Biometric Authentication (Selfie or Palm Login)
Biometric authentication works by verifying the user physically. Unlike passwords, it is not about 'what you know', but 'what you are'. The user just needs to provide the photo of his face or palm and this is compared against the photo that was registered during account creation.
Innovatrics offers two biometric modalities for authentication: face and palm. Both can suit a different purpose.
Authentication using face | Authentication using palms |
---|---|
For use cases, where the full identity verification (including ID document) is used to create the account and the face is stored in the system. | For use cases, where identity verification is not required and the anonymity of the user is strongly desired. |
Benefits of face | Benefits of palms |
Identifiable against an ID document | Privacy, non identifiable against face or an ID document |
Already collected because of ID verification | User declares consent by showing his hand |
Use cases
The functionality is ideal for:
- second factor authentication
- password renewal
- passwordless solutions
- biometrics captcha
Privacy Considerations in Biometric Authentication
The images of a person’s face or palm are personally identifiable information (PII). These are usually under strict regulation (like GDPR and similar). The biometric templates extracted from the images provide a certain level of privacy as the original image of the face cannot be reconstructed from them. According to the GDPR, the biometric template is still a PII, as it describes the person, but the possibility of the template being misused is almost zero.
In certain cases it is necessary to recreate the biometric template, because of an upgrade of the comparison algorithm that is not backward compatible. In such cases it is recommended to onboard the person again, storing the original images in a server database is OK only if the solution complies with strict security standards.
Biometric Authentication as a Captcha
When onboarding a person for creating an account, the presentation attack detection and liveness evaluated on the collected images (selfie or palm) prevents fraud and ensures that only a physically present person can create the account.
Biometric Search and Deduplication
Biometric deduplication can ensure that any person can create only one account. During account creation, the new collected biometric template can be searched in the database of existing accounts. If there are matching templates, the onboarding can be rejected. For palm authentication it is necessary to enroll both hands to perform deduplication.
Authentication Using Selfie Images
The process is described in Face Auto Capture, Biometric Face Comparison and Passive Liveness Detection.
Authentication Using Palm Images
Read more in Palm Verification.