Your truck logs the manufacturer’s evidence. Knox anchors yours.
Interior cameras and cabin microphones author biometric inferences about you and your passengers, run downstream classifiers and database lookups, and the manufacturer holds the only audit log of what was captured, what was inferred, what was looked up, and to whom the result was disclosed. Your phone audio, your dashcam, your consent screenshots, your data-access requests: anchored to a public chain that outlives the vehicle, the vendor, and the manufacturer.
Your truck logs the manufacturer’s evidence. Knox anchors yours.
- The custody gap. Interior cameras and cabin microphones author biometric inferences about you and your passengers, run downstream classifiers and database lookups, and the manufacturer holds the only audit log of what was captured, what was inferred, what was looked up, and to whom the result was disclosed.
- Operator-anchored evidence. Your phone audio, your dashcam, your consent screenshots, your cabin-feature opt-out timeline — anchored to a public chain that outlives the device, the OEM’s data retention policy, and any individual software version.
- Five Knox event types. vehicle_biometric_capture_observed · vehicle_audio_inference_observed · vehicle_database_lookup_observed · cab_occupant_consent_state · vehicle_disclosure_event.
- For the next disclosure. Replayable from any device, in any forum, by any counsel — without cooperation from the OEM. Architecturally aligned with FRE 902(13)/(14) self-authentication.
- Posture. Defensive-only. Bonis records what the operator captured; never accesses the cabin sensors, never modifies the inference pipeline.
Manufacturer authors the inference. Manufacturer holds the audit.
Cabin cameras observe your face, your eyes, your posture. Cabin microphones run speech, lip-reading, speaker, and emotion classifiers on what you and your passengers say. Infotainment surfaces handle occupant authentication. The captured signal is committed to inference inside the vehicle; the inference output may be matched against a manufacturer identity database, a third-party watchlist, a fleet roster, or an insurance-side risk classifier. The captured features may be held locally, transmitted to the manufacturer cloud, or disclosed downstream — fleet operator, insurance carrier, law-enforcement subpoena, civil discovery, or regulator under post-market monitoring rules.
The audit log of every step in that chain lives inside the same pipeline. You do not have a copy. The local screen on your dashboard does not show you what was captured, what was inferred, what database was queried, or to whom the outcome was disclosed. After a wrongful classification, an undisclosed lookup, a watchlist hit, or a disclosure you never agreed to, the only record of what happened sits inside the same system that authored the original wrong output.
What you have, on your side, is your phone, your dashcam, and your memory. None of those are, by themselves, a chain of evidence the manufacturer’s next response or the next inquiry will recognize. They become a chain when the SHA-256 hash of each is anchored to a public timestamp at the moment it was captured — when the original file no longer needs to leave your custody to prove it existed at the time it claims.
The patents are pending. The cabin sensors are shipping. The audit gap is yours to close.
Two pending USPTO patent applications make the architectural target visible. US 2025/0104469 A1 (in-cab biometric matching, pending; pre-issuance submission window open under 35 U.S.C. §122(e)) and US 2026/0095520 A1 (lip-reading ML for convertibles operating in high ambient noise, pending) describe inference pipelines that capture biometric features in the cabin, run downstream classification and database matching, and emit results to manufacturer-controlled or third-party-controlled systems. Neither application is granted; both remain pending as of the publication date of this page.
The applications describe what gets captured and what gets classified. They do not describe an audit-permanence layer you, the occupant, can verify. The captured-feature record, the inference output, the downstream lookup, the consent state, and the disclosure path are sole-custody of the inference pipeline by construction. Any later question about any of it — by you, by your counsel, by a regulator, by a court — has only the manufacturer’s own logs to draw from.
The patent applications are cited from public USPTO Patent Center records. The assignee identity appears on the public USPTO documents for any reader who follows the citation. They are referenced here as public-record proof of the architectural pattern that AAM closes — not as adversary naming, not as engagement claim. The pattern generalizes across every vehicle manufacturer shipping in-cab biometric inference; AAM is vendor-neutral.
Each becomes a Knox event. Each becomes a receipt.
The audit primitive is small and content-addressable. Five interaction shapes map to canonical Knox event types — each a SHA-256 commitment over an artifact you control, each anchored to a public chain you do not control. The captured biometric signal itself never enters the chain; only the cryptographic commitments do.
Phone audio of a cabin notification or alert that fired. A dashcam clip showing the moment the cabin system reacted. A photograph of an in-vehicle infotainment screen that announced a capture. Each anchors the fact and timing of capture as observed from the occupant side, with a feature-hash commitment that never reveals the file.
Phone audio capturing the cabin system speaking back its inference — the voice prompt that confirmed an emotion classification, the fatigue alert that fired without a voluntary trigger, the speaker-recognition greeting that addressed the wrong occupant. Anchors the inference as observed from the occupant side, with an opaque inference-output commitment.
A manufacturer data-access response under GDPR Article 15, a state biometric-privacy statute disclosure, or a discovery production showing a downstream database lookup against your captured features. Anchored at the moment it lands in your custody — chain-of-custody becomes a verification step, not a credibility contest.
Screenshots of the consent screen the manufacturer presented at vehicle delivery, software update, or trip start. The exact wording of the toggle, the scope description, the date and version. Anchored at the moment of capture, before any later silent rewrite of the consent screen on the manufacturer side.
The manufacturer's own disclosure list, in response to your data-access request — the recipients, the legal bases, the dates. The agency notification of a subpoena. The civil-discovery production showing your captured data was disclosed. Each anchored at the moment it lands in your custody — the disclosure trail is provable from the chain alone.
Five questions a chain answers that memory cannot.
The same five questions decide every later matter — a wrongful classification, a watchlist hit you never agreed to, an emotion classification cited in an insurance claim, a sentiment label that ended up in a fleet HR file, a disclosure to a third party you were never told about. Each is answerable from the chain alone — without re-trusting the manufacturer, the vendor, or the originating record.
When did you first know the cabin sensor was capturing what it was capturing?
The first anchored capture-observation receipt establishes the date you became aware of the capture, the modality, and the time window. Every subsequent event is the second, third, fourth event in a documented timeline — not a one-off.
What did the inference pipeline actually decide, and at what confidence?
The audio-inference anchor commits the inference type, the confidence, and an inference-output commitment. The cabin system’s claim at the moment of inference is independently provable; a later silent rewrite of the inference log on the manufacturer side does not propagate to the public chain.
Was your captured feature looked up against a downstream database, and which class?
The database-lookup anchor commits the database identifier class, the lookup outcome class, and the query-hash commitment. The fact of a downstream lookup, and the class of database queried, is recoverable from the chain — even if the manufacturer’s own response is incomplete or contested.
Did you ever consent to the capture, the inference, the lookup, or the disclosure?
The occupant-consent-state anchor commits each consent state transition with the scope delta and the actor that initiated the change. What you agreed to, when, in what scope, and under whose initiation — recoverable from the chain alone.
To whom was the captured data, the inference output, or the lookup result disclosed?
The disclosure-event anchor commits the disclosure recipient class, the legal basis class, and the disclosure-bundle commitment. The chain records when, to whom, and under what legal basis your captured data exited the manufacturer’s perimeter — the record is yours, not theirs.
What anchoring gives you that nothing else does.
You keep the file
The phone audio, the dashcam clip, the consent screenshot, the data-access response never leaves your device. Only the SHA-256 hash is sent to the public anchor endpoint. The hash reveals nothing about the content of the file. The file stays where you put it.
The receipt outlives the vehicle
The receipt is published to the Bitcoin blockchain via OpenTimestamps. If the vehicle is sold, totaled, or taken out of service; if the manufacturer’s infotainment back-end goes offline; if the cabin sensor hardware is replaced — the receipt remains independently verifiable as long as the Bitcoin chain remains.
Tamper-evident architecture
Anchors and the affidavits derived from them are architected to meet the self-authentication requirements of FRE 902(13) and 902(14). Admissibility in any given matter remains a determination of the presiding court; the structural requirements are met by construction.
Post-quantum resilient
Occupant-side commitments may carry post-quantum signatures via Knox Agent #11 Layer 4 — ML-DSA-44 / 65 / 87 (NIST FIPS 204) and SLH-DSA-128s / 192s / 256s (NIST FIPS 205). The receipt remains verifiable under threat models that assume future quantum-capable adversaries — relevant for biometric records that may be litigated decades after the originating capture.
Independent of vendor and manufacturer
Verification does not require Bonis, the manufacturer, the cabin-sensor vendor, the inference-pipeline vendor, or any agency to be online, in business, or cooperative. The receipt is a public-chain commitment; anyone can verify it.
Pattern of harm becomes provable
Single-incident phone audio establishes one capture. Anchored receipts across multiple captures, inferences, lookups, consent state changes, and disclosures establish a pattern — when you first knew, what was inferred, what databases were queried, what consents you actually granted, and where the captured signal actually went.
One HTTP call per artifact. The file never leaves your device.
You do not have to wait for a Bonis occupant app to ship. The public anchor endpoint is already live. Any device that can compute a SHA-256 hash and issue an HTTP POST can pair its evidence stream with Knox today — phone, laptop, dashcam-companion software, or your counsel’s case- management system.
Audit-permanence, not counter-surveillance.
Bonis does not access in-cab cameras or microphones, does not read or transmit any cabin sensor feed, and does not intercept manufacturer or vendor pipelines. Bonis does not provide biometric-spoofing, fingerprint-defeat, gaze-spoof, voiceprint-defeat, anti-DMS, or detection-evasion tooling of any kind. Bonis does not advocate against in-cab biometric programs as policy. Bonis does not write to manufacturers, regulators, or counsel on your behalf. The audit primitive is invitational — you instrument your own emit path. What lawful authority — your counsel, the court, the regulator, the manufacturer’s data-access response — does with the resulting evidence is decided by lawful authority. The evidence layer is yours.