Strategic briefing
Microsoft and public-sector ready

BioTone Biometrics - May 2026

High-assurance human identity for the AI and Zero Trust era.

BioTone produces fresh, policy-consumable proof that the right human is present, alive, on the right device, and authorizing the right action.

Entra / Intune fit Customer-hosted path BioAgentic protection Public-sector roadmap

02 - Why nowAuthentication is becoming an authorization problem.

The market shift

Passkeys prove possession. High-risk actions need proof that the right human is present.

$10B+

Account-takeover and synthetic-identity losses keep rising as generative tools lower attacker cost.

Agents can initiate sensitive actions at machine speed; approval now needs live human assurance.

Zero Trust

Possession is not presence. Privileged activation, recovery, and data unlock need fresh evidence.

One compromised credential or session can still approve a wire, export records, or change policy.

03 - Adversary viewWhy possession and face-only checks are not enough.

Threat model for 2026-grade attackers

BioTone forces an attacker to win across different sensors, physics, and policies.

Attack

Face-only systems

Passkeys / FIDO

BioTone

Deepfake videoGenerative face replay or swap.

Can bypassHigh-fidelity face-only liveness is the target.

Out of scopeProtects credential possession, not human likeness.

Fails closedNo matching palm, iris/periocular, ear, voice challenge, or liveness evidence.

Cloned voiceTTS from a short sample.

VariesFace stack may never see the attack.

Out of scopeVoice is not part of the decision.

ContainedTime-bound challenge plus independent visual biometrics prevents voice-only success.

Stolen deviceUnlocked device or stolen session.

Can bypassIf face or device unlock passes, policy may trust the session.

Possession onlyStrong origin binding, but not a body check.

Body-boundThe wrong person fails the live multimodal verification even on a known device.

Phishing / proxyCookie, token, or session relay.

Can bypassRelayed sessions often look legitimate downstream.

MitigatesOrigin-bound credentials reduce phishing risk.

Step-up evidenceFresh, short-lived assurance claims make sensitive actions non-replayable.

04 - Product thesisOne assurance layer, many enforcement points.

Positioning

Not another biometric app. A human assurance layer.

Single-modality KYC vendors compete on one sensor. BioTone competes on policy-consumable proof: the right human, alive, on the right device, authorizing the right action.

Canonical output

A signed assurance claim with subject, tenant, device context, modalities, score, freshness, policy result, and audit metadata. The customer keeps policy authority; raw biometric data stays out of the relying workflow.

Policy trigger

Entra, app, agent, file vault, or admin workflow requests proof.

BioTone session

QR, deep link, web SDK, or API starts enrollment or verification.

Live signals

Palm, iris/periocular, voice, ear, liveness, and research factors.

Assurance claim

Signed result, score, freshness, policy, and audit reference.

Enforcement

Allow, step up, deny, revoke, alert, or hold agent action.

05 - Current stateMore than a concept deck.

Built and deployed in the PoC/MVP spine

The commercial spine is already in working form.

BackendFastAPI on Azure Container Apps with auth broker, verification events, audit, model routes, key-share routes, PII vault routes, and owner routes.

ConsoleTenant console with dashboard, users, sessions, auth broker, audit, configuration, quality, deployment nodes, API/tokens, and tenant switching.

MobileiOS/Android PoC with enrollment, combined verification, backend sync, tenant config, TestFlight flow, and BioTone Internal pairing smoke test.

Tenant`biotone-demo` and `biotone-internal` are first-class tenants; owner platform-admin is split from customer console.

Keys3-of-3 Shamir key split across two nodes plus device share; key-verified JWT claim exists in the broker flow.

APIPrivate-beta developer API with API keys, palm/periocular enroll + verify, usage/billing scaffold, quickstart, and custom API hostname.

06 - Product flowFrom user ceremony to signed security evidence.

What a buyer can see in a demo

A guided verification ceremony produces a short-lived verdict the customer already knows how to enforce.

Start from policy

App, IdP, console, file vault, or agent requests a specific assurance level.

Hand off to BioTone

QR, deep link, web SDK, or API starts the verification session on an enrolled device.

Capture with quality gates

Palm, iris/periocular, voice, ear, and liveness checks run under tenant policy.

Fuse the evidence

Policy decides which signals are required, optional, or veto gates for the action.

Return a receipt

Relying party receives a signed, auditable claim; not a biometric template.

This is the product proof behind the strategy: a capture flow users can finish, an admin surface operators can audit, and a token/receipt developers can consume.

07 - ArchitectureCustomer control without another identity island.

How it fits into enterprise and public-sector environments

BioTone keeps policy with the customer and turns biometrics into security evidence.

Identity and policyMicrosoft Entra, Okta, Ping, PIM, Conditional Access patterns, app policy, or agent policy.

Endpoint and contextIntune/device posture, mobile tenant config, customer-hosted or BioTone-hosted deployment mode.

Applications and agentsWire approval, account recovery, file unlock, admin actions, AI-agent delegation and override.

BioTone assurance broker

Enrollment, verification, fusion policy, model registry, quality calibration, signed claim, tenant audit, API keys, and owner/admin controls.

Template custodyTenant-scoped templates, hosted logical keystores, customer-hosted node path, and disaggregated key proof.

Capture vaultEncrypted `btvault-v1` packages for research captures, owner step-up, short leases, and audit.

Security outputsAllow, deny, step up, revoke, alert, audit, or hold an agent action until the human verifies.

08 - Microsoft fitMake the assurance useful where customers already enforce policy.

For Monday's Microsoft conversation

BioTone can strengthen Entra, Intune, Microsoft Security, Security Copilot, and Azure.

Entra

High-assurance external verification for privileged identity, account recovery, regulated workflows, and sensitive step-up.

Intune

Bind biometric assurance to managed device posture: the right person on the right device at the right time.

Security graph

Feed fresh human-assurance events into Defender, Sentinel, Purview, Security Copilot, and customer policy engines.

BioAgentic protection

Verify the human behind agent delegation, override, recovery, approval, and policy-change workflows.

Azure pull-through

Customer-hosted deployments can drive Azure infrastructure, Key Vault, confidential compute, storage, monitoring, and premium security attach. Not a per-login billing story.

No rip-and-replace

Microsoft remains the policy authority; BioTone provides signed evidence when ordinary auth is not enough.

09 - Public-sector fitCommercial spine, national-security roadmap.

For In-Q-Tel and government-adjacent audiences

The same assurance layer can support enterprise pilots now and SCIF-constrained R&D later.

Near-term public-sector wedge

Customer-hosted or hybrid assurance broker for regulated workflows.
Tenant isolation, auditability, no central BioTone biometric honeypot.
PIV/CAC-aware roadmap, Entra/Azure alignment, and controlled deployment modes.
Unclassified pilots before FCL-dependent classified work.

Longer-term moat

SCIF vestibule kiosk with face/iris/palm/voice plus PIV/CAC.
Interior continuous auth without cameras or microphones.
mmWave, pressure floor, BCG chair, keystroke/mouse dynamics, and capacitive peripherals.
TAA/Section 889 compliant BoM and accreditation path.

10 - Deployment modesFit the buyer's risk posture.

One platform, four modes

BioTone can start fast and move toward higher custody control as buyers mature.

BioTone Cloud

Hosted console/API/keystore for fast pilots, demos, SMB, and internal dogfood.

Hybrid

BioTone-hosted console with customer-hosted keystore nodes for privacy-sensitive enterprises.

Fully self-hosted

Customer-operated console, API, keystores, storage, secrets, observability, and license enforcement.

API-only

Integrator tenants consuming BioTone through API keys and SDKs without a tenant console.

Current focus: onboard quickly in the deployment mode the buyer needs: BioTone Cloud for fastest pilots, or hybrid, self-hosted, and API-only paths when custody or integration requirements call for them.

11 - Product packagesThe platform is the product; packages make it buyable.

Generalized for commercial and public-sector buyers

We lead with the assurance broker, then package it around workflows buyers recognize.

Workforce SSO and step-up

High-risk sign-in, PIM activation, account recovery, and sensitive application access.

AI-agent protection

Human-lent authority for delegation, override, approvals, and recovery in agentic workflows.

Transaction approval

Wire release, treasury actions, policy changes, and dual-control workflows.

Document and file unlock

Short-lived access to board packs, read rooms, sensitive files, and controlled datasets.

Developer API

Palm and periocular verification today; voice, ear, quality, and PAD as demand matures.

Government R&D

Vestibule kiosk and sensor-constrained interior continuous auth as the long-term moat.

12 - Policy engineOne engine, every risk tier.

Turn assurance into customer policy

Low-risk login, wire release, and agent approval should not require the same proof.

Signal / control

Tier 1 - sign-in

Tier 2 - sensitive action

Tier 3 - critical approval

Device + tenant contextManaged endpoint, tenant policy, freshness, and audit.

REQ

Known device and tenant session.

REQ

Bind assurance to posture and app intent.

REQ

Require explicit action context and audit.

Core biometricsPalm, iris/periocular, voice, ear.

OPT

Optional step-up or recovery.

REQ

Majority fusion with tuned FAR/GAR profile.

REQ

Strict profile or all-factor fallback.

Liveness / challengeQuality gates, presentation, voice prompt, freshness.

OPT

Only when risk changes.

REQ

Challenge before release, export, or recovery.

REQ

Fails closed for agent delegation or wire approval.

Knowledge factorPIN, phrase, tenant challenge, or second approver.

Usually not needed.

OPT

Multiply residual biometric risk.

REQ

Use for treasury, break-glass, or admin danger zones.

13 - Evidence postureStrong lab results, honest field-gating.

What we can say responsibly

Use the best production-like EERs, then explain what fusion buys.

0.30%

Voice EER

D′, 3-utterance adaptive enrolment. VoxCeleb1-O, 40 unseen speakers.

0.75%

Iris EER

Protocol C, 3-frame enrolment. UBIRIS v2 + UTIRIS-VIS, 64 unseen subjects.

2.85%

Palm EER

Protocol C, 3-frame enrolment. palm-embed-v2 quad-warp ensemble.

6.36%

Ear EER / apparent UERC SOTA

Best documented Protocol C on UERC2023-test, using k=7 enrolment + flip-TTA. EdgeEar reports 14.3% EER.

Simple AND at EER thresholds~1 in 25M

Combined false accept probability ≈ 4.1 × 10⁻⁸ if all four factors must pass.

Balanced preset98.6% GAR

≥3/4 majority, combined FAR 0.000174% (~1 in 576k).

Strict preset97.5% GAR

For treasury / privileged workflows. Combined FAR 0.000019% (~1 in 5.3M).

Maximum preset95.5% GAR

Rare high-risk events. Combined FAR 0.0000034% (~1 in 30M).

Knowledge factor option×10²-10⁶

PIN, passphrase, or tenant challenge multiplies residual risk; a 1-in-1,000 secret makes Balanced ≈ 1 in 576M.

Field validation remains the next proof step: tester distribution, clean physical-subject IDs, PII vault controls, model cards, confidence intervals, and quality calibration.

14 - BioAgentic protectionAgents can act, but humans lend authority.

Concrete AI-era use case

Before an agent touches sensitive data or production systems, BioTone can require a verified human claim.

Agent requests action

Benchmark PII-vault data, deploy production, export customer records, publish model, or suspend tenant.

BioTone renders claim

Human sees purpose, scope, dataset/action, execution mode, TTL, and risk warning.

Human verifies

Full BioTone step-up proves the approver is present, alive, and authorized.

Scoped token issued

Agent receives only the approved short-lived authority; not a dashboard session or raw key.

Audited execution

Every use is logged as agent activity delegated by a specific verified human.

The first internal proving ground is PII-vaulted benchmark access; the same pattern generalizes to enterprise agent approvals, data unlocks, and admin danger zones.

15 - RoadmapWhat we are doing next.

Execution sequence

Roadmap to pilot readiness and enterprise scale.

Now - 30 days

Hosted pilot readiness

First-admin invite, tenant onboarding, assurance contract, owner audit, browser/mobile QA, Microsoft validation package.

30 - 90 days

Design partners

Microsoft path, banking/treasury or healthcare workflow, API-only integrator, field capture evidence, support runbooks.

3 - 6 months

Repeatable product

Plan/subscription state, tenant export, Key Vault, Azure Monitor, SDK polish, model cards, live billing when pulled.

6 - 18 months

Scale and moat

SOC 2 readiness, enterprise pilots, hybrid keystores, self-hosted licensing, government R&D, FCL/SBIR/advisory runway.

16 - Validation sprintConcrete proof beats broad partnership language.

What we want to validate with Microsoft or a strategic public-sector partner

A focused 30-day sprint can show whether BioTone belongs in the platform stack.

Pick use case

Entra step-up, PIM, Intune-bound access, agent approval, or Azure-hosted customer deployment.

Define contract

Assurance claim fields, freshness, policy result, audit event, and relying-party validation.

Run demo path

Policy trigger to BioTone verification to signed result to enforcement or audit decision.

Review risk

Privacy, biometric custody, tenant isolation, security controls, and support/recovery model.

Name next owner

Identify technical sponsor, success criteria, customer/pilot path, and integration lane.

17 - CandorWhat is real, and what still needs proof.

Responsible posture

We should win trust by being precise about maturity.

Already real

Auth broker and mobile verification demo path.
Tenant-scoped console and owner admin surfaces.
Developer API private beta for palm/periocular.
Disaggregated key proof and PII vault controls.
Azure-hosted platform and deployment-mode roadmap.

Still needs proof

Field biometric performance and model cards.
Hosted tenant onboarding as a tested workflow.
Owner audit, operational alerts, backup/restore, and support-safe views.
Customer-grade mobile pairing and recovery.
Government hardware sourcing, PIV/CAC, FCL, and accreditation.

18 - The askTurn strategic interest into a validation path.

For Microsoft, In-Q-Tel, and strategic partners

Help us pick the first place where fresh human assurance matters most.

Use case

Which workflow should BioTone validate first: privileged identity, device-bound access, agent approval, account recovery, sensitive data unlock, or controlled facility access?

Integration owner

Who should own the next technical conversation: identity, endpoint, security operations, AI/security copilot, Azure, public-sector innovation, or a joint sponsor?

Proof criteria

What evidence would make BioTone credible in 30-60 days: architecture review, live demo, privacy review, field data, tenant isolation, or customer-hosted deployment?

Closing thought

Identity should belong to the person, not the database.

BioTone is building the assurance layer that proves the right human is present for the decisions that actually matter.

Policy governed Tenant isolated Customer-hosted path Audit first

Prepared for May 2026 strategic meetings. Generalized for enterprise, Microsoft ecosystem, and public-sector audiences.