Biometric FAQS

Biometric data FAQS

How is it stored, how accurate is the reader, especially the facial recognition, can it be fooled with a photo? How has this been assured to ensure that it cannot be reverse engineered to create a face or fingerprint? E.g. independent testing

When a face or finger is enrolled into the system, a template is generated by analysing the image and extracting key data points. We license the biometric matching from one of the leading providers, Innovatrics. On this, they state:

“Templates are numerical representations of key points taken from a person’s body. The template usually contains biometrics features such as minutiae points. Template extraction is performed by deep neural networks, which result in algorithms that are extremely hard to reverse. In a way, it can be seen as a one way hash.”

This template is stored in an encrypted database on the device, and transmitted securely to the Portal to be stored in another encrypted database there for redistribution to other devices.

The face or fingerprint image itself is never stored, on the device or elsewhere.

In terms of fooling the facial recognition with a photo, we have developed an active face liveness system that prompts for movement, in order to prevent the use of 2D photos to attack the system.

How do the static terminals connect back to the cloud? Does it use a VPN? Hardwired or Wi-Fi? The T2 connects via HTTPS over the internet. It does not need a VPN. It can connect over Ethernet or via Wi-Fi.

The T2 connects via HTTPS over the internet. It does not need a VPN. It can connect over Ethernet or via Wi-Fi.

The T2 makes an outgoing call to our portal so you do not have to make any special firewall modifications beyond allowing access to the required outbound ports and URLs. The T2 does not require a public IP address.

How does it know to connect to the customers cloud tenant account?

A specially encrypted identity unique to the specific customer account is embedded into each T2. If a device does not have this identity it is not permitted to communicate at all with the portal or the tenant. When the T2 is installed at a site, a unique PIN only visible in your portal is entered during first bootup, which uniquely identifies the T2 at your site and it configures itself accordingly.

What security assurance has been carried out on the hardware terminals?

The T2 has undergone extensive and periodic 3rd party penetration testing by specialist security companies who test and validate the portal, hardware and OS is secure.

What OS is run on them? How has this been hardened?

We run a proprietary version of Linux. This has been built and created within OneAdvanced and runs only the application services we require for the product. As this is not a publicly available, commercial or 3rd party distro we can be 100% confident we know, and control, exactly what runs in our operating system. We control the updates and the builds, the services and the means and security rights of change and update.

How do they receive updates?

The customer can deploy updates from their cloud portal to their T2’s. We will periodically release new updates to the portal (after testing), which will contain fixes and new application features. The customer can then determine when they want to install these from their portal.

What bandwidth will they require to talk back to the OneAdvanced platform?

Very little data transfer is required: from around 1KB for a clocking, 10KB for a biometric template, to around 200KB for a user profile picture. If no internet connection is available when a user clocks, the device will continue to function and the clocking will be sent when a connection becomes available.

The GDPR aspect of the solution, how do you confirm that data that has been erased is not retrievable? What method is used to erase data?

The portal contains a dedicated GDPR application module with the Account enterprise administration portal.

PeopleConnect only has the individual name and email address. No further information is stored inside PeopleConnect so it is very easy to sweep and check.

For PeopleConnect, specifically, you can do an immediate SAR on a subject using those identity variables. The GDPR engine then instantly searches the PeopleConnect and devices for traces of the individuals and collates them into a pdf file which can be access by a designated GDPR administrator.

If you delete a user, using the standard system interface, then all traces of individually identifiable information will be removed by standard delete mechanism which will remove all traces from the portal and all hardware, if your T2’s are online. If they are not online, then the deletion will occur as soon as they connect.

A subsequent SAR will confirm this for you