pith. sign in

arxiv: 2605.16908 · v1 · pith:PHLOFSA2new · submitted 2026-05-16 · 💻 cs.ET · cs.CR· cs.CV

BIDO: A Biometric Identity Online Authentication Framework

Aditya Mithra , Sibi Chakkaravarthy S , Srinivas Kankanala This is my paper

Pith reviewed 2026-05-19 19:10 UTC · model grok-4.3

classification 💻 cs.ET cs.CRcs.CV
keywords biometric authenticationECDSAWebAuthnFIDO2facial recognitionNIST AAL2key derivationnon-stored templates
0
0 comments X p. Extension
pith:PHLOFSA2 Add to your LaTeX paper What is a Pith Number? 
\usepackage{pith}
\pithnumber{PHLOFSA2}

Prints a linked pith:PHLOFSA2 badge after your title and writes the identifier into PDF metadata. Compiles on arXiv with no extra files. Learn more

The pith

BIDO generates ECDSA keys on demand from a live face scan salted with a memorized secret to achieve AAL2 authentication without storing any biometric templates or PII.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper proposes a framework called BIDO for online authentication that uses facial biometrics in a way that avoids the usual security risks of storing sensitive data. It derives cryptographic keys each time from a current biometric reading combined with a user-chosen secret, then uses those keys for signing and discards them immediately. This approach aims to meet strict NIST standards for authenticator assurance while working on standard devices with cameras and integrating with existing WebAuthn systems. If successful, it could allow secure logins without passwords, tokens, or centralized biometric databases.

Core claim

BIDO achieves Authenticator Assurance Level 2 per NIST SP 800-63B by deriving ECDSA key material deterministically from a live biometric measurement salted with a user-defined memorized secret at every authentication event. A multi-stage pipeline extracts facial landmarks, aligns the face, gates for frontality, quantizes distances with q=8, stabilizes inter-session drift, and binds via majority-voting SHA-256 to create a transient Verification Seed from which the WebAuthn credential is derived and then zeroized. This produces non-discoverable credentials compatible with FIDO2 services, with reported verification accuracy of 99.51% on LFW and cryptographic FAR of 0.03%.

What carries the argument

The Verification Seed (Vseed), produced by the multi-stage facial processing pipeline including Dlib landmark extraction, affine alignment, Euclidean distance quantization, drift stabilization, and SHA-256 binding, which serves as the basis for transiently deriving the ECDSA private key when combined with the memorized secret.

If this is right

  • Authentication can occur from any device with a camera without needing to carry hardware tokens or smart cards.
  • Server-side changes are not required since the credentials are standard non-resident WebAuthn ones.
  • Biometric data remains non-stored and non-discoverable, reducing breach risks compared to traditional template storage.
  • The system reports low error rates suitable for cryptographic use, with FAR at 0.03% and FRR at 0.90%.
  • Key material is generated and destroyed after each use, eliminating persistent private-key storage.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • If the drift stabilization holds across varied conditions, the method could support authentication in mobile scenarios with changing cameras.
  • Combining the biometric with a memorized secret adds a knowledge factor, potentially strengthening it beyond pure biometrics.
  • Adapting the pipeline to other modalities like voice could broaden the framework to multi-biometric use.
  • Success here might encourage similar on-the-fly key derivation in other privacy-sensitive authentication contexts.

Load-bearing premise

The multi-stage processing pipeline produces a Verification Seed that remains stable enough across different sessions and devices to maintain the low false accept and reject rates without being guessable or discoverable.

What would settle it

Demonstrating a significantly higher false reject rate when performing authentication on a different camera or after a delay between enrollment and verification sessions would indicate that the inter-session drift stabilization does not hold as required.

Figures

Figures reproduced from arXiv: 2605.16908 by Aditya Mithra, Sibi Chakkaravarthy S, Srinivas Kankanala.

Figure 1
Figure 1. Figure 1: BIDO Enrollment / Registration Flow (device-free: no hardware token required on the user side). Right panel: biometric front-end (Initial Capture → Scaling → Feature Extraction → Vectorization → Quantization → Stabilization → SHA-256 ×200 → henroll (majority-vote hash used to seed ECDSA); Vconst is the fixed string signed to form CredID). Left panel: cryptographic layer (ECDSA Keygen → PrivKey/PubKey → Cre… view at source ↗
Figure 2
Figure 2. Figure 2: BIDO Authentication Flow (device-free, zero-trust: any sensor terminal serves as the authentication endpoint; no persistent private key, template, or secret exists on the terminal between sessions). Right panel: biometric front-end re-executed frame-by-frame until ECDSA verification of the signed Vconst succeeds. Left panel: on Verify Success the RP challenge is signed and the Assertion returned; on Verify… view at source ↗
read the original abstract

Security systems demand continuous, cryptograph- ically robust identity verification without requiring subjects to carry physical tokens, smart cards, or dedicated hardware authenticators. This paper presents BIDO (Biometric Identity Online), a device-free authentication standard that achieves Au- thenticator Assurance Level 2 (AAL2) per NIST SP 800-63B with- out storing long-lived biometric templates, facial images, or any other form of Personally Identifiable Information (PII). BIDO derives Elliptic Curve Digital Signature Algorithm (ECDSA) key material deterministically from a live biometric measurement salted with a user-defined memorized secret at every authen- tication event, eliminating persistent private-key storage while enabling verification from any commodity sensor terminal. The generated credentials are non-discoverable (non-resident) Web Authentication (WebAuthn) credentials, fully compatible with all FIDO2-enabled websites and services without modification on the server side. A multi-stage pipeline, comprising capture of 200 valid biometric samples, feature extraction using the Dlib 68- point facial landmark predictor, affine face alignment, frontality gating, Euclidean distance computation from the inter-eye mid- point, floor-division quantization with divisor q = 8, inter-session drift stabilization, and majority-voting SHA-256 hash binding, produces a Verification Seed (Vseed) from which the WebAuthn credential is transiently derived and immediately zeroized after signing. Evaluated against three prominent face benchmarks (VGGFace2, LFW, and MegaFace), achieving 99.51% verification accuracy on LFW and 92.14% Rank-1 identification accuracy on MegaFace Challenge 1 at 10^6 distractors, with a cryptographic False Accept Rate (FAR) of 0.03%, a False Reject Rate (FRR) of 0.90%.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

4 major / 2 minor

Summary. This paper introduces BIDO, a biometric identity online authentication framework designed to achieve Authenticator Assurance Level 2 (AAL2) according to NIST SP 800-63B. It does so by deriving ECDSA key material deterministically from live facial biometric measurements combined with a user-defined memorized secret at each authentication event, without storing any long-lived biometric templates, facial images, or PII. The system employs a pipeline including capture of 200 samples, Dlib 68-point landmark extraction, affine alignment, frontality gating, Euclidean distance quantization with q=8, inter-session drift stabilization, and majority-voting SHA-256 to generate a Verification Seed (Vseed) for transient WebAuthn credential creation. Evaluations on VGGFace2, LFW, and MegaFace benchmarks report 99.51% verification accuracy on LFW and 92.14% Rank-1 identification on MegaFace, alongside cryptographic FAR of 0.03% and FRR of 0.90%.

Significance. Should the reproducibility of the Verification Seed be empirically validated with appropriate bounds and the security properties formally analyzed, this work could offer a significant advancement in passwordless and token-free authentication for web services. It leverages existing FIDO2 infrastructure for broad compatibility and addresses privacy concerns by avoiding persistent storage of sensitive data. The approach has potential implications for accessible authentication on commodity devices.

major comments (4)
  1. The central claim of achieving AAL2 without storing templates rests on the stability of the derived Vseed, yet the abstract mentions inter-session drift stabilization without providing the algorithm details, mathematical formulation, or any quantitative bounds on cross-session or cross-device consistency.
  2. The reported cryptographic FAR of 0.03% and FRR of 0.90% are presented without accompanying error-bar analysis, adversarial testing details, or explicit verification that the multi-stage pipeline (including q=8 quantization) maintains bit-exact Vseed matches under realistic capture variations.
  3. While face recognition accuracies are given for LFW (99.51%) and MegaFace (92.14% Rank-1), these metrics do not directly assess the bit-exact reproducibility of the quantized Verification Seed required for deterministic ECDSA key derivation, leaving the cryptographic performance claims unsupported by the cited benchmarks.
  4. No explicit mapping or compliance verification is provided for all NIST SP 800-63B AAL2 requirements, such as specific authenticator security properties or threat mitigations, despite the assertion of meeting the standard.
minor comments (2)
  1. There is a line break in 'cryptograph- ically' that should be corrected for readability.
  2. The notation for the Verification Seed (Vseed) and its derivation steps could be formalized with equations or pseudocode for clarity.

Simulated Author's Rebuttal

4 responses · 0 unresolved

We thank the referee for the thorough and constructive review. The comments highlight important areas for clarification and strengthening, particularly regarding reproducibility, security analysis, and compliance details. We address each major comment below and will incorporate revisions to improve the manuscript.

read point-by-point responses

  1. Referee: The central claim of achieving AAL2 without storing templates rests on the stability of the derived Vseed, yet the abstract mentions inter-session drift stabilization without providing the algorithm details, mathematical formulation, or any quantitative bounds on cross-session or cross-device consistency.

    Authors: We agree that explicit details on inter-session drift stabilization are necessary to substantiate the central claims. The current manuscript provides only a high-level description of this component within the pipeline. In the revision, we will add a dedicated subsection with the full algorithm (including the mathematical formulation for drift correction via session-specific affine adjustments and majority voting thresholds), along with quantitative bounds derived from additional cross-session and cross-device experiments on the LFW and VGGFace2 datasets. revision: yes

  2. Referee: The reported cryptographic FAR of 0.03% and FRR of 0.90% are presented without accompanying error-bar analysis, adversarial testing details, or explicit verification that the multi-stage pipeline (including q=8 quantization) maintains bit-exact Vseed matches under realistic capture variations.

    Authors: The reported FAR and FRR were obtained from direct bit-exact Vseed comparisons across the benchmark evaluations. We acknowledge the absence of error bars and detailed adversarial analysis in the current version. The revised manuscript will include bootstrap-derived error bars, expanded adversarial testing (simulating lighting, pose, and device variations), and explicit verification that the q=8 quantization step preserves bit-exact reproducibility under the tested capture conditions. revision: yes

  3. Referee: While face recognition accuracies are given for LFW (99.51%) and MegaFace (92.14% Rank-1), these metrics do not directly assess the bit-exact reproducibility of the quantized Verification Seed required for deterministic ECDSA key derivation, leaving the cryptographic performance claims unsupported by the cited benchmarks.

    Authors: We recognize that standard face recognition metrics provide only an indirect proxy for Vseed reproducibility. To directly support the cryptographic claims, the revision will add a new evaluation subsection reporting the measured bit-exact Vseed match rates across sessions, explicitly linking these rates to the deterministic ECDSA key derivation process and showing how the full pipeline (including quantization and stabilization) achieves the stated FAR/FRR. revision: yes

  4. Referee: No explicit mapping or compliance verification is provided for all NIST SP 800-63B AAL2 requirements, such as specific authenticator security properties or threat mitigations, despite the assertion of meeting the standard.

    Authors: The manuscript asserts AAL2 compliance based on the transient, non-resident credential design and absence of stored templates. We will add an explicit compliance mapping table in the revision that enumerates each relevant NIST SP 800-63B AAL2 requirement, the corresponding BIDO mechanism (e.g., live biometric derivation for replay resistance), and the addressed threat mitigations. revision: yes

Circularity Check

0 steps flagged

No significant circularity; derivation is self-contained method description

full rationale

The paper describes a multi-stage biometric-to-Vseed pipeline (Dlib landmarks, affine alignment, frontality gating, q=8 quantization, drift stabilization, majority-vote SHA-256) that produces a transient ECDSA key from live capture plus memorized secret. Reported accuracies (99.51% LFW verification, 92.14% MegaFace Rank-1) and cryptographic rates (FAR 0.03%, FRR 0.90%) are presented as evaluation outcomes on public benchmarks rather than predictions derived from fitted parameters by construction. No equations, self-citations, or uniqueness theorems are invoked that reduce the central claim to its own inputs. The derivation chain from measurement to credential is algorithmic and externally falsifiable via the stated pipeline steps and benchmark results; parameters such as q=8 are design choices whose effect on FRR is measurable but not tautological.

Axiom & Free-Parameter Ledger

2 free parameters · 1 axioms · 1 invented entities

The framework depends on several empirically chosen parameters and a domain assumption about biometric stability that are not derived from first principles or external benchmarks in the abstract.

free parameters (2)
  • quantization divisor q = 8
    Floor-division quantization applied to Euclidean distances from the inter-eye midpoint.
  • number of valid biometric samples = 200
    Capture count required by the multi-stage pipeline before feature extraction and hashing.
axioms (1)
  • domain assumption Live facial landmark measurements remain sufficiently consistent across sessions after alignment, frontality gating, and majority-voting hash binding to support stable key derivation.
    Invoked to justify low FRR and cryptographic FAR without persistent templates.
invented entities (1)
  • Verification Seed (Vseed) no independent evidence
    purpose: Intermediate value produced by the pipeline from which the transient ECDSA WebAuthn credential is derived and then zeroized.
    Introduced as the output of the quantization and hashing stages.

pith-pipeline@v0.9.0 · 5879 in / 1612 out tokens · 50257 ms · 2026-05-19T19:10:57.055494+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

What do these tags mean?
matches
The paper's claim is directly supported by a theorem in the formal canon.
supports
The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends
The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses
The paper appears to rely on the theorem as machinery.
contradicts
The paper's claim conflicts with a theorem or certificate in the canon.
unclear
Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Reference graph

Works this paper leans on

29 extracted references · 29 canonical work pages · 1 internal anchor

  1. [1]

    FIDO2: Web Authentication Specification,

    FIDO Alliance, “FIDO2: Web Authentication Specification,” W3C Recommendation, 2019. [Online]. Available: https: //www.w3.org/TR/webauthn-2/

    work page 2019

  2. [2]

    FIDO UAF Architectural Overview,

    FIDO Alliance, “FIDO UAF Architectural Overview,” FIDO Alliance Specification v1.2, 2017. [Online]. Available: https: //fidoalliance.org/specs/fido-uaf-v1.2-ps-20201012/fido-uaf-overview-v1.2-ps-20201012.html

    work page 2017

  3. [3]

    FIDO U2F Overview,

    FIDO Alliance, “FIDO U2F Overview,” FIDO Alliance Specification v1.2, 2017. [Online]. Available: https://fidoalliance. org/specs/fido-u2f-v1.2-ps-20170411/fido-u2f-overview-v1.2-ps-20170411.html

    work page 2017

  4. [4]

    On enabling secure applications through off-line biometric identification,

    G. Davida, Y . Frankel, and B. Matt, “On enabling secure applications through off-line biometric identification,” inProc. IEEE Symp. Security Privacy, 1998, pp. 148–157

    work page 1998

  5. [5]

    A fuzzy commitment scheme,

    A. Juels and M. Wattenberg, “A fuzzy commitment scheme,” inProc. ACM Conf. Comput. Commun. Security, 1999, pp. 28–36

    work page 1999

  6. [6]

    A fuzzy vault scheme,

    A. Juels and M. Sudan, “A fuzzy vault scheme,”Designs, Codes Cryptography, vol. 38, no. 2, pp. 237–257, 2006

    work page 2006

  7. [7]

    Enhancing security and privacy in biometrics-based authentication systems,

    N. K. Ratha, J. H. Connell, and R. M. Bolle, “Enhancing security and privacy in biometrics-based authentication systems,” IBM Syst. J., vol. 40, no. 3, pp. 614–634, 2001

    work page 2001

  8. [8]

    ArcFace: Additive angular margin loss for deep face recognition,

    J. Deng, J. Guo, N. Xue, and S. Zafeiriou, “ArcFace: Additive angular margin loss for deep face recognition,” inProc. IEEE/CVF CVPR, 2019, pp. 4685–4694

    work page 2019

  9. [9]

    FaceNet: A unified embedding for face recognition and clustering,

    F. Schroff, D. Kalenichenko, and J. Philbin, “FaceNet: A unified embedding for face recognition and clustering,” inProc. IEEE/CVF CVPR, 2015, pp. 815–823

    work page 2015

  10. [10]

    Multimedia surveillance systems,

    R. Cucchiara, “Multimedia surveillance systems,” inProc. ACM Workshop Video Surveillance Sensor Netw., 2005, pp. 3–10

    work page 2005

  11. [11]

    Biometrics: A tool for information security,

    A. K. Jain, A. Ross, and S. Pankanti, “Biometrics: A tool for information security,”IEEE Trans. Inf. Forensics Security, vol. 1, no. 2, pp. 125–143, Jun. 2006

    work page 2006

  12. [12]

    Privacy-enhancing face biometrics: A comprehensive survey,

    O. Meden, P. Peer, and V . ˇStruc, “Privacy-enhancing face biometrics: A comprehensive survey,”IEEE Trans. Inf. Forensics Security, vol. 16, pp. 4147–4183, 2021

    work page 2021

  13. [13]

    ArcFace,

    J. Deng, J. Guo, N. Xue, and S. Zafeiriou, “ArcFace,”IEEE Trans. Pattern Anal. Mach. Intell., vol. 44, no. 10, pp. 5962– 5980, 2022

    work page 2022

  14. [14]

    VGGFace2: A dataset for recognising faces across pose and age,

    Q. Cao, L. Shen, W. Xie, O. M. Parkhi, and A. Zisserman, “VGGFace2: A dataset for recognising faces across pose and age,” inProc. IEEE FG, 2018, pp. 67–74

    work page 2018

  15. [15]

    Labeled Faces in the Wild: A database for studying face recognition in unconstrained environments,

    G. B. Huang, M. Ramesh, T. Berg, and E. Learned-Miller, “Labeled Faces in the Wild: A database for studying face recognition in unconstrained environments,” Univ. Massachusetts Amherst, Tech. Rep. 07-49, 2007

    work page 2007

  16. [16]

    The MegaFace benchmark: 1 million faces for recognition at scale,

    I. Kemelmacher-Shlizerman, S. M. Seitz, D. Miller, and E. Brossard, “The MegaFace benchmark: 1 million faces for recognition at scale,” inProc. IEEE/CVF CVPR, 2016, pp. 4873–4882

    work page 2016

  17. [17]

    A data-driven approach to cleaning large face datasets,

    H.-W. Ng and S. Winkler, “A data-driven approach to cleaning large face datasets,” inProc. IEEE ICIP, 2014, pp. 343–347

    work page 2014

  18. [18]

    DeepFace: Closing the gap to human-level performance in face verification,

    Y . Taigman, M. Yang, M. Ranzato, and L. Wolf, “DeepFace: Closing the gap to human-level performance in face verification,” inProc. IEEE/CVF CVPR, 2014, pp. 1701–1708

    work page 2014

  19. [19]

    Deep face recognition,

    O. M. Parkhi, A. Vedaldi, and A. Zisserman, “Deep face recognition,” inProc. BMVC, vol. 1, 2015, p. 6

    work page 2015

  20. [20]

    FIDO UX Guidelines,

    FIDO Alliance, “FIDO UX Guidelines,” FIDO Alliance White Paper, 2017. [Online]. Available: https://fidoalliance.org/ white-paper-fido-ux-guidelines/ 15 BIDO: A Biometric Identity Online Authentication FrameworkA PREPRINT

    work page 2017

  21. [21]

    MS-Celeb-1M: A dataset and benchmark for large-scale face recognition,

    Y . Guo, L. Zhang, Y . Hu, X. He, and J. Gao, “MS-Celeb-1M: A dataset and benchmark for large-scale face recognition,” inProc. ECCV, 2016, pp. 87–102

    work page 2016

  22. [22]

    WebFace260M: A benchmark for million-scale face recognition,

    Z. Zhu et al., “WebFace260M: A benchmark for million-scale face recognition,” inProc. IEEE/CVF CVPR, 2021, pp. 10492–10502

    work page 2021

  23. [23]

    NIST Special Publication 800-63B: Digital Identity Guidelines: Authentication and Lifecycle Management,

    P. A. Grassi, M. E. Garcia, and J. L. Fenton, “NIST Special Publication 800-63B: Digital Identity Guidelines: Authentication and Lifecycle Management,” National Institute of Standards and Technology, Gaithersburg, MD, 2017. [Online]. Available: https://doi.org/10.6028/NIST.SP.800-63b

    work page doi:10.6028/nist.sp.800-63b 2017

  24. [24]

    BlazeFace: Sub-millisecond Neural Face Detection on Mobile GPUs

    V . Bazarevsky, Y . Kartynnik, A. Vakunov, K. Raveendran, and M. Grundmann, “BlazeFace: Sub-millisecond neural face detection on mobile GPUs,”arXiv preprint arXiv:1907.05047, 2019; see also I. Grishchenko, A. Ablavatski, Y . Kartynnik, K. Raveendran, and M. Grundmann, “Attention mesh: High-fidelity face mesh prediction in real-time,”arXiv preprint arXiv:2...

    work page internal anchor Pith review Pith/arXiv arXiv 1907

  25. [25]

    Face liveness detection from a single image with sparse low rank bilinear discriminative model,

    X. Tan, Y . Li, J. Liu, and L. Jiang, “Face liveness detection from a single image with sparse low rank bilinear discriminative model,” inProc. ECCV, 2010, pp. 504–517

    work page 2010

  26. [26]

    Multi-adversarial discriminative deep domain generalization for face presentation attack detection,

    R. Shao, X. Lan, J. Li, and P. C. Yuen, “Multi-adversarial discriminative deep domain generalization for face presentation attack detection,” inProc. IEEE/CVF CVPR, 2019, pp. 10023–10031

    work page 2019

  27. [27]

    Dlib-ml: A machine learning toolkit,

    D. E. King, “Dlib-ml: A machine learning toolkit,”J. Mach. Learn. Res., vol. 10, pp. 1755–1758, 2009

    work page 2009

  28. [28]

    The OpenCV library,

    G. Bradski, “The OpenCV library,”Dr. Dobb’s Journal of Software Tools, vol. 25, no. 11, pp. 120–125, 2000. [Online]. Available: https://opencv.org

    work page 2000

  29. [29]

    Digital Personal Data Protection Act, 2023

    Government of India, “Digital Personal Data Protection Act, 2023.” [Online]. Available: https://www.meity.gov.in/static/ uploads/2024/06/2bf1f0e9f04e6fb4f8fef35e82c42aa5.pdf. Accessed: Apr. 15, 2026. 16

    work page 2023