Identity as Behavioral Continuity: Beyond Single-Point Capture

Mechanism

The mechanism establishes identity continuity by extracting a vector of behavioral signals from observed interaction and computing the coherence of that vector against a maintained behavioral profile for the candidate identity. The profile is not a static template; it is an evolving distribution that captures both the central tendency of the individual's behavior and its characteristic variance — the natural envelope inside which genuine behavior fluctuates.

Three signal classes are extracted concurrently. Gait pattern captures the spatial-temporal structure of locomotion: stride length, cadence, weight transfer, asymmetry between sides, swing-phase timing. Dwell-pose captures static configuration during pauses: head angle, shoulder set, weight distribution, the geometry of the body when it is not actively moving. Micro-movement captures sub-conscious motion at rest: postural sway, breathing-coupled torso motion, hand tremor envelope, micro-saccadic gaze drift. Together these three classes span the involuntary, the habitual, and the postural — the components of behavior that are characteristic of an individual and resistant to deliberate imitation.

Each signal class is reduced to a feature vector and compared to the profile under a coherence metric. The coherence scores are combined into a behavioral component score in the unit interval. This behavioral component is then fused with a biological component — derived from any captured biometric evidence available in the same session — under bounded weights. The bounded weighting is the structural commitment: neither component can dominate the fused identity confidence beyond a declared ceiling, which means a high-quality biometric capture cannot by itself produce maximum confidence in the absence of corroborating behavior, and a high-coherence behavioral trajectory cannot produce maximum confidence in the absence of corroborating biological evidence.

Identity is established when the fused score exceeds an enrollment threshold under sustained observation. Identity is refreshed continuously thereafter: each subsequent observation contributes a fresh coherence score, the trust slope rises with consistent observations and decays with inconsistent ones, and the identity is implicitly extended for as long as coherence persists. Identity is revoked when the trust slope falls below a maintenance threshold or when the session terminates without timely renewal.

Operating Parameters

Behavioral signal extraction operates on a sampling cadence appropriate to each signal class. Gait pattern is reduced over locomotion windows of multiple stride cycles. Dwell-pose is sampled during stationarity intervals exceeding a dwell threshold. Micro-movement is sampled at frame-rate during any observation interval and aggregated over short windows. The system does not require continuous high-rate sampling; it requires sufficient samples within a refresh window to produce a coherence score with declared confidence.

Each signal class carries a profile-update rate that allows the maintained profile to track natural drift — fatigue, injury recovery, aging, seasonal change — without permitting profile capture by an attacker who has gained brief access. The update rate is bounded so that the profile cannot shift faster than a characteristic adaptation timescale, and updates are gated on coherence above a maintenance threshold so that low-coherence observations do not pollute the profile.

The fusion weights between behavioral and biological components are bounded in the policy reference: each component has a declared minimum and maximum contribution. The bounds prevent any single component from reaching identity confidence on its own. The specific bounds are deployment-dependent — a high-security access-control deployment uses tighter bounds and stronger corroboration requirements than a consumer companion deployment — but the bounding itself is structural.

The trust slope decays on a per-deployment time constant. A short time constant means that identity must be refreshed frequently through coherent observation; a long time constant means that brief coherence loss does not collapse identity. The decay is monotonic in the absence of fresh observations and is accelerated by inconsistent observations rather than merely paused. Identity that is allowed to decay to zero requires re-enrollment, not silent re-establishment.

No raw behavioral signal is retained beyond the coherence computation. The system retains the maintained profile, the trust slope, the trajectory metadata, and a hash chain over coherence events. This data minimization is operational, not optional: the mechanism cannot retain raw behavior without violating the structural privacy properties that make behavioral continuity defensible as an identity primitive.

Alternative Embodiments

In a personal-device embodiment, behavioral continuity is established and refreshed by the device itself across the user's daily interaction: gait pattern from inertial sensors, dwell-pose from front-camera framing during use, micro-movement from contact sensors and capacitive arrays. The device fuses these with periodic biometric capture (face, fingerprint) under bounded weights, maintaining identity continuity across the day without requiring repeated explicit authentication.

In a workplace-access embodiment, behavioral continuity is established at credential issuance and refreshed continuously by environmental sensing — gait through floor pressure or overhead vision, dwell-pose at workstations, micro-movement through interaction with controls and surfaces. The biological component is supplied by initial badge-paired biometric capture, and the behavioral component carries the identity continuously across the workspace without requiring re-capture at each zone boundary.

In a healthcare embodiment, behavioral continuity is established for a patient under care and refreshed by clinical observation: gait during ward ambulation, dwell-pose during examination, micro-movement during rest. The biological component is supplied by hospital-grade biometric capture at admission. Behavioral coherence persistence then carries the identity across staff changes and environment transitions, and decoherence is itself a clinical signal — sudden behavioral incoherence in a patient with a previously stable trajectory is a flag, not merely an identity event.

In a vehicle-occupancy embodiment, behavioral continuity is established for a driver and refreshed by in-cabin sensing: micro-movements at the steering wheel, dwell-pose in the seat, gait at entry and exit. The biological component is supplied by initial face capture. Behavioral coherence then maintains driver identity across the trip and detects driver-substitution events without requiring re-capture mid-drive.

In a companion-AI embodiment, behavioral continuity establishes the human partner's identity across long-term interaction. Gait, dwell-pose, and micro-movement are observed through the available sensor suite of the companion device. The bounded fusion ensures that the companion does not collapse identity onto either pure biometric capture or pure behavioral inference, preserving robustness against both biometric spoofing and behavioral mimicry.

Composition with Other Mechanisms

The behavioral-continuity mechanism composes with biometric capture as the biological component in a fused identity score. The bounded-weight fusion is the explicit composition point: biometric capture supplies the biological component, behavioral observation supplies the behavioral component, and neither dominates beyond declared bounds. This composition is what makes the overall identity primitive resilient against the failure modes of either input alone.

The mechanism composes with credentialed-observation channels in the broader cognition architecture. A coherence score is emitted as a credentialed observation with declared confidence, and downstream consumers — access control, session management, governance enforcement — admit it through the same admission interface they admit any other observation. Identity is not a special-case input; it is a credentialed observation whose subject is a person.

The mechanism composes with policy-governed action selection. Action thresholds can be set on the fused identity score so that low-coherence sessions are restricted to low-stakes actions, and high-stakes actions require either a fresh biometric corroboration or sustained high coherence. This lets the same identity primitive serve a continuum of stakes without requiring different mechanisms at each level.

The mechanism composes with cohort and population reasoning. The maintained profile per individual is a private artifact, but population-level statistics over coherence trajectories can drive cohort-level governance — for example, detecting profile-poisoning campaigns by observing simultaneous coherence anomalies across an enrolled population. This composition is structural because all coherence events are credentialed observations passing through the same admission channel.

Prior-Art Distinction

Prior biometric systems treat identity as a single-point template comparison. A capture is taken, features are extracted, and the result is compared against a stored template. The stored template is the identity, and once compromised it cannot be revoked because the underlying biological feature is not replaceable. Behavioral continuity, in contrast, has no single artifact whose theft compromises the identity. The maintained profile is statistical and continuously updated; an attacker who captures a profile snapshot has captured a stale, partially de-correlated description that decays in usefulness as the genuine subject's behavior continues to evolve.

Prior behavioral-biometrics systems — keystroke dynamics, mouse-movement signatures, single-modality gait recognition — treat behavior as a one-shot classifier. They produce a score per observation and either accept or reject. They do not maintain a continuity trajectory, do not fuse with a biological component under bounded weights, and do not produce a refreshable trust slope. Their failure modes are the failure modes of one-shot classification: a single bad sample rejects the genuine user, a single mimicked sample admits an attacker.

Prior continuous-authentication systems maintain session-level trust scores but typically do so over a single modality and without the structural commitment to bounded fusion with a biological component. They are also typically retain-and-replay architectures that store raw or near-raw behavioral data, which trades the static-template vulnerability for a behavioral-corpus vulnerability of similar magnitude.

The mechanism described here is structurally distinct on three points: it spans three signal classes (gait, dwell-pose, micro-movement) covering involuntary, habitual, and postural behavior; it fuses with a biological component under explicit bounded weights so that neither component dominates; and it retains only profile state and trajectory metadata rather than raw behavioral signal, by operational requirement.

Disclosure Scope

The disclosure covers establishing and refreshing identity continuity through the coherence of behavioral signals over time, where the behavioral signal is composed of at least gait pattern, dwell-pose, and micro-movement, and where the resulting behavioral component is fused with a biological component under bounded weights to produce an identity confidence score. The disclosure includes the trust-slope dynamics, the bounded profile-update rate, the data-minimization commitment, and the credentialed-observation interface through which coherence events are emitted to downstream consumers.

Embodiments described include personal device, workplace access, healthcare, vehicle occupancy, and companion AI. The disclosure is part of the broader Cognition Patent and is intended to be claimed in coordination with related biological-identity mechanisms — biometric capture, enrollment, revocation, and cohort governance — disclosed in this and companion filings.