{"record_type":"pith_number_record","schema_url":"https://pith.science/schemas/pith-number/v1.json","pith_number":"pith:2026:PHLOFSA2SUTRDQLZEYUNKTSTGN","short_pith_number":"pith:PHLOFSA2","schema_version":"1.0","canonical_sha256":"79d6e2c81a952711c1792628d54e53334a533d1c90ff7fc53dd97df37531615f","source":{"kind":"arxiv","id":"2605.16908","version":1},"attestation_state":"computed","paper":{"title":"BIDO: A Biometric Identity Online Authentication Framework","license":"http://creativecommons.org/licenses/by-nc-nd/4.0/","headline":"BIDO generates ECDSA keys on demand from a live face scan salted with a memorized secret to achieve AAL2 authentication without storing any biometric templates or PII.","cross_cats":["cs.CR","cs.CV"],"primary_cat":"cs.ET","authors_text":"Aditya Mithra, Sibi Chakkaravarthy S, Srinivas Kankanala","submitted_at":"2026-05-16T09:49:10Z","abstract_excerpt":"Security systems demand continuous, cryptograph- ically robust identity verification without requiring subjects to carry physical tokens, smart cards, or dedicated hardware authenticators. This paper presents BIDO (Biometric Identity Online), a device-free authentication standard that achieves Au- thenticator Assurance Level 2 (AAL2) per NIST SP 800-63B with- out storing long-lived biometric templates, facial images, or any other form of Personally Identifiable Information (PII). BIDO derives Elliptic Curve Digital Signature Algorithm (ECDSA) key material deterministically from a live biometri"},"verification_status":{"content_addressed":true,"pith_receipt":true,"author_attested":false,"weak_author_claims":0,"strong_author_claims":0,"externally_anchored":false,"storage_verified":false,"citation_signatures":0,"replication_records":0,"graph_snapshot":true,"references_resolved":true,"formal_links_present":true},"canonical_record":{"source":{"id":"2605.16908","kind":"arxiv","version":1},"metadata":{"license":"http://creativecommons.org/licenses/by-nc-nd/4.0/","primary_cat":"cs.ET","submitted_at":"2026-05-16T09:49:10Z","cross_cats_sorted":["cs.CR","cs.CV"],"title_canon_sha256":"5a123f3fb0143ec0df2dbc879e315c6f8e37bf19f87cefed2211ee1e30ad548e","abstract_canon_sha256":"4f6f393c6d47c7dc46797ef9e101cae98476028c6c683924b1c7a735c16fe45a"},"schema_version":"1.0"},"receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-20T00:03:29.566953Z","signature_b64":"tjcHTK5muUIFBqaM5UCPZ47+mfdNEI+PMW6fy7h0Mo7PGsNH/66Yyb7NGBkAYqv+4zqxJrzizS8g+0RXe0SrCw==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"79d6e2c81a952711c1792628d54e53334a533d1c90ff7fc53dd97df37531615f","last_reissued_at":"2026-05-20T00:03:29.566034Z","signature_status":"signed_v1","first_computed_at":"2026-05-20T00:03:29.566034Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"graph_snapshot":{"paper":{"title":"BIDO: A Biometric Identity Online Authentication Framework","license":"http://creativecommons.org/licenses/by-nc-nd/4.0/","headline":"BIDO generates ECDSA keys on demand from a live face scan salted with a memorized secret to achieve AAL2 authentication without storing any biometric templates or PII.","cross_cats":["cs.CR","cs.CV"],"primary_cat":"cs.ET","authors_text":"Aditya Mithra, Sibi Chakkaravarthy S, Srinivas Kankanala","submitted_at":"2026-05-16T09:49:10Z","abstract_excerpt":"Security systems demand continuous, cryptograph- ically robust identity verification without requiring subjects to carry physical tokens, smart cards, or dedicated hardware authenticators. This paper presents BIDO (Biometric Identity Online), a device-free authentication standard that achieves Au- thenticator Assurance Level 2 (AAL2) per NIST SP 800-63B with- out storing long-lived biometric templates, facial images, or any other form of Personally Identifiable Information (PII). BIDO derives Elliptic Curve Digital Signature Algorithm (ECDSA) key material deterministically from a live biometri"},"claims":{"count":4,"items":[{"kind":"strongest_claim","text":"BIDO achieves Authenticator Assurance Level 2 (AAL2) per NIST SP 800-63B without storing long-lived biometric templates, facial images, or any PII by deriving ECDSA key material deterministically from a live biometric measurement salted with a user-defined memorized secret at every authentication event.","source":"verdict.strongest_claim","status":"machine_extracted","claim_id":"C1","attestation":"unclaimed"},{"kind":"weakest_assumption","text":"The multi-stage pipeline (Dlib landmark extraction, affine alignment, frontality gating, Euclidean distance quantization with q=8, inter-session drift stabilization, and majority-voting SHA-256 binding) produces a Verification Seed stable enough across sessions and devices to keep cryptographic FAR at 0.03% and FRR at 0.90% while remaining non-discoverable; the abstract provides no explicit mechanism or proof for the drift stabilization step.","source":"verdict.weakest_assumption","status":"machine_extracted","claim_id":"C2","attestation":"unclaimed"},{"kind":"one_line_summary","text":"BIDO derives transient ECDSA keys from live facial biometrics salted with a memorized secret to produce non-resident WebAuthn credentials, achieving 99.51% verification accuracy on LFW without storing templates or PII.","source":"verdict.one_line_summary","status":"machine_extracted","claim_id":"C3","attestation":"unclaimed"},{"kind":"headline","text":"BIDO generates ECDSA keys on demand from a live face scan salted with a memorized secret to achieve AAL2 authentication without storing any biometric templates or PII.","source":"verdict.pith_extraction.headline","status":"machine_extracted","claim_id":"C4","attestation":"unclaimed"}],"snapshot_sha256":"f32bd4a16674fa2f1989c2612a6b969cd652d8ee25f2ab58bb7ee61cfa3462fb"},"source":{"id":"2605.16908","kind":"arxiv","version":1},"verdict":{"id":"590bfb4c-e1fe-49bc-91fb-a639719d1c06","model_set":{"reader":"grok-4.3"},"created_at":"2026-05-19T19:10:57.055494Z","strongest_claim":"BIDO achieves Authenticator Assurance Level 2 (AAL2) per NIST SP 800-63B without storing long-lived biometric templates, facial images, or any PII by deriving ECDSA key material deterministically from a live biometric measurement salted with a user-defined memorized secret at every authentication event.","one_line_summary":"BIDO derives transient ECDSA keys from live facial biometrics salted with a memorized secret to produce non-resident WebAuthn credentials, achieving 99.51% verification accuracy on LFW without storing templates or PII.","pipeline_version":"pith-pipeline@v0.9.0","weakest_assumption":"The multi-stage pipeline (Dlib landmark extraction, affine alignment, frontality gating, Euclidean distance quantization with q=8, inter-session drift stabilization, and majority-voting SHA-256 binding) produces a Verification Seed stable enough across sessions and devices to keep cryptographic FAR at 0.03% and FRR at 0.90% while remaining non-discoverable; the abstract provides no explicit mechanism or proof for the drift stabilization step.","pith_extraction_headline":"BIDO generates ECDSA keys on demand from a live face scan salted with a memorized secret to achieve AAL2 authentication without storing any biometric templates or PII."},"integrity":{"clean":true,"summary":{"advisory":0,"critical":0,"by_detector":{},"informational":0},"endpoint":"/pith/2605.16908/integrity.json","findings":[],"available":true,"detectors_run":[{"name":"cited_work_retraction","ran_at":"2026-05-19T20:52:03.919401Z","status":"completed","version":"1.0.0","findings_count":0},{"name":"doi_title_agreement","ran_at":"2026-05-19T19:31:18.939547Z","status":"completed","version":"1.0.0","findings_count":0},{"name":"doi_compliance","ran_at":"2026-05-19T19:20:47.923191Z","status":"completed","version":"1.0.0","findings_count":0},{"name":"claim_evidence","ran_at":"2026-05-19T18:41:56.271409Z","status":"completed","version":"1.0.0","findings_count":0},{"name":"ai_meta_artifact","ran_at":"2026-05-19T18:33:26.351035Z","status":"skipped","version":"1.0.0","findings_count":0}],"snapshot_sha256":"75b600e9d705ca318aca29abe4e7e4ce31d491dbf644c3d4c6118d89202cfd3f"},"references":{"count":29,"sample":[{"doi":"","year":2019,"title":"FIDO2: Web Authentication Specification,","work_id":"51e43bf4-4316-429f-afc7-8eb255aa8e55","ref_index":1,"cited_arxiv_id":"","is_internal_anchor":false},{"doi":"","year":2017,"title":"FIDO UAF Architectural Overview,","work_id":"a89f2e53-3100-4841-886a-e3538cb76a20","ref_index":2,"cited_arxiv_id":"","is_internal_anchor":false},{"doi":"","year":2017,"title":"FIDO Alliance, “FIDO U2F Overview,” FIDO Alliance Specification v1.2, 2017. [Online]. Available: https://fidoalliance. org/specs/fido-u2f-v1.2-ps-20170411/fido-u2f-overview-v1.2-ps-20170411.html","work_id":"c6a2247b-3675-4e3d-9483-0e1eabcc90ba","ref_index":3,"cited_arxiv_id":"","is_internal_anchor":false},{"doi":"","year":1998,"title":"On enabling secure applications through off-line biometric identification,","work_id":"5c3ee70b-6c49-4d89-876d-cf97a5194974","ref_index":4,"cited_arxiv_id":"","is_internal_anchor":false},{"doi":"","year":1999,"title":"A fuzzy commitment scheme,","work_id":"26922395-2499-4bfa-90f7-bb000d35098c","ref_index":5,"cited_arxiv_id":"","is_internal_anchor":false}],"resolved_work":29,"snapshot_sha256":"4da3f1fdba114a640ac8dab8aefdcbf9e69e8492f60ef5de21b830b334490e74","internal_anchors":1},"formal_canon":{"evidence_count":1,"snapshot_sha256":"6a0a3fab0e5ebcf0cd54291caeee9fe633aa0a692f981b9c816f86fdc27bc82b"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"aliases":[{"alias_kind":"arxiv","alias_value":"2605.16908","created_at":"2026-05-20T00:03:29.566155+00:00"},{"alias_kind":"arxiv_version","alias_value":"2605.16908v1","created_at":"2026-05-20T00:03:29.566155+00:00"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2605.16908","created_at":"2026-05-20T00:03:29.566155+00:00"},{"alias_kind":"pith_short_12","alias_value":"PHLOFSA2SUTR","created_at":"2026-05-20T00:03:29.566155+00:00"},{"alias_kind":"pith_short_16","alias_value":"PHLOFSA2SUTRDQLZ","created_at":"2026-05-20T00:03:29.566155+00:00"},{"alias_kind":"pith_short_8","alias_value":"PHLOFSA2","created_at":"2026-05-20T00:03:29.566155+00:00"}],"events":[],"event_summary":{},"paper_claims":[],"inbound_citations":{"count":0,"internal_anchor_count":0,"sample":[]},"formal_canon":{"evidence_count":1,"sample":[],"anchors":[]},"links":{"html":"https://pith.science/pith/PHLOFSA2SUTRDQLZEYUNKTSTGN","json":"https://pith.science/pith/PHLOFSA2SUTRDQLZEYUNKTSTGN.json","graph_json":"https://pith.science/api/pith-number/PHLOFSA2SUTRDQLZEYUNKTSTGN/graph.json","events_json":"https://pith.science/api/pith-number/PHLOFSA2SUTRDQLZEYUNKTSTGN/events.json","paper":"https://pith.science/paper/PHLOFSA2"},"agent_actions":{"view_html":"https://pith.science/pith/PHLOFSA2SUTRDQLZEYUNKTSTGN","download_json":"https://pith.science/pith/PHLOFSA2SUTRDQLZEYUNKTSTGN.json","view_paper":"https://pith.science/paper/PHLOFSA2","resolve_alias":"https://pith.science/api/pith-number/resolve?arxiv=2605.16908&json=true","fetch_graph":"https://pith.science/api/pith-number/PHLOFSA2SUTRDQLZEYUNKTSTGN/graph.json","fetch_events":"https://pith.science/api/pith-number/PHLOFSA2SUTRDQLZEYUNKTSTGN/events.json","actions":{"anchor_timestamp":"https://pith.science/pith/PHLOFSA2SUTRDQLZEYUNKTSTGN/action/timestamp_anchor","attest_storage":"https://pith.science/pith/PHLOFSA2SUTRDQLZEYUNKTSTGN/action/storage_attestation","attest_author":"https://pith.science/pith/PHLOFSA2SUTRDQLZEYUNKTSTGN/action/author_attestation","sign_citation":"https://pith.science/pith/PHLOFSA2SUTRDQLZEYUNKTSTGN/action/citation_signature","submit_replication":"https://pith.science/pith/PHLOFSA2SUTRDQLZEYUNKTSTGN/action/replication_record"}},"created_at":"2026-05-20T00:03:29.566155+00:00","updated_at":"2026-05-20T00:03:29.566155+00:00"}