Zero-Knowledge Biometrics™

Explore how Keyless delivers privacy, security, and a seamless user experience without compromise, addressing the flaws of traditional systems.

The Biometric Privacy Challenge

Biometric systems have traditionally risked privacy by storing sensitive data, forcing organizations to choose between exposing users to breaches or sacrificing user experience.
The challenge is providing secure authentication without compromising privacy or UX.

The Struggle with Traditional Systems

Traditional biometric solutions face a privacy dilemma:
Local biometrics (e.g., FaceID) store data on the device, enhancing privacy but failing to confirm identity, relying on PINs or passwords as fallbacks instead.
Centralized biometrics store hashed data in the cloud, proving identity but risking privacy breaches as hashing techniques can can be reverse-engineered to reveal the original biometric data.

The Emergence of Decentralized Biometrics

Decentralized biometrics are systems built with the intention of preserving privacy. A successful decentralized system addresses both the privacy issues associated of centralized biometrics and the security and usability drawbacks of local systems.

Zero-Knowledge Biometrics: The Keyless Approach

Zero-Knowledge Biometrics (ZKB) is Keyless' unique, patented approach to decentralized biometrics. Instead of hashing or sharding, we use secure Multi-Party Computation (sMPC), a privacy-preserving cryptographic technique that does not store biometric data anywhere - neither on the device, nor on the cloud.

ZKB involves two steps:

Step 1

During enrollment, a biometric profile is captured, transformed on the user’s device using sMPC, and stored on the cloud. No biometric information can be extracted from this profile, ensuring that neither the cloud service provider nor even the vendor can link it to the user’s face.

Step 2

During authentication, another sample is captured, transformed, and compared with the stored profile using the sMPC protocol. By comparing two encrypted profiles, biometric data is protected in use, at rest, and in transit, offering the privacy benefits of local authentication with the security and portability of server-side biometrics.

Explaining sMPC with the Millionaire’s problem
Consider two millionaires who are interested in knowing who is richer without revealing their actual wealth. SMPC allows them to find this information out without revealing their answers. In Keyless’ context, SMPC allows a user to send and retrieve their biometric data from the Keyless Cloud Service without revealing their data to anyone, including Keyless.
User templates converted using Zero-Knowledge Biometrics™ technology are not classified as biometric data by European regulators. This ensures that biometric profiles processed in this manner are fully compliant with GDPR regulations on data processing and storage.

Learn More About Our Award-Winning Technology

Passwordless is Just the Beginning.
The Future is Keyless.