End-to-end, in plain language.

Signals come from reaction timing, keystroke intervals, and optional gaze with calibration. Integrity checks cover focus, input duration, coarse entropy, and a one-time nonce echoed back. Privacy defaults to engineered features — raw series stays opt-in and encrypted.

We summarize reaction and keystroke statistics — central tendency, spread, tails, counts. Gaze variability is included when the user opts in; otherwise it is zeroed. The result is a stable 64-D feature vector with deterministic quantization for cross-session stability.

We compute a salted print from the quantized vector and a per-user salt, encrypt the underlying feature vector at rest, and record session metadata for reliability and abuse defense. Optional encrypted raw series exists only with explicit consent.

Fast path: recompute the salted print; an exact match accepts. Tolerant timing: decrypt the reference and compare to the live vector; a logistic confidence flags drift inside bounds. Learned similarity: a calibrated embedding maps distance to probability against a tuned threshold.

Encryption at rest for vectors and any opt-in raw series. Salted prints, per-request nonces, and rate limits sit between the front door and the matcher. Pseudonymized analysis packs and an admin-guarded model lifecycle keep research honest.

Session events carry confidence and reason codes for reliability and abuse defense. Aggregated counters track drift, throughput, and decision health. Operators can request curated evaluation views by browser, cohort, or mode without exposing private inputs.

Training pairs are built per user to optimize discrimination at the operating point we care about. Calibration maps distance to probability so policy can be expressed in human numbers. Hot-swap deploy means upload, reload, no downtime.

A deterministic, privacy-preserving salted print plus calibrated learned similarity gives a system that is fast on easy cases, tolerant on human variance, and explicit about uncertainty. That is the bar we ship against.