ShareID, on the other hand, wants to retain as little information as possible, and for as short a time as possible.
“We issue reusable identities to our users, we get rid of all the personal data that we captured. We only generate this homomorphic hash and we use it to re-authenticate the person when they come back,” Sebti told TechCrunch, referring to
an encryption technique that allows the creation of a unique value from a set of data, and makes it impossible to reverse it to get the original data.
In practice, Sebti explained, ShareID customers have access to an SDK and an API that allows them to embed the company’s technology on their website, as well as their Android or iOS app. Sebti said that the person who is trying to authenticate will have to submit a video showing the front of the document for three seconds, and the back of the document for another three seconds. Then, the website or app will capture a video of the person’s face, asking it to fulfill challenges to prove they are really recording it live, such as smiling, tilting their face to the left or right, and following a point on the screen, whose position is randomly generated.
“You have a random point that is run on your screen and you have to follow it with your eyes, and you have no clue where it will be. So you cannot prepare the video to get into it,” Sebti said.
At that point the service processes this data and creates a homomorphic hash that can be used to re-authenticate the user when they come back.
At least, that’s what ShareID claims. Sebti said France’s military police audited the company’s security, and that they monitor their own security by running penetration tests, or pentests, and “other live security monitorings.”
www.thesslstore.com
