Fabian Eberle, Co-Founder
This year saw intensifying concerns around privacy. As data collection capabilities increase and companies continue to gather unprecedented volumes of sensitive user data, the scale, frequency, and impact of data breaches has also grown dramatically. In a digital space where many organizations are handling delicate customer, partner and employee data online, stronger user authentication and digital identity solutions are at the core of information security efforts to prevent attacks and leakages for businesses today.
Current approaches such as strong password requirements or multi-factor authentication have been used, to various degrees of success, as band-aids against the core structural problem of centralized authentication. However, they fail to address the fundamental issue: as long as organizations maintain large, centralized databases of private identity and authentication data, these “honeypots” will continue to incentivize attackers to execute large scale data breaches and exploit consumers.
Keyless, the world’s first decentralized biometric authentication protocol, is introducing a new paradigm to digital identity and authentication. Leveraging privacy-preserving protocols that combine cryptographically secure, oblivious computation (sMPC) with the convenience of modern biometric authentication methods in a scalable, performant way, the Keyless protocol protects enterprises from data breaches while remaining fully compliant with regulations like GDPR. “Our goal is to unlock powerful security standards without compromising on user experience. At Keyless, we are challenging the status quo and re-thinking server-side architecture to create a system that both performs well for businesses and respects end user privacy,” says Fabian Eberle, co-founder of the company.
This new standard in identity and access management is based on Keyless’ novel network-based authentication platform, which combines the security profile of a decentralized system with the availability of cloud-like architectures.
To achieve this, biometric data is encrypted locally on the device and sent to the network without ever disclosing a decryption key. During authentication, the Keyless network performs biometric matching using secure multi-party computation algorithms—a type of cryptographic protocol that allows for matching in the encrypted domain. As a result, the identity of the user can be verified by the network without ever compromising on privacy. “Network-based authentication will eliminate the need for businesses to centrally store passwords, cryptographic keys, and other credentials - without compromising on convenience and ease of use for their users. What’s more, this kind of private-by-design, decentralized authentication architecture can give people control over portable, secure digital identities for perhaps the first time,” says co-founder Giuseppe Ateniese.
Keyless’ solution is unique as it solves previously intractable problems around secure and private biometric authentication, key recovery, and revocation processes, while also providing a significant improvement in usability and convenience. The experience feels similar to Face ID but inherits all security and availability benefits of decentralized networks. With Keyless, users effectively become their password. Starting with facial scans, the solution integrates with a variety of current and future biometric security methods, including a new wave of behavioral biometrics that allows for continuous authentication. Important to note is the speed at which the protocol can perform multi-party computation for match, often at speeds less than 80ms— far faster than generalized protocols for sMPC and functionally transparent to the end user.
Leveraging its expertise, the company will test and validate its solution by solving a core problem in the crypto-asset space (commonly known as “blockchain”), key management. Instead of being told to manage a 12 to 24-word seed phrase on a piece of paper, which has resulted in billions of dollars in value lost, end users are invited to enroll using their face and other biometrics. This process will take only a few seconds and will generate a seed phrase that can be used to access accounts and sign transactions with just a look, while increasing security. This new dynamic might allow the everyday user to conveniently manage ‘self-custodial’ assets for the first time. “We will expand into adjacent markets both enterprise and government, enabling use cases such as biometrics-enabled payments, frictionless travel, among others,” says Andrea Carmignani, co-founder of the company.