Zero-Knowledge Biometrics™

Discover our unique approach to biometric data storage that never stores biometric data anywhere.

Zero-Knowledge Biometrics™

Discover our unique approach to biometric data storage that never stores biometric data anywhere.

Biometric Authentication: An Introduction

Biometric authentication uses unique physical traits, like fingerprints or facial features, to verify identity and grant secure access.

But not all biometric systems are created equal. They differ in how a user’s biometric data is stored.

When an enrollment or authentication image is taken, a user's biometric data usually has be stored.

Existing Systems

Traditionally, there have been two biometric authentication systems that store biometric data.

Local biometrics like FaceID store data on the device, enhancing privacy but without proving a user's identity. A convenience factor added on top of PINs and passwords, they can be bypassed if these are known.

Centralized biometrics store biometric data on the cloud and unlike local biometrics do prove that the person authenticating is the person that signed up. However, traditional systems use hashing, which can be reverse-engineered, compromising privacy.

The Emergence of Decentralized Biometrics

Decentralized biometrics are systems built with the intention of preserving privacy. A successful decentralized system addresses both the privacy issues associated of centralized biometrics and the security and usability drawbacks of local systems.

Zero-Knowledge Biometrics: Our Approach

Zero-Knowledge Biometrics (ZKB) is Keyless' unique, patented approach to decentralized biometrics. Instead of hashing or sharding, we use secure Multi-Party Computation (sMPC), a privacy-preserving cryptographic technique that does not store biometric data anywhere - neither on the device, nor on the cloud.

ZKB involves two steps:

Step 1

During enrollment, a biometric profile is captured, transformed on the user’s device using sMPC, and stored on the cloud. No biometric information can be extracted from this profile, ensuring that neither the cloud service provider nor even the vendor can link it to the user’s face.

Step 2

During authentication, another sample is captured, transformed, and compared with the stored profile using the sMPC protocol. By comparing two encrypted profiles, biometric data is protected in use, at rest, and in transit, offering the privacy benefits of local authentication with the security and portability of server-side biometrics.

Explaining sMPC with the Millionaire’s problem

Consider two millionaires who are interested in knowing who is richer without revealing their actual wealth. SMPC allows them to find this information out without revealing their answers. In Keyless’ context, SMPC allows a user to send and retrieve their biometric data from the Keyless Cloud Service without revealing their data to anyone, including Keyless.

User templates converted using Zero-Knowledge Biometrics™ technology are not classified as biometric data by European regulators. This ensures that biometric profiles processed in this manner are fully compliant with GDPR regulations on data processing and storage.