Architecture

End-to-end, in plain language.

GrayPass verifies identity from how users interact, not from what they remember. Reaction timing, keystroke cadence, and optional gaze become a salted print that is fast to compare and hard to replay.

I.

Client runtime

Signals come from reaction timing, keystroke intervals, and optional gaze with calibration. Integrity checks cover focus, input duration, coarse entropy, and a one-time nonce echoed back. Privacy defaults to engineered features — raw series stays opt-in and encrypted.

evtevtevtevtevt
II.

Feature engineering

We summarize reaction and keystroke statistics — central tendency, spread, tails, counts. Gaze variability is included when the user opts in; otherwise it is zeroed. The result is a stable 64-D feature vector with deterministic quantization for cross-session stability.

→ 64-D
III.

Enrollment

We compute a salted print from the quantized vector and a per-user salt, encrypt the underlying feature vector at rest, and record session metadata for reliability and abuse defense. Optional encrypted raw series exists only with explicit consent.

rawsaltprojectstore
IV.

Authentication

Fast path: recompute the salted print; an exact match accepts. Tolerant timing: decrypt the reference and compare to the live vector; a logistic confidence flags drift inside bounds. Learned similarity: a calibrated embedding maps distance to probability against a tuned threshold.

Fast

Exact print match

Tolerant

Logistic drift band

Learned

Calibrated probability

V.

Security and privacy

Encryption at rest for vectors and any opt-in raw series. Salted prints, per-request nonces, and rate limits sit between the front door and the matcher. Pseudonymized analysis packs and an admin-guarded model lifecycle keep research honest.

at restin transitpolicy
VI.

Telemetry

Session events carry confidence and reason codes for reliability and abuse defense. Aggregated counters track drift, throughput, and decision health. Operators can request curated evaluation views by browser, cohort, or mode without exposing private inputs.

matchretrydeny:pace
VII.

Model operations

Training pairs are built per user to optimize discrimination at the operating point we care about. Calibration maps distance to probability so policy can be expressed in human numbers. Hot-swap deploy means upload, reload, no downtime.

model_a
model_b
VIII.

Why it works

A deterministic, privacy-preserving salted print plus calibrated learned similarity gives a system that is fast on easy cases, tolerant on human variance, and explicit about uncertainty. That is the bar we ship against.

If you want this wired into your stack, we'll set time aside.

Talk to engineering