KNOWN-AI: The Fourth Factor
Something you know. Something you have. Something you are. And something you've become.
There’s a version of this story that starts in the late 90s, when Microsoft published the first web services white paper and noted, almost in passing, that truly secure web services were impossible. I was a v-dash at the time — a vendor contractor, green badge, technically outside the org. I took it as a personal affront. I wrote the response. Secure web services weren’t impossible. They just required thinking about the problem differently.
This is the same exercise. We’re not saying behavioral authentication is impossible. We’re saying: if Known is real — if a living operator profile exists at the depth we’re building it — then here’s how you do the smart thing the stupid way. The stupid way being: just use what you already have. The profile is already the curve. Stop pretending the secret has to be separate from the person.
I’ve been thinking about authentication since before most people knew they needed to think about it. In the late 90s I wrote the white paper on secure web services for Microsoft. Before that I was designing authentication systems for environments where the stakes were high enough that “forgot my password” wasn’t an acceptable failure mode. We used radio waves as entropy sources. We used washing machines. We used human handwriting — not the letters, the dynamics underneath them: force, speed, confidence, hesitation.
The FBI logged in by drawing a picture.
“Draw a tree” sounds stupid. It isn’t. Nobody cares about the tree. The tree is the challenge. The drawing is the key — thirty years of motor memory, cognitive habit, the specific friction of a real hand moving through real space. We built that system for environments where the stakes were too high for passwords. We weren’t authenticating knowledge. We were authenticating process.
That distinction matters more now than it did then. And I think the industry has missed it entirely.
The Three Factors We’ve Always Had
Thirty years later, the answer to “how do you prove you are who you say you are” is still the same three things:
Something you know. A password, a PIN, a secret. Something you have. A device, a token, a key. Something you are. A fingerprint, a face, a retina.
Multi-factor authentication combines these. It’s better than one factor. It’s not good enough.
Because all three factors share a fatal assumption: the secret can be separated from the person.
A password can be stolen. A device can be cloned. A fingerprint can be lifted. The attack surface for every authentication system ever built is the gap between the credential and the human — the moment where the thing that proves you are you exists independently of you.
I think there’s a fourth factor. And I think it closes that gap permanently.
The Elena Test
Last year a close friend — Elena — texted me. Said her phone had been hacked, asked for help. I needed to verify it was actually her. Not a scammer with access to her device, her contact list, her message history, twenty years of texts.
The obvious move is data. “When did we meet?” Dates, facts, shared events. But Elena has a terrible memory for dates. Data fails. And more importantly — a scammer with her phone has her data. The texts are right there.
So I asked her something different.
“How did I come across to you in our early days?”
Not a fact question. A behavioral question. One that required her to be herself remembering me — to run her specific cognitive process about our specific relationship, in real time, under the conditions of twenty years of actual friendship.
She answered it as Elena. The texture of how she recalled it. What she led with. What she softened. What made her laugh. The friction of a real mind running a real memory.
A scammer with her entire digital life couldn’t answer that as her. They’d answer it as themselves trying to impersonate her. And that gap — between knowing about someone and being someone — is exactly where the authentication happened.
I wasn’t checking facts. I was checking signature.
That’s the fourth factor.
Not something you know. Not something you have. Not something you are. Something you’ve become — the accumulated record of how you think, decide, and relate. Your cognitive wiring. Your behavioral baseline. The friction of your specific mind moving through problems and relationships and memories.
The secret isn’t what you know. It’s how you move. And you can’t steal how someone moves.
Now here’s the leap: if I could do that with Elena — as a human, running a background process built from twenty years of relationship — a Known system can do it with a vault. The operator profile is the twenty years. The challenge is the question. The fuzzy extractor is me, but cryptographic.
We can build Elena’s test. At scale. With proof.d
The Curve Underneath
Let me put this in terms that will land for anyone who’s thought about public key cryptography.
In elliptic curve cryptography — ECC, the current standard — you publish two things: the public key (start point) and the encrypted message (end point). Both are visible. The secret is the path between them — the mathematical relationship that makes the curve work. You can see both ends. You cannot reverse-engineer the middle without the private key.
The fourth factor uses the same structure. But the curve is the operator profile.
The start point = the challenge (visible) The end point = the cryptographic assertion (verifiable) The secret = the behavioral path between them — how this specific person traverses from challenge to response
The profile doesn’t store the path. It stores enough to validate that the path was traversed correctly. The way a public key stores enough to verify a signature without revealing the private key.
So you could publish the entire operator profile — every observation, every pattern, every mapped failure mode — and it wouldn’t help an attacker unlock the vault. The profile is the public key. The behavioral response is the private key. The friction is the curve math that makes them related.
This is why “draw a tree” wasn’t stupid. The system published the challenge (draw a tree — everyone could see it). It published the verification result (authenticated or not — visible to the system). The secret was the traversal. Thirty years of motor memory producing a signature no one could forge because no one else was running that specific process in that specific body.
We’re doing the same thing. Different substrate. Cognitive process instead of motor process. Same primitive.
Why This Is Buildable Now
This wasn’t buildable before. The fourth factor requires two things that didn’t exist until recently.
First: a system that accumulates a rich enough behavioral model to serve as an authentication baseline. Not a personality quiz. Not an MBTI. A living, session-by-session record of how a specific human actually operates — their failure modes, their decision patterns, their blind spots, their tells. The Known layer. This is what SelfActual is building.
Second: cryptographic primitives capable of deriving a stable key from a fuzzy, evolving input. This one is already solved. It’s called a fuzzy extractor — a real cryptographic primitive designed specifically for deriving stable, reproducible keys from inputs that are “close but not identical.” Biometrics. Behavioral signals. Human data that drifts over time but stays within a recognizable pattern.
Same input pattern, same key. Different enough input, no key. The math handles the tolerance.
Put them together: a vault that can only be unlocked by the person whose behavioral history built it. The curve defines the space. The traversal is the key.
The Cryptographic Architecture
Skip this if you don’t care how the plumbing works. Come back when someone tells you it can’t be done.
The baseline is ECDH — Elliptic Curve Diffie-Hellman. Two parties derive a shared secret without either transmitting it. The vault is encrypted with a key derived from this exchange. SA holds an encrypted blob. The operator holds the key. This is the standard layer — it’s what makes “we can’t read your vault” true in the baseline case.
The fourth factor sits on top. Here’s the architecture:
Enrollment: During initial sessions, the system captures behavioral signal — not what you say, how you say it. Response patterns. Decision cadence. The texture of how you engage with novel situations. This gets processed through a fuzzy extractor to produce a stable behavioral commitment — a cryptographic value derived from the pattern, not the content. The commitment is stored. The raw behavioral data is not.
Authentication: At vault access time, the system presents novel challenges — not “what was your first car” but situations requiring you to respond as yourself. Your responses get processed through the same fuzzy extractor. If the output matches the enrollment commitment within tolerance, the key is derived. Vault opens.
The zero-knowledge layer: SA never sees the proof. The challenge-response happens client-side. What SA receives is a cryptographic assertion: “the person presenting this key is the person who enrolled.” SA can verify the assertion without seeing what makes it true. You can’t breach what you don’t hold.
The property this enables: publishing the entire operator profile doesn’t compromise the vault. The profile describes the person. It doesn’t authenticate as the person. An attacker with complete knowledge of your behavioral history still can’t reproduce your behavioral responses in real time under novel challenge conditions. Data is not pattern. Knowing about someone is not being them.
The accumulation advantage: every current authentication system gets weaker as compute gets cheaper. Brute force a password — just time and hardware. The fourth factor gets stronger as the operator accumulates sessions. The behavioral baseline deepens. The challenge space expands. The fuzzy extractor has more signal. The attacker’s job compounds in the wrong direction.
Cryptographers call this asymmetric hardness over time. The defender compounds. The attacker doesn’t. I don’t know of another authentication system with this property.
What still needs solving: the challenge generator is the hard problem. Challenges need to probe behavioral pattern, not factual knowledge — otherwise exposing the profile does expose the challenge space. This requires behavioral science alongside the cryptography. It’s a research problem, not an engineering problem. I’m not claiming it’s solved. I’m claiming it’s solvable, and that the architecture is sound.
Why This Is a KNOWN-AI Problem
Every other authentication system proves identity from the outside in. Something you carry. Something stamped on your body. Something you memorized.
The fourth factor proves identity from the inside out. It requires a system that knows you — not your data, your wiring. The behavioral layer underneath the information layer.
That’s not a feature. That’s an architecture. And it’s the architecture KNOWN-AI makes possible.
Your operator profile is more sensitive than your medical records. More revealing than your financial history. More intimate than your search history. It’s a model of how you think.
That deserves more than a promise not to read it.
It deserves a proof. A cryptographic one.
The fourth factor is that proof. And it only exists if the Known layer exists first.
When Microsoft said secure web services were impossible, the answer wasn’t “you’re right.” The answer was: you’re thinking about it wrong. Stop trying to secure the channel. Secure the knowledge underneath it.
Same move. Different decade. Different problem. Same instinct.
The fourth factor isn’t impossible. It’s just waiting for Known to exist first.
We’re building Known.
I’ve been building in public since before building in public was a thing. This is me thinking out loud about a problem I don’t fully have solved — and planting a flag on the direction I think the solution lives in. If you’re a cryptographer who works on fuzzy extractors or zero-knowledge systems and you think I’m wrong, I genuinely want to know. If you’re building in the Known-AI space and you see the same gap — let’s talk.
This is the first piece tagged KNOWN-AI. There will be more.
Jeremy Wright is co-building SelfActual — Known-AI infrastructure for operators who are tired of re-briefing their AI. He wrote the Microsoft secure web services white paper in the late 90s, designed behavioral authentication systems for high-stakes environments, and has been thinking about the gap between data and knowing for thirty years.
echofiles.substack.com · selfactual.ai
It's a big shame what has happened in the zero-trust movement. I like this approach to AI-based authentication, though I am sure it will take some time to perfect. Makes me think of banks and their risk management approaches. Love that you raised them here.
Aside from bad movies where they cut off your finger to access your safe or gun, I am all about the biometrics here. I think it's a huge win for authentication.
OMFG. Again— _again_ — you’re breaking new ground. The biometric ID always has a problem that you can’t change your iris, fingerprint, or face—but they could be cloned.
This is something that could truly change how we secure everything.