RESERVED IP — TRACK A ONLY.
Embodiment G — Prosody-Bound Authentication composes the FLE-PROSODY-2025-PCT-001 pipeline.
The prosody-to-confidence substrate is reserved exclusively for Track A platform-licensing or acquisition arrangements,
and is not licensable standalone in any Track B (single-product) or Track C (consulting) deal.
This demonstration uses simulated F0 features (PART grade per the SoafAii audit framework);
the production extraction follows the reserved-IP FLE-PROSODY pipeline and is not exposed in this artefact.
Sole inventor / applicant — Francois Flechter — BIS WLL — Kingdom of Bahrain.
Enroll a Counterparty
Capture a voice template for a counterparty. The template's prosody features (mean F0, F0 variability,
pitch range, voicing fraction, F0 contour slope) are extracted on-device and bound to the per-counterparty
cryptographic key in the unified KDF.
Read a short phrase aloud (~4 seconds). Suggested: "This is my enrolment statement for authenticated communication."
Extracted prosody features
Existing enrolments
Sign a Document
Issue an authenticated artefact bound to a specific counterparty and a specific voice utterance.
The unified KDF combines sender secret, recipient identifier, content hash, prosody features, and a session nonce.
Read the same enrolment phrase aloud. Sign-time prosody must match the enrolled template within tolerance.
Issued artefact
Artefact JSON
Verify an Artefact
Verification re-derives the prosody-bound key from the enrolled counterparty's stored template and the artefact's
metadata, then compares against the artefact's signature. Authentic → all inputs match. Forged or tampered → silent failure.
Verification result
Attack Defense Demonstrations
Three classes of attack on prosody-bound authentication. Each runs against a real enrolled counterparty
and a real issued artefact in the current session; the verification path is the same code path used in the Verify panel.
Each attack triggers silent failure — verification fails with no oracle indicating which input was tampered.
Issue at least one authentic artefact via the Sign panel first. The attack demonstrations operate on the most recent artefact.
Attack A — Content substitution
Attacker captures the authentic artefact in transit and substitutes different content while keeping the original signature.
The content hash in the verification recomputation will differ from the content hash baked into the signature, breaking the KDF agreement.
Attack B — Naïve forgery (no prosody)
Attacker has obtained the counterparty identifier and the sender's claimed identity, then attempts to forge an artefact
without holding a voice template matching the enrolled counterparty. The forged artefact's signature will not match
what the verifier recomputes with the genuine enrolled prosody template.
Attack C — Cross-counterparty substitution
Attacker captures an authentic artefact issued to counterparty A and replays it claiming it was issued to counterparty B
(whose enrolment record is also held by the verifier). The verifier will recompute against counterparty B's prosody template,
which differs from counterparty A's, breaking the KDF agreement.
About Embodiment G
What this demonstrates. Embodiment G extends the ARIA-AUT family unified KDF with a fifth input class —
speaker prosody features — providing voice-side authentication binding alongside the static-content authentication of
Embodiments A, B, C. Authentication binds not just to what the recipient says (content hash of utterance)
but to how the recipient said it (prosody features extracted via the reserved-IP FLE-PROSODY pipeline).
Real microphone input via WebRTC; no echo cancellation / noise suppression / AGC (raw audio for prosody)
F0 extraction
PART
Real-time autocorrelation pitch detection in-browser — works but is significantly less robust than the FLE-PROSODY pipeline's production-grade extraction (the reserved-IP material)
Prosody feature quantisation
PART
Coarse binning (5-feature 5-byte vector) suitable for demonstration; production fuzzy-extractor over a higher-dimensional feature space lives in the reserved pipeline
Counterparty registry
PART
In-browser localStorage; production registry is server-side per the deployment-topology document
Attack scenarios
REAL
All three attack scenarios run real verification against real artefacts; the silent-failure property is observable in the verdicts
Reservation-marker compliance
REAL
Track A carve-out language is the approved wording; the prosody-pipeline substrate is not exposed in this artefact
Composition with the rest of the ARIA suite
Embodiment G composes with: ARIA-AUT bilateral enrolment (same registry primitive); ARIA-AUT Embodiments A/B/C (multimodal authentication
when the document is also a static physical artefact); Sequence-as-Key modifier (temporal-sequence parameter in the KDF, not shown in this demo);
Binôme cooperative cross-verification modifier (multi-verifier consensus on verification); ARIA-ENC (transport-layer confidentiality for the artefact in transit);
ARIA-COD (apparatus firmware integrity for the verification device); ARIA-H (runtime monitoring — visible as the GREEN badge in the navigation, top-right).