Microsoft and public-sector ready
High-assurance human identity for the AI and Zero Trust era.
BioTone produces fresh, policy-consumable proof that the right human is present, alive, on the right device, and authorizing the right action.
Passkeys prove possession. Enterprises increasingly need proof of live human presence.
Agents can now initiate sensitive actions at machine speed. Human approval needs stronger proof than a session cookie.
Static sign-in is not enough for privileged activation, account recovery, wire release, or sensitive data unlock.
Banks, healthcare, government, defense, and critical infrastructure can mandate stronger assurance for high-risk workflows.
Not another biometric app. A human assurance layer.
BioTone sits beside the identity provider, endpoint manager, security graph, agent runtime, or application workflow. The customer keeps policy authority; BioTone returns signed evidence.
Canonical output
A signed assurance claim with subject, tenant, device context, modalities, score, freshness, policy result, and audit metadata. Relying parties consume the claim; raw biometric data stays out of the workflow.
Policy trigger
Entra, app, agent, file vault, or admin workflow requests proof.
BioTone session
QR, deep link, web SDK, or API starts enrollment or verification.
Live signals
Palm, iris/periocular, voice, ear, liveness, and research factors.
Assurance claim
Signed result, score, freshness, policy, and audit reference.
Enforcement
Allow, step up, deny, revoke, alert, or hold agent action.
The commercial spine is already in working form.
BioTone keeps policy with the customer and turns biometrics into security evidence.
BioTone assurance broker
Enrollment, verification, fusion policy, model registry, quality calibration, signed claim, tenant audit, API keys, and owner/admin controls.
BioTone can strengthen Entra, Intune, Microsoft Security, Security Copilot, and Azure.
Entra
High-assurance external verification for privileged identity, account recovery, regulated workflows, and sensitive step-up.
Intune
Bind biometric assurance to managed device posture: the right person on the right device at the right time.
Security graph
Feed fresh human-assurance events into Defender, Sentinel, Purview, Security Copilot, and customer policy engines.
BioAgentic protection
Verify the human behind agent delegation, override, recovery, approval, and policy-change workflows.
Azure
Customer-hosted and hybrid BioTone deployments can drive Azure infrastructure, key management, monitoring, and security attach.
No rip-and-replace
Microsoft remains the policy authority; BioTone provides signed evidence when ordinary auth is not enough.
The same assurance layer can support enterprise pilots now and SCIF-constrained R&D later.
Near-term public-sector wedge
- Customer-hosted or hybrid assurance broker for regulated workflows.
- Tenant isolation, auditability, no central BioTone biometric honeypot.
- PIV/CAC-aware roadmap, Entra/Azure alignment, and controlled deployment modes.
- Unclassified pilots before FCL-dependent classified work.
Longer-term moat
- SCIF vestibule kiosk with face/iris/palm/voice plus PIV/CAC.
- Interior continuous auth without cameras or microphones.
- mmWave, pressure floor, BCG chair, keystroke/mouse dynamics, and capacitive peripherals.
- TAA/Section 889 compliant BoM and accreditation path.
BioTone can start fast and move toward higher custody control as buyers mature.
BioTone Cloud
Hosted console/API/keystore for fast pilots, demos, SMB, and internal dogfood.
Hybrid
BioTone-hosted console with customer-hosted keystore nodes for privacy-sensitive enterprises.
Fully self-hosted
Customer-operated console, API, keystores, storage, secrets, observability, and license enforcement.
API-only
Integrator tenants consuming BioTone through API keys and SDKs without a tenant console.
Current focus: make BioTone Cloud onboarding commercially usable while preserving the architecture needed for hybrid and self-hosted enterprise deployments.
We lead with the assurance broker, then package it around workflows buyers recognize.
Workforce SSO and step-up
High-risk sign-in, PIM activation, account recovery, and sensitive application access.
AI-agent protection
Human-lent authority for delegation, override, approvals, and recovery in agentic workflows.
Transaction approval
Wire release, treasury actions, policy changes, and dual-control workflows.
Document and file unlock
Short-lived access to board packs, read rooms, sensitive files, and controlled datasets.
Developer API
Palm and periocular verification today; voice, ear, quality, and PAD as demand matures.
Government R&D
Vestibule kiosk and sensor-constrained interior continuous auth as the long-term moat.
Use the best production-like EERs, then explain what fusion buys.
Voice EER
D′, 3-utterance adaptive enrolment. VoxCeleb1-O, 40 unseen speakers.
Iris EER
Protocol C, 3-frame enrolment. UBIRIS v2 + UTIRIS-VIS, 64 unseen subjects.
Palm EER
Protocol C, 3-frame enrolment. palm-embed-v2 quad-warp ensemble.
Ear EER
Protocol C, 3-frame enrolment. UERC2023-test, 131 unseen subjects.
Combined false accept probability ≈ 5.2 × 10⁻⁸ if all four factors must pass.
≥3/4 majority, combined FAR 0.000222% (~1 in 450k).
For treasury / privileged workflows. Combined FAR 0.000024%.
Rare high-risk events. Combined FAR 0.0000043%.
Field validation remains the next proof step: tester distribution, clean physical-subject IDs, PII vault controls, model cards, confidence intervals, and quality calibration.
The old "Vault then Gate then Pulse" sequence is replaced by pilot readiness.
Hosted pilot readiness
First-admin invite, tenant onboarding, assurance contract, owner audit, browser/mobile QA, Microsoft validation package.
Design partners
Microsoft path, banking/treasury or healthcare workflow, API-only integrator, field capture evidence, support runbooks.
Repeatable product
Plan/subscription state, tenant export, Key Vault, Azure Monitor, SDK polish, model cards, live billing when pulled.
Scale and moat
SOC 2 readiness, enterprise pilots, hybrid keystores, self-hosted licensing, government R&D, FCL/SBIR/advisory runway.
A focused 30-day sprint can show whether BioTone belongs in the platform stack.
Pick use case
Entra step-up, PIM, Intune-bound access, agent approval, or Azure-hosted customer deployment.
Define contract
Assurance claim fields, freshness, policy result, audit event, and relying-party validation.
Run demo path
Policy trigger to BioTone verification to signed result to enforcement or audit decision.
Review risk
Privacy, biometric custody, tenant isolation, security controls, and support/recovery model.
Name next owner
Identify technical sponsor, success criteria, customer/pilot path, and integration lane.
We should win trust by being precise about maturity.
Already real
- Auth broker and mobile verification demo path.
- Tenant-scoped console and owner admin surfaces.
- Developer API private beta for palm/periocular.
- Disaggregated key proof and PII vault controls.
- Azure-hosted platform and deployment-mode roadmap.
Still needs proof
- Field biometric performance and model cards.
- Hosted tenant onboarding as a tested workflow.
- Owner audit, operational alerts, backup/restore, and support-safe views.
- Customer-grade mobile pairing and recovery.
- Government hardware sourcing, PIV/CAC, FCL, and accreditation.
Help us pick the first place where fresh human assurance matters most.
Use case
Which workflow should BioTone validate first: privileged identity, device-bound access, agent approval, account recovery, sensitive data unlock, or controlled facility access?
Integration owner
Who should own the next technical conversation: identity, endpoint, security operations, AI/security copilot, Azure, public-sector innovation, or a joint sponsor?
Proof criteria
What evidence would make BioTone credible in 30-60 days: architecture review, live demo, privacy review, field data, tenant isolation, or customer-hosted deployment?
Identity should belong to the person, not the database.
BioTone is building the assurance layer that proves the right human is present for the decisions that actually matter.