Active Session Defense (ASD) is built as a multi-layer, real-time protection architecture designed to secure the moments when a device is unlocked and most vulnerable. This page provides a full technical breakdown of ASD’s layered model, session flow, possession inference engine, response ladder, and product integration.
Figure 2: Full ASD Architecture Diagram
Active‑Session Defense (ASD) is a session‑layer safety architecture that detects harm states by analyzing how a device is being used — not what is being said. ASD operates entirely on‑device using lightweight behavioral inference and privacy‑preserving signal processing.
ASD’s architecture is built around continuous possession assurance: the device must prove, moment‑to‑moment, that it is still in the hands of the rightful user. Protection is adaptive, real‑time, and session‑bound.
No content scanning
No cloud surveillance
No message analysis
No persistent profiles
All inference is local and session‑bound
These principles ensure ASD protects users without compromising privacy.
ASD uses only behavioral telemetry, including:
Touch timing & rhythm
Gesture velocity & precision
Device orientation & micro‑motion
Navigation patterns
Session‑layer transitions
Interaction hesitation & freeze patterns
These signals describe how the device is being used — not what the user is doing.
ASD’s layered model structures protection across multiple independent but reinforcing layers. Each layer evaluates different behavioral signals and contributes to the overall safety state.
The model is intentionally modular:
Each layer can act independently
Layers reinforce one another during an active session
No single failure point can compromise safety
Protection adapts continuously as conditions change
ASD treats device unlock as the start of a monitored session, not the end of authentication.
Lightweight, non‑content behavioral signals are collected during the active session.
Raw signals are converted into behavioral features (timing, rhythm, stability, drift).
The 9 Engines of Protection evaluate features in parallel, each detecting a different class of risk.
Engine outputs combine into a unified Safety State Score.
The 10 Safety Modules respond based on severity (e.g., silent alerts, escape affordances, session hardening).
This pipeline allows ASD to detect harm states in real time without analyzing content.
Each engine focuses on a specific behavioral threat pattern:
Fear Engine
Coercion Engine
Hostile Possession Engine
Grooming Engine
Duress Engine
Baseline Drift Engine
Stability Engine
Session Integrity Engine
Anomaly Engine
Together, these engines form the behavioral core of ASD’s continuous‑possession model.
ASD’s layered model defines how protection is structured across the system. Each layer contributes a distinct defensive function while operating as part of a unified, real‑time security architecture.
The model is intentionally modular:
Each layer can act independently
The system’s strength comes from how layers reinforce one another
Protection adapts continuously during an active session
Instead of treating device unlock as a static event, ASD treats it as the beginning of a monitored, adaptive session. Each layer evaluates different signals, enforces different controls, and escalates differently based on risk.
This structure allows ASD to maintain protection even as conditions change moment‑to‑moment.
Active‑Session Defense (ASD) is a session‑layer safety architecture that detects harm states by analyzing how a device is being used — not what is being said.
ASD operates entirely on‑device using lightweight behavioral inference and privacy‑preserving signal processing.
No content scanning
No cloud surveillance
No message analysis
No persistent profiles
All inference is local and session‑bound
ASD uses only behavioral telemetry, including:
Touch timing & rhythm
Gesture velocity & precision
Device orientation & micro‑motion
Navigation patterns
Session‑layer transitions
Interaction hesitation & freeze patterns
These signals are processed in real time to infer safety states, not identity or content.
Lightweight, non‑content behavioral signals are collected during the active session.
ASD converts raw signals into behavioral features (timing, rhythm, stability, drift).
The 9 Engines of Protection evaluate the features in parallel.
Engines contribute to a unified Safety State Score.
The 10 Safety Modules respond based on severity (e.g., silent alerts, escape affordances).
Active‑Session Defense (ASD) has undergone multi‑layer validation, including independent reviews, operational testing, and formal safety evaluation. This section summarizes the system’s real‑world performance and the external validation steps completed to date.
Apple validated ASD’s safety, privacy, and stability through its independent review process.
Confirmed by Apple’s evaluation:
No content scanning
No surveillance behavior
No prohibited data collection
No malicious or deceptive functionality
Stable, compliant, and safe for distribution
LastApp conducted an external review of ASD’s operational behavior and code integrity.
Validated:
Engine stability
Crash‑free operation
Safe behavioral inference
No harmful or invasive data practices
ASD has been tested across multi‑month real‑world operation on two independent codebases.
Key performance indicators:
Crash‑free hours: 1,000+
Average inference latency: < 20ms
False‑positive rate: Low (behavior‑only signals reduce noise)
False‑negative rate: Improving with engine refinement
Battery impact: Minimal due to lightweight on‑device processing
These results demonstrate ASD’s ability to operate continuously without degrading device performance or user experience.
ASD has completed a formal Safety Evaluation aligned with federal and industry standards, including:
NIST SP 800‑53
NIST Zero Trust (SP 800‑207)
NIST AI Risk Management Framework
FedRAMP/FISMA safety expectations
COPPA & GDPR privacy requirements
The evaluation confirms:
ASD is non‑content, non‑surveillance, and privacy‑preserving
ASD’s engines operate within strict safety boundaries
ASD is safe for children, vulnerable users, and high‑risk populations
ASD is formally published with timestamped DOIs, establishing verifiable prior art and scientific transparency:
OSF DOI: 10.17605/OSF.IO/GT9UC
Zenodo DOI: 10.5281/zenodo.20083573
ResearchGate DOI: 10.13140/RG.2.2.16702.04169
These publications document the architecture, safety model, and technical standard.
ASD is entering the next phase of external evaluation, including:
Independent security audit
Academic peer review
Behavioral‑model validation
Federal pilot program evaluation
Active‑Session Defense (ASD) has undergone multi‑layer validation, including independent reviews, operational testing, and a formal safety evaluation. This section summarizes ASD’s real‑world performance and the external validation steps completed to date.
Apple independently validated ASD’s safety, privacy, and stability.
Confirmed by Apple’s review:
No content scanning
No surveillance behavior
No prohibited data collection
No malicious or deceptive functionality
Stable and compliant for distribution
LastApp conducted an external review of ASD’s operational behavior and code integrity.
Validated:
Engine stability
Crash‑free operation
Safe behavioral inference
No harmful or invasive data practices
ASD has been tested across multi‑month real‑world operation on two independent codebases.
Key performance indicators:
Crash‑free hours: 1,000+
Inference latency: < 20ms
False‑positive rate: Low (behavior‑only signals reduce noise)
False‑negative rate: Improving with engine refinement
Battery impact: Minimal due to lightweight on‑device processing
These results demonstrate ASD’s ability to operate continuously without degrading device performance or user experience.
ASD has completed a formal Safety Evaluation aligned with federal and industry standards, including:
NIST SP 800‑53
NIST Zero Trust (SP 800‑207)
NIST AI Risk Management Framework
FedRAMP/FISMA safety expectations
COPPA & GDPR privacy requirements
The evaluation confirms:
ASD is non‑content, non‑surveillance, and privacy‑preserving
ASD’s engines operate within strict safety boundaries
ASD is safe for children, vulnerable users, and high‑risk populations
ASD is formally published with timestamped DOIs, establishing verifiable prior art and scientific transparency:
OSF DOI: 10.17605/OSF.IO/GT9UC
Zenodo DOI: 10.5281/zenodo.20083573
ResearchGate DOI: 10.13140/RG.2.2.16702.04169
These publications document the architecture, safety model, and technical standard.
ASD is entering the next phase of external evaluation, including:
Independent security audit
Academic peer review
Behavioral‑model validation
Federal pilot program evaluation
Each engine detects a different class of risk:
Fear Engine
Coercion Engine
Hostile Possession Engine
Grooming Engine
Duress Engine
Baseline Drift Engine
Stability Engine
Session Integrity Engine
Anomaly Engine
ASD’s behavioral‑inference core is built from nine specialized engines. Each engine detects a different class of risk by analyzing real‑time behavioral signals during an active session. Together, they form the foundation of ASD’s continuous‑possession safety model.
Detects fear‑driven behavioral shifts such as tremors, hesitation, freeze patterns, and unstable micro‑motion.
Identifies patterns consistent with forced compliance, guided interaction, or externally controlled device use.
Detects when the device is no longer in the rightful user’s hands through grip mismatch, motion deviation, and possession‑state anomalies.
Identifies long‑form behavioral patterns consistent with manipulation, pressure, or escalating risk over time.
Detects high‑stress, high‑pressure interaction patterns that indicate the user may be under threat.
Monitors gradual behavioral changes that deviate from the user’s normal interaction patterns.
Evaluates micro‑motion, orientation, and device handling stability to detect unsafe or abnormal conditions.
Monitors session transitions, navigation patterns, and interaction flow to detect session‑level anomalies.
Provides a catch‑all detection layer for unexpected or out‑of‑distribution behavioral patterns.