FB pixel

Keyless execs tout privacy protections of combined FIDO and server-side biometrics

Keyless execs tout privacy protections of combined FIDO and server-side biometrics

Decentralization and novel encryption methods are coming to the rescue of privacy-preserving biometric authentication, Keyless executives Paolo Gasti and Gal Steinberg suggested during a recent Biometric Update webinar.

Authentication processes have traditionally operated on a server in the cloud, or on the user’s own device, with each approach introducing its own drawbacks. Server-based authentication raises the possibility of data misuse or breaches, while device-based authentication poses problems around what happens if a device is lost or stolen, and how to prove the identity of the person behind the device.

Keyless’ approach to privacy-enhancing biometrics is based on the storage of encrypted biometric data held on a server, that can only be decrypted with a request which is locally processed, attendees of ‘One selfie to rule them all’ heard. This gives Keyless the only authentication method certified by FIDO, while incorporating the strengths of server-side processing, such as account recovery.

Steinberg delved into how distributed biometrics can help consumer-facing organizations authenticate their customers, and their potential applications for passwordless employee authentication and sign-ins to shared workspaces like POS devices.

Gasti explained how Keyless uses proprietary protocols to provide selfie biometrics with passive liveness checks to generate zero-knowledge proofs.

“Usually, in a traditional system, you would have to decrypt this data, compute some distance functions, see whether the two or close enough or not, and come to a decision,” he explains. “This would imply that this data is exposed to the service that is performing this matching. We at Keyless started our journey exactly to prevent this, to avoid this issue. The way in which we achieve this is by using a protocol, by using a system, that allows us to compare data without the need to decrypt it.”

The highly-engaged audience posed a series of questions around how Keyless protects against injection attacks, cross-platform interoperability, and how it can be used in systems for compliant payments and other applications.

During the discussion, Keyless tipped a future product release, and how far the elimination of passwords can go.

Watch ‘One selfie to rule them all‘ on demand


Article Topics

 |   |   |   |   |   |   | 

Latest Biometrics News


The UK’s election may spell out the future of its national ID cards

Identity cards are back among the UK’s top controversial topics – thanks to the upcoming elections and its focus on…


Challenges in face biometrics addressed with new tech and research amid high stakes

Big biometrics contracts and deals were the theme of several of the stories on that drew the most interest from…


Online age verification debates continue in Canada, EU, India

Introducing age verification to protect children online remains a hot topic across the globe: Canada is debating the Online Harms…


Login.gov adds selfie biometrics for May pilot

America’s single-sign on system for government benefits and services, Login.gov, is getting a face biometrics option for enhanced identity verification…


BIPA one step closer to seeing its first major change since 2008 inception

On Thursday, a bipartisan majority in the Illinois Senate approved the first major change to Illinois Biometric Information Privacy Act…


Identity verification industry mulls solutions to flood of synthetic IDs

The advent of AI-powered generators such as OnlyFake, which creates realistic-looking photos of fake IDs for only US$15, has stirred…


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read From This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events