❓ FAQ
The Keyless Authentication App is a standalone mobile app that enables users to seamlessly use their mobile devices to authenticate on websites, services, and external providers. See the Keyless Authentication App Offering for more details.
The Keyless network comprises of different server nodes which store the encrypted secret key and biometric information of the users. They interact with the user devices to compute the ‘closeness’ between stored biometric templates and the authentication samples of the users.
The user interacts with the Keyless nodes to perform operations including enrollment of themselves and their device(s) to the network, and authentication to the system.
The user device along with each of the Keyless nodes runs secure multi-party computations, storing long-lived secrets (including user’s cryptographic keys and other sensitive information) only as encrypted shares on the Keyless nodes. The encryption of the shares is performed on the user device before being sent to these nodes.
The apps can either choose the set of nodes from the network randomly or based on enterprise policies. The policies can be pre-defined before the instantiation of the protocol. If needed, the policies can also be updated and correspondingly the user can interact and send the encrypted shares to the new set of nodes in the network after the policy update.
The seed value and the biometric template are shared using Shamir’s Secret Sharing among the Keyless nodes. The secret sharing scheme is chosen so that
each of the secrets is split into several pieces. A number of these pieces is required to reconstruct the secret. Each share is encrypted and then stored on one node. No information is disclosed if one has access to less than the required number of shares.
The Keyless protocol specifies the cryptographic operations carried out on the user device such as secret sharing and encryption of seed and the biometric template along with the different mechanisms for interaction between the user device(s) and the Keyless network nodes.
Keyless secures user data, keys, and identities without the use of passwords and enables users, customers, and workforce to seamlessly and securely authenticate to online services, websites, and providers. Keyless provides the convenience of a unified experience across multiple devices where the user can use their biometrics for authentication and, optionally, key management.
Usability, security, and privacy. Keyless protocol allows a user to authenticate using facial features from any of the user’s devices, without having to remember any passwords or PINs, and interacting with systems like digital payments and online banking. It is designed to support several biometric modalities (e.g., fingerprints, iris, retinal scans, and behavioral biometrics), which will be included in the future.
The user keys and data, including the biometrics used for biometric authentication, are stored on Keyless server nodes in a secret-shared and encrypted fashion. The user device, together with their biometrics, is the only way to legitimately access secret keys and biometric information. Nobody else can access the user information or biometrics, not even the Keyless network.
This approach does not contain the typical central honeypot with user information that could be stolen during a data breach.
In order to attempt to spoof the system using compromised user-biometrics, the attacker also needs access to the enrolled trusted device of user. The Keyless Network checks if it the device is enrolled and is authenticated every time the user tries to authenticate themselves to the system. So, the spoof attempt needs to be performed before the stolen device is revoked by the user. Additionally, Keyless uses liveness detection techniques to detect and blocks spoofing attempts.
This is to mitigate a common and major attack vector where the adversary tries to attack the system from their own device. The adversary can not use any device that has not been enrolled to authenticate to the network, the device needs to be enrolled first and authenticated every time the user tries to interact using the enrolled device with the Keyless network. The device effectively acts as a two-factor authentication token.
To perform a Denial-of-Service attack, the attacker needs to perform such an attack on all the Keyless nodes simultaneously however such an attack is extremely difficult because of the distributed nature of the Keyless network. As long as a threshold number of servers are available, the availability of the Keyless network is ensured.
Currently, Keyless supports face recognition. However, the protocol is designed to allow several biometric modalities including fingerprints, iris scan, and retinal scan.
This is to mitigate a common and major attack vector where the adversary tries to attack the system from their own device. The adversary can not use any device that has not been enrolled to authenticate to the network, the device needs to be enrolled first and authenticated every time the user tries to interact using the enrolled device with the Keyless network. The device effectively acts as a two-factor authentication token.
Keyless automatically updates the user’s biometric template over time to account for natural changes in the user physiology and appearance. The Keyless network accepts updates to the user template only after successful authentication.
Keyless captures the facial features and extracts embeddings from the captured face using a neural network, the extracted embeddings are used for seed and key generation. The biometrics are as reliable as the capture and extraction of features are.
Keyless supports modern liveness detection techniques to detect that a picture is in front of the camera, and rejects the authentication attempt. These techniques seek to allow a biometric system to determine whether the biometric data used for authentication is from a living person, rather than from a photo, a mask, or a video. Liveness detection can be passive or active.
With passive liveness detection, a face recognition system uses minute face movements due to breathing and natural changes in expression to determine that the biometric data being extracted is from a live individual rather than a photo or a mask.
Active liveness detection involves a challenge-response mechanism: the authentication system asks the user to perform a randomized set of actions (e.g., look up, look left, blink twice), and checks whether the user has performed these actions correctly. These mechanisms prevent the use of pre-recorded videos of the legitimate user for the purpose of circumventing an authentication system.
Yes, Keyless conforms to the GDPR principles of lawfulness, purpose limitation, data minimization, accuracy, storage limitation, integrity, confidentiality and accountability. The user knows the flow of all his information in the system and so Keyless is transparent and lawful. The user biometric data is encrypted and shared among all the servers, the servers do not (and cannot) use the encrypted shares for any other purpose except storing meeting the second principle. The user stores no more information than what needs to be stored. The information stored in the system is updated by the user, its accuracy and updates are all controlled by the user and Keyless does not process or utilize the stored information in anyway. The different cryptographic tools used in the Keyless protocol ensure that the data remains confidential and is available to the user at all times.
Keyless uses secure multi-party computation to match the template with the authentication sample. Specifically, the Keyless protocol implements “comparison” between encrypted biometrics, and the secure multiparty computation together with biometric extraction is optimized to work in tens of milliseconds.
Biometric matching is performed on our nodes, rather than on a device that is potentially in the hands of the adversary. There are several security issues associated with local authentication: (1) the authentication result cannot be trusted in the network, and therefore cannot be trusted by the network, for instance, to release shares of cryptographic keys; and (2) if the device is physically in the hands of the adversary, it is possible to bypass authentication by editing the content of the device’s memory. Keyless addresses these and other issues by performing matching in the network, rather than locally on the user’s device.
Yes, the user can use multiple devices while enrolling just once. They can interact with the Keyless network from any one of the devices to perform operations including authentication, updating the biometric template, recovery etc. They can also revoke any of their devices anytime they wish.