What's New - Verified 4.6.0 Release
What's New - Verified 4.6.0 Release
This release introduces major enhancements to PrivacyKey, improvements to the Identity Portal, expanded internationalization support, new security and performance safeguards, and multiple UX refinements.
What's New?
Privacy Key
Glasses Detection for Higher-Quality Selfies
We’ve added an optional glasses-detection check to the PrivacyKey enrollment and authentication flow. This feature is disabled by default and must be explicitly enabled in your configuration.
When turned on, if glasses are detected during selfie capture, the user is prompted to remove them and retry, up to a tenant-configurable number of attempts (e.g., five). Once enabled, this helps improve the consistency and accuracy of PrivacyKey creation.
Enhanced PrivacyKey Enrollment
We’ve enhanced how a PrivacyKey is created by using generative AI to generate additional selfie poses and face angles from a single capture. This behind-the-scenes improvement makes keys more robust across different lighting conditions, angles, and movements, reducing retries and improving overall success rates, with no changes required to your existing integration or user flows.
PrivacyKey Attestation as OIDC Custom Claims
authID’s OIDC server now surfaces PrivacyKey attestation data as custom claims whenever a user authenticates with PrivacyKey. These claims include the attestation string, its signature, the derived public key, and the COSE algorithm identifier. This enables downstream systems to cryptographically verify the human–to–agent binding, enhance auditability, and plug Mandate’s trust signals directly into existing identity and authorization flows.
Duplicate Prevention with PK Search 1:N
PrivacyKey enrollment can now perform a real-time 1:N duplicate search to prevent users from creating multiple keys and accoutns. This ensures stronger identity integrity and reduces credential duplication across accounts.
Identity Portal
Permanent IAD/PAD Metadata in Risk Signals
The Identity Portal now displays a new Risk Signals section for Accepted and Rejected transactions across Proof, Selfie Enrollment, Verified, and PrivacyKey Enrollment. This section includes permanent PAD and IAD values, even when temporary backend image data has been removed. Customers gain longer-lived insights without retaining sensitive content.
Expanded Data Lifecycle (TTL) Configuration
Administrators now have more granular control over data retention. TTL rules can be configured per payload type, including intermediary selfies, final captures, and document images at both system and tenant levels. This ensures compliance with varying data minimization policies while maintaining operational flexibility.
Internationalization
Expanded Language Support and Regional Grouping
Verified now supports 41 languages, organized into clearly structured groups to simplify selection for both users and integrators. Languages are grouped by region, including Americas, Europe, Middle East & Africa, and Asia-Pacific with core global languages presented at the top.
User Experience Improvements
Simplified Consent Flow: Optional Single “Continue” Button
A new configurable mode allows customers to remove the Decline option from authentication prompts. When enabled, users see only a single Continue button, streamlining consent and reducing confusion in high-trust workflows.
QR Code Transfer – Improved Wait Screen UX
The QR code transfer experience has been enhanced to offer clearer guidance when moving transactions between devices. The flow now supports a new Pinless Transfer mode and provides improved feedback on both the originating and receiving devices, reducing friction and clarifying expectations for users.
Bugs Begone
This release includes multiple reliability improvements, stability fixes, and refinements to backend data processing. Enhancements were implemented across the PrivacyKey pipeline, transaction confirmation workflows, and portal interfaces to ensure a smoother and more predictable experience.