You have watched those Hollywood thrillers and superhero blockbusters where a steely-eyed hero, or perhaps a villain, steps up to a high-security door. There's no traditional lock and key there; instead, a beam of light scans their face, verifying their identity before the mechanical voice of the AI declares, 'Access Granted'. The door glides open, and the mission continues.
Well a decade ago, this was pure movie magic but these scenes are now stepping off the screen and becoming part of our everyday reality, thanks to the evolution of biometric verification technology.
Among those revolutionizing biometrics is Humanode. Humanode’s cryptobiometric technology uses cryptographically secure methods to verify the uniqueness and humanness of a person. But with every innovative technology, there are misconceptions casting a shadow of fear and confusion among users. Similarly, there are multiple misapprehensions about Humanode biometric verification that has been revolving around. In this article, we will illuminate some light and break up the fog surrounding five of the most common myths about cryptobiometrics.
So let’s find out the truth.
Myth 1: Cryptobiometric verification asks users for identity details
One of the most misunderstood facts about cryptobiometric verification is that it is a type of Know Your Customer (KYC). Some calls it semi-KYC. Some referred to it as identity verification. However, in truth, cryptobiometric verification has nothing to do with KYC. In normal KYC, the users are asked to present some form of identity proof (ID, Drivers license, passport).
In case of cryptobiometrics, the purpose of verifying a person using face recognition is to find out that they are a unique actual human. Humanode does not ask for personally identifiable information (PII) such as name, date of birth, address, or social security number. Instead, it leverages the uniqueness of biometrics — like facial characteristics — to create a unique cryptographic representation. This allows the system to verify the user's uniqueness without requiring the user to provide explicit details.
Myth 2: Humanode saves users' biometric data in a database
Another common misconception among people is that Humanode saves the facial data of the users in a database. This is false. Instead, the user data is transformed into an anonymized 3D template while it is still on the users device. These templates are then encrypted before they are sent to CVM for identification where the templates are matched against already stored 3D templates to verify that the user is unique. The liveness data is deleted immediately while the 3D templates are stored in a database.
More in-depth information can be found here: Understanding BotBasher’s Privacy and Security
Myth 3: Hackers can use people's Biometrics once they get their hands on the Biometric data
This myth carries a considerable amount of fear due to the fact that, unlike passwords, biometric traits are not something that can be changed at will. However, in the case of cryptobiometric verification, even if hackers were to gain access to the stored data, they would only find the aforementioned anonymized 3D templates which can not be linked back to the users, rendering the information useless to hackers. Moreover, Humanode implements a multi-layered security architecture and uses hardware encryption with CVM, further ensuring that the data isn’t in decrypted form even during the processing.
Furthermore, we know that CVMs aren’t the best of approaches. Our ultimate goal is to use homomorphic encryption in which the data is never decrypted and all the verifications happen in a decentralized system. But we do not have the scheme just ready yet, it will be in development and will take considerable time. You can check our progress on the implementation of homomorphic encryption in this paper: DeV-IP: A k-out-n Decentralized and verifiable BFV for Inner Product Evaluation
Myth 4: The Humanode team keeps the Biometric Data after the servers update
As you know we have to update the servers frequently to make sure that our system is up to date and secure and it helps us to fight sock puppets. There’s a common misconception that Humanode keeps the biometric data that is stored as anonymized 3D templates even after the servers are updated. Contrary to this myth, the Humanode team does not keep the biometric data after the biometrics servers are updated. As we've established, the actual biometric data is not stored, to begin with. Instead, the system only keeps the anonymized templates. When the servers update, the system deletes all the previously stored templates. This ensures continuous privacy and security for the user, even during system updates.
Myth 5: Using Biometrics in blockchain is an attack on anonymization
The fifth myth we're debunking is the idea that incorporating biometrics into blockchain technology poses a threat to its core principle of anonymization. This assertion, while seemingly logical at first glance, is not entirely accurate.
Blockchain is built upon the principles of decentralization and anonymity. Transactions made on a blockchain network are pseudonymous – they can be tracked, but the identities of the parties involved remain concealed behind complex alphanumeric addresses. This has led to the assumption that adding a personal identifier such as biometrics would undermine this anonymous nature.
However, the integration of biometrics with blockchain, as demonstrated by Humanode, does not compromise user anonymity. This is due to the unique method that Humanode employs to process and store biometric data.
You see in cryptobiometric authentication the goal is to verify the personhood and uniqueness of a human not identify who they are. We use biometric identifiers since they are the most reasonable identifiers that can not be forged. Moreover, using CVMs we make sure that the biometric data is never handled in an unencrypted form even in the processing. With homomorphic encryptions, we will not even need CVMs since this property is already available in the encryption itself.
Furthermore, the implementation of zero-knowledge proofs in Humanode's platform ensures that a user can verify their identity without revealing any actual information about themselves.
So, contrary to the myth, using biometrics in blockchain technology can enhance security without infringing on the principle of anonymization. By leveraging cryptography, Humanode's innovative approach makes it possible to maintain user anonymity while harnessing the benefits of biometric verification.
In conclusion, we've journeyed through the world of Humanode's Cryptobiometrics, challenging the prevailing myths and misconceptions. We've learned that this system doesn't ask users for their identity details, nor does it store raw biometric data. Even if a hacker were to somehow infiltrate the system, they would only encounter indecipherable cryptographic hashes. System updates also do not entail the retention of any user biometric data, and most importantly, the integration of biometrics with blockchain does not compromise the crucial principle of anonymization.