HumanCode Whitepaper

1 Decentralized Identifier (DID) for Humans

1.1 Overview

Artificial intelligence technology has advanced rapidly, giving rise to a multitude of robots whose intelligence surpasses the Turing Test. These robots have inflicted considerable harm upon internet users, with deepfake technology, in particular, causing widespread deception.

Consequently, there is an urgent need for Proof-of-Personhood technology. After comparing various biometrics such as fingerprints, facial, and iris recognition, we firmly believe that palm prints offer the most superior solution to Proof of Personhood:

• Privacy: Palm biometrics are pseudonymous and not tied to physical identity or available online.

• Accuracy: Palm contains more features than face. The combination of both palms allows the unique identification of any human in the world.

• Security: Palm is difficult to fake as the source images are hard to find online. Combined with the liveness test it is near impossible to spoof.

• Scalability: Palm can be scanned by cameras on any smartphone. No specialized hardware.

• Inclusiveness: No bias to skin colors, a common issue with facial recognition.

Working on mobile phones, HumanCode can be easily accessed by everyone. HumanCode builds a human only identity system with two key capabilities:

1. proof of personhood – proving that an entity attempting registration is both human and unique;

2. proof of ownership – verifying that a registered entity attempting a transaction is the true owner of the account. The second part is equally important. It has already happened that some people paid others to register Worldcoin accounts using their own iris biometrics. The buyers would become the “owner” of multiple accounts and do transactions as others. The use of biometrics verification at transactional time can fix this loophole.

HumanCode is a decentralized identifier (DID) system of unique humans. Each account is a verified person and each person can possess only one account. HumanCode’s DID system is self-sovereign and pseudonymous.

1. self-sovereign – the identity is completely owned and controlled by the owner. Enrollment is voluntary and the account can be permanently deleted at the owner’s will.

2. pseudonymous – Unlike face or fingerprint, palm prints are pseudonymous and not tied to any identities issued by a central authority. HumanCode will never collect or store any personal information about the user.

Utilizing the unique and persistent nature of palm prints, HumanCode identity is privacy-respectful yet traceable and non-transferable. These properties can be leveraged to establish provenance and reputation, and thereby enable ambitious applications in the decentralized world including uncollateralized lending, sybil-resistant token distribution as well as governance and voting.

1.2 How It Works

HumanCode utilizes mobile cameras as the only hardware requirement, offering a scalable solution for Proof-of-Personhood. The HumanCode software can run locally through the browser from any mobile camera. The palm scan is processed locally on the user's device, encrypted, and then transferred to the HumanCode server to be matched for uniqueness. Once a palm is verified, a liveness check requires the user to connect two fingertips or joint points (for example, touch a specific joint point of the ring finger with the tip of the thumb) on the hand. These points are randomly selected to further secure the Proof-of-Personhood from spoofing:

• Palm print identification for uniqueness

• Hand gesture test for liveness

Compared to fingerprint, face and iris, palm is a relatively new branch of biometric research. Note that palm offers two types of biometric trait: palm prints on the surface of the skin, and the subdermal palm veins. Previous work focuses on identifying palm vein patterns that requires specialized infrared cameras to scan. To build a decentralized identity network at the global scale, HumanCode has made a number of key technical breakthroughs:

• Accuracy: We developed an extremely accurate palm print recognition algorithm. Using a single palm print scan, HumanCode is 10 times more accurate than FaceID for matching. By combining both palms, we can uniquely identify any human in the world.

• Security: We created an effective and user-friendly liveness detection solution. Using random hand gesture tests, we can detect fake biometric scans, including video replays.

• Scalability: We developed the first proof-of-personhood solution that runs on any smartphone and can be easily integrated into other frameworks. This software-only solution dramatically reduces the time and cost of a global deployment.

• Privacy: Privacy is critical to any identity system. Our algorithm processes biometric data locally on the personal smartphone. Local operations include converting biometric scans into irreversible signatures as well as verifying/matching biometric signatures. We also plan to adopt other techniques such as homomorphic encryption and Zero-Knowledge-Proofs (ZKP) to further strengthen data security and privacy.

1.3 HumanCode Platform

HumanCode is an evolving platform. The current version of HumanCode consists of three components:

1.3.1 HumanCode ID

HumanCode ID has two aspects:

1. Literal: HumanCode ID is a unique identifier assigned to each human user.

2. Conceptual: HumanCode ID is a biometric-based identity network that provides Proof of Personhood to new users at the time of enrollment and Proof of Ownership to enrolled users afterwards.

HumanCode ID is privacy-respectful. Palm biometrics are "unofficial," unlike faces or fingerprints that are linked to passports or law enforcement records, making it difficult to trace the physical identity of a user. Additionally, HumanCode utilizes local processing and adopts advanced privacy-preserving techniques to ensure data security and privacy.

1.3.2 HumanCode App

The HumanCode App is the frontend of HumanCode. Currently, the HumanCode App implements the workflows for user enrollment and verification and serves as a sample project for external developers to learn how to access HumanCode ID via the HumanCode API. In the future, the app is expected to expand to provide wallet and airdrop capabilities and beyond.

1.3.3 HumanCode API

The HumanCode API is the interface for accessing HumanCode ID. Through the API, external applications can query HumanCode ID for services related to Proof of Personhood or Proof of Ownership. The HumanCode API can enable various applications, ranging from Sybil-resistant airdrops to decentralized credit systems.

2 Proof of Personhood

Today, confirming someone's identity online is a significant challenge, especially with the rise of artificial intelligence. This challenge is often referred to as "Proof of Personhood" (PoP), which essentially involves two main tasks:

1. Distinguishing between humans and bots.

2. Telling one human apart from another.

Successfully addressing these challenges is crucial for preventing identity theft and can also enhance the security of technologies like Soulbound Tokens (SBTs).

2.1 Existing Solutions for PoP

Several methods have been devised to tackle the issue of identity verification online, each with its unique approach and associated advantages and disadvantages:

2.2 Biometrics for PoP

2.2.1 Comparison of Biometric Modalities

Biometrics are unique, collectible, stable, and inherent physiological characteristics that every human possesses. For a biometric technology to be suitable for a global human identity system, it must meet several criteria. It should not rely on specialized hardware to ensure global accessibility. The technology must be sufficiently accurate to confirm each individual's uniqueness. Additionally, it should be secure and resistant to spoofing. For widespread user adoption, the technology must also protect privacy, be user-friendly, and respect social norms and traditions. The table below presents common biometric technologies and the necessary criteria for the human identity system.

2.2.2 Palm Print is a More Suitable Solution

Comparing with Other Biometric Modalities

Face recognition can be applied to standard cameras. It is touchless and delivers a good user experience. However there are serious privacy concerns. Human face is exposed and can be used for tracking in public spaces. Moreover a person’s facial image can be found online, which makes it easy for ID theft to obtain the base sample for creating a fake face. Regarding social acceptance, some indigenous cultures are against taking facial photos, the traditions of some areas also discourage certain groups from exposing faces in public areas.

Fingerprint requires a scanner. While a lot of smartphones have built-in fingerprint scanners, their outputs are in different formats that are specifically designed for its own embedded fingerprint algorithm. Moreover the phone fingerprint scanner is designed to be used by a single user. Its accuracy is not high enough to distinguish billions of people. Scanning fingerprints requires touching the scanner, which can cause hygiene concerns when used on shared devices in public space.

Iris recognition has the advantages of being computationally efficient and accurate. However high accuracy iris recognition requires a dedicated narrow field of view infrared camera. Moreover, the poor user experience makes it unsuitable to be used for identity verification of daily transactions.

DNA, as a biological characteristic, has high accuracy and can be used to distinguish every individual in the world. However, DNA encoding contains all information about a person. The collection of DNA can raise significant concerns on privacy. Moreover, DNA sequencing is costly and invasive, making it impractical for everyday biometric verification.

Palm print biometrics offers unique advantages

• Unmatched Uniqueness: Palm prints are the skin ridges on the surface of the palm. The palm print patterns are influenced by DNA and certain random perturbations during the early stage of fetal development. palm print recognition can uniquely identify a person, even among identical twins.

• Contactless and Hygienic: Unlike fingerprint systems that necessitate physical contact and may spread pathogens, palm scanning is entirely contactless, enhancing its suitability for public and healthcare environments.

• Accessibility and Convenience: Palm scanning technology leverages commonly used devices such as smartphones, integrating seamlessly into daily life without the need for additional hardware.

• Privacy-Centric: Palm scan data does not leave the local device, which guarantees that personal biometric data remains private and secure from external threats.

2.3 HumanCode Solution

Taking advantage of the unique benefits of palm prints, HumanCode decided early on to develop its decentralized identity system using palm biometrics. How can a global human authentication system be designed to be user-friendly, privacy-respecting, and fraud-resistant?

In this section, HumanCode introduces the key technical breakthroughs.

2.3.1 Uniqueness

FAR and FRR

To provide Proof of Personhood, any human user enrolled in the HumanCode system needs to be unique. This uniqueness consists of two requirements:

1. Distinguish individuals: No two people should be identified as the same entity. Each person will be able to enroll and receive a unique ID.

2. Detect duplication: Duplicate enrollment attempts need to be detected. One person can only register once. If a person attempts another enrollment, the new biometric scan needs to match the existing one.

These requirements are tied to two fundamental KPIs of biometrics:

• False Acceptance Rate (FAR): The likelihood of a false match given two biometric samples from different individuals.

• False Rejection Rate (FRR): The likelihood of a false non-match given two biometric samples from the same individual.

When a true new user registers, a FAR or false match between the new user and an existing user will result in the rejection of the legitimate enrollment. Conversely, when an existing user attempts a duplicate registration, an FRR or false non-match of the new and registered biometrics of the same user will result in a duplicated enrollment. At the scale of the global population, both FAR and FRR need to be minimized.

The accuracy of the HumanCode palm print algorithm has been verified using public datasets. At a FAR of 1 over 10 million ( $10^{-7}$ ), the FRR is less than 1.5 percent ( $0.015$ ). To accumulate the large number of samples required to validate the very low FAR, multiple public datasets were merged. Moreover, all left palm images were mirrored into right palm images. This operation effectively created a mirrored user for each real user. Finally, all right palm images of both real and mirrored users were cross-matched to compute the FAR. Please note that due to the use of mirrored palm datasets, the calculation of FAR already took into account the similarities or correlations between the left and right palms of the same person.

The FAR shown above is state-of-the-art. It is 10 times better than the reported FARs of Apple Face ID and WorldCoin Orb, both of which leverage special hardware. However, our FAR still falls short on “distinguishing” everyone on the earth. The global population is 8.1 billion. A satisfactory FAR should be significantly lower than $\frac{1}{8,100,000,000}$.

An FRR of 2 or lower is typically considered good practice for most applications. In HumanCode, due to the requirement on uniqueness, the target FRR needs to be much lower to eliminate the chance of a registered user from not being matched or recognized in a duplicated registration attempt and thereby creating a second account.

As explained above, a global human identity system demands extremely low FAR and FRR at the same time. This is challenging because the two parameters are always in a state of equilibrium. For any biometric matching algorithm, the similarity measurement between two biometric samples is represented as a numeric value called matching score. Matching result is determined by comparing the matching score to a pre-set threshold. A higher than threshold score indicates a positive match, otherwise a negative match. Lowering FAR requires increasing the threshold, which will result in the increase of FRR and vice versa.

The FAR and FRR reported previously shows the performance of HumanCode’s palm print matching algorithm from a single palm scan. While the numbers are impressive, they still fall short of meeting the stringent requirements of the global ID system. To further improve accuracy, we adopted two techniques during user registration: (1) taking multiple scans of each palm and (2) scanning both left and right palms.

Assumptions

Before delving into the accuracy analysis, let's discuss two key assumptions to ensure the analysis reflects performance under operational conditions:

1. Independence of Scans from the Left and Right Hands: Left and right palms are indeed correlated to a certain degree. The palm print patterns of the left and right palms of the same person bear more similarities than those of two different individuals. The following analysis assumes independent left and right palm print patterns. This assumption is justified by the fact that in our study, all left palm images are mirrored to create synthetic right palm images. As a result, the computed FAR and FRR have already taken into account the correlations between the left and right palms of the same person.

2. Reasonable Palm Scanning Conditions: We assume that palm scanning occurs under reasonably good lighting conditions. The HumanCode algorithm checks all palm images to ensure that the brightness and contrast in the palm area are sufficient, thereby not adversely affecting the 1.5 percent FRR calculated from the public dataset.

Multi-scan

Given two palms $P_a$ and $P_b$, we take $n$ scans each and perform one-to-one matching $n$ times. If any of the $n$ matches is positive, we consider $P_a$ and $P_b$ to be the same. If no scans match, $P_a$ and $P_b$ are considered different. Assume the FAR and FRR of a single scan are $x$ and $y$ respectively.

• False Acceptance Rate (FAR): The system will falsely accept an unauthorized user if it falsely accepts on any of the $n$ attempts. Thus, the probability of at least one false acceptance across $n$ attempts is:

When $x$ is small, the above equation can be simplified as:

• False Rejection Rate (FRR): The system will falsely reject a legitimate user if it falsely rejects on every one of the $n$ attempts. Thus, the probability of false rejection across $n$ attempts is:

Dual-palm

Given two users $U_a$ and $U_b$, we compare their left and right palms respectively and combine the results. If both left and right palms match, we consider $U_a$ and $U_b$ to be the same user. Otherwise, $U_a$ and $U_b$ are considered different users.

• False Acceptance Rate (FAR) with dual-palm and multi-scan: since both left and right palms are matched, the FAR of the combined matching result is the multiplication of the FAR of a single palm:

The above expression assumes independence between the matching results of left and right palms. When $n$ is small, the equation can be simplified as:

• False Rejection Rate (FRR) with dual-palm and multi-scan: the FRR of the combined matching result of left and right palms is the sum of the FRR of each palm:

In summary, leveraging multi-scan and dual-palm significantly improves accuracy by reducing FAR and FRR simultaneously. In HumanCode app, the user is asked to take 10 (5 left and 5 right) scans during registration. Applying the single palm single scan metrics FAR as $10^{-7}$ and FRR as $0.015$ into the equations, the overall accuracy can be calculated as FAR as $(5\times 10^{-7})^2 =25\times 10^{-14}$ and FRR as $2\times 0.015^5=1.5\times 10^{-9}$. This level of accuracy is sufficient to guarantee uniqueness even for global deployment.

It's important to note that multi-scan and dual-palm are only used in the registration workflow. In the verification workflow, the user only needs to scan once using either the left or the right palm.

2.3.2 Security

1. Scarcity of Online Palm Data: Facial images are ubiquitous online. Given the name of a person, an adversary can easily search and obtain facial image samples. Detailed palm image samples are much harder to obtain. The lack of source data for forging makes the palm an inherently secure biometric modality.

2. Proprietary Gesture-Based Liveness Detection: Based on this observation, we have developed our own proprietary gesture-based liveness detection algorithm.

Liveness Detection

Ensuring that the biometric trait presented is from a live person rather than a synthetic sample is critical.

Hardware-Based

Most liveness detection solutions rely on specialized hardware. For instance:

● Apple's Face ID: Uses a depth camera to capture a 3D facial map, which can be used to reject 2D photos.

● Ultrasonic Fingerprint Sensors: Use sound waves to capture the ridges and valleys of a finger, measuring the 3D details of fingerprints to detect 2D replicas.

● Advanced Iris Scanners: Check for the involuntary oscillation of the pupil (pupillary reflex), which is hard to fake.

● Palm Vein Recognition: Utilizes infrared cameras to capture the subdermal vein pattern, barely visible in standard RGB camera images.

Hardware-based liveness detection offers robust security and high accuracy but comes with higher costs and greater dependency on specialized components. These systems are best suited for environments where security needs justify the additional investment and logistical complexities of distributing the specialized hardware.

Software-Based

To eliminate the dependency on specialized hardware, pure software-based liveness solutions have been developed. For instance:

● Flash Screen Technique: Advanced facial recognition algorithms flash the PC or phone screens that the user is facing. The flashes change the illumination on the face, creating a trait to differentiate real 3D faces from faked 2D replicas, as they reflect light differently. The algorithm then analyzes the live camera video to check whether the changes in color and intensity in the facial area match the patterns of a 3D face. This technique is effective in detecting photo attacks. However, its effectiveness depends on environmental lighting. Outdoors on a sunny day, the illumination changes induced by screen flashes are too subtle compared to sunlight, making the changes in intensity in the facial area undetectable in the video.

● Interactive Movement Tests: Other facial recognition algorithms display instructions asking the user to make certain movements, such as blinking eyes or turning heads. They then analyze the live camera video to check whether the user moves correspondingly. These interactive tests can effectively eliminate spoofing of static photos. However, they can be susceptible to video replay attacks. Given the limited number of facial movements that are both easy for the user and detectable by the algorithm, an adversary can pre-record a small set of videos mimicking the movements and replay them correspondingly at runtime to bypass the interactive tests.

Hand Gesture Based Software Liveness Detection

To deliver a global identity system we focus on software liveness detection. Hand is the most flexible part of the human body that is capable of making a large number of distinguishable gestures. Based on this observation, we have developed our own proprietary gesture-based liveness detection algorithm:

1. Gesture Setup: The user utilizes the tip of the thumb to touch three different fingers: the index, middle, and ring fingers.

2. Touch Points: Each of these 3 fingers has 4 possible touch points: the fingertip, upper phalanx, lower phalanx, and base, totaling 12 possible touch points.

3. Gesture Execution: During liveness test, the user is prompted to use the tip of the thumb to touch one of the 12 touch points. Depending on the requested security level, when the task is completed, the user may be prompted to touch one or more touch points using the thumb tip. In each session, the location of the touch points is randomly selected.

Security Analysis

The system randomly selects which points to touch and in what order. This randomness is key to securing the system against video replay attacks.

Given 12 randomly selected touch points, the probability of the attacker successfully guessing the target touch point is $\frac{1}{12}$. To enhance security, the user is prompted to touch a sequence of $n$ touch points with their thumb tip. The number of possible combinations of the sequence of touch points are $12^n$. Therefore, the probability of the attacker successfully guessing a sequence is $\frac{1}{12^n}$. In practice, a sequence of three touches will provide enough security for registration. For verification, a sequence of 1 to 2 touches will suffice.

Trade-off Between Security and Convenience

The touch point gesture scheme is designed to maximize security while maintaining a fluid user experience. While we aim to fortify the system against spoofing, it's equally important to ensure that the liveness detection process remains quick and user-friendly. Overly complex requirements may deter users from engaging with the system regularly.

Various types of gestures can be made by hand. For instance, we can prompt the user to perform a digit gesture, i.e., open a specific number of fingers, fist being zero and an open hand being 5. Given a total of 6 variations, the odds of the attacker guessing out a sequence of digit gestures is . Compared to the touch point gesture, to reach the same level of security, the user needs to perform a longer sequence of digit gestures, which prolongs the time to complete liveness detection.

Moreover, our user study shows that users feel more comfortable making touch point gestures than making digit gestures.

In the future, we will explore other types of hand gestures that offer a balance between security and user experience.

2.3.3 Scalability

Scalability is crucial to the success of human identity systems targeting to serve the global population.

Why We Need Pure Software Solution

Specialized hardware is expensive and can only be produced in limited quantities, making it impractical to distribute biometric scanners to every individual globally for proof of personhood. The absence of personal biometric scanners presents significant challenges:

• Costly Deployment: Projects that utilize specialized hardware can only enroll users at designated registration centers staffed by trained technicians. The inconvenience for users to attend a registration center, combined with high operational and logistical costs, severely limits the enrollment rate. This challenge has been demonstrated by projects like WorldCoin.

• Lack of Proof of Ownership: Without personal possession of the specialized hardware, users cannot use biometrics to verify their ownership in daily transactions. This creates a loophole where a privileged person could pay others to open accounts using their own biometrics. After enrollment, the buyer would become the “owner” of multiple accounts and conduct transactions as others. While biometric verification during transactions could fix this loophole, without specialized hardware, average users cannot scan their biometrics for daily transactions.

Our project has successfully developed a highly accessible solution that operates on any smartphone. Here are the key features:

• Camera Requirements: Modern smartphones are equipped with multi-megapixel cameras. For palm print scanning, a 200x200 pixel resolution in the palm area (excluding the fingers) is sufficient. A VGA resolution of 640x480 pixels (0.3 MP) already meets this requirement.

• Computing Power Requirement: Our system is optimized for smartphones released in the last five years but can run on virtually any smartphone with acceptable speed.

• Browser-Based and OS-Independent: Our software operates smoothly across all major operating systems, including Windows, Android, Linux, MacOS, and iOS.

By eliminating the need for specialized hardware, we can significantly reduce costs and enhance the speed of user adoption. Our approach leverages the widespread availability of smartphones, making our system highly accessible and ready for rapid deployment on a large scale. With the ubiquity of smartphones globally, virtually everyone can access our system. We aim to serve a vast user base, targeting 100 million users within 18 months.

2.3.4 Privacy

Privacy is a cornerstone in the design of our biometric system, which adheres to strict principles to ensure personal data remains secure and inaccessible. In general, we adopt the following practices to ensure data security and user privacy.

• No Personal Data Retention: Our system does not store any personal metadata, mitigating risks associated with data breaches and unauthorized access.

• Local Feature Extraction and Encryption: During registration, we perform feature extraction locally, which ensures that the data, once processed, cannot be reversed or reconstructed. No raw biometric data is saved to our server. The encrypted biometric signature is irreversible, providing robust protection against tampering. Additionally, the system is designed to counter repetitive or replay attacks effectively, ensuring that past data intercepts cannot be reused maliciously.

• Local Verification with Zero-Knowledge Proofs (ZKP): In HumanCode v1, verification is done remotely on a server. We are in the process of porting the palm print matching algorithm to the client side. When finished, the verification of palm scans will be performed locally using Zero-Knowledge Proofs (ZKP), meaning that no biometric data will be exposed during the verification.

• Homographic Encryption: We adopted homomorphic encryption to encrypt the locally extracted features. Homomorphic encryption allows biometric samples to be matched in their encrypted formats, further improving data security and privacy.

Registration

During registration, we perform feature extraction locally. Raw biometric information remains on the edge device and is never transferred elsewhere, securing the data at the point of capture. We encrypted the data and sent only the palm signatures to the remote for 1-to-all matching.

We designed a secure API to protect encrypted biometrics during data transmission. Some of the steps are as follows:

● All API parameters are shielded by a signature created with HMAC-SHA256 encryption. Specifically, the parameter string is hashed using the SHA256 algorithm, and the resulting hash is encrypted using the user's secret key through the HMAC (Hash-based Message Authentication Code) process. This generates a unique signature for each API request. We append this unique signature to the API request as an additional parameter. This ensures that any changes to the request parameters will invalidate the signature.

● We use a time-bound VCODE to limit the timeframe for any unauthorized attempts.

● We use an expiry session_id to make sessions transient thereby reducing the risk of session hijacking or replay attacks.

● All data transmission is protected with secure SSL/TLS encryption for secure data transmission.

Verification

During verification, we stick to the following practices:

● Local Template Storage: The biometric template, secured through feature extraction and homomorphic encryption, remains locally on the device.

● Server Privacy: The server does not need to know the specifics of the encryption, as verification is confirmed locally.

● Zero-Knowledge Proof (ZKP): Ensures that the user performing the verification is indeed the same one registered, by verifying the actions and results without revealing the actual data.

Revocation

Users can revoke their HumanCode account at any time. Upon receiving a revocation request, the user will be prompted to scan their palm again to verify ownership. Once verified, the user can confirm the deletion of their account. HumanCode will then permanently remove the encrypted palm signatures from the system. The previous HumanCode ID will be archived but labeled as expired.

Expiry

If a HumanCode account remains inactive for a prolonged period, such as one year, it will be subject to automatic expiration. In such cases, the user will be notified and prompted to verify their identity through a palm scan. If the user does not respond, HumanCode will proceed to cancel the account. The encrypted palm signatures and HumanCode ID will be permanently removed from the system to comply with GDPR regulations.

3 HumanCode Authentication Service

HumanCode aims to build a global identity network with billions of users. We plan to achieve this goal through collaborating and providing human authentication services to our ecosystem partners. We will go through a number of approaches to integrate HumanCode in this section, then discuss various applications that could benefit from authentication in Section 4.

Using palmprint biometrics, HumanCode authentication delivers Proof of Personhood and Proof of Ownership in a single palm scan. The solution is superior to conventional authentication methods. For instance, KYC only ensures that an account is registered by a real human, whereas Captcha test only verifies that the user currently accessing the account is not a bot. Compared with other biometrics based authentication systems that utilizes face, fingerprint or iris, HumanCode excels in privacy (palmprint is pseudonymous) and accessibility (running on any smart phones).

3.1 Authentication via HumanCode App

To enhance the user experience and simplify interactions, the HumanCode App supports QR code integration. This allows users to easily interact with the app by scanning a QR code on a webpage to initiate the palm authentication process. This approach eliminates the need for complex wallet interactions, providing a seamless and user-friendly method to verify identity and credentials.

Workflow

Step 1. Generate QR Code: Users initiate HumanCode authentication by clicking a "Prove I am a Human" button on a page of the website or app of the partner (Partner Webpage). The Partner Webpage requests a session_id from HumanCode Server then launches HumanCode QR Page, which displays a QR code. The QR code encodes a deep link that contains the session_id and other necessary information for the HumanCode App to process the authentication.

Step 2(a). Scan QR Code (Partner Webpage running on a PC or a separate mobile phone): Users scan the QR code using HumanCode App on their mobile phones. The HumanCode app will retrieve the session_id and switch to palm authentication mode. Alternatively users can scan the QR code using another QR code scanner app. The deep link contained in the QR code will launch the HumanCode App and initiate the palm authentication process. If the HumanCode App is not available, the deep link will point the user to the app store for installation.

Step 2(b). Click QR Code (Partner Webpage running on the same mobile phone): The QR code is a button associated with the deep link. Users click on the QR code to launch the HumanCode App and initiate the palm authentication process.

Step 3. Palm Authentication: The HumanCode App scans and identifies the user's palm prints. The authentication result (called vcode) along with session_id and a hashed version of the HumanCode ID is sent to the HumanCode server through secure transfer.

Step 4. Authentication Result: HumanCode QR Page polls the vcode from the HumanCode Server using session_id. The browser re-launches the Partner Webpage using the callback_url and passes the authentication result to it. The Partner Webpage displays the result and communicates with the partner server to approve or disapprove a transaction.

Registration vs Verification

Depending on whether a Human ID is pre-stored, the palm authentication (step 3 above) process executes two different workflows:

Registration: The first time the HumanCode App is launched, it executes the registration workflow. The app guides the users to scan both palms (left and right) multiple times. It then extracts and encrypts palm features locally and sends the encrypted palm signatures to the server to match with existing records. If a match is found, the server will return the existing HumanCode ID. Otherwise a new HumanCode ID will be created and returned. The HumanCode App will then securely store the HumanCode ID and the encrypted palm signature into its keychain.

Verification: The next time the HumanCode App is launched, it loads the ID and encrypted palm signature from its keychain, and executes the verification workflow. The app scans one palm (left or right) once. It then matches the newly captured palm scan with the old encrypted palm signature loaded from the keychain. Finally, the matching result is sent to the HumanCode server to be fetched by the frontend HumanCode QR Page.

Rewards

Everytime the users scan their palms for registration or the follow-up verification using the HumanCode App, they will receive HumanCode credits (which will be converted into HumanCode tokens in the future) to reward their contribution to the project as early adopters. Moreover, HumanCode will launch airdrops to HumanCode App users on a regular basis. The probability of a user receiving an airdrop is determined by the user’s activeness. An active user who scans palms on a daily basis will receive more airdrops than an inactive user.

3.2 Authentication via HumanCode API in Browser

A browser-based solution is easier to promote than an app-based one. HumanCode provides an API for the partners to integrate into their website or web app. As a result, the end users will be able to scan their palms within the partner’s browser or web app without the need to install and open the HumanCode app. We believe the lightweight browser based integration will significantly speed up HumanCode’s user adoption, especially at an early stage.

Workflow

Step 1. Request Initiation: Users initiate HumanCode authentication by clicking a "Prove I am a Human" button on a page of the website or app of the partner (Partner Webpage). The partner calls the SESSION_ID API to obtain a session_id from the HumanCode Serve.

Step 2. Palm Authentication: The Partner Webpage launches the HumanCode Webpage and sends the session_id and callback_url to it. The HumanCode Webpage scans and identifies the user’s palm prints. After that, the browser re-launches the Partner Webpage and passes the authentication result (vcode) along with the session_id to it.

Step 3. Authentication Result: Finally, the partner verifies the received vcode through the VCODE API on the HumanCode Server. If the vcode is valid, the partner will receive a hashed version of the user’s HumanCode ID.

Registration vs Verification

Similar to the HumanCode App, the HumanCode Webpage can execute two types of palm authentication workflows:

Registration: In the registration workflow, the HumanCode Webpage scans both palms multiple times. then sends the encrypted palm signatures to the server to match. If a match is found, the server returns the existing HumanCode ID. Otherwise a new HumanCode ID is created and returned. The HumanCode Webpage then stores the HumanCode ID into the cache of the browser. For security reasons, we do not store the encrypted palm signatures in the browser.

Verification: In the verification workflow, the HumanCode Webpage loads the HumanCode ID from the browser cache. It then scans one palm once and sends the encrypted palm signature plus the HumanCode ID to the server. The server matches the new palm signature to the old palm signature of the Human ID account, then sends the matching/authentication result back to the HumanCode Webpage. Sometimes the partners already know the HumanCode ID of the to-be-verified user. In this case, the Partner Webpage can send the ID to the HumanCode Webpage. The partner specified ID will overwrite the browser cached ID for this particular partner transaction. Sometimes users can clear browser cache after registration with HumanCode. In the absence of both the browser cached ID and partner specified ID, the HumanCode Webpage will launch a new registration workflow.

Rewards

Like HumanCode App users, browser-based HumanCode users will receive credits after each authentication. The credits will be recorded under the user account associated with the user’s HumanCode ID. However, after receiving credits from the browser, the users will need to install the HumanCode App to redeem the credits and/or convert the credits into tokens. Installing the HumanCode App is required because we do not collect any user information and the app is the only channel for the users to accept credits into their wallet.

3.3 Combining with Soulbound Tokens

3.3.1 Soulbound Token (SBT) and Its Characteristics

The Soulbound Token (SBT) is a groundbreaking concept introduced in May 2022 by Ethereum co-founder Vitalik Buterin, lawyer Puja Ohlhaver, and economist and social technologist E. Glen Weyl. SBTs are non-transferable tokens designed to act as identity and credentialing tools, representing individuals or entities on the blockchain. SBTs presents some key characteristics:

Non-Transferable: Unlike typical NFTs that can be bought or sold, SBTs are unique because they cannot be transferred once issued. This non-transferability ensures that the tokens can only be granted to users by authorized wallet authorities, significantly reducing the risk of impersonation, theft, and fraud.

Identity and Credential Representation: SBTs are created by wallets or blockchain accounts called "Souls." Users can tokenize their achievements, traits, and credentials using SBTs. For example, a person can have an SBT that tracks their professional qualifications for job interviews, another SBT for health records, and yet another for gaming achievements.

Multiple Souls: Users can hold multiple Souls, each representing different credentials or aspects of their lives. This allows for a more organized and comprehensive representation of one's identity and accomplishments on the blockchain.

Unique Identifier and Metadata: Each SBT has a unique identifier and associated metadata, which can include information such as education, ownership, credit scores, criminal records, affiliations, and more. This uniqueness ensures that each token is specific to the individual or entity it represents.

Verifiability: SBTs are verifiable on the blockchain, allowing individuals and entities to authenticate various pieces of information securely. This includes verifying eligibility and ownership, membership activities, education discounts, and other KYC (Know Your Customer) scenarios.

3.3.2 Enhancing Trust and Authenticity in Web3

The integration of HumanCode’s biometric capabilities with SBTs addresses one of the most critical challenges in the web3 space: the verification of human identity in a decentralized environment. By combining SBTs, which represent non-transferable and immutable aspects of a person’s identity and achievements, with a verifiable biometric identifier provided by HumanCode, the system ensures that the tokens are genuinely linked to the person they represent. This linkage is vital for multiple reasons:

Verifiable Proof of Personhood: HumanCode provides a tangible, biometrically-based proof of personhood that is difficult to forge or replicate. This proof is crucial for the effective use of SBTs, as it ensures that the tokens are indeed bound to a real individual, not just a digital identity that could be manipulated or stolen.

Increased Security and Reduced Fraud: The immutable link between a person’s biometric data and their SBTs helps prevent identity theft and fraud. Biometrics ensure that SBTs remain permanently associated with the correct individual, even in the case of key theft or loss.

Trustworthy Credential Verification: For SBTs that represent credentials or qualifications, the integration with HumanCode guarantees that these credentials are accurately verified and bound to the rightful owner. This verification is essential in sectors like education, professional services, and governance, where proof of qualifications is mandatory.

Broader Accessibility and Inclusivity: HumanCode’s ability to operate on any smartphone extends the reach of SBTs to virtually anyone with a mobile device, broadening the potential user base of web3 applications and services. This universal accessibility is crucial for building a truly decentralized society. The integration thus promotes inclusivity and equality within the digital space, aligning with the core principles of web3.

3.3.3 Technical Integration of SBTs with HumanCode

The integration of SBTs with HumanCode is a simple procedure that consists of three operations:

Human ID Registration: Users install the HumanCode App to scan their palm prints. Upon completing the registration process, users receive unique HumanCode IDs.

SBT Mint and Assignment: Following a successful biometric registration, a smart contract on the blockchain is triggered to mint a new SBT and assign it to the wallet address of the registered user. The SBT contains an encoded representation of the user’s HumanCode ID. Therefore the wallet address of the user is permanently bound to the biometric identity.

HumanCode Verification: Certain applications such as voting and airdrops may require the user to verify their ownership one more time at the time of transaction. Such a requirement can be fulfilled by running the verification workflow of the HumanCode App.

One user can hold multiple SBTs across different chains. Given all the SBTs link to the same HumanCode ID. The multiple wallet addresses of the same user will be connected providing a more complete picture of the user. This feature can be used to create a reputational or credit system in web3.

4 Applications

4.1 Anti-Sybil Measures

The core issue in preventing Sybil attacks is the difficulty of reliably verifying unique human identities. Traditional methods are insufficient barriers to determined attackers, who can easily generate or purchase fake identities.

4.1.1 Anti-Sybil in Token Airdrops

Token airdrops are a crucial strategy for distributing tokens in cryptocurrency projects to stimulate engagement, decentralize ownership, and foster a committed community. However, their integrity is often compromised by Sybil attacks, where individuals create multiple fake accounts to claim more tokens. This undermines fairness, inflates token supply, reduces token value, and diminishes trust in the project's governance and operations.

With HumanCode palm scan technology, we believe that infrastructures and decentralized apps could

1. Build a more secure User Base: Verified biometric data can serve as a foundation for building a secure, reliable user base that can be engaged for future projects and governance activities within the token ecosystem.

2. Become more regulation compliant and trustworthy: As regulatory scrutiny around digital currencies increases, having a robust system for identity verification can put the project in a favorable position with regulators and auditors, ensuring compliance with global standards.

How HumanCode Works in Airdrops

HumanCode integrates biometric verification into token airdrops through a straightforward three-step process to ensure each participant is unique and to prevent duplicate entries:

1. HumanCode Enrollment: Participants enroll in the HumanCode system with a one-time palm scan using their smartphone. This scan is processed to check for duplicates in the system. If no duplicates are found, the participant is issued a unique HumanCode ID. Enrollment is a one-time process; there is no need to re-enroll for each airdrop event.

2. Airdrop Registration: When registering for an airdrop, participants scan their palm to verify their identity. This ensures that the individual registering is the same one who initially enrolled. The airdrop host logs the HumanCode ID to ensure one ID can only register once.

3. Token Allocation: Once a participant’s identity is re-verified during airdrop registration, they are confirmed as eligible to receive the airdrop tokens. Tokens are then distributed to the blockchain wallet linked to the verified HumanCode ID, ensuring a secure and fair allocation based on verified unique identities.

4.1.2 Spam and Abuse Prevention for Websites and Dapp

Implementing HumanCode verification can be an effective deterrent. By requiring users to authenticate via palm scans for account creation and activities like posting or commenting, websites can uniquely verify the identity of users. This method prevents multiple accounts from being registered by the same person (Sybil attacks) and adds a layer of accountability that can significantly reduce spam and abusive behaviors. Biometric validation ensures that each user account is linked to a unique individual, enhancing both security and community standards on the platform.

4.2 Financial Security Enhancements

4.2.1 Enhancing Digital Wallets

Introduction to Digital Wallet Security Challenges

Digital wallets heavily rely on knowledge-based systems such as passwords, which are susceptible to attacks like phishing and brute force. These methods can expose user credentials, leading to unauthorized access and financial losses.

Palm scan technology adds a robust layer of biometric security to digital wallets, ensuring only the rightful owner can access and use the wallet, thereby reducing the risk of unauthorized access and fraud.

How HumanCode Can Enhance Digital Wallet Security and Convenience

1. Wallet Setup and Biometric Enrollment: During setup, users enroll in HumanCode’s biometric security system by scanning their palm with their smartphone camera. The scan creates a unique digital template that is securely stored and encrypted, binding wallet access to the physical individual.

2. Biometric Authentication for Transactions: For transactions, users must authenticate their identity via a palm scan. This step ensures that only the legitimate owner can access the wallet or authorize transactions, minimizing the risk of unauthorized access.

3. Enhanced Security and Convenience: HumanCode provides a unique and difficult-to-replicate authentication method, reducing the risk of unauthorized access. Additionally, biometrics offer a more user-friendly experience by eliminating the need to remember complex passwords or carry hardware tokens.

HumanCode palm scan can serve as one of the factors in a multi-factor authentication (MFA) sign-in process. As part of the human body, the palm cannot be lost or stolen. HumanCode palm authentication is suitable for the account recovery of a Multi-Party Computation (MPC) wallet.

4.2.2 Global Human Authenticator for Online Payments

Security in online payments is crucial to prevent fraudulent transactions during online shopping. Palm scanning can authenticate online payment processes by tying transactions directly to the biometric data of the user, thereby reducing the risk of fraud.

4.2.3 Decentralized Credit System Across Chains

Traditional DeFi projects lack a credit system, resulting in loans being facilitated through collateralization, as seen with crypto lending entities like MakerDAO and AAVE. HumanCode offers a feasible mechanism for establishing credit systems.

HumanCode ID can be linked to multiple wallet addresses across various ecosystems, establishing a user credit and asset profile based on their palm print. Upon registration to a new wallet, as long as it is integrated with HumanCode, we can offer user behavior information. By connecting transaction records across multiple chains, we provide a more comprehensive transaction history for each user.

Due to the immutable nature of biometric features, even if users revoke accounts from a chain or from HumanCode, upon re-enrollment, the biometrics will be linked back to the old HumanCode ID and its transaction history. This enables a more secure and safe financial environment than ever before.

4.3 Decentralized Governance

HumanCode’s identity system may play a critical role in establishing a transparent and equitable governance in a decentralized community. The Proof of Personhood can ensure that each entity within a decentralized community is a unique individual. The pseudonymous identity framework allows the members of a community to express themselves equally and freely.

4.3.1 Fair Voting in DAO and Network States

A DAO, or Decentralized Autonomous Organization, is an organization represented by rules encoded as a computer program that is transparent, controlled by organization members, and not influenced by a central government. The core of a DAO is a set of smart contracts deployed on a blockchain (e.g., Ethereum). These contracts define the rules and execute decisions based on member votes.

Building a fair and transparent voting system is core to such DAOs and network states. In ancient Greece, eligibility was based on citizenship, verified through local records and community knowledge. Today, eligibility can be based on SBT and biometrics.

As a global human biometrics authenticator, HumanCode ensures that each vote in a decentralized voting system is cast by a unique individual, preventing vote manipulation and fraud. Additionally, we can enforce one-person-one-vote to enhance integrity.

4.4 Physical and Digital Access Control

Access control systems secure physical and digital environments by allowing only authorized individuals entry or access to information. Employed as a keyless entry system, palm scanning ensures that only registered individuals can access secured areas, offering a secure and hygienic alternative to traditional methods.

Imagine a soon-to-be future with us: palm scan technology has seamlessly integrated into our daily lives, with palm prints used for access to buildings, homes, apartments, metros, and customs.

In a world reminiscent of Aldous Huxley's brave new world, Alice started her day:

She navigated the bustling streets and scanned her palm to enter the metro. Alice accessed her law firm's World Trade Center building with a quick palm scan.

At lunch, she checked her crypto account using a palm scan and calculated how many tokens she had accumulated for a down payment.

After work, she spontaneously rented HumanCode bikes in Central Park using a palm scan and enjoyed a peaceful ride.

Traveling had become seamless. At the airport, Alice moved through customs effortlessly with a palm scan, bypassing long lines and paperwork. Privacy was safeguarded by advanced encryption, and each scan generated a unique token.

Crime rates had dropped, and people no longer needed to be constantly bugged by smartphones. Her right hand had become the key to a seamless, secure, and efficient life.

5 Limitations

We acknowledge certain limitations inherent to any advanced biometric system. These challenges underscore the importance of ongoing research and development to enhance the system's robustness and reliability.

5.1 False Acceptances and False Rejections

The inherent complexity of machine learning algorithms means that no system can achieve absolute perfection. Our algorithm exhibits a FAR of 1 over 10 million ($10^{-7}$), the FRR is less than 1.5 percent ($0.015$) per single scan, primarily due to variations in palm positioning during scanning, temporary changes in skin condition (e.g., injuries, moisture), and environmental factors affecting image capture quality. These challenges highlight the need for continuous algorithm optimization to minimize false rejections without compromising security.

5.2 Biometric Security and Deep Fake Mitigation

The evolution of Artificial Intelligence Generated Content (AIGC), particularly deepfake technology, presents escalating risks to biometric security systems. Palm recognition technology, however, stands as a more resilient option compared to facial recognition due to the inherent challenges in acquiring complete palm prints. Full palm prints are seldom accessible online and significantly harder to replicate, making palm-based systems less vulnerable to deepfakes. Furthermore, even with potential future advancements that might predict missing portions of palm prints from partial scans, the complexity of palm prints makes them intrinsically harder to counterfeit than facial features. Continuous vigilance and the development of advanced anti-fraud technologies are crucial to safeguard these systems against the advancing capabilities of AIGC.

5.3 Endless Security Improvements

Biometric systems, though superior in many ways to traditional authentication methods, are not immune to cyber threats. They may fall prey to: 1) Trojan horse attacks, which deceive the system into authenticating a fraudulent request; 2) Replay attacks, wherein valid data transmissions are maliciously repeated or delayed. These vulnerabilities necessitate the development of novel and advanced security protocols, hand-gesture-based liveness detection, and encryption techniques to protect biometric data against unauthorized access and manipulation.

5.4 Decentralization

The move towards decentralizing data storage represents a significant step forward in enhancing the privacy and security of biometric data. This approach, still under development, aims to distribute data across multiple locations to prevent single points of failure and mitigate the risk of mass data breaches.

5.5 Open Sourcing

Similarly, open sourcing the technology is under consideration, which could foster a collaborative environment for security experts and developers worldwide to identify vulnerabilities and contribute to the system's overall robustness. However, the open-source model also requires careful management to ensure that it does not inadvertently expose the system to new threats.

Addressing these limitations is pivotal to advancing palm recognition technology and maintaining its viability as a secure and reliable form of identity verification in the face of evolving cyber threats and technological advancements.

5.6 Compatibility Testing

HumanCode aims to support smartphones released in the past five years. The requirements are:

Camera Resolution: The palm recognition algorithm requires a minimum camera resolution of 0.3 megapixels, with 1.0 megapixels recommended. All smartphones meet this requirement.

Operating System: Android 8 or newer, iOS 12 or newer.

Hardware Specs: A quad-core 1.6 GHz CPU and 1 GB memory or higher, which is supported by most budget phones under $100 USD.

While these requirements ensure most smartphones are compatible, thorough testing for issues such as camera drivers, image quality, and OS security features is essential. We have tested and verified a number of phone models released after 2018 from several popular brands. These brands cover over 85% of the global market. We will continue to test and add more models.

Addressing these limitations is pivotal to advancing palm recognition technology and maintaining its viability as a secure and reliable form of identity verification in the face of evolving cyber threats and technological advancements.