End-to-End Architecture

• Signals: Reaction Time (RT), Keystroke Intervals (KS), optional gaze with calibration & blink-to-click.
• Integrity: focus checks, input duration, coarse entropy; one-time nonce must be echoed.
• Privacy: defaults to engineered features; opt-in encrypted raw series for training.

• RT & KS: mean, std, median, p10, p90, count (each)
• Gaze: sdX, sdY, meanVel (zeros if disabled)
• Quantization: deterministic rounding for stability across sessions

• Compute salted brainprint (one-way hash) from the quantized vector + per-user salt.
• Encrypt the unsalted 15-D vector at rest.
• Record telemetry (session, device, screen, language, focus, duration, SDK, baseline confidence).
• Optionally store encrypted raw series (consent) for model improvement.

1. Fast Hash: recompute salted hash; exact match → accept.
2. Fuzzy Timing: decrypt enrolment vector; mean absolute ms-difference; logistic confidence; pass if under tolerance.
3. Embedding Similarity: 15-D → 64-D L2 embedding; cosine similarity → distance → isotonic regression → calibrated probability.

Decision: accept on hash; else require fuzzy pass and probability ≥ threshold (tuned for FAR/FRR & EER).

• Encryption at rest for vectors & (opt-in) raw series.
• Salted one-way brainprints; per-request nonces & rate limits.
• Admin-guarded model lifecycle & exports; pseudonymized analysis packs.

• Events: session-level info incl. confidence for reliability & abuse defense.
• Metrics: counters for aggregates & drift.

• Build pairs by user; train contrastive on cosine distance for the 64-D embedding.
• Fit isotonic regression distance→probability; evaluate with DET/EER; retune thresholds.
• Hot-swap deploy (upload + reload) without downtime.

Combining a deterministic, privacy-preserving salted brainprint with a calibrated learned embedding yields fast, tolerant, and discriminative authentication — while keeping users in control of their data.