Identity-Bound Biometrics (IBB)

Built Around You

Identity-Bound Biometrics is a category of biometrics that puts the only constant in cybersecurity — people — at the center of its architecture. Used for authentication and identification, IBB centrally stores biometric data in a non-reversible way, to create a unique biometric identity that’s used to verify the person taking action.

Why Identity-Bound Biometrics?

Security Integrity

Establishes trust and accountability rooted in a person's biometric identity so organizations can be assured of genuine presence and audit with full transparency.

Explore how IBB eliminates the risks of traditional authentication

Flexibility & Ease of Use

Greater deployment versatility and scalability across use cases enables enterprises to provide a consistent and seamless user experience. ​One-time enrollment quickly sets up access across multiple devices and locations.

Cost & Efficiency

Reduces overall costs by streamlining IT department resources and eliminating operational redundancies yielded by traditional authentication systems. ​Easily integrated with systems, applications, and infrastructure, inherent cloud-readiness, and straightforward pricing makes it easy to achieve measurable ROI in 90 days or less.

Eliminate the Risks of Traditional Authentication

Decreased susceptibility to attacks, as IBB methods cannot be forgotten, shared, exchanged, stolen or forged.​

Enterprise-controlled enrollment prevents account handovers and ensures only approved individuals can use account privileges.

Eliminates concern around having a single point of failure by removing physical devices as potential vulnerabilities (as present with local or device-native biometrics).

Use Cases for Identity-Bound Biometrics

Shared Workstations

Many employees and third-parties carry out their daily operations across multiple locations and through shared workstations. You can quickly implement IBB with station-based fingerprint scanners and a one-time enrollment for users. This eliminates the need for users to carry around individual tokens or phones to verify their identity and have a consistent user experience everywhere they need access.

Mobile Devices Not Feasible Option

Using mobile devices for authentication can require phone stipends, be unfeasible if users refuse to use their personal devices or don't have one, and in some environments – such as call centers, financial institutions, and manufacturing floors – not be permitted or safe. IBB provides authentication methods that are simple, secure, and do not require mobile devices.

Remote Access

Since COVID, there's been a 114% increase in remote work, and nearly 25% of those issued a work device reported using it for non-work purposes, making it hard for IT departments to protect against breaches and determine legitimate users. ​IBB verifies the person, whether on-premises or remote, so you can have confidence that only authorized people are gaining access to systems and data.


While traditional IAM plays a vital role in every enterprise, it often leaves behind a critical group of stakeholders: the customers. Large-scale deployments like online banking are expensive and require unique considerations, and a poor authentication experience can directly impact your organization's revenue. IBB offers customers a secure and seamless experience. ​


Passwordless is the goal for most organizations as they look to deprecate passwords and their risks. Yet many organizations are moving to passwordless authentication that simply relies on something the user has, only verifying their device or a token. IBB removes the friction and major pain points of passwords and replaces them with methods that verify "who you are."​

Zero-Trust Environments

The Zero Trust approach trusts no one and treats every person and every device as a potential threat. Implementing multi-factor authentication (MFA) is one of the core steps to implementing Zero Trust – and there is no stronger method than IBB to verify a user's identity and establish trust with the person completing the action.​

Our team at Orange Bank is partnering with BIO-key to provide our financial institution with a cloud IDaaS solution that delivers advanced biometric authentication. BIO-key provides both biometric authentication and a proven suite of IAM solutions that provide security flexibility and value over approaches offered by other vendors.

Orange Bank and Trust Company

Key Features of IBB

One-time Enrollment

One-time enrollment required to setup access across multiple devices and locations.


Quickly and efficiently scale to meet the needs of a user base of a few hundred to millions.

Enterprise-Controlled Enrollment

Prevent account handovers and ensure only approved individuals can use account privileges.​

Supported Authentication Methods

Hardware and software methods are available, including the only MFA app with IBB, BIO-key MobileAuth.

Low Total Cost of Ownership

Easy implementation and minimal maintenance offer low TCO for large-scale deployments.


Inherent cloud-readiness allows for deployment via public or private cloud.​

Patented Technology

Patented technology & algorithm ensure the utmost privacy and integrity.​

Audit Log

Comprehensive records of all logins, record updates and tracking of users’ system and application information.​

Admin Tools & Development

Flexible services, administrative tools and connecting APIs, together with an SDK to help you integrate advanced authentication.

Your Privacy is Paramount

The IBB architecture is designed to ensure privacy and integrity.​

Biometric data privacy is ensured through irreversible, cryptographic hashing and salting to render the information inaccessible and unusable for potential bad actors.

Built-in liveness detection provides strong Presentation Attack Detection (PAD) by imposters trying to use scanned pictures or fakes.

Patented technology & world-class algorithm gives only approved users access to protected information.

William Elks, IT Manager, YYK Enterprises:

"Based on our search for an enterprise IAM solution that provided secure passwordless authentication and met US Government compliance requirements, we can validate the significant value provided by the PortalGuard IAM platform and biometric capabilities over other vendor solutions."

Supported Authentication Methods

BIO-key MobileAuth

BIO-key MobileAuth™ provides the flexibility for employees, customers, and suppliers to choose from multiple, easy-to-use authentication options while bringing the power of IBB to any mobile device.

Learn more about BIO-key MobileAuth

High quality. Compact. Affordable.

BIO-key offers a variety of Microsoft-qualified Windows Hello USB scanners that can be used out of the box with Windows Hello and Windows Hello for Business, or for use with our Identity and Access Management (IAM) solutions, as one of many supported brands of scanners.

SideSwipe SidePass PIV-Pro SideTouch EcoID II Pocket10 MobilePOS

Identity-Bound Biometrics: Solutions


PortalGuard® is a single, unified IAM platform that provides flexible single sign-on and authentication options to meet your security goals and deliver an optimized user experience. SaaS, on-premises, and private cloud options make PortalGuard easy to deploy and supports nearly every cloud authentication federation standard, all major directories, and a wide variety of authentication methods.

Learn more about PortalGuard


A comprehensive multi-tenant enterprise Identity-Bound Biometric management platform built around one of the world’s most accurate and scalable biometric engines. It has achieved the highest independently tested and verified NIST benchmarks for fingerprint identification speed and accuracy.​

Learn more about WEB-key


Are you interested in integrating IBB into your own application? Please ask us about our VST Software Development Kit (SDK).

Learn more about VST SDK

Find out what BIO-key can do for your business.