real routable space
::/32 2a04:2a01::/32 — every identity derives from here
1→3 one primitive, three planes, zero new silos

Everything below derives from one line: the address is the identity.

A routable IPv6 /128 out of 2a04:2a01::/32 (announced by AS219419), deterministically derived from a key, DNSSEC-anchored, DANE-EE pinned, RDAP/WHOIS-registered — re-derivable and verifiable by anyone with dig.

Most healthcare security tooling starts from an observation — a packet on a VLAN, a log line, a source IP — and tries to infer which machine is behind it. That inference is exactly what the industry now admits is broken: an IP can be spoofed, a shared credential lifted, a directory entry stale. Whisper starts from the other end. It gives the thing an identity that is its address, cryptographically bound to a key you already hold, and publicly verifiable without trusting the issuer. Point it at a FHIR endpoint, a PACS node, an infusion pump, or an AI agent, and the question "who is this?" stops being an inference and becomes a fact any relying party can check — even one that never joined your trust community. Three products fall out of that one primitive — not three integrations you wire together, three faces of the same address.

One address, three jobs: who is this, who's really behind that, and what may talk to what.

Identity answers who is this, provably. The attribution graph answers who's really behind a source that rotates — across clouds and across organizations. Egress governance answers what may talk to what. Each plane is useful alone; together they close the gaps every stolen-credential, endpoint-spoofing, third-party-vendor incident leans on.

one address-is-identity primitive, expressed as three planes Identity who is this, provably — the device or endpoint proves it, no one forges it device /128 · DNSSEC · DANE-EE · Endpoint.identifier Attribution graph who's really behind this — operator fingerprint across rotating clouds + organizations identify · origins · walk · history · watch · Cypher Egress governance what may talk to what — every device on its own routable address per-/128 · policy · lookups · firewall · budget · revoke — default-deny THE ADDRESS IS THE IDENTITY AS219419 · 2a04:2a01::/32
Three planes on one primitive. Nothing here is a bolt-on connector — each plane is the same address answering a different question, so the identity, the attribution and the policy all agree by construction.

A device and endpoint identity your systems authorize on — not a claim anyone can present.

This is the plane that closes the gap the whole sector now names out loud: your controllers, EHRs and FHIR APIs authenticate a claim — a token, a shared credential, a static key, a same-VLAN IP — not the machine. Bind authority to the endpoint, not to a secret whoever holds it can replay.

Point the primitive at devices and endpoints. Derive each one's /128 from the key it already holds — a secure element, a TPM, an ISO/IEEE 11073 EUI-64, or the TLS key your FHIR server already presents — with its native identifier as the domain separator: the FHIR Endpoint.identifier, the FDA UDI device identifier from GUDID, or the DICOM AE-Title. The private key never leaves the device; the address is a one-way function of its public half and that identifier. The system then authorizes on the endpoint's pinned identity — a mis-scoped token or a lifted static key with no key behind it authenticates to a name it can't prove.

Device / endpoint key secure element · TPM · 11073 EUI-64 never leaves the device private key sealed public key + device_id /128 2a04:2a01:f41::5a1e routable identity DNSSEC + DANE-EE A name anyone can verify whisper verify --trustless our API not in the trust path op:revoke → gone worldwide at DNS-TTL
The identifier the endpoint already carries — Endpoint.identifier, the UDI, an AE-Title — becomes the public name; the /128 is its cryptographic counterpart, derived from the device's own key. One leaf key per identity; never a shared root; revocable in one call.

"A lifted static key or a mis-scoped FHIR token looks legitimate — how do you catch abuse that passes auth?"

You bind authority to the endpoint, not the bearer. An endpoint that authorizes against its pinned DANE identity rejects a token or a static key that can't prove that identity — the possession of a secret is no longer sufficient. And when a caller enumerates records or rotates egress, the attribution graph names the operator behind it rather than losing it as a meaningless last IP. Honest scope: this hardens who an endpoint trusts and who reached it — it is not an application-layer authz fix for a BOLA bug, which stays yours to patch.

Pin the very cert UDAP already presents — into public DNS, verifiable by anyone.

UDAP is the strongest endpoint-trust mechanism in health IT: its /.well-known/udap signed_metadata asserts that the identifying URI equals the server's {baseURL} and matches a uniformResourceIdentifier in the certificate's SubjectAltName. But that binding is only checkable inside a private community trust anchor — a TEFCA anchor, a state-HIE CA — that a relying party had to be pre-provisioned with. Whisper publishes exactly that binding in the open.

UDAP asserts baseURL == cert SAN URI — but only inside a private community anchor FHIR base-URL https://fhir.example-hdo.org/r4 /.well-known/udap · signed_metadata cert SAN URI = {baseURL} (x5c) Private community anchor TEFCA anchor · state-HIE CA verifiable only if you hold it DNSSEC name + DANE-EE TLSA 3 1 1 — pins the SAME cert published in the open, no anchor to share Any relying party verify --trustless at the IANA root · no community gap closed — baseURL ↔ cert, now publicly verifiable
UDAP asserts baseURL == cert SAN URI privately; Whisper publishes a DNSSEC-signed name and a DANE-EE TLSA 3 1 1 pinning that same certificate — so a relying party outside your community, with no pre-provisioned anchor, verifies the binding against the IANA root. It complements UDAP's DCR and tiered OAuth; it does not replace the community CA.

"UDAP already gives my FHIR endpoint a certificate and a signed metadata document. Why isn't that enough?"

Because that binding is only verifiable inside a private community anchor. UDAP's URI-SAN model is genuinely good — but you trust whichever community CA you were configured with, revocation is CRL/OCSP scoped to that community, and a partner outside it has nothing to check against. Whisper keeps UDAP's assertion intact and re-publishes it as a DANE-EE record under DNSSEC, so it becomes universally verifiable and independently revocable at DNS-TTL. A second, orthogonal proof — additive, never a replacement.

A per-identity leaf, not a shared root. Each /128 carries its own DANE-EE-pinned leaf — one key per device, per endpoint, per agent. There is no issuing intermediate whose compromise mints look-alikes, and no shared secret an attacker steals once to forge a fleet. Compromise one PACS node and you've compromised that node — the single-CA-breach failure mode that has burned this industry before is removed by construction.
The identifier is the public index — the /128 is its cryptographic counterpart. An Endpoint.identifier, a UDI, an AE-Title is a known, structured string flowing through directories; that's useful for discovery but it isn't a secret. The /128 is bound to the device's key and that identifier, so the identifier alone yields nothing: you cannot go device_id → /128 without the key, there is no enumerable directory, and RDAP/reverse-DNS return the registry object, never the device's whereabouts. Because the derivation is tenant-bound, the same device under two organizations yields two unrelated /128s — no one can link a unit across HDOs.
Honest about where the key lives. An identity is only as forge-proof as the key behind it. A modern FHIR server or a device with a TPM or secure element gets a hardware-rooted, mutually-verifiable /128. A legacy or end-of-life device that can't present a key still gets a governed /128 — reachability control, cross-org attribution, and one-call revocation — the L3 segmentation and kill-switch the HIPAA Security Rule NPRM asks for, even where a hardware-rooted proof isn't possible. We say which you're getting; we never imply an unpatchable pump is suddenly cryptographically sealed.

Attaches to what you already ship — UDAP, SMART on FHIR, TEFCA/QHIN trust, IEEE 802.1AR / 11073 device keys, secure elements — as the publicly verifiable, DNSSEC/DANE-anchored layer on top. No bespoke CA trust store to push to every device; revocation at DNS-TTL instead of CRL/OCSP scoped to one community. Standards & compliance mapping →

Attribution that survives IP rotation — and crosses the organization boundary your IoMT console can't.

This is the plane that closes the other gap: the attacker — often a compromised third-party vendor — who rotates across Amazon, Google and Azure or a residential-proxy swarm until your investigation only ever logs a meaningless last IP, and whose reach spans organizations no single hospital's sensor can see.

A live internet-infrastructure graph — 7.44B nodes and 39.3B relationships of fused BGP, DNS, WHOIS, TLS, hosting and threat intelligence, answering in under 300 ms — pulls two levers, kept honestly separate. For cloud rotation it clusters shared ASN, hosting and certificate lineage into one infrastructure genealogy. For a residential-proxy swarm — where a subscriber IP gives an infra graph nothing to grab — a JA4/JA3 client fingerprint travels with the tooling regardless of the exit and collapses the swarm to one operator. The egress IP is the one thing this plane never relies on.

"When a compromised vendor's host rotates residential proxies and fresh cloud IPs, can you actually attribute it — or just rate-limit an IP and move on?"

Track them. Infrastructure genealogy collapses the cloud rotation; a JA4 client fingerprint collapses the residential swarm. This matters most where your own sensor's vantage stops, the organization edge: a large share of healthcare breaches originate with a third-party vendor, and a graph that spans the whole internet sees the operator your console never will. Every answer returns a reproducible, replayable JSON evidence chain your SOC, your auditors and OCR can hand around.

identify(ip)

Who really operates a host — even behind a CDN, across any cloud, across any organization.

origins(prefix) + walk(node,depth)

Cluster rotating IPs into one infrastructure genealogy.

history / watch

A timeline of an operator and a standing sentinel — plus variants(domain) to catch typosquat HIE / portal domains before they activate.

read-only Cypher

Express "one source touching N distinct FHIR-endpoint identities in a window" as a query your agent runs — not a ticket your analyst files.

Additive to the IoMT platform and SIEM — the same fingerprints power external attack-surface mapping and third-party dependency blast-radius (if a clearinghouse or a cloud region goes dark, which of your exchange partners lose access). Trace the full back-trace →

Govern what each device may reach — and see who's checking it — before the attack lands.

An identity you can prove is also an identity you can watch and fence. Because every device and endpoint resolves through Whisper's own authoritative DNS and RDAP, the owner sees exactly who looked, governs precisely what each unit may talk to, and can cut a compromised one off worldwide in one call — the L3 segmentation the HIPAA NPRM demands, even for the agentless devices a NAC can't touch.

Who checked this endpoint is a query

op:lookups returns who resolved or RDAP-queried a device's identity — an early warning that someone is enumerating your fleet or fishing your FHIR directory, not a post-mortem after exfil.

Govern what each device may reach

A graph-first resolver and source-bound egress enforce default-deny per device — allow the FHIR server and the OTA/update endpoint, block everything else, by name or subdomain. Agentless devices get an L3 policy where a NAC agent won't install.

Per-device firewall, budget, kill-switch

op:firewall allow/deny by host, cidr or port; op:budget caps a device's traffic; op:revoke cuts a compromised unit off worldwide in one call — no re-imaging, no truck-roll.

Non-repudiable telemetry

sign-outputs binds a device's telemetry or a study's provenance to its forge-proof /128, so a clinician, a registry and an auditor trust the data came from the real device — not a spoofed AE-Title.

Behind all three sits two servers, one truth: ns1 and ns2 answer identically over anycast on AS219419, and resolution is graph-first — policy is applied before any answer leaves. There is no inline clinical chokepoint and no single node in the path; if a node is slow, the other serves, and the identity checks degrade to your existing anchors rather than failing a device closed.

The same address-is-identity primitive that governs a compromised pump also governs the AI agents your clinical and revenue-cycle teams are about to run — per-agent /128, per-agent logs, default-deny egress, one revoke. From day one.

The three planes drop into the systems you already run — at the endpoint and IP boundary, never inside the clinical bus.

Whisper anchors the endpoint and the cloud, not the plug. Each row below is a proposed integration onto a system you already operate — the device-identity /128 (derive it from the device's public key with any of these identifiers as device_id) is the one capability that is shipped and live today; the typed per-standard flows are proposed. Every one is additive: it complements whatever authenticates the message, and it never reaches into the closed clinical layers — HL7v2 on the wire, unauthenticated DICOM C-STORE between same-segment nodes, the intra-hospital VLAN.

Surface / standard you run Where a plane plugs in — identity /128 · attribution graph · egress governance Complements — does not replace
UDAP (SSRAA / FAST Security IG) Identity. DANE-pin the very certificate your /.well-known/udap signed_metadata presents (SAN URI = {baseURL}) into DNSSEC — so any relying party verifies the base-URL↔cert binding outside your community, with no pre-provisioned anchor. Complements UDAP DCR & tiered OAuth — Whisper anchors the baseURL↔cert binding publicly, does not replace the community CA.
FHIR Endpoint resource + TEFCA / RCE Directory Identity + attribution. A per-endpoint /128 makes Endpoint.address self-verifying; the RCE / NDH directory entry becomes cross-checkable against the address instead of trusted blindly — an answer to ONC FAST's "no authoritative source, no way to verify who is asking." Complements the endpoint directory & QHIN trust — Whisper anchors the address, does not run a new directory.
Device key — TPM / secure element · ISO/IEEE 11073 · shipped & live Identity. Derives the routable /128 from the non-exportable key; the 11073 EUI-64 maps onto the IPv6 interface-id by RFC 4291, so the device's existing hardware identity becomes its address — no new identifier minted — published as a DANE-verifiable, RDAP-registered name. Complements the hardware birth-certificate — makes an otherwise un-routable, un-discoverable key globally resolvable and revocable.
FDA UDI (GUDID) + your IoMT inventory Identity + egress governance. device_id = the UDI DI already in labeling + GUDID → identity keyed to the regulatory ID; bridged through your MDS2 asset inventory (Medigate/Claroty, Armis, Ordr, Cynerio) as the join, with L3 egress governance for devices that can't take a NAC agent. Complements the visibility platform — consumes the UDI + inventory, does not replace discovery, DPI or vuln scoring.
SMART on FHIR (App Launch / Backend Services) Attribution + egress governance. Bind a Backend-Services client's egress to its own /128; attribute the caller across rotating egress; keep a per-app egress log — which app phoned where becomes an audit trail keyed to identity. Complements OAuth2 / asymmetric client auth — which authorizes the caller; Whisper anchors the transport and the operator identity.
DICOM AE-Title → IP mapping (PACS · WADO/QIDO/STOW-RS) Identity. Today the AE-Title→IP map is "set at install by installation personnel," manual and unauthenticated; a DANE-pinned /128 makes that mapping DNSSEC/DANE-verifiable, surfaced in FHIR as Endpoint.connectionType=dicom-*. Complements PS3.15 TLS — never touches the unauthenticated C-STORE between same-segment nodes; it anchors the endpoint, not the intra-LAN exchange.

Read together, these are the doors TEFCA and the coming HIPAA Security Rule asset-inventory and segmentation asks force you to open and account for — while FDA §524B makes provable device identity and a machine-readable inventory a market-entry gate for the makers. Whisper is the doorway that knows who walked through and can shut it on one — per-/128 egress logs and the attribution graph become ready-made monitoring and forensic evidence. Compliance mapping →

Five things you can't stand up overnight — and a competitor can't clone from a slide.

A platform is only as durable as what sits underneath it. Whisper's three planes rest on five load-bearing pillars, each a real, checkable fact rather than a claim on a roadmap.

what a point solution can't replicate AS219419 our own AS + real routable 2a04:2a01::/32 RPKI-signed — can't hand out space you don't hold The graph 7.44B nodes, years accreted BGP·DNS·WHOIS ·TLS·JA4 — not spun up overnight Per-identity CA one leaf per device / endpoint — no shared root compromise one device, not the fleet RDAP · WHOIS every /128 a real registered object · did:web public account- ability, not a self- asserted claim DNSSEC anchored at the IANA root — not at us our API is never in the trust path FIVE LOAD-BEARING PILLARS — ONE PLATFORM
None of these is a feature you configure — they're properties of real address space, an accreted graph, and open, root-anchored standards. That's the difference between a platform and a console.

Real routable space, not a namespace we invented

AS219419 and 2a04:2a01::/32 are announced to the global routing table and RPKI-signed. You cannot allocate verifiable identities from address space you don't hold and can't announce — which is why this can't be reproduced with a database and a domain.

A graph you accrete, not one you query once

7.44B nodes and 39.3B relationships of BGP, DNS, WHOIS, TLS, hosting and threat intel, built over years. Attribution across rotation — and across organizations — is only as good as the history behind it, and history is the one thing you can't buy this afternoon.

A per-identity CA, so blast radius is one

One deterministically-derived leaf per device, endpoint or agent — DANE-EE pinned, never a shared intermediate. The single-CA-breach failure mode that has burned this industry before is removed by construction, not by policy.

Registry-anchored — every /128 a real object

Every /128 is a real RDAP/WHOIS object with a did:web document — public accountability, not a self-asserted claim. Ownership history, geofeed and the transparency log are all queryable, so who holds an identity is a matter of record, not our say-so.

Root-anchored — our API is never in the trust path

The whole chain validates through DNSSEC to the IANA root — the same anchor your own resolver already trusts, not a Whisper key. whisper verify --trustless checks an identity without trusting Whisper: if we vanished tomorrow, an already-issued proof still verifies. That's the line between a trust anchor you run and a vendor you depend on.

"Health-security vendors come and go. Will you still be here in five years, and is this real or a checkbox?"

It's infrastructure, and it's built by people who ran the internet's plumbing. Real routable address space at AS219419, run by a team that operated one of the internet's regional address registries and one of its root DNS servers. The moat is real space, an accreted graph and open standards — not a slide. You can verify every claim on this page yourself, today, without an account.

Exercise all three planes yourself — our API isn't in the trust path.

Two tiers, by design. No key: verify a device or endpoint's identity — the identity plane, trustless, anchored at the IANA root. Your key: back-trace a suspicious host across any cloud, register a device keyed to the UDI or Endpoint.identifier it already carries, govern its egress, revoke it worldwide.

identity — no key · attribution — one API call
# plane 1 — re-derive and verify any FHIR endpoint's identity, trustless
$ whisper verify --trustless 2a04:2a01:f41::5a1e
  ✓ DNSSEC chain valid to the IANA root
  ✓ DANE-EE (TLSA 3 1 1) leaf matches the endpoint cert
  ✓ RDAP: registered under AS219419 · 2a04:2a01::/32
  identity: VERIFIED — and our own API was never trusted

# the address is the endpoint — reverse DNS names it by its FHIR Endpoint.identifier
$ dig -x 2a04:2a01:f41::5a1e +short
  endpoint-2-16-840-1-113883.fhir.example-hdo.whisper.online.

# plane 2 — with your key, attribute who really operates a host via the public graph API
$ curl -s https://graph.whisper.security/api/query -H "X-API-Key: whisper_live_xxx" \
    -H 'content-type: application/json' -d '{"query":"CALL whisper.identify(\"34.90.x.x\")"}'
  operator:  <fingerprinted> · seen across AWS / GCP / Azure
  residential swarm collapsed by JA4: same tooling, 41 exit IPs → 1 operator
identity + governance — with your key
# plane 1 — give a device/endpoint a name it can prove, keyed to the id it already carries
$ export WHISPER_API_KEY=whisper_live_xxx
$ curl -s https://graph.whisper.security/api/query -H "X-API-Key: $WHISPER_API_KEY" --data-urlencode "q=CALL whisper.agents({op:'connect', args:{tier:'wireguard',
       identity_public_key:'<base64 SPKI of the endpoint key>',
       device_id:'2.16.840.1.113883.3.72.5'}})"   # device_id = FHIR Endpoint.identifier (or the FDA UDI DI)
  → identity 2a04:2a01:f41::5a1e   DNSSEC + DANE live
# plane 3 — govern what it may reach, see who checked it, then revoke it
$ whisper policy set --default deny --allow fhir.example-hdo.org,udap.example-hdo.org
$ whisper lookups --identity 2a04:2a01:f41::5a1e   # who enumerated this endpoint — a recon tripwire
$ whisper revoke 2a04:2a01:f41::5a1e   # worldwide, at DNS-TTL — no re-imaging

Three planes, and all three exit into the stack you already run — not a new silo.

Feeds your SIEM, not another console

A machine-readable feed into your SIEM: the Splunk, Microsoft Sentinel and OpenCTI connectors ship today. Findings map to CEF and ECS fields and arrive as a signed, replayable JSON evidence chain you can hand OCR or an insurer — STIX 2.1 over TAXII export on the roadmap.

Speaks your compliance language

Direct support for the HIPAA Security Rule asset-inventory, network-map and segmentation asks and §164.312(a)/(b)/(d) entity authentication; substance for an FDA §524B security architecture and postmarket CVD; maps to EU MDR 17.4 and IEC 62443 FR1/IAC. Usable in the SPDF and a HIPAA audit, not just a dashboard. See the map →

In your auth path — and safe there

If your endpoint authorizes against the DANE/verify path, that plane is built to fail open: a Whisper outage never bricks a device or blocks clinical exchange — checks degrade to your existing anchors. No inline clinical chokepoint; anycast on AS219419, two servers one truth, no single node in the path.

Nothing issued in the dark

Every identity mint and every revoke lands in a public, append-only RFC 6962 Merkle transparency log, Ed25519-signed and anchored to Bitcoin via OpenTimestamps — an auditable issuance trail for OCR, an insurer, or an FDA CVD. Honest status: tamper-evident today; independent witnessing is the next step. GDPR-compatible via salted commitments and erase-the-salt.

One identity fabric, every device

Derived from the key already in the device — no second PKI, no BOM cost, no re-flashing the fielded fleet. Whether it's an infusion pump, a PACS node, or a FHIR endpoint, it's one verifiable /128 you and a QHIN can both check. See the comparison →

A vendor that will still be here

Real routable address space (AS219419), run by people who ran the internet's regional address registry and operated one of its root DNS servers. POC → pilot → enterprise, keyless to start. Flat, per-device pricing you can forecast. See pricing →

One primitive. Three planes. Give every device and endpoint an identity it can prove.

Identity, an attribution graph that survives IP rotation across organizations, and per-device egress governance — additive to your FHIR/UDAP trust and your IoMT platform, mapped to your standards. Keyless to try, one call to provision, one more to revoke.

Or run whisper verify --trustless right now.