Biometrics

Keyless implements genuine identity assurance, which combines two important aspects:

• Identity assurance (face matching): Keyless verifies that the person in front of the device is the same person that enrolled and possibly validated their identity during account creation

• Genuine presence (liveness detection): Keyless implements state-of-the-art passive offline liveness detection in our SDK. This technology ensures that biometric data is sampled from a live person in front of the camera at the moment of capture

Together, these aspects guarantee that for any authentication it is possible to strongly and reliably link the current user back to the user that enrolled with Keyless.

Keyless develops all the machine learning models used in our biometric pipeline. Our machine learning team is composed of multiple experts from academia and industry, with several years of experience in the areas of machine learning, deep learning, AI, and biometrics.

Keyless utilizes bespoke proprietary datasets collected in collaboration with partners to continuously enhance its face recognition and liveness capabilities. These datasets are specifically designed to address biases, including gender, ethnicity, and age bias. In addition, we leverage publicly available datasets for further refinement and testing.

To ensure the privacy of our end-users, we do not collect data from them for training purposes.

Our algorithms undergo regular updates to stay ahead of emerging threats. To guarantee the reliability and accuracy of our software, we conduct daily internal testing and annual external validation. This rigorous process ensures that our algorithms continue to meet the highest standards of performance and security.

Listen to our introduction to biometric authentication mini-series, presented by our Co-Founder and CTO Dr Paolo Gasti.

Liveness

Our proprietary passive liveness detection technology does not require any user interaction such as head-turning, smiling, blinking, or light flashing to determine liveness. The Keyless liveness detection system is designed to identify a variety of presentation attacks, including static images, videos, deepfakes, paper cutouts, and 3D masks. Leveraging artificial intelligence that runs on the user’s device, it minimizes response time and guarantees biometric privacy.

Keyless liveness detection is certified by an independent international lab against FIDO standards under ISO 30107. To achieve this certification, the biometric experts at the international lab conducted extensive testing using a wide range of attack artifacts, including high-resolution prints, realistic custom latex masks, 3D-printed heads, photorealistic mannequins, and complex spoofing artifacts. Under these rigorous testing conditions, Keyless successfully withstood ISO 30107 level 1 and level 2 attacks.

Face Recognition

Keyless is FIDO 2 Certified, with testing procedures conducted under ISO 30107 (often referred to as iBeta). This makes Keyless the only vendor that has obtained both FIDO and FIDO2 certifications.

The Keyless system is trained to address AI biases related to gender, race, and age, detect partial obstructions and distortions, and work effectively in both low-light and bright-light conditions on all faces. The system maximizes usability, minimizes friction, and requires no learning curve. This advanced technology is the culmination of years of research by a team of experts in biometrics, AI, and machine learning.

DeepFakes and Injection Attacks

Keyless prevents deepfake presentation attacks by utilizing our baked-in multi-factor authentication. In addition to providing a selfie, Keyless users must authenticate using one of the device associated with their account. This immediately makes a deepfake attack more challenging, because fraudsters need to replicate not only the individual, but also gain access to the victim's device. This is inherently more secure than server-based biometric systems which are not MFA by design.

Additionally, Keyless prevents the use of deepfakes by leveraging the Keyless passive liveness detection to prove the identity of the person authenticating. Other systems require active liveness detection, which relies on a process known as the “challenge-response protocol”, requiring users to carry out an action such as blinking, nodding, turning their head, or speaking to prompts or challenges. This can be confusing for users and leads to a poor user experience. The Keyless solution with passive liveness is simpler for the user, and in most cases, it is something they are already familiar with.