PrivateId Logo

SIGN-IN (Facial Recognition)

The SIGN-IN operation facilitates real-time identification by capturing a fresh facial biometric sample and securely comparing it to the previously registered homomorphic token. This operation is engineered to ensure that no raw biometric data is transmitted or stored while still providing high-assurance authentication using on-device cryptographic computations.

Operation Overview

During the SIGN-IN process, the client device performs the following steps:

  1. Biometric Capture & Preprocessing:
    • A live facial image is captured using the device's camera.
    • On-device biometric preprocessing pipeline performs face detection, crop & alignment, and validation.
  2. Homomorphic Token Generation:

    • The validated biometric data is transformed into a Homomorphic Token.

    • This HT is compared against the reference token established during registration.

  3. Data Purging:

    • Immediately after token generation, the raw biometric data is purged from the device memory.

  4. Local Verification & Optional Server Fallback:

    • The homomorphic token is compared locally for efficiency and privacy.

    • In cases where the local token is unavailable (or required by anti-fraud or regulatory policies), a secure server match is performed.

  5. Optional Selfie & Audit Data:
    • To further mitigate fraud risks or comply with regulations, an optional selfie may be transmitted to the server.
    • Additional audit metadata (e.g., device sensor data, ambient lighting conditions) may be included for forensic analysis.
POST/v2/verification-session

Endpoint

  POST /v2/verification-session

Request Body

In addition to the base parameters, the SIGN-IN request supports several advanced options for enhanced security and operational flexibility:

  {
    "type": "SIGN-IN",
    "redirectURL": "https://privateid.com/callback",
    "callback": {
      "url": "https://your-api.com/webhook",
      "headers": {
        "authorization": "Bearer YOUR_TOKEN"
      }
    },
    "locale": "en-US",
    "enableDesktop": true,
    "sendImages": false,                 // Set to true to include the user selfie in the webhook.
    "authLevel": ["1", "2", "3"],        // Require NIST SP 800-63 Authentication Assurance Level (AAL) 1, 2 or 3.
    "signinFacialScanMaxAttempts": 5,
    "signinFacialScanTimeout": 300,
    "sessionExpiry": 1800,               // Session expiry in ms.
    "transactionID": "txn-signin-987654",// Client-generated transaction identifier.
    "deviceInfo": {                      // Optional device metadata.
        "os": "Android 12",
        "model": "Pixel 6",
        "resolution": "2400x1080"
    },
    "manyFaces": false,                  // Set to true if multiple faces in the stream are acceptable during authentication.
    "challenge": "random-challenge-string", // A cryptographic challenge provided by the server to prevent replay attacks.
    "signinDeleteUser": false,           // Optionally delete all user data post-authentication.
    "BarcodeExpiryTime": 300,
    "BarcodeScanMaxAttempts": 5,
    "debugMode": [“1,2,3”],          // Enable verbose logging for troubleshooting. Level 3 is most verbose.
    "requirements": [                    // Enables usage of different scenarios. With Face or Face and Passkey
      "face",
      "passkey",
    ],
  }

Parameter Details

  • Name
    type
    Type
    (String, Required)
    Description

    Must be "SIGN-IN" to denote a face registration operation.

  • Name
    redirectURL
    Type
    (String, Required)
    Description

    The URL where the client browser is redirected after successful sign-in.

  • Name
    callback
    Type
    (Object, Required)
    Description

    Contains configuration for the webhook that delivers asynchronous authentication results.

      • Name
        url
        Type
        (String)
        Description
        Endpoint for receiving webhook notifications.
      • Name
        headers
        Type
        (Object)
        Description
        Additional headers (e.g., authorization) for securing the callback endpoint.
  • Name
    locale
    Type
    (String, Required)
    Description

    Locale context for the session (e.g., "en-US"). Supports 44 languages.

  • Name
    enableDesktop
    Type
    (Boolean, Optional)
    Description

    If true, desktop-based sign-in is enabled. Default is false. The desktop is not as secure as mobile devices.

  • Name
    sendImages
    Type
    (Boolean, Optional)
    Description

    Default is false. If set to true, loudly announces in the UI that their selfie will be shared with your organization, and returns captured user selfie in the webhook payload. Please consult with your counsel before enabling to support anti-fraud or regulatory requirements.

  • Name
    authLevel
    Type
    (Array of Strings, Optional)
    Description

    Specifies the required NIST SP 800-63 Authentication Assurance Level 1, 2 or 3.

  • Name
    signinFacialScanMaxAttempts
    Type
    (Number, Optional)
    Description

    Maximum allowed failed attempts for the facial scan. Default is 5.

  • Name
    enablesigninFacialScanTimeoutPasskey
    Type
    (Number, Optional)
    Description

    Maximum duration (in milliseconds) allotted for the sign-in scan. Default is 300.

  • Name
    sessionExpiry
    Type
    (Number, Optional)
    Description

    Maximum duration (in milliseconds) allotted for the sign-in scan. Default is 300.

  • Name
    transactionID
    Type
    (String, Optional)
    Description

    A client-generated unique identifier for tracking the transaction. May also be termed a correlation ID.

  • Name
    deviceInfo
    Type
    (Object, Optional)
    Description

    Provides metadata regarding the client device, such as operating system, model, and screen resolution.

  • Name
    manyFaces
    Type
    (Boolean, Optional)
    Description

    Indicates if multiple faces are acceptable. When true, the system prioritizes the face closest to the camera.

  • Name
    challenge
    Type
    (String, Optional)
    Description

    A cryptographic nonce provided by the server to ensure freshness and mitigate replay attacks.

  • Name
    signinDeleteUser
    Type
    (Boolean, Optional)
    Description

    If set to true, the user's data is purged from the system after a successful sign-in. Useful in one-time access scenarios, for any requirement to delete the user, and for system demos.

  • Name
    debugMode
    Type
    (Boolean, Optional)
    Description

    Enables additional logging and diagnostic output for development and troubleshooting purposes.

  • Name
    BarcodeExpiryTime
    Type
    (Number, Optional)
    Description

    Specifies the expiry time for barcode authentication tokens.

  • Name
    BarcodeScanMaxAttempts
    Type
    (Number, Optional)
    Description

    Maximum allowed attempts for successful barcode scanning.

  • Name
    requirements
    Type
    (Array, String)
    Description

    Enables usage of different scenarios for sign-in. Using Face or Face and Passkey.

Success Response

A successful sign-in returns a JSON payload including a unique session identifier and a launch URL for the biometric process:

{
  "launchUrl": "https://verify.privateid.com/start?sessionId=2fbbb4a3-1392-43c4-8d12-f61ff44e4efb",
  "sessionId": "2fbbb4a3-1392-43c4-8d12-f61ff44e4efb"
}

Webhook Response

The asynchronous webhook provides the outcome of the SIGN-IN operation.

{
  "message": "Success!",
  "status": "success",
  "sessionId": "dac57c75-0ed8-40fa-b40e-f0620dbb9444",
  "identificationResult": {
    "uuid": "123e4567-e89b-12d3-a456-426614174000",
    "confidence": 0.95,
    "status": "success",
    "challengeResponse": "signed-challenge-response"
  }
}

Failure Response

{
  "status": "error",
  "message": "Potential spoof attempt detected",
  "errorCodes": [1],
  "retryAfter": 10 // Optional: Suggests a 10-second delay before retrying.
}

Cryptographic Considerations for SIGN-IN

  • Homomorphic Tokenization:

    Private Identity employs homomorphic tokenization to generate deep harmonic embeddings that enable secure, limited search and matching operations on ciphertexts without allowing decryption, thus preserving data confidentiality. This advanced cryptographic architecture centers on generating tokens that are computationally irreversible and collision-resistant through the combined application of preimage resistance, second preimage resistance, and collision resistance. By integrating a time-based salt within an AES256 encryption framework, the system produces non-deterministic, fixed-size outputs (ranging from 1KB to 16KB) with each token generated in as little as 20ms via neural network cryptography. Despite the inherent limitation that no homomorphic token ciphertext is fully IND-CCA secure, extensive research confirms that Private Identity’s embeddings remain opaque, with any inversion or decryption attempts yielding no sensitive information. Further robustness is achieved through the Private ID Edge Encryption Service, which executes immutable, compiled native C++ code and proprietary deep neural networks in an isolated, stack-based virtual machine, reinforced by three additional layers of cryptography to secure backend communications and the entire authentication process. Immediately after token generation, raw biometric data is purged from volatile memory in a “fire and forget” approach, thereby minimizing the risk of residual data exposure.

  • Data Purging:

    If enabled, the raw biometric data is purged immediately after authentication to minimize exposure.

  • Fallback & Redundancy:

    The optional server fallback mechanism is employed if the local comparison fails or if the locally stored token is unavailable. This dual-layer approach enhances resilience against transient device errors or sensor anomalies.

Was this page helpful?