Keyless: Privacy-Preserving Biometric Authentication

Last updated 23 hours ago

Who we are

Keyless helps businesses authenticate their users through privacy-preserving facial biometrics. With one glance at a device’s camera, our technology provides multi-factor authentication in milliseconds and ensures that only the person who originally enrolled is able to authenticate their identity.

What we do

This documentation is best for business users and integrators, covering the following four core Keyless use cases:

1. Enrollment

To authenticate your users with Keyless, you must first enroll them.

This can be done in two ways:

Live enrollment: Keyless provides a User Interface (UI) to create a biometric template, which future authentication attempts will be compared to. This involves capturing their facial biometrics and device details. Our passive liveness technology will also ensure the user is a real person.
IDV Bridge enrollment: This method is for businesses that already have already created a biometric template, typically using a selfie as part of a Know Your Customer (KYC) or Identity Verification (IDV) flow. The IDV Bridge leverages that template for future authentication attempts. This removes the need for live enrollment but still ties Keyless authentication to the user’s existing biometric template.

2. Authentication

Having enrolled your users, Keyless can be used to authenticate them a various steps in the user journey. This is done via a UI that confirms the user is the same as the one enrolled. With a glance at the camera, the user verifies their face and device for multi-factor security, and confirms their genuine presence using liveness checks. Typical steps in the user journey include:

Login
Step-up actions (eg. changing personal data)
Payments (using Keyless’ Strong Customer Authentication (SCA) and dynamic linking)

3. Account Recovery

Given that half of Keyless multi-factor authentication proposition involves authenticating the user's device, we offer two options to help recover devices and accounts.

Enrolling a new device (via “Temporary State”): for customers who have already established trusted alternative second factors such as passwords, SMS One-Time Passwords (OTPs), or email magic links. Keyless' face matching is typically used in combination with the existing factors to enroll the new device.
Managing multiple enrolled devices: customers can also use our API to retrieve and delete devices their users' identities have been bound to.
- This allows users to have multiple devices, which in turn minimizes the cost and security consequences of losing a device.

4. Workforce

Using all of the three core components as above, Keyless also provides a suite of apps, integrations, and wrappers that are tailored for employee authentication:

Keyless Authenticator App: Enrollment and authentication via app-based push notification.
WebSDK: Enrollment and authentication via web browser (OIDC and SAML wrappers also available).
IAM & SSO Integrations: Seamless integration with existing Identity & Access Management and Single-Sign On providers.

Find out more

Last updated 23 hours ago

Who we are

What we do

This documentation is best for business users and integrators, covering the following four core Keyless use cases:

1. Enrollment

To authenticate your users with Keyless, you must first enroll them.

This can be done in two ways:

Live enrollment: Keyless provides a User Interface (UI) to create a biometric template, which future authentication attempts will be compared to. This involves capturing their facial biometrics and device details. Our passive liveness technology will also ensure the user is a real person.
IDV Bridge enrollment: This method is for businesses that already have already created a biometric template, typically using a selfie as part of a Know Your Customer (KYC) or Identity Verification (IDV) flow. The IDV Bridge leverages that template for future authentication attempts. This removes the need for live enrollment but still ties Keyless authentication to the user’s existing biometric template.

Find out more →

2. Authentication

Login
Step-up actions (eg. changing personal data)
Payments (using Keyless’ Strong Customer Authentication (SCA) and dynamic linking)

Find out more →

3. Account Recovery

Given that half of Keyless multi-factor authentication proposition involves authenticating the user's device, we offer two options to help recover devices and accounts.

Enrolling a new device (via “Temporary State”): for customers who have already established trusted alternative second factors such as passwords, SMS One-Time Passwords (OTPs), or email magic links. Keyless' face matching is typically used in combination with the existing factors to enroll the new device.
Managing multiple enrolled devices: customers can also use our API to retrieve and delete devices their users' identities have been bound to.
- This allows users to have multiple devices, which in turn minimizes the cost and security consequences of losing a device.

Find out more →

4. Workforce

Using all of the three core components as above, Keyless also provides a suite of apps, integrations, and wrappers that are tailored for employee authentication:

Keyless Authenticator App: Enrollment and authentication via app-based push notification.
WebSDK: Enrollment and authentication via web browser (OIDC and SAML wrappers also available).
IAM & SSO Integrations: Seamless integration with existing Identity & Access Management and Single-Sign On providers.

Find out more

→