Apple Watch · iPhone Camera · ZK Proofs

Prove you're
human

Your heartbeat proves you're alive.
Cryptography proves nothing else.

Start Integrating → How It Works

How It Works

No passwords.
No CAPTCHA.
Four steps.

Just biology and mathematics. Your heartbeat becomes a cryptographic proof.

01

Capture

Apple Watch reads your pulse via optical sensor, or the iPhone camera detects it through subtle skin color changes.

02

Prove

A Groth16 zero-knowledge proof verifies the signal is physiologically real — without revealing the actual data.

03

Sign

The proof is signed by the Secure Enclave and packaged into a compact CBOR token. About 800 bytes.

04

Verify

Your backend verifies the ZK proof, the signature, and the expiry. It learns one thing: this is a live human.

Architecture

On-device pipeline

Raw biometric data never leaves the device.

Apple Watch

PPG 1 Hz

📱

iPhone

Validate + Buffer

🔐

ZK Engine

~4,200 R1CS

🔒

Secure Enclave

P256 ECDSA

Token

CBOR base64url

Trust Tiers

Two paths to proof

Choose the assurance level that fits your use case.

Tier 1 — High Assurance

Apple Watch

Medical-grade optical heart rate sensor with continuous sampling via HealthKit.

  • PPG optical sensor at 1 Hz
  • HRV validation (RMSSD + SDNN)
  • Motion correlation via accelerometer
  • 4-minute rolling buffer
  • Background capture

Tier 2 — Standard Assurance

iPhone Camera

Remote photoplethysmography via the front camera. No wearable needed.

  • CHROM rPPG algorithm at 30 fps
  • Anti-spoofing blink detection
  • Camera-based HRV extraction
  • Face ROI tracking
  • 10-second capture window

Zero Knowledge

What the proof guarantees

The verifier learns nothing except "this is a live human."

💓

Real Heartbeat

BPM within 30–220 with natural variance ≥ 3

Fresh Data

Captured within the TTL window, never replayed

📈

Valid HRV

R-R intervals in physiological range

🏃

Motion Match

Heart rate correlates with activity level

👁

Natural Blink

Live face confirmed, not a photograph

🛡

Unlinkable

Nullifier rotates daily, no cross-app tracking

Integrate

Two lines. Any platform.

Websites, native apps, or webviews.

<!-- Drop this into any HTML page --> <div id="pulseproof-button" data-app-id="com.mysite"></div> <script src="https://verify.pulseproof.app/pulseproof.js"></script>
import PulseProofSDK // Request a proof let result = try await PulseProof.requestProof( appID: "com.myapp", ttl: 120 ) // Send token to your backend await verify(token: result.tokenBase64url)
const pp = new PulseProof({ appID: 'com.mysite' }); const result = await pp.requestProof(); // result.token — base64url CBOR, send to backend // result.trustTier — 1 (Watch) or 2 (Camera) console.log(result.token);

Replace CAPTCHAs
with biology

Two lines for websites. Five for native apps.
Your users prove they're human by existing.

Read the Docs → GitHub