Privacy Preserving Biometrics

authID Verified Platform now offers a new class of facial biometric matching technology called Privacy Key. The theoretical basis of this patented technology can be provided on-demand by authID customer support.

Privacy Preserving Biometrics has the following properties:

• The artifacts stored in the authID platform do not contain the user's biometric information.
• An ephemeral private key is generated the first time the user enrolls, and again each time the user successfully authenticates.
• The integrity of the authentication event can be confirmed directly by the customer by verifying the digital signature of the transaction attestation data using a standard PKI toolset.

The user experience and integration pattern remain the same as described in the Authenticating with Verified section of the documentation.

📘

Privacy Key Credential Type

Privacy Key is classified and implemented as a FIDO credential type within the authID platform.

Before a user can authenticate, the Privacy Key must be registered for that user as described in Enrolling User Privacy Key section.

Once the Privacy Key is registered, user can be authenticated by running Verified Transaction with Privacy Key credential.

🔐 Privacy Key as OIDC Authentication Policy Option

authID supports a Privacy Key authentication OIDC policy that allows enterprise-grade authentication using the Privacy Key credential. Key characteristics include:

• Authentication requires a registered Privacy Key credential.
• No biometric data is stored — authentication relies on ephemeral private keys.
• Ideal for integrations with enterprise SSO systems (Okta, Ping, Microsoft).

This policy can be selected via the OIDC Service Policy Privacy Key, enabling platform flows that require Privacy Key for authentication.