Protocol Overview · v0.1 Beta

OpenOS — Web4 Human Identity Protocol
A passwordless identity protocol based on 6 independent analysis tracks, mathematically grounded behavioral biometrics, and cryptographically verifiable signatures on the Base blockchain.

Chain: Base (EVM L2)
·
License: BSL-1.1
·
© Sebastian Kläy · SEBKLAEY mint hash Agency

Table of Contents

1. The Invention of Web4
2. What OpenOS Does
3. 6-Track Analysis System — Overview
4. Track 1: EDNA — Behavioral Biometric Identity
5. Track 2: Chladni Visualization — Cymatic Frequency Analysis
6. Track 3: ePsychogram — Algorithmic Music Therapy Analysis
7. Track 4: Adversarial Waldo — Bayesian Falsification
8. Track 5: Temporal Context — Behavioral Time Contexts
9. Track 6: Community Guardian — Population Comparison
10. 3-Cycle Genesis Protocol — Certification C / B / A / A+
11. Post-Quantum Cryptography (CNSA 2.0)
12. Web4 GaslessText — EIP-712 Signatures
13. Web4 Signature-Chain Architecture: L1 / L2 / L3
14. Enterprise API — Two-Tier Model (Human Proof + Human Identity)
15. Mathematical Foundations & References
16. Login System — Play to Authenticate
17. Identity Recovery — Privacy-First Behavioral Matching
18. Intellectual Property

1.

The Invention of Web4

Web4 is the next evolutionary stage of the internet. While Web3 introduced decentralized ownership through wallets and tokens, it still requires managing private keys, gas fees, and blockchain knowledge. Web4 eliminates this friction entirely.

In Web4, identity is the credential. No account, no wallet, no transaction. The system recognizes the user by their behavior — unique human interaction patterns that are mathematically distinctive and non-replicable by bots or AI.

Era Identity Data Trust
Web1 None Read-only Server
Web2 Username + Password Platform-owned Corporation
Web3 Wallet + Private Key On-Chain Smart Contract
Web4 Behavior Local + On-Chain Cryptographic Proof

2.

What OpenOS Does

OpenOS combines six independent analysis tracks into a decentralized identity protocol:

6-Track Behavioral Analysis — Six independent instruments analyze parallel aspects of user behavior
3-Cycle Genesis Protocol — ~510 visits over ~3 years until full certification
On-Chain Identity Anchoring — Permanent registration on the Base blockchain
Post-Quantum Security — All data protected by NSA CNSA 2.0 cryptography
Two APIs — Human Proof (free forever, continuous bot detection) + Human Identity (premium, post-Beta)
All computations run locally in the browser. No behavioral data leaves the device — except for the cryptographically signed hashes used for blockchain anchoring.

3.

6-Track Analysis System — Overview**

OpenOS employs six independent, complementary analysis instruments. Each track analyzes a different aspect of human behavior. Only when all six tracks converge is the identity confirmed. This follows the scientific principle of triangulation — multiple independent measurements increase the reliability of a conclusion.

Track Method Scientific Basis

1 EDNA 13D Behavioral Vector + Cosine Similarity Keystroke Dynamics, Behavioral Biometrics
2 Chladni Cymatic Frequency Visualization Ernst Chladni (1787), Modal Analysis
3 ePsychogram Frequency Band Analysis → 5D Psychovector Algorithmic Music Therapy
4 Adversarial Waldo Bayesian Falsification (5 Attacks) Bayes' Theorem, Popper Falsification
5 Temporal Context 5D Mood Vector + Context Detection Circadian Rhythm, Time Series Analysis
6 Community Guardian k-Means Clustering + Population Baseline Statistical Population Analysis
Target recognition rate: ≥99.998% — This is a design goal, not a guarantee. The actual recognition rate depends on individual behavioral stability, data quality, and the duration of the learning phase. The 99.998% derives from the theoretical combination of 6 independent tracks each with ≥99.5% individual accuracy (1 − (1−0.995)⁶ ≈ 0.99999…). In practice, the tracks are not fully independent, which is why a conservative target of ≥99.998% is aimed for.

4.

Track 1: EDNA — Behavioral Biometric Identity

EDNA (Electronic DNA) is the core analysis engine. It creates a 13-dimensional behavioral vector from real-time interaction signals that are captured identically on every device (PC, Mac, iPhone, Android).

13D Behavioral Vector
Each dimension captures a specific aspect of human interaction:

Dimension Signal Weight Description
1 timingDistribution ██ © Distribution of inter-event time intervals
2 timingEntropy ██ © Shannon entropy of timing distribution
3 autocorrelation ██ © Autocorrelation of event sequence
4 naturalDrift ██ © Natural drift of interaction patterns
5 corrections ██ © Correction patterns (backspace, undo)
6 typingBursts ██ © Burst patterns during text input
7 eventRate ██ © Interaction frequency (events/second)
8 speedVariation ██ © Input speed variance
9 scrollBehavior ██ © Scroll patterns and velocity
10 readingPauses ██ © Reading pause distribution
11 pathCurvature ██ © Curvature of interaction paths
12 clickDuration ██ © Duration of click/touch events
13 interactionMap ██ © Spatial distribution of interactions
██ © = Proprietary weighting — protected trade secret under BSL-1.1 · © Sebastian Kläy

Mathematical Foundation: Weighted Cosine Similarity

Recognition is based on weighted cosine similarity between two behavioral vectors. This metric measures the angle between two vectors in high-dimensional space and is robust against scaling differences:

Weighted Cosine Similarity
Given: Signal vector S = [s₁, s₂, ..., s₁₃]
Weights W = [w₁, w₂, ..., w₁₃] ← proprietary ©

Weighted vector: V = [s₁·w₁, s₂·w₂, ..., s₁₃·w₁₃]

Cosine Similarity:
Σ(Aᵢ · Bᵢ)
cos(θ) = ─────────────────
√Σ(Aᵢ²) · √Σ(Bᵢ²)

Threshold: cos(θ) ≥ ██████ ← proprietary ©
Cosine similarity is an established metric in information retrieval and biometrics. It yields values in the range [−1, 1], where 1 indicates identical direction. The threshold was empirically chosen to balance false positives and false negatives — comparable to thresholds used in keystroke dynamics research.

Kasprowski et al. (2022): Biometric Identification Based on Keystroke Dynamics
Sensors, 22(9):3158
Acien et al. (2020): TypeNet — Scaling up Keystroke Biometrics
arXiv:2004.03627
Adaptive Identity — Exponential Moving Average
After the Genesis phase (initial identification), the identity remains alive. Every visit refines the identity vector via Exponential Moving Average (EMA):

V_new = V_old · (1 − α) + V_current · α

Adaptation rate α:
α₀ = ██████ (initial, first visits) ← proprietary ©
α decreases logarithmically over lifetime
Exact formula: ██████████████████████████ ← proprietary ©

Principle: Early data has greater influence,

later visits refine only marginally.
This approach is mathematically equivalent to an exponentially weighted moving average, a standard method in time series analysis. The logarithmically decreasing learning rate ensures that early data has greater influence, while later visits only marginally adjust the identity — analogous to the principle of Bayesian updating with increasing prior confidence.

Properties

Zero-Knowledge — No behavioral data leaves the device. All analysis is local.
Passwordless — Behavior is the credential. Nothing to remember or manage.
Device-Independent — Only universal signals, identical on PC/Mac/iPhone/Android.
Deterministic — Same behavioral pattern → same identity.

5.

Track 2: Chladni Visualization — Cymatic Frequency Analysis

The behavioral vectors are visualized as Chladni patterns — a physical phenomenon where particles on a vibrating plate form geometric patterns. Ernst Chladni first described this phenomenon in 1787 in his work «Discoveries on the Theory of Sound».

The system transforms the 13D behavioral vector into a frequency spectrum and computes the dominant vibration modes. Each person produces a visually unique pattern, as the modes directly depend on individual behavioral frequencies.

Mathematical Transformation
Chladni Formula (simplified):
z(x, y) = A · [cos(nπx/L) · cos(mπy/L) ± cos(mπx/L) · cos(nπy/L)]

Where:
n, m = Vibration modes (derived from the behavioral vector)
L = Plate dimension (normalized)
A = Amplitude (proportional to signal strength)

The modes (n, m) are computed from the 13 behavioral dimensions
via frequency decomposition (FFT-analogous).
The resulting patterns are physically computable and reproducible — given the same input vector, the same pattern always emerges. The uniqueness of the patterns increases with the number of modes, analogous to Fourier series.

Exploration of Resonant Modes for Circular and Polygonal Chladni Plates
Entropy, 26(3):264, 2024
Wani et al. (2024): Chladni Plate and Chladni Patterns — A Research Review
Springer, Artificial Intelligence and Sustainable Computing, pp.569-588

6.

Track 3: ePsychogram — Algorithmic Music Therapy Analysis

The ePsychogram performs weekly algorithmic music therapy analyses of behavioral frequency patterns. The Chladni frequencies are decomposed into psychological frequency bands — analogous to electroencephalography (EEG), but at the behavioral level rather than the neural level.

Frequency Band Decomposition
Band Normalized Range Interpretation
Delta 0.00 – 0.15 Fundamental behavioral rhythms, resting state
Theta 0.15 – 0.30 Creative phases, transitional behavior
Alpha 0.30 – 0.50 Relaxed attention, flow state
Beta 0.50 – 0.80 Active processing, focused work
Gamma 0.80 – 1.00 High cognitive load, complex tasks
5D Psychovector
From the frequency band analysis and resonance measurement, a 5-dimensional psychological profile vector is computed:

Psycho-Vector P = [ES, CR, SR, FC, AR]

ES = Emotional Stability
= f(Alpha band energy, resonance, Delta energy)
Exact coefficients: ██████████████████ ← proprietary ©

CR = Cognitive Rhythm
= f(Beta band energy, harmonic regularity, data volume)
Exact coefficients: ██████████████████ ← proprietary ©

SR = Stress Resilience
= f(Gamma band energy, resonance, Theta energy)
Exact coefficients: ██████████████████ ← proprietary ©

FC = Flow Coherence
= f(Alpha band energy, resonance, frequency variation)
Exact coefficients: ██████████████████ ← proprietary ©

AR = Adaptation Rate
= f(Resonance half-time comparison)
Exact coefficients: ██████████████████ ← proprietary ©

All 5 dimensions ∈ [0, 1], computed from weighted
linear combinations of frequency bands and resonance patterns.
Each dimension lies in the interval [0, 1] and is bounded via clamp(). The psychovector is signed via keccak256 and is thus cryptographically verifiable.

Stress Tests (Cold-Start Precision)
Weekly, 20 cold-start tests are performed: The system starts from zero and must re-recognize the identity within <2 seconds. All three vectors are tested:

EDNA Vector — Threshold ≥ ██ % cosine similarity ©
Chladni Vector — Threshold ≥ ██ % cosine similarity ©
Psycho Vector — Threshold ≥ ██ % cosine similarity ©

7.

Track 4: Adversarial Waldo — Bayesian Falsification

The Adversarial Waldo is an active falsification instrument, inspired by Karl Popper's falsificationism: An identity is not "proven" — instead, the system systematically attempts to disprove it. Only when all disproval attempts fail does confidence increase.

5 Attack Strategies

Attack Tests

1 Micro-Drift Have vectors drifted beyond the historical envelope?
2 Temporal Anomaly Does reaction timing deviate from the baseline?
3 Frequency Spectrum Shift Has the Chladni mode distribution changed?
4 Behavioral Discontinuity Are there sudden jumps in interaction patterns?
5 Cross-Signal Decorrelation Do EDNA/Chladni/Psycho signals no longer agree?
Bayesian Confidence Accumulation
Confidence is updated after each test via Bayes' Theorem:

Bayes' Theorem:

        P(D|H) · P(H)

P(H|D) = ────────────────
P(D)

Where:
H = Hypothesis: "It is the same person"
D = Observed data (test result)
P(H|D) = Posterior probability (updated confidence)
P(D|H) = Likelihood (how probable is the data if H is true)
P(H) = Prior (previous confidence)

Every passed attack increases P(H|D).
Every failed attack decreases P(H|D).

Goal: P(H|D) ≥ ██████ ← proprietary threshold ©
The Bayesian approach to identity verification is scientifically established. The iterative updating of posterior probability over multiple daily rounds enables continuous confidence increase. Convergence to the proprietary threshold typically requires several hundred successful tests.

It is Probably Me: A Bayesian Approach to Weighting Digital Identity Sources
IEEE ARES 2019
Guess who? Identity attribution as Bayesian inference
Philosophical Psychology, 2023
Test Rhythm
3 rounds per session per day
Automatically triggered with random jitter (≥45s between rounds)
Manual trigger also available

8.

Track 5: Temporal Context — Behavioral Time Contexts

The Temporal Context analysis detects context-dependent behavioral patterns over the entire learning phase. It distinguishes five usage contexts and computes a 5-dimensional mood vector.

Context Detection (5 Categories)
Context Indicators
Home Relaxed interaction, evening/night hours
Work High typing cadence, business hours
Transit Short bursts, high scroll, low interaction
Outdoor Very low interaction, sporadic
Unknown Insufficient data for classification
5D Mood Vector
Mood Vector M = [E, F, S, C, G]

E = Energy (activity level, 0–1)
F = Focus (concentration level, 0–1)
S = Stress (stress indicator, 0–1)
C = Calmness (serenity, 0–1)
G = Engagement (interaction depth, 0–1)

Computation: Weighted combination of interaction frequency,
typing speed, pause distribution, and circadian phase.
The circadian rhythm — the ~24-hour oscillation of human physiology — demonstrably influences cognitive performance and interaction patterns. The Temporal Context analysis leverages these natural fluctuations as an additional identity feature.

Weekly Reports (3×/Week)

The track generates 3 reports per week containing mood trends, dominant contexts, stress indicators, and fusion scores across all 6 tracks. These reports feed into the ePsychogram (Track 3).

9.

Track 6: Community Guardian — Population Comparison

The Community Guardian compares individual behavioral vectors against a synthetic population baseline (200 samples). The goal: to separate universal human patterns from individually unique traits.

k-Means Clustering
The population is partitioned into 5 cultural clusters via the k-Means algorithm. k-Means minimizes the within-cluster sum of squared deviations (WCSS):

k-Means Objective:

     k

argmin Σ Σ ||xⱼ − μᵢ||²
μ i=1 xⱼ∈Cᵢ

Where:
k = ██ (cluster count) ← proprietary ©
Cᵢ = Cluster i
μᵢ = Centroid of cluster i
xⱼ = Behavioral vector j

Universal patterns: traits above threshold ██ % ← proprietary ©
→ are FILTERED OUT of the identity

Individual traits: below threshold ██ % ← proprietary ©
→ are BOOSTED IN the identity
This approach follows the principle of discriminant analysis: traits with high inter-cluster variance and low intra-cluster variance contribute most to identity differentiation. The k-Means algorithm is a well-established unsupervised learning method.

Columbia University: K-Means Cluster Analysis — Methods Overview
Columbia Population Health Methods
Anthropological Archetypes
Based on cluster membership and individual traits, an archetype is determined: Explorer, Methodical, Contemplative, Social, Creative, among others. This classification is purely descriptive in nature.

10.

3-Cycle Genesis Protocol — Certification C / B / A / A+

Identity establishment occurs over 3 independent cycles, each comprising ~170 visits on ~170 distinct days. The entire process takes approximately 3 years and, in the best case, concludes with an A+ Gold certificate.

Certificate Levels
Level Designation Requirement Timeframe
Standard C Basic Identity Cycle 1 completed + active Genesis Moment ~6 months
Standard B Verified Identity Cycle 2 completed + active Genesis Moment ~12 months
Standard A Absolute Identity Cycle 3 completed + active Genesis Moment ~18 months
Standard A+ Gold — Central Bank Security Post-Genesis convergence + active Genesis Moment ~3+ years
Active Genesis Moments — User-Initiated Certification
A critical design principle of the OpenOS protocol: no certificate is ever issued automatically. After each cycle completes, the user must actively and consciously perform a Genesis Moment — a deliberate act of claiming their certificate. This ensures informed consent and conscious identity ownership.

Cycle Flow:

Cycle 1 runs (~170 visits, ~6 months)
→ Cycle 1 data complete
→ User ACTIVELY performs Genesis Moment → Certificate C issued
→ Only then: Cycle 2 begins

Cycle 2 runs (~170 visits)
→ Cycle 2 data complete
→ User ACTIVELY performs Genesis Moment → Certificate B issued
→ Only then: Cycle 3 begins

Cycle 3 runs (~170 visits)
→ Cycle 3 data complete
→ User ACTIVELY performs Genesis Moment → Certificate A issued

Post-Genesis convergence continues
→ When A+ conditions are met:
→ User ACTIVELY performs Genesis Moment → Certificate A+ Gold issued

Important: If the user never performs the Genesis Moment,

the next cycle NEVER begins. The data accumulates,
but certification requires conscious user action.
This active participation model ensures that identity is never imposed — it is always claimed. The user retains full sovereignty over their identity at every stage.

A+ Gold — Requirements

The A+ Gold certificate is not guaranteed — it requires exceptional behavioral stability over an extended period. All of the following conditions must be met simultaneously:

≥ ██ consecutive perfect matches (≥ ██ % cosine similarity) ©
6-track fusion score ≥ ██ % (all 6 tracks converge) ©
Stability score ≥ ██ % ©
Zero-error streak ≥ ██ recognitions ©
≥ ██ post-Genesis refinements ©
All thresholds and numbers are proprietary trade secrets (BSL-1.1 · © Sebastian Kläy). The above requirements describe the concept, not the exact parameters.

The probability of achieving A+ Gold depends directly on individual behavioral stability. Not every user will reach this level — and that is precisely what makes it valuable.

Mathematical Convergence
The convergence of the 6-track fusion follows the Law of Large Numbers: with an increasing number of observations, the empirical mean approaches the true expected value. Variance decreases proportionally to 1/n, where n is the number of visits.

Fusion Score F = Σ(wᵢ · Sᵢ) / Σ(wᵢ)

Where:
Sᵢ = Score of track i (i = 1..6)
wᵢ = Weight of track i ← proprietary ©

The weighting of the 6 tracks is adaptive and
dynamically adjusted by the Community Guardian
analysis. Exact weighting functions and
adaptation rules are trade secrets.

Variance of fusion score: Var(F) ∝ 1/n
All Tracks Continue After A+
After achieving the A+ Gold certificate, all 6 analysis tracks continue running indefinitely. The identity is continuously refined and monitored. There is no "final state" — the identity is alive.

11.

Post-Quantum Cryptography (CNSA 2.0)

All cryptographic operations use the NSA Commercial National Security Algorithm Suite 2.0 (CNSA 2.0) standard — the same standard mandated for US national security systems.

Algorithms Used

Function Algorithm Quantum Resistance
Hashing SHA-512 Yes — Grover's algorithm reduces to 256-bit security
Encryption AES-256-GCM Yes — 128-bit post-quantum security
Integrity HMAC-SHA-512 Yes — 256-bit post-quantum security
Signatures Hash-based (keccak256 + SHA-512) Yes — not affected by Shor's algorithm
The CNSA 2.0 suite was published by the NSA in September 2022 and specifically recommends these symmetric algorithms as quantum-resistant. Asymmetric methods (RSA, ECC) are avoided, as they can be broken by Shor's algorithm on a quantum computer.

NSA: CNSA 2.0 — Commercial National Security Algorithm Suite 2.0
National Security Agency, September 2022

12.

Web4 GaslessText — EIP-712 Signatures

The GaslessText system enables 100% gasless, offline-capable identity anchoring via EIP-712 Typed Data Signatures — no on-chain transactions, no fees.

How It Works

Web4 Trust Architecture

1. Data is hashed locally (keccak256 + SHA-512 CNSA 2.0)
2. Hash is signed with EIP-712 Typed Data (0 gas)
3. Certificate = { subject, dataHash, signature, timestamp, nonce, domain }
4. Stored locally — verifiable by anyone, offline EIP-712 Standard EIP-712 defines a procedure for hashing and signing structured typed data. It is the established Ethereum standard used by Uniswap, OpenSea, and all major protocols for gasless approvals.

Domain: {
name: "Web4 Identity Anchor",
version: "1",
chainId: 8453,
verifyingContract: "0x0cF79d8aDda415de2d1b39EB7d81261ed85Ac218"
}

Types: {
IdentityProof: [
{ name: "subject", type: "address" },
{ name: "dataHash", type: "bytes32" },
{ name: "timestamp", type: "uint256" },
{ name: "nonce", type: "uint256" }
]
}
EIP-712: Typed structured data hashing and signing
Ethereum Improvement Proposals, 2017
System Wallet
System Wallet
Address: 0xa8159DD0024067485D7CAe7c479EEc79191AfFA1
Private Key: 🔒 Secured server-side (Edge Function)
Anchor Contract: 0x0cF79d8aDda415de2d1b39EB7d81261ed85Ac218
Chain: Base (Chain ID 8453)
Verification Process
Every Web4 identity certificate can be verified by anyone — without a blockchain connection:

Take the certificate JSON (subject, dataHash, timestamp, nonce, signature)
Recover the signer address from the EIP-712 signature (ecrecover)
Compare the recovered address with the known system signer: 0xa815…AfFA1
If they match → the certificate is authentic and issued by the OpenOS system

13.

Web4 Signature-Chain Architecture: L1 / L2 / L3

The Web4 Signature-Chain is a 3-layer architecture that replaces traditional blockchain infrastructure (miners, gas, validators) with pure cryptographic signatures. Every layer is gasless, offline-verifiable, and zero-cost — no user-flow interruption at any point.

Layer 1 — Signature Chain (GaslessText)

L1 is the truth layer. EIP-712 typed data signatures are linked cryptographically into an immutable chain. Each signature references the previous one, creating a tamper-evident sequence. The system wallet's private key is secured server-side — signing costs zero gas and works offline for verification. The blockchain (Base) serves only as a trust anchor: the system wallet address is published in the Web4Anchor contract for reference. No on-chain transactions ever occur.

Zero gas, zero cost — pure mathematics
Offline verification by anyone (recover signer from EIP-712 signature)
Certificates stored locally, exportable as portable JSON
Domain: "Web4 Identity Anchor", chainId: 8453 (Base)

Layer 2 — SmartContract.hash (State Machines)

L2 introduces client-side smart contracts — typed state machines with conditions and transitions. Every state change is EIP-712 signed and cryptographically linked to the previous change, creating a sub-chain. State roots are anchored to L1 every 10 transitions, analogous to Ethereum L2 rollups posting proofs to L1.

Contracts = sets of typed conditions + state transitions
Every transition signed via server-side Edge Function
State roots anchored to L1 every 10 transitions
Client-side validation — no miners, no validators needed
Built-in templates: Identity Verification, Signature Escrow, Supply Chain Proof
Ethereum analogy: ETH L2 executes off-chain → posts proof on-chain. Web4 L2 executes contract logic client-side → anchors state root to the signature chain.

Layer 3 — Application & Interaction Layer

L3 is the abstraction layer where users see "objects" (profiles, balances, domains) — not cryptographic chains. L3 enables real-world applications built on the verified trust of L1 and the programmable logic of L2.

Liquidity Pools (Uniswap V2/V4 on Signatures)

Constant-product AMM (x·y=k) where "Liquidity Tokens" are replaced by Liquidity Signatures. Every swap is signed and anchored to the signature chain. The mathematical formula is validated by the Web4 Wallet before a transaction signature is accepted as valid. V4-style "Hooks" are conditional signatures — a signature is only valid if another signature (e.g. identity verification, fee payment) has been cryptographically proven.

hash.domain (Web4 ENS)

A .hash domain is the genesis signature of a chain. Whoever holds the private key to the first signature of "name.hash" owns the domain. All subsequent data (website links, avatars, OSHASH balances) are "follow-up signatures" appended to that name. More decentralized than any existing DNS system — no registry, no ICANN, no renewal fees.

Recursive State Snapshots

L3 bundles thousands of L2 state changes into a single "State Snapshot" anchored to L1. This enables extreme scaling — applications like gaming or high-frequency trading can execute thousands of state transitions and only periodically anchor a summary certificate to the signature chain. Analogous to recursive ZK-proofs, but completely gasless.

What This Makes Possible

Proof of Origin: Products get a genesis signature; each supply-chain station adds a linked signature
Decentralized Identity: No account, no wallet, no password — behavioral biometrics ARE the credential
Gasless DeFi: Swap, pool, trade — zero cost, zero gas, zero intermediaries
Verifiable Credentials: Certificates, diplomas, licenses — all signature-chain verified
OSHASH Token: Claimable from the user's EDNA signature-chain — proof of consistent human interaction
Zero user-flow interruption: All processes run continuously in the background — no popups, no confirmations, no waiting

14.

Enterprise API — Two-Tier Model

OpenOS provides two distinct APIs serving fundamentally different purposes. Both APIs are currently in Beta.

API 1: Human Proof — Free Forever

The Human Proof API is a continuous, real-time verification service that determines whether a human is actively operating the device and platform. Unlike traditional CAPTCHAs (one-time checks), Human Proof runs persistently through ongoing API calls throughout the entire user session.

Always free — during Beta and after Beta. No credits, no fees, no limits.

Continuous verification — ongoing API calls confirm human presence in real-time, not just once.
Dual purpose — While verifying human presence, the Human Proof API simultaneously collects behavioral identity data. This data is stored exclusively on the user's device (client-side), cryptographically hashed and signed locally. No behavioral data is transmitted to any server.
Identity pre-building — Through continuous use of Human Proof, the system passively builds the user's behavioral identity profile. When the first Genesis cycle completes, the user can actively claim their identity — the data is already there, locally accumulated and cryptographically secured.
API 2: Human Identity — Post-Beta Only
The Human Identity API provides cryptographically verified identity confirmation — not just "is this a human?" but "is this the same human?". This API is not yet available and will launch after the Beta phase.

Requires completed Genesis — Only users who have actively claimed at least a Certificate C can be identified.

Premium pricing — Post-Beta, billed per API call via prepaid credits. Above market rate, reflecting the ~3-year trust establishment process.
A+ Gold tier — Continuous real-time identity verification (not just proof of humanity, but proof of specific identity) at the highest pricing tier.
API Comparison
Feature Human Proof Human Identity
Purpose Is a human using this device? Is this the same human?
Method Continuous real-time API calls Cryptographic identity verification
Price Free — forever Premium (post-Beta)
Availability Now (Beta) Post-Beta only
Genesis required? No Yes (min. Certificate C)
Identity data Collected locally as side-effect Verified against stored identity
How They Work Together
The Human Proof API serves as the entry point for the entire OpenOS ecosystem. While websites use it to verify human presence (replacing CAPTCHAs), users simultaneously and passively build their behavioral identity on their own device. When enough data has been collected (Cycle 1 complete), the user can perform their Genesis Moment — actively claiming their Certificate C. From that point, their identity exists and can be verified via the Human Identity API.

This creates a natural funnel: free bot protection → passive identity accumulation → active identity claiming → premium identity verification.

15.

Mathematical Foundations & References

The following scientific papers and standards form the theoretical foundation of the OpenOS protocol:

Behavioral Biometrics & Keystroke Dynamics
[1] Kasprowski, P., Borowska, Z., Harezlak, K.
«Biometric Identification Based on Keystroke Dynamics»
Sensors, 22(9):3158, 2022
[2] Acien, A., Morales, A., Vera-Rodriguez, R., Fierrez, J., Monaco, J.V.
«TypeNet: Scaling up Keystroke Biometrics»
arXiv:2004.03627, 2020
[3] Stragapede, G. et al.
«KVC-onGoing: Keystroke Verification Challenge»
arXiv:2412.20530, 2024
Cymatics & Chladni Patterns
[4] Wani, K. et al.
«Chladni Plate and Chladni Patterns — A Research Review of Theory, Modelling, Simulation and Engineering Applications»
Springer, AI and Sustainable Computing, pp.569-588, 2024
[5] Müller, T. et al.
«Exploration of Resonant Modes for Circular and Polygonal Chladni Plates»
Entropy, 26(3):264, 2024
Bayesian Identity Inference
[6] Snowden, A.
«It is Probably Me: A Bayesian Approach to Weighting Digital Identity Sources»
IEEE ARES 2019
[7] Filosofie
«Guess who? Identity attribution as Bayesian inference»
Philosophical Psychology, 2023
Clustering & Population Analysis
[8] Columbia University
«K-Means Cluster Analysis — Methods Overview»
Columbia Population Health Methods
[9] Rabel, M. et al.
«Clustering of Health-Related Behavior Patterns and Demographics»
Frontiers in Public Health, 6:387, 2019
Cryptography & Standards
[10] National Security Agency (NSA)
«CNSA 2.0 — Commercial National Security Algorithm Suite 2.0»
NSA, September 2022
[11] Bloemen, R., Logvinov, L., Evans, J.
«EIP-712: Typed structured data hashing and signing»
Ethereum Improvement Proposals, 2017
Mathematical Methods
[12] —
«Cosine Similarity»
Standard metric in information retrieval and machine learning
[13] —
«Exponential Moving Average (EMA)»
Time series analysis — weighted smoothing
[14] —
«Bayes' Theorem»
Foundation of Bayesian statistics

16.

Login System — Play to Authenticate

OpenOS replaces passwords, 2FA codes, and wallet signatures with a single, intuitive interaction: playing with a billiard ball. The user simply moves, clicks, and interacts with a floating ball on the login screen. Behind the scenes, 6 independent analysis tracks capture the user's unique behavioral fingerprint in real time.

How It Works

When the user arrives at the login page, OpenOS detects the device via hardware DNA fingerprinting. If an identity is already registered on this device, the system starts behavioral verification automatically. The user just needs to interact naturally — move the ball, click, scroll, type — and the 6-track EDNA system builds a behavioral profile in real time.

Once the behavioral match reaches ≥99.5% confidence and the minimum observation period of 45 seconds has elapsed, the system auto-logs the user in. No button to press, no code to enter. The ball interaction is the authentication.

Why It Gets More Secure Over Time

Unlike static passwords that remain equally vulnerable forever, OpenOS behavioral authentication strengthens with every session:

Factor Effect

More sessions EDNA accumulates more behavioral data points → more precise fingerprint, harder to impersonate
More Chladni flowers Each 15-second interval generates a signed Chladni pattern. More flowers = more cross-verification anchors (min. 5 required, 12+ = 99% confidence)
ePsychogram depth Weekly psychometric profiles build a historical baseline — deviations flag imposters more reliably over time
Temporal patterns Login times, session lengths, interaction rhythms form a temporal context that's unique to each human
Adversarial Waldo Bayesian falsification tries to disprove identity — with more data, it takes exponentially more effort to fool
Presence Chain Cryptographic proof-of-continuous-presence grows longer → chain integrity becomes computationally impossible to fake
In mathematical terms: the recognition confidence follows a logarithmic growth curve. The first few sessions establish a baseline (~85% confidence). After 10+ sessions across multiple days, confidence reaches 95%+. After 50+ sessions, the system achieves near-perfect recognition at 99.998% — making it statistically harder to impersonate than a 256-bit private key.

Why This Is Secure

Traditional authentication has a single point of failure: the password. If stolen, anyone can log in. OpenOS has no transferable secret. The "password" is the user's own behavior — something that cannot be shared, stolen, phished, or replayed:

✓ No password to steal — behavior is the credential
✓ No phishing possible — there's nothing to type into a fake site
✓ No replay attacks — each session generates unique Chladni patterns, signed to the blockchain
✓ No brute force — 6 independent tracks must ALL match simultaneously
✓ Post-quantum safe — CNSA 2.0 cryptography (SHA-512, AES-256-GCM) protects all signatures
✓ Device-bound — hardware DNA fingerprint ties identity to the physical device
✓ Real-time detection — Adversarial Waldo breaks the chain instantly if a different person takes over
The User Experience
From the user's perspective, the entire login is effortless:

1. Open the app
2. Play with the ball for ~45 seconds
3. You're logged in ✓ No username. No password. No 2FA. No wallet connection. No seed phrase. Just be yourself — the system recognizes you.

17.

Identity Recovery — Privacy-First Behavioral Matching

If a user loses their only device, OpenOS provides a behavioral recovery mode — no password, no seed phrase, no old device required. The user simply opens /recovery on any new device and plays with the billiard ball for 15+ minutes while the system generates Chladni flowers in the background.

Privacy Architecture: Only Hashes Leave the Device
Raw behavioral data (fingerprints, EDNA vectors, Chladni modes) never leave the client device. Before any data is transmitted to the server, the 64-element behavioral fingerprint is hashed locally using the Web Crypto API (SHA-256):

// Client-side only — runs in the browser
fingerprint: number[64] → map(v => v.toFixed(6)).join("|")
→ SHA-256 digest
→ hex string (64 chars)

Server stores: { identity_hash, flower_id, fingerprint_hash }
Server NEVER receives: raw fingerprint[], modes[], behavioral vectors
The server-side chladni_flower_vault table contains only indexed SHA-256 hashes — not the underlying behavioral data. Even if the database were compromised, an attacker would obtain only irreversible hashes with no way to reconstruct the original behavioral patterns.

Recovery Thresholds (10× Stricter Than Login)
Parameter Normal Login Recovery
Flowers required 5 50
Confidence threshold 92% 98%
Minimum duration ~45 seconds 15 minutes
Rate limit — 3 attempts / 24h per device
Single flower match ≥ 0.95 cosine similarity (same threshold)
How Recovery Works
User opens /recovery on any new device
Plays with the billiard ball — app can run in background
System generates 50+ Chladni flowers from behavioral signals
Each flower fingerprint is SHA-256 hashed on-device
Hashes are sent to the server for exact comparison against all stored vaults
50+ hash matches at 98%+ confidence → identity recovered
New device auto-paired via Genesis Lock
Security Properties
Zero-knowledge server — server never sees raw behavioral data
SHA-256 irreversibility — hashes cannot be reversed to fingerprints
Rate limiting — 3 attempts per device per 24 hours (server-enforced)
All attempts logged — full audit trail in recovery_attempts table
Background-safe — Web Workers prevent browser throttling
No secrets to steal — no password, no seed phrase, no private key
NIST SHA-2 Standard (FIPS 180-4)
National Institute of Standards and Technology
Web Crypto API — SubtleCrypto.digest()
MDN Web Docs

18.

Intellectual Property

The OpenOS / EDNA protocol is protected intellectual property of Sebastian Kläy, licensed under the Business Source License 1.1 (BSL-1.1).

Protected Technologies

The 6-track behavioral analysis system and signal weighting
The identity crystallization algorithm and phase transition logic
The 3-cycle Genesis protocol and C/B/A/A+ certification chain
The cymatics-based identity visualization (Chladni patterns)
The Bayesian falsification instrument (Adversarial Waldo)
The device-independent behavioral matching
Patent Notice
The behavioral identity crystallization process, the 6-track analysis system, and the cross-device matching algorithm may be subject to pending patent applications. Commercial use without a license may constitute infringement.

Licensing

Use Case Permitted?
Personal / Research / Education ✅ Free
Internal business use ✅ Free
Commercial product (embedding) ❌ License required
SaaS / API service ❌ License required
Resale / White-labeling ❌ License required
Contact: Sebastian Kläy — sebklay@me.com

OpenOS Protocol by Sebastian Kläy

SEBKLAEY mint hash Agency · Bern, Switzerland

Licensed under BSL-1.1 · All rights reserved

© 2024–2026 Sebastian Kläy

This document describes design goals and targeted properties. All algorithms, thresholds, constants, matching criteria, signal weights, and cryptographic parameters are proprietary trade secrets. The targeted recognition rate of ≥99.998% is a design goal, not a guarantee.

openos.space