BioTone
Multi-Signal Biometric Identity
Five biometrics. One smartphone. Zero specialized hardware.
The Problem
Credentials are the #1 attack vector
Phished Password
→
Stolen Token
→
Lateral Movement
→
Breach
Breaches from credentials
80%+
NSA User Pillar report
Hardware biometrics
$$$
Cost-prohibitive at scale
Single-factor biometric
1 Point
of failure to defeat
The Solution
Turn any smartphone into a biometric identity device
๐
6 Independent Signals, 2 Auth Factors
Iris, palm, ear, voice, PPG pulse, and selfie liveness โ six signals spanning something you are and point in time. Device attestation and geofencing extend to 4 factors.
๐ฑ
Standard Smartphone
No IR scanners, no vein sensors, no fingerprint readers. Uses the cameras and microphone already in every modern phone.
๐งฎ
Multiplicative Security
Compromise one signal, learn nothing about the others. An attacker must defeat 3+ unrelated modalities simultaneously.
๐
Layers On Top
Auth broker pattern โ no rip-and-replace. Compatible with existing SSO, ICAM, CAC/PIV, and zero trust frameworks.
Biometric Signals
Six signals, independent sensors, zero correlation
๐๏ธ
Iris
Front camera
30% weight
๐๏ธ
Palm
Rear camera
30% weight
๐ฃ๏ธ
Voice
Microphone
25% weight
๐
Ear
Front camera
15% weight
๐
PPG Pulse
Rear camera
Liveness gate
All processing on-device. Raw biometric data never leaves the phone.
In the app
Iris
Phase-structure encoding from visible-light capture.
Placeholder UI โ drop in a real app screenshot at signals/iris.png before presenting.
In the app
Palm
Texture and line structure from contactless palm imaging.
Placeholder UI โ replace with signals/palm.png when ready.
In the app
Voice
Speaker embedding with time-bound digit challenge.
Placeholder UI โ replace with signals/voice.png when ready.
In the app
Ear
Cartilage geometry from profile capture.
Placeholder UI โ replace with signals/ear.png when ready.
In the app
Vitals (PPG)
Pulse-based liveness via camera; vetoes non-living presentation.
Placeholder UI โ replace with signals/vitals.png when ready.
In the app
Presentation
Active liveness challenges (e.g., blink, motion) per session.
Placeholder UI โ replace with signals/presentation.png when ready.
Anti-Spoofing
Three independent liveness gates
๐ โ ๐
Selfie Liveness
Random blink + head turn challenges. Must respond in real time within a timeout window.
Defeats: photos, masks, screen replays
๐
PPG Pulse Gate
Detects cardiac blood pulse through fingertip. Vetoes entire authentication if no live pulse.
Defeats: all non-living artifacts
๐ข
Voice Challenge
Time-bounded rotating 6-digit code (30s window). User must speak the current code live.
Defeats: pre-recorded audio replay
All liveness gates must pass. A perfect biometric match is rejected if liveness fails.
Security Posture
Multiplicative security from independent factors
Combined FAR
4ร10โปโธ
1 false accept per 25M attempts
Genuine Accept Rate
97.1%
Majority fusion (โฅ3 of 4)
False Rejection
2.9%
With retry policy
Liveness Pass Rate
~95%
Genuine users
Fusion requires weighted majority of factors to pass AND all liveness gates to pass.
Figures derived from internal benchmarking under controlled conditions with a limited test population. Combined FAR computed from per-factor independence assumptions. Not NIST Biometric Evaluation Program results. Independent validation scoped for pilot phase.
Competitive Positioning
Why multi-factor beats single-factor hardware
Dedicated hardware (Face ID, Palm Vein, NIR Iris)
Single Factor
โ Lower per-factor EER (0.001-0.1%)
โ One point of failure โ defeat it, full access
โ Requires $1,000+ specialized devices
โ No server-side identity or enterprise control
โ Platform-locked (iOS only for Face ID)
BioTone
6 Signals ยท 2 Auth Factors
โ 4 identity signals (iris, palm, voice, ear) + PPG + selfie liveness
โ Must defeat 3+ modalities simultaneously
โ Any modern smartphone โ $0 new hardware
โ Server-side identity, full enterprise control
โ iOS + Android, cross-platform
Security through factor independence, not hardware specialization.
Architecture
Zero-storage, three-part key disaggregation
BioTone never stores biometric templates or key material.
1
Customer Primary Server
On-premises or customer-controlled. Holds Key Part 1.
2
Customer Cloud
Azure, AWS, Oracle, or Google โ customer's choice. Holds Key Part 2.
3
User's Device
Enrolled phone's secure enclave (Keychain/Keystore). Holds Key Part 3.
No single party โ including BioTone โ can reconstruct a template or authenticate on behalf of a user.
- FIPS 201
- NIST SP 800-76
- DoD 8520
- NIST SP 800-207 Zero Trust
Architecture designed for alignment with federal identity and biometric standards. Formal validation scoped during pilot engagement.
Data Protection
Encryption standards โ no ambiguity
๐
At Rest
AES-256-GCM for all biometric template data and disaggregated key parts. Each key part independently encrypted at its storage location.
๐
In Transit
TLS 1.3 for all API communication. Certificate pinning on mobile clients. No biometric data transmitted โ only assertion tokens.
๐
On Device
Hardware-backed storage: iOS Secure Enclave (Keychain) and Android TEE (Keystore). Key Part 3 never leaves hardware security boundary.
- AES-256-GCM
- TLS 1.3
- FIPS 140-2 validated modules
- FIPS 140-3 (roadmap)
- CNSA 2.0 ready
Uses FIPS 140-2 validated cryptographic libraries (Apple CryptoKit, Android Keystore). Full FIPS 140-3 module validation scoped for pilot phase. Architecture supports CNSA Suite 2.0 cipher selection for NSS environments.
Integration
Auth broker โ layers on top of existing systems
Enterprise System
→
"Sign in with BioTone"
→
Biometric Capture
→
Verify (on-device)
→
Token Returned
๐
Identity Providers
Entra ID (live today)
Okta + Ping (near-term)
Standard OIDC / SAML
๐ชช
CAC / PIV
Complementary factor alongside physical credentials
๐ก
Tactical Edge
Offline-capable with cached credentials
Customer deploys our server software on their infrastructure. Data and liability stay with the customer.
Zero Trust
Continuous re-authentication โ not just point of entry
Session confidence decays over time. Multi-signal architecture enables tiered re-verification from passive to active.
Tier 0 โ Passive
Ambient
Face presence + PPG pulse detected in background. No user action.
Tier 1 โ Micro
~2 sec
Voice micro-challenge. "Say continue." Voiceprint matched on-device.
Tier 2 โ Light
~10 sec
PPG tap + voice code. Confirms liveness and identity before elevated actions.
Tier 3 โ Full MFA
~30 sec
All 4 identity factors + PPG liveness. Session start or highest-risk actions.
Policy-configurable per security context. SCIF, enterprise, and tactical edge each get the cadence their threat model requires.
Deployment
Flexible deployment for any environment
๐ข
Enterprise On-Premises
Customer-hosted backend on government or corporate infrastructure. Full data sovereignty.
โ๏ธ
Government Cloud
Azure Gov, AWS GovCloud, or customer-specified environment at IL5. FedRAMP High / GCC High on roadmap.
โฐ๏ธ
Tactical Edge
On-device verification with locally cached credentials. Trades disaggregation for offline capability. Policy-controlled session limits. Syncs when connected.
๐ฒ
BYOD / Shared Facility
Device enrollment binds identity to a specific phone. Re-enrollment required for device change.
Proof of Concept
Working PoC โ ready for evaluation
โEnrollment across all 5 biometric signals with quality gates
โVerification with per-signal match scoring and pass/fail
โScore fusion with weighted majority decision engine
โLiveness gating โ selfie challenges + PPG pulse detection
โResults dashboard โ per-signal status, aggregate score, history
โMulti-subject management with per-subject template isolation
โiOS + Android โ installable on test devices today
โAdmin dashboard โ web console for subject and capture management
Timeline from PoC to pilot is driven by customer requirements. We move at your pace.
BioTone
Multi-Signal Biometric Identity
Five biometrics. One smartphone. Zero specialized hardware.
Roger Ach
CEO, BioTone Corporation
Benjamin Portman
CTO, Engineering Lead
Confidential โ shared for evaluation purposes
