Behaviour Biometrics Intel (BETA)

Behavioral biometrics intelligence involves analyzing unique patterns of human behavior to identify users, detect anomalies, and prevent fraud. Unlike physical biometrics (fingerprints, facial recognition), behavioral biometrics focus on how a user interacts with a system rather than their physical traits.

Behaviour biometrics measures and analyzes patterns in user behavior, such as:

  • Typing rhythm (speed, pressure, and rhythm of typing)
  • Mouse movement (speed, trajectory, click patterns)
  • And touchscreen gestures (swipe speed, pinch-to-zoom behavior)

Keystroke Dynamics

Behavioural biometrics intelligence involves analyzing unique patterns of human interaction with a system — such as how users type or move their cursor — rather than what they type or where they click. It’s privacy-respecting, tamper-resistant, and ideal for fraud detection and session validation.

bl0ck captures detailed keyboard interaction data to construct a behavioural fingerprint — a unique, consistent identifier based on typing patterns.

What We Measure:

  • Typing speed & duration — How quickly users complete a form
  • Dwell & flight time — Key hold duration and transitions
  • Error ratio — Correction behavior like backspaces
  • Timing rhythm — Micro-movement patterns over time

This fingerprint is hashed and anonymized. No keystroke content is stored.

Session-Level Behavioural Matching

bl0ck does not track content, but it tracks how content is entered. For example:

  • How fast a user types a username
  • How frequently they backspace during input
  • The flow and delay between fields

These timing fingerprints are then checked for recurrence across sessions — allowing bl0ck to detect fraud, automation, or user mismatch with high precision.

How It Works: Deterministic Behavioural Fingerprinting

Most behavioural analytics platforms use machine learning to compare new input against a learned population model. In contrast, bl0ck does not use machine learning to evaluate typing behavior.

Instead, bl0ck follows a deterministic and pattern-based approach:

  1. Keystroke behaviour (speed, timing, and error rate) is measured during user interaction.
  2. These metrics are structured into a timing vector — a fixed-length numeric pattern.
  3. The vector is transformed into a hashed behavioural fingerprint.
  4. This fingerprint is compared directly (not statistically) against:
  5. Known trusted sessions
  6. Previously seen patterns
  7. Blacklisted or flagged fingerprints

This ensures that each fingerprint represents a "unique behavioural signature", making it an effective, explainable, and resilient tool for session validation and anomaly detection.

Privacy-Respecting by Design

  • Fingerprints are generated client-side from timing metrics
  • No content (e.g., passwords or keystrokes) is collected or transmitted
  • Fingerprints are hashed and validated using a secure code (scode)
  • Matching is stateless — no profiling or user tracking

Use Cases

Login form analysis

  • Unusual typing rhythm or speed: Detect stolen credentials

Bot interaction

  • Uniform timing without error correction: Block automation or scripted access

Fraudulent signups

  • Anomalous typing with high error ratio: Flag high-risk account creation

Session verification

  • Fingerprint match with trusted prior pattern: Enable seamless re-authentication

Passive MFA

  • Behaviour-based validation without user action: Strengthen multi-factor flows

System Flow (Fingerprint Architecture)

[User Keystrokes]
      ↓
[Timing Vector Generator]
      ↓
[Pattern Normalization & Hashing]
      ↓
[Fingerprint = 32-char deterministic ID]
      ↓
[Fingerprint Matching (against stored hashes)]
      ↓
[Risk score, threat tag or match decision]