Some Insights about BWS Data Processing

event_note September 14, 2017

Where is my biometric data stored?

The BWS (BioID Web Service) server and storage components are located in highly secure data centers in the US, EU or Asia (depending on the service provider and applicable data protection laws). Security of these components is assured in part by the strong security controls built into the cloud platform and the security of the data centers, which are compliant with numerous standards and guidelines.

Some biometric systems store the template locally on the end user’s device. This may seem more secure because it keeps the biometrics in the user’s control. However, putting everything on the client device makes the system more vulnerable to many kinds of attacks, including template theft, sending false messages from the client, etc. BioID instead puts the encrypted data in secure data centers anonymously, without any personally identifiable information.

Who has access to my biometric information?

Service providers trust and authorize BWS to handle biometric recognition for their applications. Each service provider has an isolated BWS instance and so only has access to recognize its own users. These applications authenticate you either by capturing your biometric data and sending it to us via the BWS API, or by redirecting you to us to capture the data for them. Only the service provider who owns the application you enrolled with is able to recognize you.

Your biometric template can only be used by our service, and is not accessible via our API or management portal; this means that service providers using our service, or someone who has hacked their systems, do not have access to it. In the case of verification (one-to-one) they submit photos or recordings along with your anonymous ID, and our API responds by telling them whether or not you are recognized. For identification (one-to-many) they submit photos or recordings and we tell them which of their users you are likely to be.

BioID deletes your photos or audio files as soon as the unique features are extracted, however the application using BWS may store some or all photos before submitting them to BWS. If the application uses a redirect method, it never has access to your photos or recordings.

Can someone steal my biometric data?

It is important to distinguish between raw biometric data and a biometric template.

Raw biometric data refers to a photo, a video or a voice recording captured directly from your camera or microphone. Whereas a biometric template is a mathematical representation of the unique features of your face or voice, extracted by BWS to perform the recognition. A biometric template is digitally signed so it cannot be tampered with, and encrypted so it would be useless without BWS.

Your raw biometric data can be captured in many places with or without you knowing it, e.g. at the airport, through social media, when applying for a passport etc. However, only with your permission through your service provider can your biometric template be created by BWS and used by BWS within the server. While your raw biometric data may be “stolen”, your biometric template always remains with BWS and is protected form theft through strong security architecture and IT security best practices.

If someone did manage to steal your template they would not know who it belongs to, because a) it is stored anonymously, and b) it cannot be reverse-engineered to generate a photo.

Additionally, if someone steals and uses a photo or recording of you it would be detected by our “fake defender” liveness detection.

BWS itself was designed according to IT security best practices including encryption of all communication and storage, secure communication endpoints, and API security via X.509 certificates or app tokens. Furthermore, each customer receives his own isolated BWS instance.

What happens to the raw biometric data (photo / audio files)?

BWS never stores photos or audio files sent through the API; they are deleted once the unique features have been extracted from them.

An application using BWS may store some or all photos or audio files before submitting them to BWS. This may be done for audit trail or other purposes, and end users should be informed of how their data is stored and used.

What happens when a user is deleted in BWS?

For data protection purposes, deletion of BWS data associated with a user (biometric data) is immediate and irreversible. On the storage systems all reference to the data is removed and the copies are then removed by a garbage collection operation.

The data stored as part of the Service, e.g. accounting data, licensing data, audit data, logging data, performance data and certificates, are kept for accounting purposes as long as the Service Term is valid or as required by local laws