tech
• technology Next-gen privacy- preserving biometrics
Nothing to remember. Nothing to steal. You are the key.
01 overview who we are
Keyless is a deeptech, cybersecurity company Keyless provides a next-gen, privacy- Our zero-knowledge biometric solution •foundedoverview by renowned security experts, enhancing biometric authentication eliminates the need for businesses to store and experienced technologists and business leaders, solution combining proprietary multi-modal manage biometric data, passwords, and any backed by top-tier VCs, bringing 10+ years of biometrics and advanced cryptographic other sensitive information without research in biometrics and cryptography to life technology in a distributed architecture compromising on convenience or privacy
About us Capabilities Footprint
+ 40+ 8 10
Team Years of Multi-device: Strict GDPR Zero-trust: Global footprint HQ // United Kingdom members top 10 privacy research Enroll once, use compliance: Identification, with international R&D // Italy and Israel & sec. scholar everywhere no PII involved built-in MFA offices BD // Singapore
Trusted by Recognized by
03 mission
Enable everyone to seamlessly access any digital service from any device, at any time, while keeping personal credentials safe, private and under control.
Nothing to remember. Nothing to steal. You are the key. At Keyless, we believe in a world where people can be in control of their privacy and identity.
04 mission the world is going passwordless 51% $5bn 2.3bn of passwords are reused Facebook fine for years of credentials stolen across services privacy violation in 2017 alone (University of Oxford) (Reuters) (Shape Security)
Simplicity vs. Privacy vs. Security
By 2022, Gartner predicts that 60% of large and global enterprises, and 90% of midsize enterprises, will implement passwordless methods
05 evolution why now
Accounts Hacked: PASSWORDS Single Factor 3 billion 1960s 500 million 267 million 143 million HARD TOKENS Two Factor 117 million 1990s
SOFT TOKENS 2000s SMS or App TOTP
BIOMETRICS 2010s Fingerprint, face • Local authentication • Centralized authentication
07 ZERO-KNOWLEDGE BIOMETRICS Face, behavioral Today • No storage of biometric data • Enroll once, use everywhere
Introducing privacy-preserving biometric authentication and personal identity management platform.
Unique combination of multi-modal biometrics and privacy- enhancing technologies for seamless digital identification.
Authenticating people. Not devices. Not passwords.
08 problem fundamental limitations Existing biometric methods have fundamental limitations
Local Authentication
Local Reach Immutable Privacy Security User tied to Not universal Leakage of User not in Easy to hack one device data possible control of data (single factor)
Centralized Authentication
Security Privacy Immutable Central User not in Leakage of honeypot control of data possible when data sent to server
09 solution next-gen private biometrics
Keyless provides a next-gen, privacy-enhancing biometric authentication solution combining proprietary multi-modal biometrics (facial and behavioral) and advanced cryptographic technology
Software only solution Keyless Protocol: world s first commercial Authenticates the accessible through any device, implementation of MPC-based biometrics platform and application end-user, not just • No biometrics stored anywhere, the device / end-point not on device, not on a central database • 300x faster than general purpose MPC Enables multiple use (100ms instead of tens of seconds) cases in zero-trust • Highly computationally effective (no battery drainage) Exceeds strictest authentication, digital identity and beyond regulatory req. GDPR, CCPA, PSD2 Recognized by
Eliminates security risk MFA by design such as fraud, phishing and Distributed biometric credential reuse matching
010 industry recognition recognized by Gartner
Hype Cycle for Identity and Access Management Technologies, 2020 Gartner IAM Hype Cycle Jul 2020 Biometric Authentication
• Benefit Rating Moderate • Market Penetration 5% to 20% of target audience • Maturity Early mainstream • Sample Vendors: Auraya Systems, FaceTec, iProov, ImageWare Systems, Keyless Technologies, OneVisage, SensibleVision
011 technology how it works
Capture Split into shares Send to multiple independent servers and match Recombine secret for 1 2 3 4 biometrics and encrypt encrypted shares against encrypted patterns one-time use
Distributed on Keyless network Nothing to remember Nothing to steal User in control Enroll once, use everywhere, any No central honeypot, Fundamental privacy preserving platform, any device no data on user devices technology
Note: For further information on the technology, enrollment and authentication flow, please click here 012 technology building blocks
Zero-knowledge proofs AI and cryptography Distributed private for device identity at the edge computation
• Zero-knowledge proofs to • Deep learning on user's device • Processing of authentication with securely verify authentication to extract biometric template advanced secure multi-party requests are being launched from • Irreversible transformation of computation protocols in the a user's trusted device data into shards using Shamir’s cloud • No information about user’s Secret Sharing • Independent validation of identity can be obtained • Permanent deletion from device, authentication requests without after shares sent to servers in learning anything about the Keyless Network user's biometric data
014 technology multi-factor by design
User-friendly visible protection Invisible protection
Privacy-preserving Zero-knowledge, AI-driven Distributed private device recognition (ZKP) physical and behavioral biometrics computation (sMPC, SSS)
Use anywhere from any Continuous and dynamic AI-driven state-of-the-art Factor agnostic, multiple device and any channel multi-factor authentication anti-spoofing biometrics; private by design
026 portfolio product lines
Keyless Authenticator Keyless Mobile SDK Keyless PIM SDK and PIM Wallet • Workforceproducts Auth Consumer Auth Personal Identity Mgmt. [B2B] [B2B2C] [B2C]
Enables business to adopt zero-trust Enables businesses to strongly authenticate their Enables individuals to easily and securely passwordless authentication and protect their consumers under PSD2 in one simple action manage their own personal info and privacy remote workforce ✓ Employee identification and device verification ✓ Enroll once use everywhere and on any device ✓ Self-provisioning and management of user own personal data ✓ HW / OS agnostic same experience for all ✓ Meets Strong Customer Authentication employees from laptop and mobile requirement (PSD2) ✓ Selective disclosure of personal data in a private, secure manner ✓ Cost and time saving ✓ No risk of consumer PII/biometrics
Coming in 2022 VPN IdP & Workstation Mobile & VDI RDP Android iOS React Active CIAM SSO Login Web Apps Authentication
033 Passwordless MFA across all employee touchpoints workforce authentication
One authenticator for many use cases
Passwordless SSO Keyless integrates with your existing IdP to enable passwordless MFA for your enterprise apps in minutes.
Desktop MFA Keyless eliminates passwords from your Windows 7,8 and 10 login experience and offers built-in MFA with one look.
Remote Login Keyless enables your workforce to securely authenticate to your VPNs - on any device, from any location.
036 products consumer authentication
Many use cases, easy to integrate
PSD2 SCA Provide your customers with a unified experience with built- in MFA that eliminates fraud, phishing and credential reuse
Customer KYC and MFA Integrate superior passwordless security that authenticates people, not devices, in minutes - for all users, on any device
E-signature Provide your users the ability to electronically sign documents using their face biometrics, from any device
043 technology unique capabilities powered by breakthrough technology
Software Based - Enroll Once - Authenticate Users - No Biometrics/PII Hardware Agnostic Use Everywhere Not Devices Stored Anywhere
Keyless does not rely on Users enroll once in a 5- Keyless identifies users Keyless exceeds strictest the device hardware or second process and can across every touchpoint, privacy compliance sensors, and can thus be use it across all devices so you can make sure that requirements since no PII/ deployed on a large set of and touchpoints and the user who is logging in biometric data is stored devices and appliances enable seamless recovery is actually the correct user anywhere
No reliance on Face ID Multi-device support Unique identity for Exceeds privacy or other 3rd party tech and simple recovery every user compliance beyond GDPR
060 success story case study
Secure remote access for virtual exams Keyless Authenticator™ Simple, secure, and above all, private In response to COVID-19 lockdowns, LUISS Guido Carli University partnered with Keyless and Cisco, to allow their Nothing to remember Anti-fraud protection students to sit their summer exams remotely No central honeypot, Eliminates phishing no data on user device and man-in-the-middle
12+K 6+K 2.2K 10 Nothing to steal Privacy compliance One look multi-factor GDPR compliant, authentication private by design Students Auth/day Virtual exams Days to go-live Ubiquitous experience Easy to deploy Any platform, any Integrates with all device, anywhere identity providers
"The integration with LUISS and Keyless is a concrete example of the potential that can be unleashed when best available technologies come
said Agostino Santoni, CEO of Cisco Italy.
Keyless ZKB™ : Zero-Knowledge Biometric Authentication 061 success story case study
Passwordless MFA for Remote VPN Access Nothing to remember Anti-fraud protection No central honeypot, Eliminates phishing In response to COVID-19 lockdowns, a European digital bank no data on user device and man-in-the-middle partnered with Keyless to secure their remote workforce with seamless, secure remote access to VPNs and remote desktops Nothing to steal Privacy compliance One look multi-factor GDPR compliant, authentication private by design ~1K 2+K <2 1 Ubiquitous experience Easy to deploy Any platform, any Integrates with all device, anywhere identity providers Employees Auth/day Sec/auth Day deployment
Eliminating passwords in the financial sector
Enhanced Reduced Rapid security and friction and deployment login increased and saved experiences productivity costs
062 success story case study
Next-generation passwordless biometric Nothing to remember Anti-fraud protection No central honeypot, Eliminates phishing authentication, on the edge. no data on user device and man-in-the-middle
Global telcos and Keyless are partnering to enable new digital Nothing to steal Privacy compliance experiences and enhanced security using 5G, mobile edge One look multi-factor GDPR compliant, compute (MEC) and advanced privacy-enhancing technology. authentication private by design
Ubiquitous experience Easy to deploy 28% <0.3 11% <2 Any platform, any Integrates with all device, anywhere identity providers
Latency Seconds per Average Hour Reduction auth speedup deployment Enhanced user experiences, faster identification
Enhanced Reduced Rapid security and friction and deployment login increased and saved experiences productivity costs
063 Thank you!
https://keyless.io [email protected] @KeylessTech overview unique technology
Attractive Market Opportunity Cutting-Edge Technology
▪ Clear paradigm shift to passwordless ▪ Combines proprietary novel biometrics and methods underway advanced cryptography ▪ Large addressable market comprised of IAM, ▪ Universal biometric-key-management CIAM, SSI / PIM, all growing at 10%+ CAGR technology powering multiple use cases in zero-trust authentication ▪ Software only solution; true multi-device platform Easy Deployment & Integration Uncompromising Security
▪ Seamless integration with existing systems ▪ Nothing to steal no central honeypot, no ▪ Infrastructure agnostic accessible through data on user device any platform and supporting SaaS, on-prem ▪ Eliminates fraud, phishing and credential and cloud applications reuse ▪ Requires minimal efforts from internal IT teams ▪ Dynamic built-in MFA with just a look; authenticating the user, not the device Superior User Experience Privacy-Preserving
▪ User-friendly, easy to use ▪ GDPR, CCPA and PSD2 compliant ▪ Nothing to remember - passwordless ▪ Neither biometrics nor personal identifiable ▪ Enroll once, use everywhere through any information are stored channel and on any device ▪ Enables selective disclosure of personal data in a private, secure manner
068 architecture distributed cloud
Cloud Region #1 Cloud Region #2 Network Node/ Server Node/ Server Node/ Server Node/ Server Scalable dockerized sMPC sMPC sMPC sMPC multi-cloud setup Engine Engine Engine Engine without limitation Keyless Keyless Keyless Keyless Protocol Protocol Protocol Protocol (e.g., region, provider)
Client App Node/ Server Client Global Shared State sMPC Keyless API Engine Application can either Keyless be first- or third-party, Keyless SDK Cloud Region #3 Protocol depending on customer preference and use image Node/ Server Node/ Server Node/ Server Node/ Server case, i.e. workforce captured by sMPC sMPC sMPC sMPC vs. consumer device Engine Engine Engine Engine authentication Keyless Keyless Keyless Keyless Protocol Protocol Protocol Protocol
Client Network
069 deep dive // intellectual property breakthrough technology
Keyless Protocol: world s first commercial implementation of MPC-based biometrics A unique combination of multi-modal biometrics and privacy-enhancing technologies that offers secure, privacy- preserving biometric authentication, that exceeds regulatory requirements under GDPR/PDPA/CCPA
Breakthrough technology, multiple use cases Unparalleled security and performance
An AI-driven platform • 300x faster than general purpose MPC (100ms instead of tens of seconds) shares; following suite a distributed protocol reconstructs • Highly computationally effective (does the irreversibly encrypted shares into cryptographic keys not drain battery of end user devices) • generate tokens, sign documents, perform verifiable claims or securely authenticate the genuine user • Combines inherence and possession factors to provide Keyless Protocol user-friendly, secure and universal multi-factor security PCT/2020/017511
070 intellectual property portfolio of innovation
Cryptography Core technology Keyless-enabled identity management
Novel cryptographic technique for New protocols for linking privacy- A fresh look at identity and password securely and efficiently generating key preserving distributed biometric management, enabled by our material from multiple sources of authentication with legacy identity groundbreaking cryptographic entropy, including biometric signals providers technology
• Time- and energy-efficient privacy- • Method for separating data privacy • Vault-less password and identity preserving biometric authentication domains in identity provider manager and key management via a unique authentication flows • Method for securely associating cryptographic protocol multiple devices to a single user • Biometric Authenticated Key account Exchange (BAKE) • Method for securely and consistently generating high-entropy cryptographic keys from noisy low min-entropy signals using a trusted device and one or more semi-trusted servers
071 evolution from authentication
Passwords Hard Tokens Soft Tokens Biometrics Zero-knowledge
Biometrics Evolution
Centralized Decentralized
On-premise Cloud Device Distributed Cloud Matching
072 evolution to the future of identity
siloed federated decentralized you are the key
Today, users are managing too many keys, identity landscape is fragmented, and concentrated in the hands of few For user-centric future, personal cryptographic keys need to be managed; but this is extremely complex Decentralized identity services enable people to self-provision and manage their own personal data and privacy in a virtual wallet using blockchain or another distributed ledger technology (Gartner) Keyless enables users to control and selectively disclose their personal data in an intuitive, private and secure way
007373 user identification authenticating people, not devices When using device-native biometrics, the device is authenticated not the user.
When device biometrics are used, the signing key is associated to the device rather than to the user. All enrolled users will authenticate using the same device key.
When Keyless is used, the signing key is generated directly from the biometrics. Each enrolled user will authenticate only with her unique key, allowing the service to identify the user.
074 multi-device enroll once, use everywhere
process for each device.
1 User enrolls on her first device, after going through onboarding process. Her device his linked to her biometric template.
2 User adds her second device by scanning a QR code on his first device. Both devices are linked to the iPhone 7 same template. No onboarding needed.
3 User can add and iPhone 7 Android 6 Device 1 revoke devices Device 2 from any of her Device 3 linked devices fully self service. 075 user onboarding backup and recovery Self-service identity recovery in case of a lost or stolen device without storing any biometric data.
1 User enables backup via the Keyless How is backup stored? Authenticator app Up to you. 2 User loses access to all his devices and acquires a new device and installs the Keyless app • Keyless backup information can be stored either on the user's personal cloud storage 3 User clicks account (iCloud/Gdrive) or on instead of re-enrolling all over again a Keyless hosted service. • In both cases, no biometric 4 User authenticates to Keyless and to data or PII is stored. a 3rd party storage and backup is restored automatically by Keyless
076 authentication offline mode Keyless can fallback to leverage a time-based OTP which is generated by scanning a QR code via the Keyless Authenticator app.
1 User enables backup via the Windows desktop client
2 When no internet connection is available, the user selects option from the Windows lock screen
3 User scans the QR code presented on the desktop using his mobile app The Offline Access Mode can be activated by the user to perform a workstation login when 4 User inserts the TOTP generated on there is no internet connection either on the his mobile device into the Windows workstation or the user's mobile device. lock screen
077