# Your SOC doesn't need another console. Your devices and endpoints need an identity they can prove.

IoMT visibility tools stack up — Claroty, Armis, Ordr, Cynerio, Forescout — each one another dashboard a biomed team babysits, and none of them stops abuse that *passes auth*: a lifted static key, a mis-scoped FHIR token, a spoofed DICOM AE-Title, a third-party vendor's host that rotates across three clouds. Whisper isn't another console. It's one primitive — **the address is the identity** — expressed as three planes that plug into the FHIR server, the UDAP trust, and the IoMT platform you already run.

Derive a device or FHIR endpoint's identity once from the key it already holds; name it by the `Endpoint.identifier` or UDI it already carries; verify it anywhere with `dig`. That one primitive becomes three planes — **identity**, an **attribution graph** that survives IP rotation across organizations, and per-device **egress governance** — standing on real routable space at **AS219419**, anchored at the IANA root. **Our API is never in the trust path.**

`whisper verify --trustless` — re-derive and check any identity against the IANA DNS root. No account, no Whisper key trusted.

**Proof strip:** 7.44B nodes in the live attribution graph (BGP, DNS, WHOIS, TLS, hosting, threat intel) · 39.3B fused relationships · <300 ms attribution answers, kept off the hot path · AS219419, our own autonomous system · 2a04:2a01::/32, every identity derives from here · one primitive, three planes, zero new silos.

---

## The foundation · one primitive

### Everything below derives from one line: the address *is* the identity.

A routable IPv6 **/128** out of `2a04:2a01::/32` (announced by **AS219419**), deterministically derived from a key, DNSSEC-anchored, **DANE-EE** pinned, RDAP/WHOIS-registered — re-derivable and verifiable by anyone with `dig`.

Most healthcare security tooling starts from an observation — a packet on a VLAN, a log line, a source IP — and tries to *infer* which machine is behind it. That inference is exactly what the industry now admits is broken: an IP can be spoofed, a shared credential lifted, a directory entry stale. Whisper starts from the other end. It gives the thing an identity that *is* its address, cryptographically bound to a key you already hold, and publicly verifiable without trusting the issuer. Point it at a FHIR endpoint, a PACS node, an infusion pump, or an AI agent, and the question *"who is this?"* stops being an inference and becomes a fact any relying party can check — even one that never joined your trust community. Three products fall out of that one primitive — not three integrations you wire together, three faces of the same address.

---

## The platform · three planes

### One address, three jobs: who is this, who's really behind that, and what may talk to what.

Identity answers *who is this, provably*. The attribution graph answers *who's really behind a source that rotates — across clouds and across organizations*. Egress governance answers *what may talk to what*. Each plane is useful alone; together they close the gaps every stolen-credential, endpoint-spoofing, third-party-vendor incident leans on.

| Plane | The question it answers | What it exposes |
|---|---|---|
| **Identity** | who is this, provably — the device or endpoint proves it, no one forges it | device /128 · DNSSEC · DANE-EE · `Endpoint.identifier` |
| **Attribution graph** | who's really behind this — operator fingerprint across rotating clouds + organizations | `identify` · `origins` · `walk` · `history` · `watch` · Cypher |
| **Egress governance** | what may talk to what — every device on its own routable address | per-/128 · policy · lookups · firewall · budget · revoke — default-deny |

All three rest on one base: **the address is the identity** — AS219419 · 2a04:2a01::/32.

---

## Plane 1 · identity

### A device and endpoint identity your systems authorize on — not a claim anyone can present.

This is the plane that closes the gap the whole sector now names out loud: your controllers, EHRs and FHIR APIs authenticate a *claim* — a token, a shared credential, a static key, a same-VLAN IP — *not the machine*. Bind authority to the endpoint, not to a secret whoever holds it can replay.

**Point the primitive at devices and endpoints.** Derive each one's /128 from the key it already holds — a secure element, a TPM, an ISO/IEEE 11073 **EUI-64**, or the TLS key your FHIR server already presents — with its native identifier as the domain separator: the **FHIR `Endpoint.identifier`**, the **FDA UDI** device identifier from GUDID, or the DICOM **AE-Title**. The private key never leaves the device; the address is a one-way function of its public half and that identifier. The system then authorizes on the endpoint's *pinned identity* — a mis-scoped token or a lifted static key with no key behind it authenticates to a name it can't prove.

**Identity pipeline:** device/endpoint key (secure element · TPM · 11073 EUI-64, private key never leaves) → public key + `device_id` → routable **/128** (`2a04:2a01:f41::5a1e`) → DNSSEC + DANE-EE → a name anyone can verify (`whisper verify --trustless`, our API not in the trust path). One `op:revoke` → gone worldwide at DNS-TTL.

> **"A lifted static key or a mis-scoped FHIR token looks legitimate — how do you catch abuse that passes auth?"**
>
> You bind authority to the endpoint, not the bearer. An endpoint that authorizes against its *pinned* DANE identity rejects a token or a static key that can't prove that identity — the possession of a secret is no longer sufficient. And when a caller enumerates records or rotates egress, the attribution graph names the operator behind it rather than losing it as a meaningless last IP. *Honest scope:* this hardens who an endpoint trusts and who reached it — it is not an application-layer authz fix for a BOLA bug, which stays yours to patch.

### The highest-leverage move · anchor UDAP publicly

**Pin the very cert UDAP already presents — into public DNS, verifiable by anyone.**

UDAP is the strongest endpoint-trust mechanism in health IT: its `/.well-known/udap` `signed_metadata` asserts that the identifying URI *equals the server's `{baseURL}`* and *matches a `uniformResourceIdentifier` in the certificate's SubjectAltName*. But that binding is only checkable inside a *private community trust anchor* — a TEFCA anchor, a state-HIE CA — that a relying party had to be pre-provisioned with. Whisper publishes exactly that binding in the open: a DNSSEC-signed name for the base-URL host and a DANE-EE `TLSA 3 1 1` record pinning that *same* certificate. Now a relying party outside your community, with no pre-provisioned anchor, verifies the base-URL↔cert binding against the IANA root. It complements UDAP's DCR and tiered OAuth; it does not replace the community CA.

> **"UDAP already gives my FHIR endpoint a certificate and a signed metadata document. Why isn't that enough?"**
>
> Because that binding is only verifiable inside a private community anchor. UDAP's URI-SAN model is genuinely good — but you trust whichever community CA you were configured with, revocation is CRL/OCSP scoped to that community, and a partner outside it has nothing to check against. Whisper keeps UDAP's assertion intact and re-publishes it as a DANE-EE record under DNSSEC, so it becomes universally verifiable and independently revocable at DNS-TTL. A *second*, orthogonal proof — additive, never a replacement.

**A per-identity leaf, not a shared root.** Each /128 carries its own DANE-EE-pinned leaf — one key per device, per endpoint, per agent. There is no issuing intermediate whose compromise mints look-alikes, and no shared secret an attacker steals once to forge a fleet. Compromise one PACS node and you've compromised *that node* — the single-CA-breach failure mode that has burned this industry before is removed by construction.

**The identifier is the public index — the /128 is its cryptographic counterpart.** An `Endpoint.identifier`, a UDI, an AE-Title is a known, structured string flowing through directories; that's useful for discovery but it isn't a secret. The /128 is bound to the device's key *and* that identifier, so the identifier alone yields nothing: you cannot go `device_id → /128` without the key, there is no enumerable directory, and RDAP/reverse-DNS return the registry object, never the device's whereabouts. Because the derivation is **tenant-bound**, the same device under two organizations yields two unrelated /128s — no one can link a unit across HDOs.

**Honest about where the key lives.** An identity is only as forge-proof as the key behind it. A modern FHIR server or a device with a TPM or secure element gets a hardware-rooted, mutually-verifiable /128. A legacy or end-of-life device that *can't* present a key still gets a governed /128 — reachability control, cross-org attribution, and one-call revocation — the L3 segmentation and kill-switch the HIPAA Security Rule NPRM asks for, even where a hardware-rooted proof isn't possible. We say which you're getting; we never imply an unpatchable pump is suddenly cryptographically sealed.

Attaches to what you already ship — UDAP, SMART on FHIR, TEFCA/QHIN trust, IEEE 802.1AR / 11073 device keys, secure elements — as the publicly verifiable, DNSSEC/DANE-anchored layer on top. No bespoke CA trust store to push to every device; revocation at DNS-TTL instead of CRL/OCSP scoped to one community. [Standards & compliance mapping →](/for-hdos)

---

## Plane 2 · attribution graph

### Attribution that survives IP rotation — and crosses the organization boundary your IoMT console can't.

This is the plane that closes the other gap: the attacker — often a compromised *third-party vendor* — who rotates across Amazon, Google and Azure or a residential-proxy swarm until your investigation only ever logs a meaningless *last IP*, and whose reach spans organizations no single hospital's sensor can see.

A live internet-infrastructure graph — **7.44B** nodes and **39.3B** relationships of fused BGP, DNS, WHOIS, TLS, hosting and threat intelligence, answering in under 300 ms — pulls two levers, kept honestly separate. For **cloud rotation** it clusters shared ASN, hosting and certificate lineage into one infrastructure genealogy. For a **residential-proxy swarm** — where a subscriber IP gives an infra graph nothing to grab — a `JA4/JA3` client fingerprint travels with the *tooling* regardless of the exit and collapses the swarm to one operator. The egress IP is the one thing this plane never relies on.

> **"When a compromised vendor's host rotates residential proxies and fresh cloud IPs, can you actually attribute it — or just rate-limit an IP and move on?"**
>
> Track them. Infrastructure genealogy collapses the cloud rotation; a JA4 client fingerprint collapses the residential swarm. This matters most where your own sensor's vantage stops, the organization edge: a large share of healthcare breaches originate with a third-party vendor, and a graph that spans the whole internet sees the operator your console never will. Every answer returns a reproducible, replayable JSON evidence chain your SOC, your auditors and OCR can hand around.

- **`identify(ip)`** — who really operates a host, even behind a CDN, across any cloud, across any organization.
- **`origins(prefix)` + `walk(node,depth)`** — cluster rotating IPs into one infrastructure genealogy.
- **`history` / `watch`** — a timeline of an operator and a standing sentinel, plus `variants(domain)` to catch typosquat HIE / portal domains before they activate.
- **read-only Cypher** — express *"one source touching N distinct FHIR-endpoint identities in a window"* as a query your agent runs, not a ticket your analyst files.

Additive to the IoMT platform and SIEM — the same fingerprints power external attack-surface mapping and third-party dependency blast-radius (*if a clearinghouse or a cloud region goes dark, which of your exchange partners lose access*). [Trace the full back-trace →](/device-api-abuse)

---

## Plane 3 · egress governance

### Govern what each device may reach — and see who's checking it — before the attack lands.

An identity you can prove is also an identity you can *watch* and *fence*. Because every device and endpoint resolves through Whisper's own authoritative DNS and RDAP, the owner sees exactly who looked, governs precisely what each unit may talk to, and can cut a compromised one off worldwide in one call — the L3 segmentation the HIPAA NPRM demands, even for the agentless devices a NAC can't touch.

- **Who checked this endpoint is a query** — `op:lookups` returns who resolved or RDAP-queried a device's identity, an early warning that someone is enumerating your fleet or fishing your FHIR directory, not a post-mortem after exfil.
- **Govern what each device may reach** — a graph-first resolver and source-bound egress enforce **default-deny** per device: allow the FHIR server and the OTA/update endpoint, block everything else, by name or subdomain. Agentless devices get an L3 policy where a NAC agent won't install.
- **Per-device firewall, budget, kill-switch** — `op:firewall` allow/deny by host, cidr or port; `op:budget` caps a device's traffic; `op:revoke` cuts a compromised unit off worldwide in one call — no re-imaging, no truck-roll.
- **Non-repudiable telemetry** — `sign-outputs` binds a device's telemetry or a study's provenance to its forge-proof /128, so a clinician, a registry and an auditor trust the data came from the real device — not a spoofed AE-Title.

Behind all three sits **two servers, one truth**: ns1 and ns2 answer identically over anycast on AS219419, and resolution is *graph-first* — policy is applied before any answer leaves. There is no inline clinical chokepoint and no single node in the path; if a node is slow, the other serves, and the identity checks degrade to your existing anchors rather than failing a device closed.

The same *address-is-identity* primitive that governs a compromised pump also governs the AI agents your clinical and revenue-cycle teams are about to run — per-agent /128, per-agent logs, default-deny egress, one `revoke`. From day one.

---

## Fits the stack you already run

### The three planes drop into the systems you already run — at the endpoint and IP boundary, never inside the clinical bus.

Whisper anchors the *endpoint and the cloud*, not the plug. Each row below is a proposed integration onto a system you already operate — the device-identity **/128** (derive it from the device's public key with any of these identifiers as `device_id`) is the one capability that is **shipped and live** today; the typed per-standard flows are proposed. Every one is *additive*: it complements whatever authenticates the message, and it never reaches into the closed clinical layers — HL7v2 on the wire, unauthenticated DICOM C-STORE between same-segment nodes, the intra-hospital VLAN.

| Surface / standard you run | Where a plane plugs in | Complements — does not replace |
|---|---|---|
| **UDAP** (SSRAA / FAST Security IG) | *Identity.* DANE-pin the very certificate your `/.well-known/udap` `signed_metadata` presents (SAN URI = `{baseURL}`) into DNSSEC — so any relying party verifies the base-URL↔cert binding *outside* your community, with no pre-provisioned anchor. | Complements UDAP DCR & tiered OAuth — Whisper anchors the baseURL↔cert binding publicly, does not replace the community CA. |
| **FHIR Endpoint resource** + TEFCA / RCE Directory | *Identity + attribution.* A per-endpoint `/128` makes `Endpoint.address` self-verifying; the RCE / NDH directory entry becomes cross-checkable against the address instead of trusted blindly — an answer to ONC FAST's "no authoritative source, no way to verify who is asking." | Complements the endpoint directory & QHIN trust — Whisper anchors the address, does not run a new directory. |
| **Device key** — TPM / secure element · ISO/IEEE 11073 — *shipped & live* | *Identity.* Derives the routable `/128` from the non-exportable key; the 11073 `EUI-64` maps onto the IPv6 interface-id by RFC 4291, so the device's existing hardware identity becomes its address — no new identifier minted — published as a DANE-verifiable, RDAP-registered name. | Complements the hardware birth-certificate — makes an otherwise un-routable, un-discoverable key globally resolvable and revocable. |
| **FDA UDI** (GUDID) + your IoMT inventory | *Identity + egress governance.* `device_id` = the UDI DI already in labeling + GUDID → identity keyed to the regulatory ID; bridged through your MDS2 asset inventory (Medigate/Claroty, Armis, Ordr, Cynerio) as the join, with L3 egress governance for devices that can't take a NAC agent. | Complements the visibility platform — consumes the UDI + inventory, does not replace discovery, DPI or vuln scoring. |
| **SMART on FHIR** (App Launch / Backend Services) | *Attribution + egress governance.* Bind a Backend-Services client's egress to its own `/128`; attribute the caller across rotating egress; keep a per-app egress log — *which app phoned where* becomes an audit trail keyed to identity. | Complements OAuth2 / asymmetric client auth — which authorizes the caller; Whisper anchors the transport and the operator identity. |
| **DICOM** AE-Title → IP mapping (PACS · WADO/QIDO/STOW-RS) | *Identity.* Today the AE-Title→IP map is "set at install by installation personnel," manual and unauthenticated; a DANE-pinned `/128` makes that mapping DNSSEC/DANE-verifiable, surfaced in FHIR as `Endpoint.connectionType=dicom-*`. | Complements PS3.15 TLS — never touches the unauthenticated C-STORE between same-segment nodes; it anchors the endpoint, not the intra-LAN exchange. |

Read together, these are the doors **TEFCA** and the coming **HIPAA Security Rule** asset-inventory and segmentation asks force you to open and account for — while **FDA §524B** makes provable device identity and a machine-readable inventory a market-entry gate for the makers. Whisper is the doorway that knows who walked through and can shut it on one — per-`/128` egress logs and the attribution graph become ready-made monitoring and forensic evidence. [Compliance mapping →](/for-hdos)

---

## Why this is defensible · the moat

### Five things you can't stand up overnight — and a competitor can't clone from a slide.

A platform is only as durable as what sits underneath it. Whisper's three planes rest on five load-bearing pillars, each a real, checkable fact rather than a claim on a roadmap.

### Real routable space, not a namespace we invented

**AS219419** and `2a04:2a01::/32` are announced to the global routing table and **RPKI**-signed. You cannot allocate verifiable identities from address space you don't hold and can't announce — which is why this can't be reproduced with a database and a domain.

### A graph you accrete, not one you query once

**7.44B** nodes and **39.3B** relationships of BGP, DNS, WHOIS, TLS, hosting and threat intel, built over years. Attribution across rotation — and across organizations — is only as good as the history behind it, and history is the one thing you can't buy this afternoon.

### A per-identity CA, so blast radius is one

One deterministically-derived leaf per device, endpoint or agent — DANE-EE pinned, never a shared intermediate. The single-CA-breach failure mode that has burned this industry before is removed by construction, not by policy.

### Registry-anchored — every /128 a real object

Every /128 is a real **RDAP/WHOIS** object with a `did:web` document — public accountability, not a self-asserted claim. Ownership history, geofeed and the transparency log are all queryable, so *who holds an identity* is a matter of record, not our say-so.

### Root-anchored — our API is never in the trust path

The whole chain validates through **DNSSEC** to the IANA root — the same anchor your own resolver already trusts, not a Whisper key. `whisper verify --trustless` checks an identity *without trusting Whisper*: if we vanished tomorrow, an already-issued proof still verifies. That's the line between a trust anchor you run and a vendor you depend on.

> **"Health-security vendors come and go. Will you still be here in five years, and is this real or a checkbox?"**
>
> It's infrastructure, and it's built by people who ran the internet's plumbing. Real routable address space at AS219419, run by a team that operated one of the internet's regional address registries and one of its root DNS servers. The moat is real space, an accreted graph and open standards — not a slide. You can verify every claim on this page yourself, today, without an account.

---

## Prove it in 60 seconds · no account

### Exercise all three planes yourself — our API isn't in the trust path.

Two tiers, by design. **No key:** verify a device or endpoint's identity — the identity plane, trustless, anchored at the IANA root. **Your key:** back-trace a suspicious host across any cloud, register a device keyed to the UDI or `Endpoint.identifier` it already carries, govern its egress, revoke it worldwide.

```console
# plane 1 — re-derive and verify any FHIR endpoint's identity, trustless
$ whisper verify --trustless 2a04:2a01:f41::5a1e
  ✓ DNSSEC chain valid to the IANA root
  ✓ DANE-EE (TLSA 3 1 1) leaf matches the endpoint cert
  ✓ RDAP: registered under AS219419 · 2a04:2a01::/32
  identity: VERIFIED — and our own API was never trusted

# the address is the endpoint — reverse DNS names it by its FHIR Endpoint.identifier
$ dig -x 2a04:2a01:f41::5a1e +short
  endpoint-2-16-840-1-113883.fhir.example-hdo.whisper.online.

# plane 2 — with your key, attribute who really operates a host via the public graph API
$ curl -s https://graph.whisper.security/api/query -H "X-API-Key: whisper_live_xxx" \
    -H 'content-type: application/json' -d '{"query":"CALL whisper.identify(\"34.90.x.x\")"}'
  operator:  <fingerprinted> · seen across AWS / GCP / Azure
  residential swarm collapsed by JA4: same tooling, 41 exit IPs → 1 operator
```

```console
# plane 1 — give a device/endpoint a name it can prove, keyed to the id it already carries
$ export WHISPER_API_KEY=whisper_live_xxx
$ curl -s https://graph.whisper.security/api/query -H "X-API-Key: $WHISPER_API_KEY" --data-urlencode "q=CALL whisper.agents({op:'connect', args:{tier:'wireguard',
       identity_public_key:'<base64 SPKI of the endpoint key>',
       device_id:'2.16.840.1.113883.3.72.5'}})"   # device_id = FHIR Endpoint.identifier (or the FDA UDI DI)
  → identity 2a04:2a01:f41::5a1e   DNSSEC + DANE live

# plane 3 — govern what it may reach, see who checked it, then revoke it
$ whisper policy set --default deny --allow fhir.example-hdo.org,udap.example-hdo.org
$ whisper lookups --identity 2a04:2a01:f41::5a1e   # who enumerated this endpoint — a recon tripwire
$ whisper revoke 2a04:2a01:f41::5a1e   # worldwide, at DNS-TTL — no re-imaging
```

---

## How it lands in your program

### Three planes, and all three exit into the stack you already run — not a new silo.

### Feeds your SIEM, not another console

A machine-readable feed into your SIEM: the Splunk, Microsoft Sentinel and OpenCTI connectors ship today. Findings map to CEF and ECS fields and arrive as a signed, replayable JSON evidence chain you can hand OCR or an insurer — **STIX 2.1 over TAXII** export on the roadmap.

### Speaks your compliance language

Direct support for the **HIPAA Security Rule** asset-inventory, network-map and segmentation asks and §164.312(a)/(b)/(d) entity authentication; substance for an **FDA §524B** security architecture and postmarket CVD; maps to EU MDR 17.4 and IEC 62443 FR1/IAC. Usable in the SPDF and a HIPAA audit, not just a dashboard. [See the map →](/for-hdos)

### In your auth path — and safe there

If your endpoint authorizes against the DANE/verify path, that plane is built to **fail open**: a Whisper outage never bricks a device or blocks clinical exchange — checks degrade to your existing anchors. No inline clinical chokepoint; anycast on AS219419, two servers one truth, no single node in the path.

### Nothing issued in the dark

Every identity mint and every revoke lands in a public, append-only **RFC 6962 Merkle transparency log**, Ed25519-signed and anchored to Bitcoin via OpenTimestamps — an auditable issuance trail for OCR, an insurer, or an FDA CVD. *Honest status:* tamper-evident today; independent witnessing is the next step. GDPR-compatible via salted commitments and erase-the-salt.

### One identity fabric, every device

Derived from the key already in the device — no second PKI, no BOM cost, no re-flashing the fielded fleet. Whether it's an infusion pump, a PACS node, or a FHIR endpoint, it's one verifiable /128 you and a QHIN can both check. [See the comparison →](/compare)

### A vendor that will still be here

Real routable address space (AS219419), run by people who ran the internet's regional address registry and operated one of its root DNS servers. POC → pilot → enterprise, keyless to start. Flat, per-device pricing you can forecast. [See pricing →](/pricing)

---

## One primitive. Three planes. Give every device and endpoint an identity it can prove.

Identity, an attribution graph that survives IP rotation across organizations, and per-device egress governance — additive to your FHIR/UDAP trust and your IoMT platform, mapped to your standards. Keyless to try, one call to provision, one more to revoke.

Or run `whisper verify --trustless` right now.
