Concepts

Replay Protection

Each biometric result should be accepted only once.

Session Binding

Operations should be tied to a specific issued BST and its expected context.

Signature Verification

The server must verify the signed result token using the SophID public key.

Trusted Completion

A biometric operation is complete only after all of the above checks succeed.