Keyless patents privacy-focused, cross-platform biometric authentication method
The U.S. Patent and Trademark Office (USPTO) has granted cybersecurity firm Keyless a new patent describing a privacy-focused technology designed for the collection and handling of customers’ biometric data.
According to the company, the new technology would entirely prevent firms, third parties, and even Keyless from accessing users’ biometric data.
This is possible due to the fact that such information would not be stored on a device or any centralized location but instead held via multi-party computing on the edge.
“Our mission at Keyless is to provide people and organizations with a passwordless future, where the user is the key,” said the company’s Co-founder and CEO Andrea Carmignani.
“We want to do it in a way that lets people log in to any app or service, from any device, easily and safe in the knowledge that they have the privacy they deserve, and for organizations to maintain security and compliance for their systems and users. This patent demonstrates our commitment to that mission,” he added.
From a technical standpoint, this means that when a user completes the Keyless enrolment process, their biometric template is encrypted, broken up into ‘shards,’ and stored across multiple servers. The data is then deleted from the device they used to enroll.
Consequently, should a malicious actor get hold of the contents of one of the servers, they would still not have access to the complete dataset.
The full template is also never restored during the authentication process, which works by scanning a user’s face and matching the resulting information against the stored ‘shards.’
“The intersection of user experience, privacy, and security is a very hot space, right now,” explained Keyless CTO Paolo Gasti. “There are multiple vendors and analysts out there talking about it, but no one has yet solved that conundrum.”
From a regulatory perspective, the newly-patented technology is compliant with both GDPR and PSD2 SCA requirements, and therefore particularly suited to customers working in highly regulated industries or those struggling with revenue leakage.
The patent announcement comes months after Keyless confirmed it was certified to the FIDO Alliance’s biometrics standards.
Moving forward, the company said they intend to keep on investing in the research and development of privacy-first biometrics technologies.
“As we look ahead to up-and-coming technologies that will one day ‘be the norm,’ such as blockchain and services offering Self-Sovereign Identity, where privacy-by-design is a key tenet, Keyless technology will be able to support those too,” said Gast.
The company was also recently mentioned in FinTech Global’s 2021 AIFinTech100 list.