BioTone โ€” Secure by design

BioTone

Multi-Signal Biometric Identity

Five biometrics. One smartphone. Zero specialized hardware.

The Problem

Credentials are the #1 attack vector

Phished Password
Stolen Token
Lateral Movement
Breach
Breaches from credentials
80%+
NSA User Pillar report
Hardware biometrics
$$$
Cost-prohibitive at scale
Single-factor biometric
1 Point
of failure to defeat
The Solution

Turn any smartphone into a biometric identity device

๐Ÿ”

6 Independent Signals, 2 Auth Factors

Iris, palm, ear, voice, PPG pulse, and selfie liveness โ€” six signals spanning something you are and point in time. Device attestation and geofencing extend to 4 factors.

๐Ÿ“ฑ

Standard Smartphone

No IR scanners, no vein sensors, no fingerprint readers. Uses the cameras and microphone already in every modern phone.

๐Ÿงฎ

Multiplicative Security

Compromise one signal, learn nothing about the others. An attacker must defeat 3+ unrelated modalities simultaneously.

๐Ÿ”—

Layers On Top

Auth broker pattern โ€” no rip-and-replace. Compatible with existing SSO, ICAM, CAC/PIV, and zero trust frameworks.

Biometric Signals

Six signals, independent sensors, zero correlation

๐Ÿ‘๏ธ

Iris

Front camera
30% weight
0.75% EER

๐Ÿ—ฃ๏ธ

Voice

Microphone
25% weight
0.30% EER

๐Ÿ–๏ธ

Palm

Rear camera
25% weight
4.27% EER

๐Ÿ‘‚

Ear

Front camera
20% weight
8.09% EER

๐Ÿ’“

PPG Pulse

Rear camera
Liveness gate

All processing on-device. Raw biometric data never leaves the phone.

In the app

Iris

Phase-structure encoding from visible-light capture.

Placeholder screenshot: iris capture flow in the BioTone mobile app

Placeholder UI โ€” drop in a real app screenshot at signals/iris.png before presenting.

In the app

Palm

Texture and line structure from contactless palm imaging.

Placeholder screenshot: palm capture in the BioTone mobile app

Placeholder UI โ€” replace with signals/palm.png when ready.

In the app

Voice

Speaker embedding with time-bound digit challenge.

Placeholder screenshot: voice verification in the BioTone mobile app

Placeholder UI โ€” replace with signals/voice.png when ready.

In the app

Ear

Cartilage geometry from profile capture.

Placeholder screenshot: ear profile capture in the BioTone mobile app

Placeholder UI โ€” replace with signals/ear.png when ready.

In the app

Vitals (PPG)

Pulse-based liveness via camera; vetoes non-living presentation.

Placeholder screenshot: PPG pulse liveness in the BioTone mobile app

Placeholder UI โ€” replace with signals/vitals.png when ready.

In the app

Presentation

Active liveness challenges (e.g., blink, motion) per session.

Placeholder screenshot: presentation liveness challenge in the BioTone mobile app

Placeholder UI โ€” replace with signals/presentation.png when ready.

Anti-Spoofing

Three independent liveness gates

๐Ÿ˜‘ โ†’ ๐Ÿ˜ƒ

Selfie Liveness

Random blink + head turn challenges. Must respond in real time within a timeout window.

Defeats: photos, masks, screen replays

๐Ÿ’“

PPG Pulse Gate

Detects cardiac blood pulse through fingertip. Vetoes entire authentication if no live pulse.

Defeats: all non-living artifacts

๐Ÿ”ข

Voice Challenge

Time-bounded rotating 6-digit code (30s window). User must speak the current code live.

Defeats: pre-recorded audio replay

All liveness gates must pass. A perfect biometric match is rejected if liveness fails.

Security Posture

Multiplicative security from independent factors

Combined FAR (strict AND)
7.8ร—10โปโธ
~1 false accept per 13 million attempts (4-factor, EER thresholds)
Genuine Accept Rate
99.4%
Majority fusion (โ‰ฅ3 of 4)
False Rejection
0.6%
Majority fusion; first-attempt
Liveness Pass Rate
~95%
Genuine users

Fusion requires weighted majority of factors to pass AND all liveness gates to pass. Learned score-level fusion further improves combined accuracy.

Per-factor FAR thresholds are each factor's measured equal-error-rate operating point (see next slide); combined FAR assumes factor independence. Strict AND FAR = product of per-factor EERs. Combined dโ€ฒ โ‰ˆ 10.05, indicating strong discriminability. Not NIST Biometric Evaluation Program results; independent validation scoped for pilot phase.

Measured Accuracy

Held-out EER per factor โ€” production-faithful

Same benchmarks, same held-out subjects, same enrolment protocols the app actually ships.

Voice
0.30%
EER, VoxCeleb1-O (40 unseen speakers), 3-utt adaptive-outlier enrol
Palm
4.27%
EER, 11k Hands held-out (43 subjects), 3-frame MobileViT-S
Ear
8.09%
EER, UERC2023-test (131 unseen subjects), 3-frame MobileViT-S โ€” beats EdgeEar 14.3%
Iris
0.75%
EER, Protocol C (k=3 mean-pooled), 64 unseen subjects, dโ€ฒ 6.59 โ€” visible-light deep embedding (biotone-iris-embed-v1)

All four identity factors now have measured held-out EERs. Iris ships a custom visible-light deep embedding model. Voice runs at published WeSpeaker SOTA. Palm and ear each deliver >2ร— EER reductions vs. previously-shipped models.

Protocol C / Dโ€ฒ: k-frame or k-utterance enrolment averaged-and-renormalized, probed against gallery (matches the app's enrol flow). Protocol A single-frame references: iris 1.44%, voice 0.87%, palm 9.75%, ear 13.18%. All measurements held-out on subjects never seen during training; raw results in benchmarks/{voice,palm,ear,iris}/.

Competitive Positioning

Why multi-factor beats single-factor hardware

Dedicated hardware (Face ID, Palm Vein, NIR Iris)
Single Factor
โœ“ Lower per-factor EER (0.001-0.1%)
โœ— One point of failure โ€” defeat it, full access
โœ— Requires $1,000+ specialized devices
โœ— No server-side identity or enterprise control
โœ— Platform-locked (iOS only for Face ID)
BioTone
6 Signals ยท 2 Auth Factors
โœ“ 4 identity signals (iris, palm, voice, ear) + PPG + selfie liveness
โœ“ Must defeat 3+ modalities simultaneously
โœ“ Any modern smartphone โ€” $0 new hardware
โœ“ Server-side identity, full enterprise control
โœ“ iOS + Android, cross-platform

Security through factor independence, not hardware specialization.

Architecture

Zero-storage, three-part key disaggregation SHIPPED

Shamir 3-of-3 secret sharing โ€” all three parts required. BioTone never stores biometric templates or key material.

1

Customer Primary Server

On-premises or self-hosted node. Holds Key Share 1. Verified via auth broker flow.

2

Customer Cloud

Azure, AWS, Oracle, or Google โ€” customer's choice. Holds Key Share 2.

3

User's Device

Enrolled phone's secure enclave (Keychain/Keystore). Holds Key Share 3. Bound at enrollment.

No single party โ€” including BioTone โ€” can reconstruct a template or authenticate on behalf of a user. Key verification integrated into the auth broker token.

Architecture designed for alignment with federal identity and biometric standards. Formal validation scoped during pilot engagement.

Data Protection

Encryption standards โ€” no ambiguity

๐Ÿ”’

At Rest

AES-256-GCM for all biometric template data and disaggregated key parts. Each key part independently encrypted at its storage location.

๐Ÿ”„

In Transit

TLS 1.3 for all API communication. Certificate pinning on mobile clients. No biometric data transmitted โ€” only assertion tokens.

๐Ÿ”‘

On Device

Hardware-backed storage: iOS Secure Enclave (Keychain) and Android TEE (Keystore). Key Part 3 never leaves hardware security boundary.

Uses FIPS 140-2 validated cryptographic libraries (Apple CryptoKit, Android Keystore). Full FIPS 140-3 module validation scoped for pilot phase. Architecture supports CNSA Suite 2.0 cipher selection for NSS environments.

Integration

Auth broker โ€” layers on top of existing systems

Enterprise System
"Sign in with BioTone"
Biometric Capture
Verify (on-device)
Token Returned
๐Ÿ”‘

Identity Providers

Entra ID (live today)
Okta + Ping (near-term)
Standard OIDC / SAML

๐ŸŽซ

Token Standards

JWT (HS256) with jti, aud, TTL
/validate ยท /introspect ยท /.well-known

๐Ÿชช

CAC / PIV

Complementary factor alongside physical credentials

๐Ÿ“ก

Tactical Edge

Offline-capable with cached credentials

Customer deploys our server software on their infrastructure. Demo app live at demo.biotonebiometrics.com. Data and liability stay with the customer.

Zero Trust

Continuous re-authentication โ€” not just point of entry

Session confidence decays over time. Multi-signal architecture enables tiered re-verification from passive to active.

Tier 0 โ€” Passive
Ambient
Face presence + PPG pulse detected in background. No user action.
Tier 1 โ€” Micro
~2 sec
Voice micro-challenge. "Say continue." Voiceprint matched on-device.
Tier 2 โ€” Light
~10 sec
PPG tap + voice code. Confirms liveness and identity before elevated actions.
Tier 3 โ€” Full MFA
~30 sec
All 4 identity factors + PPG liveness. Session start or highest-risk actions.

Policy-configurable per security context. SCIF, enterprise, and tactical edge each get the cadence their threat model requires.

Deployment

Flexible deployment for any environment

๐Ÿข

Enterprise On-Premises

Customer-hosted backend on government or corporate infrastructure. Full data sovereignty.

โ˜๏ธ

Government Cloud

Azure Gov, AWS GovCloud, or customer-specified environment at IL5. FedRAMP High / GCC High on roadmap.

โ›ฐ๏ธ

Tactical Edge

On-device verification with locally cached credentials. Trades disaggregation for offline capability. Policy-controlled session limits. Syncs when connected.

๐Ÿ“ฒ

BYOD / Shared Facility

Device enrollment binds identity to a specific phone. Re-enrollment required for device change.

What's Shipped

Production-ready โ€” deployed and running

โœ“4 biometric signals with held-out EERs โ€” iris 0.75%, voice 0.30%, palm 4.27%, ear 8.09%
โœ“Learned score-level fusion โ€” logistic regression across raw biometric scores; real-time accuracy predictions in console
โœ“Auth broker with Entra ID โ€” QR โ†’ mobile โ†’ verify โ†’ JWT; /validate, /introspect, /.well-known
โœ“Shamir 3-of-3 key disaggregation โ€” key verified at broker token exchange; bound to device Keychain/Keystore
โœ“Admin console โ€” console.biotonebiometrics.com โ€” users, sessions, config, deployment, audit
โœ“Self-hosted nodes โ€” Docker Compose + install script; heartbeat monitoring; 2 live Azure VMs
โœ“Verification policy API โ€” remote-configurable thresholds, weights, fusion method, liveness requirements
โœ“iOS + Android โ€” enrollment, verification, liveness, PPG; installable on test devices today
โœ“Public website + demo โ€” www.biotonebiometrics.com + demo.biotonebiometrics.com
โœ“Verification events + audit โ€” per-signal + fused scores logged; audit trail in console

Timeline from PoC to pilot is driven by customer requirements. We move at your pace.

BioTone โ€” Secure by design

BioTone

Multi-Signal Biometric Identity

Five biometrics. One smartphone. Zero specialized hardware.

Roger Ach

CEO, BioTone Corporation

Benjamin Portman

CTO, Engineering Lead

Confidential โ€” shared for evaluation purposes