How ZeroFace Powers Biometric Cryptography
There are enormous consequences when traditional cryptographic keys are lost, stolen or misused. Dedicated secure storage is often used to help safeguard traditional keys. And companies will divulge customer keys when presented with a government subpoena
Instead, IdentityKeys uses ZeroFace's SHA-256 generated ZeroHash as the "seed" for cryptographic keys. These biometrically-derived keys, known as IdentityKeys, exist only during a ZeroFace user session. The IdentityKeys are never stored at the end of the session, they are ephemeral by design.
Crucially, no modifications to standard cryptographic libraries are required to create IdentityKeys! As one example, it uses OpenSSL to create the IdentityKeys used in an AES-256 and file encryption API that ships with our products. This makes it easy to integrate other cryptographic libraries.
The unique privacy protections from the ephemeral nature of IdentityKeys are significant. When the user isn’t logged in, their IdentityKeys don’t exist anywhere, and their data cannot be decrypted
Companies benefit too. They don't have the expense of separating key storage from data storage. And in the event of a data breach, there are no keys for the attacker to steal
