BIO-key(BKYI) - 2022 Q4 - Annual Report

Business Overview Company Overview BIO-key International, Inc. is a leading Identity and Access Management (IAM) platform provider, offering secure, passwordless multi-factor authentication (MFA) solutions for enterprise, education, and government clients - BIO-key provides an IAM platform for secure access through MFA for enterprise, education, and government clients, aiming for passwordless access without tokens or phones[177] - Products include PortalGuard® and PortalGuard Identity-as-a-Service (IDaaS) enterprise IAM, WEB-key® biometric civil and large-scale ID infrastructure, MobileAuth® mobile phone authentication app, and high-quality, low-cost fingerprint scanners and FIDO-compliant hardware[177] - BIO-key's exclusive Identity Bound Biometric (IBB) authentication method addresses roaming user and shared workstation challenges by using the user as the credential, not a phone or token[398] Development of Business Established in 1993, the company focuses on fingerprint biometric technology and security software, expanding product lines and market reach through strategic acquisitions like PistolStar and Swivel Secure Europe, with plans for continued growth via acquisitions - BIO-key was founded in 1993 as BBG Engineering, later renamed SAC Technologies, and finally BIO-key International, Inc. in 2002[429] - On June 30, 2020, the company acquired PistolStar, Inc., enhancing its enterprise identity and access management solutions[401] - On March 8, 2022, the company expanded sales and support operations into Europe, Africa, and the Middle East (EMEA) through the acquisition of Swivel Secure Europe, SA[430] Our Products The company offers diverse IAM products, including PortalGuard and PortalGuard IDaaS platforms supporting 17 MFA factors and various SSO federation options, along with WEB-key biometric platform, AuthControl series, and fingerprint readers for various industries - BIO-key PortalGuard and PortalGuard IDaaS platforms offer 17 MFA authentication factor options, including server-secure IBB fingerprint scanning, palm scanning, facial selfie, or voice biometrics via the MobileAuth app[402] - PortalGuard supports multiple user directory options, including local, hybrid, or full Azure Active Directory, LDAP, IBM Domino, or custom SQL user directories, and provides various Single Sign-On (SSO) federation options like SAML, Open ID Connect (OIDC), OAUTH, CAS, and WS-Fed[402] - The company also offers the WEB-key scalable biometric service management platform for large-scale civil ID projects, AuthControl Sentry, AuthControl Enterprise, and AuthControl MSP product lines, and sells fingerprint readers like Piv Pro, SidePass®, EcoID II®, and SideSwipes® directly and through Amazon[427][407][406] BIO-key PortalGuard and PortalGuard IDaaS The PortalGuard platform provides an independent, client-controlled cloud identity platform integrating with any cloud or on-premise SaaS application, offering device-agnostic Identity Bound Biometric (IBB) authentication for secure access and self-service management - The PortalGuard platform offers an independent, client-controlled cloud identity platform that integrates with any cloud or on-premise SaaS application, service, or cloud host, and provides Windows device authentication through a single secure, reliable, and scalable IAM platform[431] - This platform provides "who you are" authentication options through BIO-key's Identity Bound Biometric (IBB) authentication, not relying on devices or "what you have" authentication, thereby actively identifying users accessing systems[431] - PortalGuard IDaaS secures employee and student populations, enhances partner network collaboration, offers a more secure user experience, and can serve as a core system for organizational connectivity, access, authentication, and identity lifecycle management[403] BIO-key VST and WEB-key; Products; Civil and Large-Scale ID Infrastructure WEB-key is a scalable biometric service management platform supporting regulatory compliance, enrollment, authentication, or identification, and the integrity of multi-tenant private or public cloud delivery platforms, utilized by government agencies for large-scale civil ID projects - BIO-key's WEB-key is a scalable biometric service management platform integrating key functions like regulatory compliance, enrollment, authentication or identification, and the integrity of multi-tenant private or public cloud delivery platforms[427] - Government agencies use BIO-key's WEB-key for large-scale civil ID projects due to its support for biometric identity ecosystems, cloud-readiness, and provision of a scalable, high-integrity trust platform compatible with over 30 interchangeable fingerprint scanners[427] - The company developed highly accurate and effective fingerprint biometric technology, embedded in PortalGuard products, offering unique phone or token-free authentication for enterprise security in manufacturing, retail, call centers, and healthcare[435] AuthControl Sentry; AuthControl Enterprise; AuthControl MSP Swivel Secure is the exclusive distributor of AuthControl Sentry, AuthControl Enterprise, and AuthControl MSP product lines in EMEA (excluding UK and Ireland), offering patented one-time code extraction technology to manage data security risks from cloud services and BYOD policies - Swivel Secure is the exclusive distributor of the AuthControl Sentry, AuthControl Enterprise, and AuthControl MSP product lines in Europe, Africa, and the Middle East (EMEA), excluding the UK and Ireland[407] - These solutions incorporate patented one-time code extraction technology designed to help enterprises manage the increasing data security risks associated with cloud services and Bring Your Own Device (BYOD) policies[407] Fingerprint Readers The company offers a full range of easy-to-use fingerprint scanners for enterprise and consumer markets, including PIV Pro, SidePass®, EcoID II®, and SideSwipes®, connecting via USB A or C ports and supporting Windows Hello for enhanced security - The company offers a full range of easy-to-use fingerprint scanners for enterprise and consumer markets, including PIV Pro, SidePass®, EcoID II®, and SideSwipes®[406] - These fingerprint readers can be used with any laptop, tablet, or other device featuring a USB A or C port[406] - Compact fingerprint readers like SidePass®, SideSwipe®, or EcoID II® are used by commercial companies to replace Windows passwords and enable Windows Hello for Business without replacing or upgrading laptops or tablets[408] Our Markets The company's products simplify authentication for enterprise users and consumers while enhancing security to meet growing strong authentication demands, historically serving highly regulated sectors like government and healthcare, now expanding across all industries - The company's products simplify authentication processes for enterprise users and consumers while enhancing security levels to meet new, stronger authentication requirements and security best practices[409] - Historically, the company's largest market has been identity and access management in highly regulated industries such as government and healthcare[410] - Currently, organizations of all industries and sizes are embracing biometrics and MFA as security and workflow solutions, presenting significant and global market opportunities[410][409] Business Model The company's business model focuses on organic growth and strategic acquisitions, offering SaaS subscription software sold through direct sales and channel partners, targeting large identification projects, enterprise MFA, consumer mobile credentials, government services, and highly regulated industries - The company offers software through a SaaS subscription model, primarily selling through a direct sales team and a network of channel partners, including over 40 resellers, system integrators, and other distribution partners[473][3] - Key focus areas of the company's business model include large-scale identification projects (especially in Africa), enterprise MFA, consumer mobile credentials, government services and highly regulated industries, OEM customers, and collaboration with Microsoft[414][440][415][442][438][471] - The company plans to continue actively developing its channel alliance program and seeks strategic acquisitions of IAM businesses and assets to enter new markets or create synergies with existing operations[3][472] Market Drivers Market drivers include the inability of mainstream MFA solutions to meet enterprise needs (e.g., roaming users, account sharing), supply chain vulnerabilities, ransomware attacks highlighting traditional MFA shortcomings, and remote authentication challenges from remote work models - Mainstream MFA phone app or token methods have failed to meet enterprise needs, while supply chain vulnerabilities, ransomware attacks, and compromised administrative access highlight the inadequacies of mainstream MFA and security approaches[412] - BIO-key's biometric authentication process thwarts human error and human weakness from compromising secure authentication, while making end-user access more convenient[412] - Remote authentication challenges arising from remote work models, including the shift to remote work due to the pandemic, have also increased demand for secure solutions[413] OEM Customers The company prioritizes agreements with OEM customers, leveraging successful collaborations with companies like NCR, McKesson, Omnicell, and LexisNexis, enabling OEMs to embed solutions for enhanced security and optimized workflows without IAM infrastructure R&D investment - The company continues to prioritize agreements with OEM customers and plans to build upon successful experiences supporting companies like NCR, McKesson, Omnicell, and LexisNexis[438] - OEM customers benefit from embedding the company's solutions into their products through enhanced security, optimized workflows, and avoiding investment in IAM infrastructure R&D[438] - OEM customer order patterns are more predictable and typically require lower service and support resources[438] Highly Regulated Industries Government ID projects, healthcare organizations (hospitals, clinics, private practices), and the financial services industry (banks, credit unions) present strong market opportunities for the company - Government ID projects and healthcare organizations, including hospitals, clinics, and small private practices, offer strong market opportunities for the company[438] - The financial services industry, including banks and credit unions, has also grown significantly[438] Microsoft Partnership The company is a Microsoft partner, with its compact fingerprint scanner series tested and certified by Microsoft to support Windows Hello and Windows Hello for Business - The company is a Microsoft partner, and its compact fingerprint scanner series has been tested and certified by Microsoft to support Windows Hello and Windows Hello for Business[438] Partner Model In 2022, the company continued to develop its Channel Alliance Partner (CAP) program, collaborating with selected value-added resellers, integrators, and distributors, and partnering with leading application, managed services, and infrastructure providers like Intelisys, Insight, and Amazon Web Services - In 2022, the company continued to develop its Channel Alliance Partner (CAP) program, focusing on collaborating with selected value-added resellers, integrators, and distributors[412] - The company partners with leading application, managed services, and infrastructure providers such as Intelisys, Insight, NGEN, Amazon Web Services, Pathify (formerly UCROO Campus), Software House International (SHI), Virtual Graffiti, Atlassian, and ProCirrus[417] Key Areas of Market Growth The company identifies significant market growth potential in large-scale identification projects (especially in Africa), enterprise MFA, consumer mobile credentials (including payments and loyalty programs), government-funded projects, government services, highly regulated industries, and demand for BIO-key hardware from Windows Hello for Business users - The company identifies significant market growth potential in large-scale identification projects, especially in Africa and surrounding regions[414] - Enterprise MFA for accessing computer networks and applications presents a key growth area[440] - Consumer mobile credentials, including mobile payments, credit and payment card programs, data and application access, and commercial loyalty programs, offer substantial opportunities[415] - Government-funded projects, including state election commissions, represent another area of growth[441] - Government services and highly regulated industries, such as Medicare, Medicaid, Social Security, driver's licenses, campus and school IDs, and passports/visas, are also key growth sectors[442] - Demand for BIO-key hardware products from Windows Hello for Business users and Fortune 2000 companies is a significant market driver[471] Marketing and Distribution The company sells products through a direct sales team and channel partner network, actively developing its channel alliance program in 2023, and collaborating with leading application, managed services, and infrastructure providers to expand market reach - The company sells products directly through its direct sales team and internal sales team, and indirectly through a network of channel partners[3] - The company partners with over 40 resellers, system integrators, and other distribution partners through its Channel Alliance Partner program and is committed to actively developing this program in 2023[3] - The company collaborates with leading application, managed services, and infrastructure providers such as Intelisys, Insight, NGEN, Amazon Web Services, Pathify (formerly UCROO Campus), Software House International (SHI), Virtual Graffiti, Atlassian, and ProCirrus[417] Intellectual Property Rights The company possesses significant intellectual property, including multiple patented technologies and trade secrets covering fingerprint image enhancement, template protection, cybersecurity, biometric data utilization, and fingerprint lock design, with parallel patent protection in various countries - The company possesses significant intellectual property, including patented technologies and trade secrets, which are fundamental to its biometric and IAM product operations[4] - The company has secured multiple US patents covering technologies such as fingerprint image enhancement, template protection, cybersecurity, biometric data utilization, and fingerprint lock design, and has obtained parallel patent protection in many foreign countries[445][419][420][6][447][7][421][448][8] - The company holds unregistered trademarks like "PortalGuard Nebula™", "Password Power™", and "Scooch™", and implements measures to ensure copyright and licensing protection for software releases, as well as the confidentiality of trade secrets[9][450] Patents The company holds multiple US patents covering key technologies like fingerprint image enhancement, template protection, cybersecurity, biometric data utilization, and fingerprint lock design, with expiration dates ranging from 2024 to 2039, and has secured parallel patent protection internationally - The company holds multiple US patents, including: - US Patent No. 7,359,553 (issued April 15, 2008), covering core algorithms for image enhancement and data extraction, valid until January 3, 2025[445] - US Patent No. 7,155,040 (issued December 26, 2006), covering image processing technology, valid until January 29, 2025[474] - US Patent No. 7,454,624 (issued November 18, 2008), covering methods for matching template protection in biometric security systems, valid until May 17, 2025[419] - US Patent No. 7,502,938 (issued March 10, 2009), covering "trusted biometric devices", valid until October 25, 2025[475] - US Patent No. 8,055,027 (issued November 8, 2011), covering methods for generating directional information in image processing, valid until October 10, 2027[446] - US Patent No. 8,196,193 (issued June 5, 2012), covering "methods for retrofitting password-enabled computer software using redirected user authentication", valid until November 1, 2030[6] - US Patent No. 8,214,652 (issued July 3, 2012), covering "biometric network security", valid until April 24, 2024[420] - US Patent No. 8,397,077 (issued March 12, 2013), covering "client authentication redirection", valid until August 7, 2030[476] - US Patent No. 9,646,146 (issued May 3, 2017), covering "biometric data utilization", valid until March 6, 2035[447] - US Patent No. 10,002,244 (issued June 19, 2018), covering "biometric data utilization" for continuous, passive user authentication on mobile devices, valid until March 6, 2035[7] - US Patent No. 10,025,831 (issued July 27, 2018), covering "adaptive short list and biometric database search acceleration", valid until August 10, 2036[7] - US Patent No. 10,400,481 (issued September 3, 2019), covering "fingerprint locks", valid until June 27, 2037[421] - US Patent No. 10,410,040 (issued September 10, 2019), covering "fingerprint lock control methods and fingerprint lock systems", valid until July 26, 2037[477] - US Patent No. 10,984,085 (issued April 20, 2021), covering "biometrics in uncontrolled acquisition environments", valid until March 13, 2039[448] - The company has also obtained parallel patent protection for its US patents in many foreign countries to protect its intellectual property globally[8] Trademarks The company has registered trademarks like "BIO-key", "True User Identification", "WEB-key", "SideSwipe", "SidePass", "EcoID", "PistolStar®", "PortalGuard", "MobileAuth", and "PASSIVEKEY®" in the US and internationally, and also holds unregistered trademarks - The company has registered trademarks such as "BIO-key", "True User Identification", "Intelligent Image Indexing", "WEB-key", "SideSwipe", "SidePass", "EcoID", "PistolStar®", "PortalGuard", "MobileAuth", "PASSIVEKEY®", and "PISTOLSTAR®" with the US Patent and Trademark Office and in many foreign countries[478] - The company also holds unregistered trademarks including "PortalGuard Nebula™", "Password Power™", and "Scooch™"[9] Copyrights and trade secrets The company implements measures to ensure copyright and licensing protection for software releases and to safeguard the confidentiality of trade secrets, with its PortalGuard IAM product line and VST/WEB-key biometric platforms being mature and widely deployed - The company takes measures to ensure copyright and licensing protection before software releases, and where possible, ensures that only licensed and activated software can fully function through licensing[450] - The company also takes measures to protect the confidentiality of its trade secrets[450] - The PortalGuard IAM product line is mature with hundreds of active customers, continuously adding additional authentication factors and features, while enhancing the self-management capabilities of PortalGuard IDaaS[479] Research and Development The company invested $3,252,236 in 2022 and $2,355,056 in 2021 for R&D, primarily focusing on enhancing existing software products like PortalGuard, PortalGuard IDaaS, MobileAuth, WEB-key, and VST, and developing new innovative solutions Research and Development Expenses | Year | R&D Expenses ($) | | :--- | :--- | | 2022 | 3,252,236 | | 2021 | 2,355,056 | - R&D efforts primarily focus on enhancing the functionality, reliability, and integration of existing software products (such as PortalGuard, PortalGuard IDaaS, MobileAuth, WEB-key, and VST)[480] - These products are crucial for supporting the anticipated growth in enterprise IAM[480] Competition The IAM, MFA, and SSO markets are highly competitive, with the company differentiating itself through unique server-secure biometric authentication capabilities among 17 factors, while facing competition from FIDO-compliant keys and other biometric technologies - The IAM, MFA, and SSO markets have multiple solution providers, with the company's unique differentiation being its unparalleled server-secure biometric authentication capabilities, included among 17 authentication factors[12] - Fingerprint recognition is considered accurate, inexpensive, and non-invasive, making it the dominant biometric technology currently and for the foreseeable future[454] - The company faces competition from FIDO-compliant keys (e.g., Yubico's YubiKey) but offers FIDO 2.0 keys with equivalent functionality and quality at a lower cost, emphasizing its Identity Bound Biometric differentiation[13] - Other biometric technologies like palm scanning (expensive, technically sensitive, mobile challenges), facial recognition (privacy concerns, reliance on ambient light), and iris scanning (accurate but expensive hardware) each have advantages and disadvantages[14][15][455] Government Regulations The company actively participates in industry privacy working groups to influence and understand state, federal, and EU privacy laws regarding biometric data, with its WEB-key platform including compliance features for informed consent and strict auditing of data retention and deletion requests - The company actively participates in industry privacy working groups as a recognized biometric subject matter expert to influence and understand any proposed changes to these regulations[16] - The WEB-key platform includes compliance features ensuring automatic adherence to these laws, including collecting informed written consent during enrollment workflows and strict auditing of biometric data retention and deletion requests[455] - Beyond these regulations, the company is not currently subject to direct regulation by any government agency, except for regulations generally applicable to businesses or those related to specific project requirements[16] Environmental Regulations As of the report date, the company has not incurred any significant costs for complying with federal, state, or local environmental laws and anticipates no such costs in the foreseeable future - As of the report date, the company has not incurred any significant costs for complying with federal, state, or local environmental laws and anticipates no such costs in the foreseeable future[456] Seasonality The company's revenue generally does not exhibit seasonal patterns but is influenced by customer budgets, government fiscal year planning, and capital budgeting - The company's revenue generally does not exhibit seasonal patterns, but will be affected by customer budgets, government fiscal year planning, and capital budgeting[484] Human Capital Resources As of the report date, the company employs 52 individuals, with 51 full-time employees across engineering, customer support, R&D, finance, administration, sales, and marketing, maintaining good employee relations with no unionized staff - As of the report date, the company employs 52 individuals, of whom 51 are full-time employees[17] - Full-time employees are distributed as follows: 20 in engineering, customer support, and R&D; 9 in finance and administration; and 22 in sales and marketing[17] - The company also has two part-time employees (one providing engineering services, one administrative services) and two contractors at its China factory; all employees are non-unionized, and the company believes its employee relations are good[17] Risk Factors - Due to historical losses and insufficient revenue, independent registered public accounting firms have expressed substantial doubt about the company's ability to continue as a going concern[19][458] - The company may require additional financing to execute its long-term business plan, and if funding is unavailable or sufficient revenue is not generated, the company may be unable to continue operations[20][488] - Biometric technology has not achieved widespread market acceptance, the scale of market development is uncertain, and the company faces intense competition from traditional security methods and emerging technologies[22][23][490][520] Business and Financial Risks The company faces multiple business and financial risks, including going concern doubts, need for additional financing, limited market acceptance of biometrics, intense competition, potential product defects, reliance on third-party manufacturers, international operational risks, intellectual property protection challenges, resource mismanagement, cybersecurity threats, ESG disclosure risks, and acquisition integration difficulties Going Concern and Financing Due to continuous losses and insufficient revenue, the independent registered public accounting firm has expressed substantial doubt about the company's ability to continue as a going concern, requiring approximately $798,000 monthly for operations against $7 million in 2022 revenue, and facing default risk on a $2.2 million secured promissory note due December 22, 2023 - Due to historical losses and insufficient revenue, independent registered public accounting firms have expressed substantial doubt about the company's ability to continue as a going concern[19][458] - The company requires approximately $798,000 per month for operations, but 2022 revenue of approximately $7 million was insufficient to continuously cover operating expenses[488] - The company issued a $2.2 million secured promissory note on December 22, 2022, due in six months with a six-month extension option, at an interest rate of 10%-12%; failure to repay could lead to default risk and significant dilution of existing shareholders' equity[21][460] Market Acceptance and Competition Biometric technology has not achieved widespread market acceptance, particularly in the private sector, with market uncertainty regarding performance, reliability, cost, privacy concerns, and geopolitical events, while facing intense competition from traditional security methods and well-funded rivals - Biometric technology has not achieved widespread market acceptance, especially in the private sector, and the scale of market development remains uncertain[22][490] - Market acceptance depends on the performance and reliability of biometric solutions, adoption and integration costs, privacy concerns, and the impact of national or international events[23][462] - The company faces intense competition from established biometric companies, startups, and providers of traditional access control methods, many of whom possess greater financial and marketing resources[520] Product Defects and Third-Party Dependence Although the company's core biometric technology is developed, its limited commercial use may hide undetected design flaws and software errors, potentially causing delivery delays or requiring modifications, thus impacting competitiveness, while success also relies on third-party manufacturers and developers over whom the company lacks control - The company's core biometric technology, though developed, is used by a limited number of commercial customers and may contain undetected design flaws and software errors, leading to delivery delays or requiring modifications[52] - Any defects or errors could adversely affect the company's competitive position and result in the loss of potential customers or opportunities[52] - As a technology licensing company, its success depends on the ability of third-party manufacturers and developers to effectively integrate its technology, but the company lacks control over these licensees and cannot guarantee they have sufficient resources to successfully develop and distribute products[53][464] International Operations and Foreign Exchange Risk The company's international growth faces risks from foreign exchange fluctuations, difficulties in enforcing international contracts and collecting receivables, and compliance with diverse and conflicting international laws (privacy, security, data use, tax, export, anti-corruption), with the Russia-Ukraine conflict adding geopolitical and economic uncertainty - The company's continued growth in international operations faces risks, including foreign exchange fluctuations, difficulties in enforcing international contracts and collecting receivables, and challenges in complying with diverse and conflicting international laws and regulations (e.g., privacy, security, data use, tax laws, export restrictions, and anti-corruption laws)[29][58][493][26] - The Russia-Ukraine conflict has created significant political and economic uncertainty, potentially adversely affecting global trade, exchange rates, and regional economies, which could impact the company's financial condition or operating results[34] - The company generated revenue from Africa and the European Union in 2021 and 2022 and expects to continue doing so, but its financial performance will be subject to risks associated with changes in the value of the US dollar against local currencies[25] Intellectual Property Risks The company cannot guarantee its core technology's intellectual property protection will provide a sustainable competitive advantage or entry barrier, as third parties may claim infringement, leading to costly litigation and diverted management resources, while international IP protection efforts may be insufficient against misappropriation - The company cannot guarantee that its intellectual property protection for core technologies will provide a sustainable competitive advantage or barrier to entry[467][522] - Third parties may claim the company infringes their intellectual property, leading to costly litigation and diversion of management resources, even if claims are unfounded[27][495] - The company's efforts to protect intellectual property in international markets may be insufficient to prevent misappropriation or improper use of its technology, thereby affecting international business expansion[28][523] Resource Management and Cybersecurity Risks Ineffective resource management could severely impact financial performance or stock price, requiring expenditure adjustments based on economic conditions, while cybersecurity threats (cybercriminals, malware, state-sponsored attacks) pose risks of data breaches, reputational damage, legal actions, and financial losses, potentially exceeding insurance coverage - The company's failure to effectively manage resources could have a severe negative impact on financial performance or stock price, requiring expenditure adjustments based on economic conditions[469][524] - The company faces cybersecurity threats, including cybercriminals, malicious code, theft or misuse by employees or contractors, password spraying, phishing, and denial-of-service attacks, as well as sophisticated state-sponsored attacks[498][526] - Any security breach or perceived vulnerability could harm the company's reputation and brand, leading to customer loss, decreased sales, increased costs, litigation, and fines, even if cybersecurity insurance may be insufficient to cover all liabilities[31][499] ESG and Climate Disclosure Risks Growing investor, employee, and customer focus on ESG matters means failure to maintain proper practices and disclosures could harm reputation, erode confidence, and lead to adverse business and financial outcomes, while proposed SEC climate disclosure rules could increase costs and litigation risks - Failure to maintain appropriate Environmental, Social, and Governance (ESG) practices and disclosures could lead to reputational damage, loss of customer and investor confidence, and adverse business and financial results[61][528](index=52