Keyless Technologies, the next-generation biometric authentication company, announces that they have been granted a non-provisional patent by the U.S. Patent and Trademark Office, for how they authenticate and preserve the privacy of a user's digital identity.
The technology prevents organisations, third parties and even Keyless from accessing a person's biometric data as it is not stored on a device or any centralised location - a market first. That means the technology exceeds regulation, such as GDPR and CCPA. In the current era where security and privacy concerns are running high, this fundamental shift from the current approach for biometric authentication will have meaningful value for many industries and individuals concerned with privacy for digital identities.
Utilising innovative cryptography
"Our mission at Keyless is to provide people and organisations with a passwordless future, where the user is the key. We want to do it in a way that lets people login to any app or service, from any device, easily and safe in the knowledge that they have the privacy they deserve, and for organisations to maintain security and compliance for their systems and users. This patent demonstrates our commitment to that mission," says Andrea Carmignani, CEO and Co-Founder.
The Keyless privacy-by-design technology utilises innovative cryptography and secure multi-party computing on the edge. When a user enrols with Keyless, their biometric template is encrypted, broken up into ‘shards’ and stored across multiple servers. Even if a server is compromised, the attackers would never have access to the complete dataset.
Personally identifiable information
The way Keyless technology processes and stores data means that it exceeds GDPR
The user's template is also deleted from the device they used to enrol. When next they are asked to authenticate, the user looks into a forward-facing camera and their details are matched against the stored ‘shards;’ at no time is the full template ever restored. The way Keyless technology processes and stores data means that it exceeds GDPR (no personally identifiable information is stored) and in conjunction with partners, adheres to PSD2 SCA requirements.
This is especially useful for highly regulated industries, such as financial services, or for industries that struggle with revenue leakage due to credential sharing, such as streaming media services. Keyless' technology ensures that it is the person and not a device, being authenticated in a private and secure manner.
Subsequent authentication process
The simple enrolment and subsequent authentication process is also designed to be as intuitive for the user as possible, to enhance user experience. "The intersection of user experience, privacy and security is a very hot space, right now," says Paolo Gasti, CTO.
"There are multiple vendors and analysts out there talking about it, but no one has yet solved that conundrum. By investing in the research and developing our technology in a privacy-first way, we believe we've taken a big step in addressing it. And as we look ahead to up-and-coming technologies that will one day 'be the norm,' such as blockchain and services offering Self-Sovereign Identity, where privacy-by-design is a key tenet, Keyless technology will be able to support those too."