Risk Factors Dashboard

Once a year, publicly traded companies issue a comprehensive report of their business, called a 10-K. A component mandated in the 10-K is the ‘Risk Factors’ section, where companies disclose any major potential risks that they may face. This dashboard highlights all major changes and additions in new 10K reports, allowing investors to quickly identify new potential risks and opportunities.

Risk Factors - BKYI

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

Item 1A. Risk Factors; and Part II, Item 9A. Controls and Procedures.

The Company has not filed, and does not intend to file, amendments to the previously filed Quarterly Reports on Form 10-Q for any of the quarters for the year ended December 31, 2023. Accordingly, investors should rely only on the financial information and other disclosures regarding the Restatement Periods in this Form 10-K or in future filings with the SEC (as applicable), and not on any previously issued or filed reports, earnings releases, or similar communications relating to these periods.

See Note U to the consolidated financial statements, included in Part II, Item 8 of this Form 10-K, for additional information on the restatement and the related consolidated financial statement effects.


All statements other than statements of historical facts contained in this Annual Report on Form 10-K, including statements regarding our future financial position, business strategy and plans and objectives of management for future operations, are forward-looking statements. The words “anticipate,” “believe,” “should,” “estimate,” “will,” “may,” “future,” “plan,” “intend” and “expect” and similar expressions generally identify forward-looking statements. These statements are not guarantees of future performance or events and are subject to risks and uncertainties that may cause actual results to differ materially from those included within or implied by such forward-looking statements. These risks and uncertainties include, without limitation, our history of losses and limited revenue; our ability to raise additional capital; our ability to protect our intellectual property; changes in business conditions; changes in our sales strategy and product development plans; changes in the marketplace; continued services of our executive management team; security breaches; competition in the biometric technology and identity access management industries; market acceptance of biometric products generally and our products under development; our ability to convert sales opportunities to customer contracts; our ability to expand into Asia, Africa and other foreign markets; our ability to integrate the operations and personnel of Swivel Secure into our business; fluctuations in foreign currency exchange rates; the duration and extent of continued hostilities in Ukraine and its impact on our European customers; delays in the development of products, the commercial, reputational and regulatory risks to our business that may arise as a consequence of our need to restate our financial statements, including any consequences of non-compliance with Securities and Exchange Commission (“SEC”) and Nasdaq periodic reporting requirements; our temporary loss of the use of a Registration Statement on Form S-3 to register securities in the future; any disruption to our business that may occur on a longer-term basis should we be unable to remediate during fiscal year 2024 certain material weaknesses in our internal controls over financial reporting, the nature and amount of adjustments that may be required from our preliminary estimates of our results of operations for the first quarter of 2024, as the results may vary from the narrative included in prior reports filed with the SEC, and such variance may be material, statements of assumption underlying any of the foregoing, and numerous other matters of national, regional and global scale, including those set forth under the caption “Risk Factors” in Item 1A of this Annual Report and other filings with the Securities and Exchange Commission (“SEC”). These factors are not intended to represent a complete list of the general or specific factors that may affect us. It should be recognized that other factors, including general economic factors and business strategies, may be significant, presently or in the future. Except as required by law, we undertake no obligation to update any forward-looking statement, whether as a result of new information, future events or otherwise.



Solely for convenience, trademarks and tradenames referred to in this Annual Report on Form 10-K appear (after the first usage) without the ® and ™ symbols, but those references are not intended to indicate, in any way, that we will not assert, to the fullest extent under applicable law, our rights or that the applicable owner will not assert its rights, to these trademarks and tradenames.


BIO-key International, Inc. (the “Company,” “BIO-key,” “we,” or “us”) is a leading identity and access management (IAM) platform provider enabling secure work-from-anywhere for enterprise, education, and government customers using secure multi-factor authentication (MFA). Our vision is to enable any organization to secure streamlined and passwordless workforce, customer, citizen and student access to any online service, workstation, or mobile application, without a requirement to use tokens or phones for roving users and shared workstations. Our products include PortalGuard® and PortalGuard Identity-as-a-Service (IDaaS) enterprise IAM, WEB-key® biometric civil and large-scale ID infrastructure, MobileAuth® mobile phone authentication application for iOS and Android, and high-quality, low-cost accessory fingerprint scanner and FIDO-compliant hardware to provide a full and complete solution for identity-innovating customers.

BIO-key PortalGuard empowers organizations to maximize the power of cloud, mobile and web technologies by securing users’ identities and connecting them with the applications they rely on, while keeping cyber-intruders and unauthorized delegates (proxy users) out. Competing MFA solutions require a phone or token for every user authentication use case, but this is expensive and ineffective for workforce users who cannot use a phone in their workplace, who rove among workstations or share kiosks for access to information systems. BIO-key’s exclusive Identity-Bound Biometrics (IBB) authentication methods address this by making biometric identification based available at any end point device, making the user, not their phone or a token, their own credential.

Our customers trust BIO-key® to secure access to a variety of cloud, mobile and web applications, on-premise and cloud-based hypervisor servers from all of their devices. Employees and contractors sign into BIO-key PortalGuard to seamlessly and securely access the applications needed to do their work, and customers sign into BIO-key PortalGuard to access online services. Organizations use PortalGuard to securely collaborate and communicate with their partners and to provide their customers with flexible, resilient user experiences online and while using mobile devices. PortalGuard can operate standalone as a comprehensive MFA, Single Sign On, and Self-Service Password Reset solution, directly authenticating for Windows sign in and application access, or as an upgraded MFA user experience within an enterprise IAM framework such as Microsoft, Okta, Ping or ForgeRock.

BIO-key’s WEB-key is a scalable biometric service management platform, incorporating key functions for regulatory compliance, enrollment, authentication or identification, and integrity in a multi-tenant private or public cloud delivery platform. Government agencies use BIO-key for their large-scale civil ID projects, because WEB-key underpins a biometric identity ecosystem, is cloud-ready, and provides a scalable, high-integrity trust platform which can be operated anywhere and supports over 30 fingerprint scanners interchangeably.

We also deliver biometric software integration application programming interfaces, or APIs, allowing software developers to leverage our platform to securely and efficiently embed biometric multi-factor authentication, or MFA, into their own products. This allows software developers to focus on their core functionality while BIO-key ensures users enter the application without requiring them to carry their phone or any token.

Even the most security-focused organizations are suffering breaches as a result of human error or improper conduct. As enterprises scale the number of software as a service, or SaaS applications, and multi-cloud services they rely on and the interconnections between them increase, assured identity has emerged as a critical component of an organization’s security framework, directly affecting each triad of cybersecurity – confidentiality, integrity, and availability. As access perimeters dissolve, organizations must evolve from network-based security models to Zero Trust and Continuous Authentication and Risk Trust Assessment (CARTA) security models, focusing on adaptive and context-aware controls. True server-secured biometric verification removes the human nature vulnerability at the root of many security compromises creating a more reliable means to manage user access and protect digital assets against rogue users willing to hand over their credentials to a proxy. Our global identity as a service, or IDaaS, hosting capability allows our customers to simplify and efficiently scale their security infrastructures across internal IT systems and external customer facing applications without installation overhead, security or uptime management efforts.

We designed BIO-key PortalGuard IDaaS and WEB-key to provide organizations an integrated approach to managing and securing all of their identities using the technologies they already use while providing capacity for future needs through the strategic use of biometrics to limit vulnerability and contain authentication costs. Our platform allows users to authenticate their customers, employees, contractors, and partners. It enables any user to connect to any device, cloud or application, all with a simple, customizable, intuitive and consumer-friendly user experience. We utilize server-secured Identity-Bound Biometrics to support roving users without requiring them to carry their phone or a token. As of December 31, 2023, more than 600 customers across multiple industries use BIO-key to secure and manage access for users around the world.

Development of Business

BIO-key was founded in 1993 to develop and market advanced fingerprint biometric technology and related security software solutions. First incorporated as BBG Engineering, the company was renamed SAC Technologies in 1994 and renamed BIO-key International, Inc. in 2002. Our principal executive office is located at 101 Crawfords Corner Road, Suite 4116, Holmdel, NJ, 07733.

BIO-key was a pioneer in developing automated finger identification technology that supplements or compliments other methods of identification and verification, such as personal inspection identification, passwords, tokens, smart cards, ID cards, credit card, passports, driver’s licenses, or other form of possession or knowledge-based credentialing. Our advanced technology and is used to improve both the accuracy and speed of fingerprint biometrics in some of the largest biometric systems in the world.

On June 30, 2020, we enhanced our product offering by acquiring PistolStar, Inc. (“PistolStar”). PistolStar provides enterprise-ready identity access management solutions to commercial, government and education customers throughout the United States and internationally. PistolStar develops and markets our PortalGuard line of software and services.

On March 8, 2022, we expanded our sales and support operation into Europe, Africa and the Middle East (“EMEA”) by acquiring Swivel Secure Europe, SA. Swivel Secure Europe is a Madrid, Spain based provider of IAM solutions serving over 300 customers through a network of dozens of channel partners throughout EMEA. Swivel Secure Europe is the exclusive distributer of AuthControl® Sentry, AuthControl Enterprise and AuthControl MSP product line in Europe, Middle East, and Africa, excluding the United Kingdom. Swivel Secure maintains a direct sales force with offices in Madrid, Spain and Lisbon, Portugal.

Our Products

BIO-key PortalGuard and PortalGuard IDaaS

BIO-key PortalGuard is an independent, customer-controlled and neutral-by-design cloud-based identity platform that allows our customers to integrate with any cloud or on-premise SaaS application, service or cloud host, as well as Windows device authentication through a single secure, reliable and scalable IAM platform. It provides identical capabilities in both a SaaS (PortalGuard IDaaS) or on-premise (PortalGuard) delivery model. PortalGuard integrates BIO-key’s Identity Bound Biometric (IBB) authentication as what-you-are authentication options that are not tied to a device or “what you have” authentication, allowing our customers to positively identify who is accessing their systems, not the device they might have handed off to another user. Our three-way IAM neutrality consists of:

seventeen MFA authentication factor choices, including our server-secured IBB via fingerprint scanners, or using a palm scan, facial selfie, or voice biometric via our MobileAuth app on a mobile phone;

open user directory choices including on premise, hybrid or full-Azure Active Directory, LDAP, IBM Domino, or custom SQL user directory; and

multiple single sign on, or SSO, federation options, including SAML, Open ID Connect (OIDC), OAUTH, CAS and WS-Fed.

These capabilities allow our customers to combine and authenticate legacy and future technologies and to securely connect users to the technology that they choose. We design transparent compatibility of the BIO-key PortalGuard IDaaS with on-premise infrastructures and public and hybrid clouds.

Our customers use the BIO-key PortalGuard IDaaS to secure their workforces and student populations and make their partner networks more collaborative. PortalGuard IDaaS provides more and secure experiences for their customers and end users, which enables our customers to future-proof their environments. PortalGuard IDaaS can be used as the central system for an organization’s connectivity, access, authentication and identity lifecycle management needs across all of its users, technology and applications. We enable our customers to easily deploy, manage and secure applications and devices, and offer provisioning services using open source tools.

Developers can leverage an extensive suite of API and modular SDK tools to build custom cloud, mobile and web application enrollment and authentication experiences that leverage BIO-key PortalGuard and WEB-key as the underlying identity management platform. Once deployed, PortalGuard allows administrators to enforce contextual access management decisions based on conditions such as user identity, device, geolocation, application destination identity, IP range, and time of day.

Our customers use BIO-key to (i) manage and secure work-related IT access of their employees, contractors and supply chain partners, which we call workforce identity; and (ii) manage and secure the identities of users of their web properties, which we call customer identity.

BIO-key PortalGuard and PortalGuard IDaaS for Workforce Identity. PortalGuard streamlines the way an organization’s employees, contractors and supply chain partners connect to its applications and data from any device, while increasing user efficiency, preventing unauthorized delegation, credential sharing, and keeping digital environments secure through our MFA capabilities. We enable organizations to provide their workforces with immediate and secure access to every application from any device they use, without maintaining multiple credentials. Our multi-directory support interfaces with the directories in place at an organization, while allowing SQL-based custom directories where none presently exist. BIO-key PortalGuard Desktop allows customers to extend the BIO-key PortalGuard IDaaS to their existing on-premises and remote workstation Windows sign in.

BIO-key PortalGuard and PortalGuard IDaaS for Customer Identity. BIO-key PortalGuard allows organizations to secure access to their online properties, while upgrading their customers’ user experience by delivering self-enrollment and management for customer-facing cloud, mobile or web applications. We enable an organization’s product team to layer BIO-key’s MFA, SSO and self-service password reset, or SSPR, functionality into their cloud, web and mobile applications through federation standards or using our APIs. Our customers are able to centrally manage policies, audit and log access across their properties, leading to more seamless customer experiences.

BIO-key VST and WEB-key; Products; Civil and Large-Scale ID Infrastructure

We have developed what we believe is the most discriminating and effective commercially available finger-based biometric technology. This technology is embedded in our PortalGuard product for enterprise security, providing customers with a unique capability to authenticate users without a phone or token, where appropriate, such as manufacturing, retail, call centers, and health care workers. Other markets for scalable biometric engines include government markets, large scale identity projects such as voter’s registration, driver’s license, national ID programs, and SIM card registration.

We also offer a full line of easy to use finger scanners for both enterprise and consumer markets. Our PIV Pro, SidePass®, EcoID II® and SideSwipes® finger readers can be used on any laptop, tablet or other device which contains a USB A or C port. We market and sell these fingerprint scanners through distributors and directly to end users via Amazon.

AuthControl Sentry; AuthControl Enterprise; AuthControl MSP

Swivel Secure is the exclusive distributer of AuthControl Sentry, AuthControl Enterprise, and AuthControl MSP product line in Europe, Africa and the Middle East, or EMEA, excluding the United Kingdom and Ireland. These solutions include a patented one-time-code extraction technology, helping enterprises manage the increasing data security risks posed by cloud services and bring your own device policies.

Fingerprint Readers

Our series of compact fingerprint readers, we find commercial companies use SidePass®, SideSwipe® or EcoID II® to replace their Windows passwords and enable Windows Hello for Business without replacing or upgrading laptops or tablets.

Identity and Access Management, User Multi-Factor Authentication, Single Sign On, Privilege Entitlement and Access Control

Our products simplify the authentication process for enterprise users and consumers, while raising security levels. This allows our customers to meet new, stronger authentication requirements and security best practices across many industries, while delivering a superior end-user experience. Customers use our products to reduce risk of theft, fraud, loss, account takeover attacks, and unauthorized account sharing by limiting access to valuable assets, privileges, data, services, networks and places to only authorized individuals. Our products provide stronger identity binding and a superior user experience versus traditional credentialing systems, which utilize a physical or knowledge-based electronic credential to authenticate the holder but fail to authenticate the actual user in addition to the token. Both commercial enterprises and the public sector have seen a shift in the requirement for stronger authentication, and the FBI, NIST and industry thought leaders such as SalesForce and Microsoft have encouraged entities to enhance their security posture by implementing stronger 2-factor authentication (2FA) or MFA. We believe the market for advanced user MFA, including fingerprint biometrics, extends to nearly every industry segment and the market opportunity for our products is massive, global and growing.

Our Markets

Historically, our largest market has been identity and access management for highly regulated industries like government and healthcare. However, we are witnessing a change in the landscape as organizations within all industries and of all sizes are embracing biometric technology and MFA as a security and workflow solution. Millions of users have been successfully using biometrics in phones from Apple and Samsung and they welcome the same user experience to access applications without passwords or tokens.

Our acquisition of PistolStar added a large customer base in the state and local government and higher education (SLED) vertical. Colleges and universities throughout the United States use our PortalGuard MFA and SSO platform. As governments, colleges and universities continue to operate in remote environments, we have seen additional demand for our solutions.

We believe there is potential for significant market growth in the following key areas:

Business Model

Our business model is focused on the following key areas:



Enterprise needs are not being met by mainstream MFA’s phone app or token approach. Supply chain breaches, ransomware attacks, and administrative access compromises highlight the shortcomings of mainstream MFA and security approaches, which leave far too much responsibility on end-users to comply with cyber-hygiene policies. BIO-key’s biometric authentication process prevents human error and human nature from undermining secure authentication, while making the end user’s access easier than ever. The current climate of broad enterprise adoption of MFA to replace passwords presents opportunities for us to leverage our unique differentiators and exploit the gaps in existing IAM technology approaches. One of those gaps is the challenge of authenticating users that “rove” among workstations. A second gap is preventing unauthorized account sharing and delegation.



We continue to prioritize securing agreements with OEM customers. The history of success supporting NCR, McKesson, Omnicell, and LexisNexis provides an established footprint that we intend to build upon. As OEM customers embed our solutions within their products, the customer benefits from the enhanced security and workflow, and frees them from investing in R&D to manage an IAM infrastructure of their own. OEM customers’ ordering patterns are more predictable and OEM customers generally require lower service and support resourcing.




Government ID projects and healthcare organizations, including hospitals, clinics, and small private practices present a strong opportunity for us. Additionally, the financial services industry, including banks and credit unions has grown substantially.



In 2023, we continued to grow our Channel Alliance Partner program (CAP) focused on partnering with select value added resellers, integrators, and distributors.



We are a Microsoft Partner and our line of compact fingerprint scanners has been tested and qualified by Microsoft to support Windows Hello and Windows Hello for Business.


Hardware products generated 15% and 9% of our revenue in 2023 and 2022, respectively. EcoID II® has emerged as our most popular scanner for enterprise deployments. For customers that require the highest level of security, PIV-Pro is a FIPS compliant fingerprint scanner, suitable for highly regulated industries and organizations that want a best-in-class solution.

We have grown our business through a combination of organic growth and the strategic acquisitions of PistolStar and Swivel Secure Europe. We expect to continue to pursue strategic acquisitions of select businesses and assets in the IAM space. In furtherance of this strategy, we are active in the industry and regularly evaluate businesses that we believe will either provide an entry into new market verticals or be synergistic with our existing operations and in either case, be accretive to earnings. We cannot provide any assurance as to whether we will be able to complete any acquisition and if completed, successfully integrate any business we acquire into our operations. If we are unable to effectively protect our intellectual property rights on a worldwide basis, we may not be successful in the international expansion of our business. Please see the section captioned “RISK FACTORS” for additional information regarding acquisition risks.

Marketing and Distribution

We sell our products directly through our field and inside sales teams, as well as indirectly through our network of channel partners. Through our Channel Alliance Program, we have partnered with more than 85 resellers, system integrators and other distribution partners. We are committed to continue to aggressively grow this program in 2024.

We partner with leading application, managed service and infrastructure vendors, such as Intelisys, Insight, NGEN, Amazon Web Services, Pathify (formerly UCROO Campus), Software House International (SHI), BlueAlly, Atlassian, and ProCirrus.

We offer our software under a SaaS term license and generate annual recurring revenue (ARR) primarily by selling multi-year subscriptions to our software. We employ a customer success team, focused on customer satisfaction and early remediation.

Intellectual Property Rights

We develop and own significant intellectual property and believe that our intellectual property is fundamental to our biometric and IAM product operation: We own patented technologies and trade secrets developed or acquired by us.


On December 26, 2006, we were issued US patent No. 7,155,040 covering our unique image processing technology, which is critical for enhancing information used in the extraction of biometric minutiae. The issued patent protects a critical part of an innovative four-phase image enhancement process developed by us. With the payment of all maintenance fees, this patent will expire on January 29, 2025.

On April 15, 2008, we were issued US patent No. 7,359,553 covering our image enhancement and data extraction core algorithm components. The solution protected under this patent provides the capability to quickly and accurately transform a fingerprint image into a computer image that can be analyzed to determine the critical data elements. With the payment of all maintenance fees, this patent will expire on January 3, 2025.

On November 18, 2008, we were issued US patent No. 7,454,624 for our “Match Template Protection within a Biometric Security System” method. The solution protected under this patent limits the scope of enrollment templates usage and also eliminates the need for revocation or encryption processes, which can be expensive and time consuming. With the payment of all maintenance fees, this patent will expire on May 17, 2025.

On March 10, 2009, we were issued US patent No. 7,502,938 for our “Trusted Biometric Device” which covers a simple, yet secure method of protecting a user’s biometric information. It covers the transmission of information from the point the information is collected at the biometric reader until the data reaches the computer or device that is authenticating the user’s identity. With the payment of all maintenance fees, this patent will expire on October 25, 2025.

On November 8, 2011, we were issued US Patent No. 8,055,027 for our “Generation of Directional Information in the Context of Image Processing” method for image enhancement and processing. With the payment of all maintenance fees, this patent will expire on October 10, 2027.

On June 5, 2012, PistolStar was issued US Patent No. 8,196,193 for “Method For Retrofitting Password Enabled Computer Software with a Redirectional User Authentication Method”, where a device, method, and system may be used to integrate and control authentication and passwords among various applications and platforms. With the payment of all maintenance fees, this patent will expire on November 1, 2030.

On March 12, 2013, PistolStar was issued US Patent No. 8,397,077 for “Client Side Authentication Redirection”, where user specific attributes may be accessed and used to produce a generated password, using an algorithm and the user attributes. With the payment of all maintenance fees, this patent will expire on August 7, 2030.

On May 3, 2017, we were issued US Patent No. 9,646,146 for our “Utilization of Biometric Data”, a method enables existing small area sensors to capture substantially more fingerprint surface area, leading to a higher degree of accuracy when performing a match. With the payment of all maintenance fees, this patent will expire on March 6, 2035.

On June 19, 2018, we were issued U.S. Patent No. 10,002,244 for our “Utilization of Biometric Data” to allow continuous, passive user authentication on a mobile device. With the payment of all maintenance fees, this patent will expire on March 6, 2035.

On July 27, 2018, we were issued U.S. Patent No. 10,025,831 for “Adaptive Short Lists and Acceleration of Biometric Database Search”, a method to quickly and iteratively search a database of biometric data. With the payment of all maintenance fees, this patent will expire on August 10, 2036.

On September 3, 2019, we were issued U.S. Patent No. 10,400,481 for “Fingerprint Lock”, a lock design method of the shackle and spring integration to electronics. With the payment of all maintenance fees, this patent will expire on June 27, 2037.

On September 10, 2019, we were issued U.S Patent No. 10,410,040 for “Fingerprint Lock Control method and Fingerprint Lock System”, a lock design method of the control process of scanning, and server communications for user profile management. With the payment of all maintenance fees, this patent will expire on July 26, 2037.

On April 20, 2021, we were issued U.S. Patent No. 10,984,085 for “Biometric Recognition for Uncontrolled Acquisition Environments”, expected to be deployed in mobile devices, the patent provides a method of continuous capture of the users biometric data before the need of the authentication or enrollment, as well as during an active session with a user, to assure the user has not changed. With the payment of all maintenance fees, this patent will expire on March 13, 2039.

We have also been granted parallel patents to the US Patent portfolio to certain of our patents in many foreign countries offering protection of our intellectual property rights around the world.


We have registered our trademarks “BIO-key”, “True User Identification”, “Intelligent Image Indexing”, “WEB-key”, “SideSwipe”, “SidePass”, “EcoID”, “PistolStar®”, “PortalGuard”, “MobileAuth”, “PASSIVEKEY®” and “PISTOLSTAR®” with the U.S. Patent & Trademark Office, as well as many foreign countries, protecting the names of our companies and our key technology offerings.

We also own the following unregistered trademarks: “PortalGuard Nebula™”, “Password Power™” and “Scooch™”.

Copyrights and trade secrets

We take measures to ensure copyright and license protection for our software releases prior to distribution. When possible, the software is licensed in an attempt to ensure that only licensed and activated software functions to its full potential. We also take measures to protect the confidentiality of our trade secrets.

Research and Development

Our PortalGuard IAM product line is mature, with hundreds of active customers, and we are adding additional factors and capabilities to the product, as well as enhancing the self-management for the functionally equivalent PortalGuard IDaaS offering. A significant new authentication factor set will come via our MobileAuth application for users to experience multiple biometric secure authentication via their mobile phone devices. Our VST and WEB-key biometric platforms are mature, stable, and widely-deployed. We concentrate our research and development efforts on enhancing the functionality, reliability and integration of our current products as well as acquiring and developing new and innovative products and solutions for providing broader access to the BIO-key user experience.

Although we believe that our identification technology is one of the most advanced and discriminating fingerprint technologies available today, the markets in which we compete are characterized by rapid technological change and evolving standards and use-cases. In order to maintain our position in the market, we will need to continue to upgrade and refine our existing technologies as new standards become relevant to our customers and markets.

During the years ended December 31, 2023 and 2022, we incurred expenses of $2,394,926 and $3,252,236, respectively, for research and development.

In future periods our R&D efforts will remain focused on updating and advancing our core software products including PortalGuard and PortalGuard IDaaS, MobileAuth, WEB-key and VST. These products are critical to support the anticipated growth in enterprise IAM.


The IAM, MFA and SSO market is characterized by multiple solution providers of solutions in either standalone or IAM suite delivery models. We believe that our unique differentiator in this market is the incorporation of an unparalleled server-secured biometric authentication capability among our seventeen authentication factors. There are numerous companies involved in the development, manufacturing and marketing of fingerprint biometrics products to commercial, government, law enforcement and prison markets. These companies include, but are not limited to, IDEMIA, Thales, NEC, Neurotechnology, and Innovatrics.

The majority of sales for automated fingerprint identification products in the market to date have been deployed for government agencies, healthcare facilities, and law enforcement applications. The consumer and commercial markets represent areas of growth potential for biometrics, led by the use of mobile devices.

The epidemic of security and data breaches reported over the past few years is one of the driving factors for identifying new methods of protecting valuable data. After attempting to create a more sophisticated password, or more efficient token or PIN, it has become apparent that each of these methods are easily compromised, and the downside risks are significant.

We have also seen FIDO-compliant keys enter the market, led by Yubico’s YubiKey, a hardware token device that acts as a credential for access. FIDO officially recommends enterprises purchase two or more keys for every user, to prevent lockout in the event of a lost or misplaced FIDO token. These hardware tokens alone do not meet the needs of large organizations for which key sharing and lost keys are concerns, establishing the opportunity for our Identity Bound Biometric differentiation. Where FIDO is needed, we offer a line of equivalent function and quality, but lower-cost FIDO 2.0 keys.

With respect to competing biometrics technologies, each has its strengths and weaknesses and none has emerged as a market leader:

Fingerprint identification is generally viewed as very accurate, inexpensive and non-intrusive and is the dominant biometric in use today and will be for the foreseeable future;

Palm Vein scanning is expensive, technique-sensitive, and offers mobility challenges;

Iris scanning is viewed as accurate, but the hardware is significantly more expensive; and

Facial recognition can have privacy concerns with work-from-home use, and is typically highly dependent on ambient lighting conditions, angle of view, and other factors.

Government Regulations

Various state, federal and EU privacy laws govern the collection, storage, use and any sale of biometric-related data. To the extent that BIO-key’s IDaaS offerings include the collection and storage of customer users’ personal or biometric data, we operate as a processor of such data. Our WEB-key platform includes compliance features to ensure automated compliance with these laws including collection of informed written consent during enrollment workflows and robust auditing to control and report on the retention of biometric data and removal requests. Additionally, our customers have access to these tools to maintain their own compliance, including deletion of user data when business relationships terminate.

We believe in biometric privacy rights, and that both users and their organizations benefit from a responsibly operated biometric identity infrastructure. We actively participate in industry privacy workgroups as recognized biometric subject matter experts in order to influence and keep abreast of any proposed changes to these regulations. Beyond these regulations, we are not currently subject to direct regulation by any government agency, other than regulations generally applicable to businesses or related to specific project requirements. In the event of any international sales, we would be subject to various domestic and foreign laws regulating such exports and export activities.

Environmental Regulations

As of the date of this report, we have not incurred any material expenses relating to our compliance with federal, state, or local environmental laws and do not expect to incur any material expenses in the foreseeable future.


Generally, our revenues do not exhibit a seasonal pattern, however, revenue is affected by customer budgeting, government fiscal year planning, and capital budgets.

Human Capital Resources

As of the date of this report, we have forty-two employees consisting of forty-three individuals on a full-time basis and one part-time employee as follows: (i) nineteen in engineering, customer support, and research and development; (ii) ten in finance and administration; and (iii) thirteen in sales and marketing. We also have two factory contractors in China. None of our employees are represented by a labor union and we believe that our relationship with our employees is good.


Set forth below are the risks that we believe are material to our investors. This section contains forward-looking statements. You should refer to the explanation of the qualifications and limitations on forward-looking statements appearing just before the section captioned “BUSINESS” in Item 1 above.


The restatement of our previously issued financial statements has been time-consuming and expensive and could expose us to additional risks that could materially adversely affect our financial position, results of operations and cash flows.

As discussed in the Explanatory Note to this Annual Report and in Note U, Quarterly Financial Data (Unaudited and Restated), to the consolidated financial statements included in this Annual Report, we are restating our previously issued financial statements for our unaudited consolidated financial statements covering the quarterly reporting periods during fiscal year 2023, consisting of the quarters ended March 31, 2023, June 30, 2023 and September 30, 2023 (the "Restatement Periods"). These restatements, and the remediation efforts we have undertaken and are continuing to undertake, have been time-consuming and expensive and could expose us to a number of additional risks that could materially adversely affect our f