{"paper":{"title":"BIDO: A Biometric Identity Online Authentication Framework","license":"http://creativecommons.org/licenses/by-nc-nd/4.0/","headline":"BIDO generates ECDSA keys on demand from a live face scan salted with a memorized secret to achieve AAL2 authentication without storing any biometric templates or PII.","cross_cats":["cs.CR","cs.CV"],"primary_cat":"cs.ET","authors_text":"Aditya Mithra, Sibi Chakkaravarthy S, Srinivas Kankanala","submitted_at":"2026-05-16T09:49:10Z","abstract_excerpt":"Security systems demand continuous, cryptograph- ically robust identity verification without requiring subjects to carry physical tokens, smart cards, or dedicated hardware authenticators. This paper presents BIDO (Biometric Identity Online), a device-free authentication standard that achieves Au- thenticator Assurance Level 2 (AAL2) per NIST SP 800-63B with- out storing long-lived biometric templates, facial images, or any other form of Personally Identifiable Information (PII). BIDO derives Elliptic Curve Digital Signature Algorithm (ECDSA) key material deterministically from a live biometri"},"claims":{"count":4,"items":[{"kind":"strongest_claim","text":"BIDO achieves Authenticator Assurance Level 2 (AAL2) per NIST SP 800-63B without storing long-lived biometric templates, facial images, or any PII by deriving ECDSA key material deterministically from a live biometric measurement salted with a user-defined memorized secret at every authentication event.","source":"verdict.strongest_claim","status":"machine_extracted","claim_id":"C1","attestation":"unclaimed"},{"kind":"weakest_assumption","text":"The multi-stage pipeline (Dlib landmark extraction, affine alignment, frontality gating, Euclidean distance quantization with q=8, inter-session drift stabilization, and majority-voting SHA-256 binding) produces a Verification Seed stable enough across sessions and devices to keep cryptographic FAR at 0.03% and FRR at 0.90% while remaining non-discoverable; the abstract provides no explicit mechanism or proof for the drift stabilization step.","source":"verdict.weakest_assumption","status":"machine_extracted","claim_id":"C2","attestation":"unclaimed"},{"kind":"one_line_summary","text":"BIDO derives transient ECDSA keys from live facial biometrics salted with a memorized secret to produce non-resident WebAuthn credentials, achieving 99.51% verification accuracy on LFW without storing templates or PII.","source":"verdict.one_line_summary","status":"machine_extracted","claim_id":"C3","attestation":"unclaimed"},{"kind":"headline","text":"BIDO generates ECDSA keys on demand from a live face scan salted with a memorized secret to achieve AAL2 authentication without storing any biometric templates or PII.","source":"verdict.pith_extraction.headline","status":"machine_extracted","claim_id":"C4","attestation":"unclaimed"}],"snapshot_sha256":"f32bd4a16674fa2f1989c2612a6b969cd652d8ee25f2ab58bb7ee61cfa3462fb"},"source":{"id":"2605.16908","kind":"arxiv","version":1},"verdict":{"id":"590bfb4c-e1fe-49bc-91fb-a639719d1c06","model_set":{"reader":"grok-4.3"},"created_at":"2026-05-19T19:10:57.055494Z","strongest_claim":"BIDO achieves Authenticator Assurance Level 2 (AAL2) per NIST SP 800-63B without storing long-lived biometric templates, facial images, or any PII by deriving ECDSA key material deterministically from a live biometric measurement salted with a user-defined memorized secret at every authentication event.","one_line_summary":"BIDO derives transient ECDSA keys from live facial biometrics salted with a memorized secret to produce non-resident WebAuthn credentials, achieving 99.51% verification accuracy on LFW without storing templates or PII.","pipeline_version":"pith-pipeline@v0.9.0","weakest_assumption":"The multi-stage pipeline (Dlib landmark extraction, affine alignment, frontality gating, Euclidean distance quantization with q=8, inter-session drift stabilization, and majority-voting SHA-256 binding) produces a Verification Seed stable enough across sessions and devices to keep cryptographic FAR at 0.03% and FRR at 0.90% while remaining non-discoverable; the abstract provides no explicit mechanism or proof for the drift stabilization step.","pith_extraction_headline":"BIDO generates ECDSA keys on demand from a live face scan salted with a memorized secret to achieve AAL2 authentication without storing any biometric templates or PII."},"integrity":{"clean":true,"summary":{"advisory":0,"critical":0,"by_detector":{},"informational":0},"endpoint":"/pith/2605.16908/integrity.json","findings":[],"available":true,"detectors_run":[{"name":"cited_work_retraction","ran_at":"2026-05-19T20:52:03.919401Z","status":"completed","version":"1.0.0","findings_count":0},{"name":"doi_title_agreement","ran_at":"2026-05-19T19:31:18.939547Z","status":"completed","version":"1.0.0","findings_count":0},{"name":"doi_compliance","ran_at":"2026-05-19T19:20:47.923191Z","status":"completed","version":"1.0.0","findings_count":0},{"name":"claim_evidence","ran_at":"2026-05-19T18:41:56.271409Z","status":"completed","version":"1.0.0","findings_count":0},{"name":"ai_meta_artifact","ran_at":"2026-05-19T18:33:26.351035Z","status":"skipped","version":"1.0.0","findings_count":0}],"snapshot_sha256":"75b600e9d705ca318aca29abe4e7e4ce31d491dbf644c3d4c6118d89202cfd3f"},"references":{"count":29,"sample":[{"doi":"","year":2019,"title":"FIDO2: Web Authentication Specification,","work_id":"51e43bf4-4316-429f-afc7-8eb255aa8e55","ref_index":1,"cited_arxiv_id":"","is_internal_anchor":false},{"doi":"","year":2017,"title":"FIDO UAF Architectural Overview,","work_id":"a89f2e53-3100-4841-886a-e3538cb76a20","ref_index":2,"cited_arxiv_id":"","is_internal_anchor":false},{"doi":"","year":2017,"title":"FIDO Alliance, “FIDO U2F Overview,” FIDO Alliance Specification v1.2, 2017. [Online]. Available: https://fidoalliance. org/specs/fido-u2f-v1.2-ps-20170411/fido-u2f-overview-v1.2-ps-20170411.html","work_id":"c6a2247b-3675-4e3d-9483-0e1eabcc90ba","ref_index":3,"cited_arxiv_id":"","is_internal_anchor":false},{"doi":"","year":1998,"title":"On enabling secure applications through off-line biometric identification,","work_id":"5c3ee70b-6c49-4d89-876d-cf97a5194974","ref_index":4,"cited_arxiv_id":"","is_internal_anchor":false},{"doi":"","year":1999,"title":"A fuzzy commitment scheme,","work_id":"26922395-2499-4bfa-90f7-bb000d35098c","ref_index":5,"cited_arxiv_id":"","is_internal_anchor":false}],"resolved_work":29,"snapshot_sha256":"4da3f1fdba114a640ac8dab8aefdcbf9e69e8492f60ef5de21b830b334490e74","internal_anchors":1},"formal_canon":{"evidence_count":1,"snapshot_sha256":"6a0a3fab0e5ebcf0cd54291caeee9fe633aa0a692f981b9c816f86fdc27bc82b"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"}