Care AI systems rest on an identity assumption that is rarely examined: that the system knows, continuously and with sufficient certainty, which person it is caring for. The assumption rarely fails dramatically. It fails quietly — through weak identity proxies that survive daily operational use but cannot survive the scrutiny that follows an adverse event or a legal challenge.

Strong identity in any deployed system requires cryptographic enrollment: a moment at which a person's identity is bound to a verifiable credential anchored to an authoritative source. For enterprise systems, enrollment is performed once, at provisioning, on cooperative subjects under controlled conditions. The resulting credential is strong and long-lived. The assumption that the system knows who it is interacting with is, in those contexts, defensible. Care AI faces a structurally different enrollment population.

Elderly patients — the cohort most likely to interact with AI care systems for extended periods — present enrollment challenges that no enterprise model is designed to handle. Fingerprint biometrics degrade with age: the ridge patterns that make fingerprint recognition reliable flatten and lose contrast over time. Dermoscopic research has documented significantly higher failure-to-enroll rates in over-65 populations compared with younger cohorts, and rates that worsen across the device's operational lifetime as skin thins further. Iris recognition is more stable across age but requires consistent subject cooperation that patients with cognitive decline cannot reliably provide. Face recognition in care environments — variable lighting, patient positioning, supplemental oxygen equipment, mask compliance — produces false-acceptance rates that are clinically unacceptable for identity-critical functions under real deployment conditions.

Credential-based enrollment — smart cards, PINs, passphrases — encounters a different wall. Patients with moderate or advanced cognitive impairment cannot manage credentials. A patient who cannot reliably recall the names of their care team cannot complete a PIN rotation cycle. Care facilities that issue credential-based identity to patients encounter two predictable failure modes: staff retain credentials on the patient's behalf, defeating the separation the credential was designed to establish; or credentials are lost and re-issued without identity re-verification, creating gaps in the identity thread running through the accountability record. Neither practice produces a system that can, under challenge, prove it knew who it was caring for.

The practical result is that deployed care AI systems rely on weak identity proxies. Wristband scanning establishes that a wristband is present — not that the person wearing it is the person the wristband identifies. Proximity sensors establish that someone is in a room — not which resident. Face recognition is used to confirm presence, but under conditions where false-acceptance rates in uncontrolled deployment environments are orders of magnitude above vendor specifications derived from controlled enrollment settings. These proxies are operational concessions to enrollment reality, not attacks on identity. But they are not identity in any cryptographically meaningful sense.

The accountability implications accumulate. When a care AI's recommendations are reviewed — by a clinician, a quality committee, a regulatory body — the foundational question is whether those recommendations were generated in response to the correct patient's data. If the care AI cannot prove that the person whose physiological readings triggered a medication recommendation was the patient whose record was updated, the accountability chain has a structural gap at its root. The record exists. The recommendation is logged. The link between the recommendation and the individual it purports to describe is an assertion backed by a wristband scan or a proximity signal — not a verifiable binding. Under adversarial legal review, that gap is the gap between a record and evidence.

The post-quantum transition narrows the window for correction. Enrollment credentials issued today and valid for the duration of a care relationship become long-lived identity roots that must remain cryptographically secure for years — in the case of chronic care, potentially decades. If those credentials are bound to classical signature schemes, they carry the same vulnerability as every other classical credential in the post-quantum threat model: an adversary with sufficient quantum capability can, retroactively, sever the cryptographic binding between a credential and the identity it was meant to establish. Re-enrollment of a patient with advanced cognitive impairment or incapacity at the time of the post-quantum migration may be clinically and legally impossible. The moment to establish post-quantum-resistant identity roots is at initial enrollment — not during a migration that, for many care AI patients, will arrive after their capacity to participate has diminished or ended.

The enrollment problem is not a usability failure or a product gap to be closed in a future release. It is an architectural consequence of deploying identity infrastructure designed for cooperative, cognitively intact, biometrically stable subjects against a population that is, by definition, none of those things. Closing the gap requires hardware calibrated for age-affected biometrics, enrollment protocols that include supervised consent by authorized proxies, and credential architectures that are post-quantum-resistant from the point of issuance. Systems that defer enrollment integrity to a future upgrade cycle will face the alternative: an accountability record that cannot prove it describes the people it says it does, reviewed at precisely the moment when proof matters most.

护理AI系统建立在一个很少被审视的身份假设上：系统持续地、以足够的确定性知道自己在照护哪个人。这个假设很少以戏剧性的方式失败，而是悄然失效——通过日常运营中能够运转、但经不起不良事件或法律挑战后续审查的弱身份代理。

任何已部署系统中的强身份认证都需要密码学注册：一个将某人的身份绑定到有权威来源支撑的可验证凭证的时刻。对于企业系统，注册在供应时一次性完成，对象是在受控条件下配合的主体，所产生的凭证强健且持久。在那些场景中，系统知道自己在与谁交互的假设是站得住脚的。护理AI面对的是结构性不同的注册人群。

老年患者——最有可能长期与AI护理系统交互的群体——带来了企业模型无从应对的注册挑战。指纹生物特征随年龄退化：使指纹识别可靠的纹线模式会随时间变平、对比度下降。皮肤镜研究记录了65岁以上人群与年轻群体相比显著更高的注册失败率，且随着皮肤进一步变薄，这一比率在设备使用寿命内持续恶化。虹膜识别在年龄跨度上更为稳定，但需要认知衰退患者无法可靠提供的持续配合。护理环境中的人脸识别——光线变化、患者体位、补充供氧设备、口罩佩戴情况——在真实部署条件下对身份关键功能产生临床不可接受的误接受率。

基于凭证的注册——智能卡、PIN码、口令——遭遇另一堵墙。中度或晚期认知障碍患者无法管理凭证。一位无法可靠记住护理团队名字的患者，无法完成PIN码轮换周期。向患者签发基于凭证身份的护理机构会遇到两种可预见的失败模式：工作人员代患者保管凭证——破坏了凭证旨在建立的分离；或凭证丢失后未经身份重新验证即重新签发，在问责记录中贯穿的身份线索上产生断层。这两种做法都无法产生一个在受到质疑时能够证明自己知道在照护谁的系统。

实际结果是已部署的护理AI系统依赖弱身份代理。腕带扫描证明腕带在场——而非佩戴者就是腕带所标识的人。近距传感器证明房间内有人——而非是哪位住户。人脸识别被用于确认在场，但在非受控部署环境中，误接受率比源自受控注册设置的厂商规格高出数个数量级。这些代理是对注册现实的运营让步，而非对身份的攻击，但在密码学意义上，它们并不是身份。

问责影响持续累积。当护理AI的建议接受审查——来自临床医生、质量委员会或监管机构——根本性问题是这些建议是否是针对正确患者的数据生成的。如果护理AI无法证明其生理读数触发药物建议的人就是被更新记录的患者，问责链在其根基处存在结构性断层。记录存在，建议已记录，但建议与其声称描述的个体之间的联系，是由腕带扫描或近距信号支撑的断言——而非可验证的绑定。在对抗性法律审查下，该断层就是记录与证据之间的鸿沟。

后量子过渡收窄了纠正窗口。今日签发并在护理关系持续期间有效的注册凭证，成为必须在多年乃至数十年内（慢性病护理情况下）保持密码学安全的长期身份根证。若这些凭证绑定于经典签名方案，它们携带与后量子威胁模型中所有其他经典凭证相同的脆弱性：具备足够量子能力的对手能够追溯性地切断凭证与其本应建立的身份之间的密码学绑定。在后量子迁移时对晚期认知障碍或失能患者进行重新注册，在临床和法律上可能是不可能实现的。建立后量子抗性身份根证的时机是在初始注册时——而非在迁移期间，届时许多护理AI患者参与的能力已经减弱或终止。

注册问题不是可用性失败，也不是未来版本待修复的产品差距，而是将为配合的、认知完整的、生物特征稳定的对象设计的身份基础设施部署到从定义上根本不具备这些特征的人群所带来的架构后果。弥合这一差距需要针对年龄相关生物特征校准的硬件、包含授权代理人监督同意的注册协议，以及从签发之初即后量子抗性的凭证架构。将注册完整性推迟到未来升级周期的系统，将面临另一种结果：一份无法证明其描述了所声称之人的问责记录，恰好在证明最重要的时刻被审查。

護理AI系統建立在一個很少被審視的身份假設上：系統持續地、以足夠的確定性知道自己在照護哪個人。這個假設很少以戲劇性的方式失敗，而是悄然失效——透過日常運營中能夠運轉、但經不起不良事件或法律挑戰後續審查的弱身份代理。

任何已部署系統中的強身份認證都需要密碼學註冊：一個將某人的身份綁定到有權威來源支撐的可驗證憑證的時刻。對於企業系統，註冊在供應時一次性完成，對象是在受控條件下配合的主體，所產生的憑證強健且持久。在那些場景中，系統知道自己在與誰互動的假設是站得住腳的。護理AI面對的是結構性不同的註冊人群。

老年患者——最有可能長期與AI護理系統互動的群體——帶來了企業模型無從應對的註冊挑戰。指紋生物特徵隨年齡退化：使指紋辨識可靠的紋線模式會隨時間變平、對比度下降。皮膚鏡研究記錄了65歲以上人群與年輕群體相比顯著更高的註冊失敗率，且隨著皮膚進一步變薄，這一比率在裝置使用壽命內持續惡化。虹膜辨識在年齡跨度上更為穩定，但需要認知衰退患者無法可靠提供的持續配合。護理環境中的人臉辨識——光線變化、患者體位、補充供氧設備、口罩佩戴情況——在真實部署條件下對身份關鍵功能產生臨床不可接受的誤接受率。

基於憑證的註冊——智慧卡、PIN碼、密碼——遭遇另一堵牆。中度或晚期認知障礙患者無法管理憑證。一位無法可靠記住護理團隊名字的患者，無法完成PIN碼輪換週期。向患者簽發基於憑證身份的護理機構會遭遇兩種可預見的失敗模式：工作人員代患者保管憑證——破壞了憑證旨在建立的分離；或憑證遺失後未經身份重新驗證即重新簽發，在問責記錄中貫穿的身份線索上產生斷層。這兩種做法都無法產生一個在受到質疑時能夠證明自己知道在照護誰的系統。

實際結果是已部署的護理AI系統依賴弱身份代理。腕帶掃描證明腕帶在場——而非佩戴者就是腕帶所標識的人。近距感測器證明房間內有人——而非是哪位住戶。人臉辨識被用於確認在場，但在非受控部署環境中，誤接受率比源自受控註冊設置的廠商規格高出數個數量級。這些代理是對註冊現實的運營讓步，而非對身份的攻擊，但在密碼學意義上，它們並不是身份。

問責影響持續累積。當護理AI的建議接受審查——來自臨床醫生、品質委員會或監管機構——根本性問題是這些建議是否針對正確患者的資料生成。如果護理AI無法證明其生理讀數觸發藥物建議的人就是被更新記錄的患者，問責鏈在其根基處存在結構性斷層。記錄存在，建議已記錄，但建議與其聲稱描述的個體之間的聯繫，是由腕帶掃描或近距訊號支撐的斷言——而非可驗證的綁定。在對抗性法律審查下，該斷層就是記錄與證據之間的鴻溝。

後量子過渡收窄了糾正窗口。今日簽發並在護理關係持續期間有效的註冊憑證，成為必須在多年乃至數十年內（慢性病護理情況下）保持密碼學安全的長期身份根憑證。若這些憑證綁定於經典簽章方案，它們攜帶與後量子威脅模型中所有其他經典憑證相同的脆弱性：具備足夠量子能力的對手能夠追溯性地切斷憑證與其本應建立的身份之間的密碼學綁定。在後量子遷移時對晚期認知障礙或失能患者進行重新註冊，在臨床和法律上可能是不可能實現的。建立後量子抗性身份根憑證的時機是在初始註冊時——而非在遷移期間，屆時許多護理AI患者參與的能力已經減弱或終止。

註冊問題不是可用性失敗，也不是未來版本待修復的產品差距，而是將為配合的、認知完整的、生物特徵穩定的對象設計的身份基礎設施部署到從定義上根本不具備這些特徵的人群所帶來的架構後果。彌合這一差距需要針對年齡相關生物特徵校準的硬體、包含授權代理人監督同意的註冊協定，以及從簽發之初即後量子抗性的憑證架構。將註冊完整性推遲到未來升級週期的系統，將面臨另一種結果：一份無法證明其描述了所聲稱之人的問責記錄，恰好在證明最重要的時刻被審查。