fallrisk.ai / attest
Issuer Endpoint

attest.fallrisk.ai

The public key endpoint for Fall Risk model identity attestations. One key. Published once. Verifiable everywhere.

This subdomain serves one thing: the JSON Web Key Set used to verify enrollment records and identity attestation tokens issued by Fall Risk AI. There is nothing else here. There does not need to be.

The canonical path is /.well-known/jwks.json, following RFC 8615. Fetching that URL returns a single RSA-2048 public key with the key identifier fallrisk-96cd5e6a01e1. The matching private key sits offline on a single machine and never touches a server.

The same key is also embedded directly in every page of fallrisk.ai that performs in-browser signature verification. The bytes are identical. If a relying party fetches the key from this endpoint and finds it differs from the key embedded in the page they were reading, the page was tampered with. That comparison is the cheapest possible defense against a man-in-the-middle replacement attack against the publishing surface.

Anyone with a standard JWT library and the key below can verify any Fall Risk enrollment record or attestation token offline, on their own hardware, with no further communication with us. That property is the entire point of the design.

Public Key Set

application/jwk-set+json View raw → 
{
  "keys": [
    {
      "kty": "RSA",
      "use": "sig",
      "alg": "RS256",
      "kid": "fallrisk-96cd5e6a01e1",
      "n": "oYwBUy1rtISAbJNZJ6p8QoFK678smQLaKl4s1SZ9gYl_-mfsi7JVsBGbuaUVgFKxVaaTzYXyZo4WxXLxDxOt8xICjSIqP62G8sw-Y5v6ZbtDO8MkHsQNYjRfbb5xV6hPFz4ramYyC4d61Pa_l3JrmEu-oluEHU9Op8qR-FT7-1Qvlnjpz5xuYpeE-EAkx2Bh2UcvBZH6cdpcr8KTCEjxba-B5JwQ3E3J4pje4Xe9HW6x3cGA0Zi9AT-pqMZcpq_7KZzNccfLlWoD6S7hXKacZrzIUnx5NcPMoy9lPSNwEwqp6nj2OH9C1zF6XnTYjjs9ZBIwVmp-lwu_6vqL0iWb7Q",
      "e": "AQAB"
    }
  ]
}

Verification — minimum example

Install: pip install PyJWT cryptography 

import jwt, json, urllib.request

jwks = json.load(urllib.request.urlopen(
    "https://attest.fallrisk.ai/.well-known/jwks.json"
))
key = jwks["keys"][0]
public_key = jwt.algorithms.RSAAlgorithm.from_jwk(json.dumps(key))

# Replace with any signed enrollment record from
# https://fallrisk.ai/registry
JWS = "eyJhbGciOiJSUzI1NiI..."

claims = jwt.decode(JWS, public_key, algorithms=["RS256"])
print(json.dumps(claims, indent=2))
← fallrisk.ai Enrollment Registry →
Issuer: Fall Risk AI, LLC · New Orleans, LA
Key identifier: fallrisk-96cd5e6a01e1 · Algorithm: RS256 (RSASSA-PKCS1-v1_5 / SHA-256)
© 2026 Fall Risk AI, LLC