Overview

Keyless is the first and only passwordless authentication company that leverages facial biometrics for authentication without storing any biometric data. This is a ground-breaking development for privacy and an industry-first achievement that stands to revolutionize the passwordless authentication space.

In its simplest form, when a user takes a selfie for authentication purposes, their biometric profile can be stored in one of two ways. It can be stored on the device (locally), or on a centralized cloud server (server-side). But both applications have flaws. Biometric data stored locally (such as with Apple’s FaceID) cannot be recovered if a phone is lost, whilst server-side biometrics will be at risk if the server they are stored on is compromised.

Keyless has developed a third way, known as distributed biometrics. After 10 years of research, through the application of advanced privacy-enhancing technologies (PETs), Keyless uses secure multiparty computation (sMPC) and Shamir’s Secret Sharing (SSS) to encrypt a user’s biometric template, split it into different shards, and send it to multiple different cloud servers. The template is transformed into meaningless data; these individual servers are not able to read the data within the shard they have received, nor are they able to communicate with other cloud servers. Even if all the cloud servers are compromised, a user’s biometric data never will be. In this way, Keyless provides security, privacy, and strong user experience, without processing or storing any meaningful biometric data – an industry first.

Keyless is designed to be agnostic and integration-friendly so that customers can quickly deploy authentication solutions to all modern devices – all that’s needed is a camera. Keyless went live with its first formal client in May 2020, and it has since become the first and only vendor to achieve FIDO2 and FIDO certification for the commercial reliability of its biometric software.