FB pixel

Independent analysis shows robust security of FaceTec’s biometric UR Codes

| Chris Burt
Categories Biometric R&D  |  Biometrics News
Independent analysis shows robust security of FaceTec’s biometric UR Codes
 

FaceTec’s UR Code protocol, which provides digitally-signed biometric barcodes, has aced a cybersecurity assessment from independent evaluator Praetorian Security Inc.

Praetorian performed a rigorous reverse engineering analysis of the UR Code SDK, and found no risk issues in any of its “critical,” “informational,” “low,” “medium,” or “high” categories. The evaluation focused on identifying internal hashing mechanisms, encryption keys and customer PII, according to the company announcement.

A “risk-informed security assessment” found one informational issue with the security of the cryptographic operations, which is that “Issuing Authorities need to ensure they are using the correct OpenSSL commands when generating their own Private Keys.” One medium issue in the stability of the UR Codes APIs, “a library crash when a malformed call to UR Codes Verification was sent for a Multi-Face UR Code,” was observed, but was addressed by FaceTec and validated by Praetorian prior to the end of the engagement. The functionality of the URID created was also found to have one low issue, but this too was fixed by FaceTec and validated by Praetorian.

The security evaluations also included tests of measures to protect against robust code obfuscation, like dead code insertion, control flow flattening, and variable, class, and function renaming.

The UR Encoder software that generates UR Codes runs behind issuing authorities’ firewall, FaceTec notes, and face data encoded cannot be reverse engineered into an image of the person’s face. The company says the privacy protections and biometric security provided by UR Codes is similar to that of biometric passports, with usability and durability advantages and lower cost than NFC chips.

UR Codes are presented in universal QR format to support scanning with any smart device or webcam.

FaceTec has launched both the free Scan+Match apps for UR Codes and the UR Encoder for issuers so far this year.

The company has also hired multiple veterans of public sector organizations as it brings the 3D face verification and digital identity software to market.

Related Posts

Article Topics

 |   |   |   |   |   | 

Latest Biometrics News

 

DHS signals major expansion of biometric matching infrastructure

The Department of Homeland Security (DHS) has issued a Request for Information (RFI) seeking industry input on biometric matching software…

 

ROC impresses in NIST biometric age estimation benchmark, Shufti makes debut

Two new entrants to NIST’s Face Analysis Technology Evaluation (FATE) Age Estimation & Verification, one a debut and the other…

 

Police Scotland plans LFR business case, consultation on the way to a decision: SPA

Police Scotland has not yet made a final decision on implementing live facial recognition (LFR) and has instead announced its…

 

With shift in UK online safety policy, Starmer tells Silicon Valley to ‘bring it on’

A new statement from UK prime minister Keir Starmer outlines his government’s plans to continue developing policies and regulations that…

 

Sri Lanka digital ID Master Systems Integrator expected to be named in March

The selection of an Indian firm as Master System Integrator (MSI) for the Sri Lanka Unique Digital Identity (SL-UDI) is…

 

Photo ID, proof of citizenship take center stage in US voting fight

The Safeguard American Voter Eligibility Act (SAVE) has become the centerpiece of a renewed congressional fight over who sets the…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Continue Reading

Biometric Market Analysis and Buyer's Guides

Most Viewed This Week

Featured Company

Learn More

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events