About the project

The focus in this sandbox project is their solution called “SALT”, abbreviated from: “Secure privacy preserving authentication using facial biometrics to protect your identity”. In the development of SALT – which is funded by The Research Council of Norway – Mobai collaborates with BankID BankAxept AS and Sparebank 1 Østlandet.

The Norwegian National Criminal Investigation Services’s (“Kripos”) stated in their 2023 annual report that digital fraud is prevalent in Norway and that there is an increase in identity fraud related to eID solutions. It is especially the issuing, re-issuing and use of e-IDs that are vulnerable to a variety of attacks, potentially resulting in credentials being stolen or misused.

The ambition with SALT is to pilot a solution for strong digital face verification that significantly reduces the risk of identity theft of digital accounts. It also aims to eliminate misuse and theft of biometric data.

In order to prevent this, Mobai is developing SALT to be used as a security component– that can complement existing security measures – in eID-solutions.

About the SALT-solution

A key technology in the SALT-solution is an innovative encryption technique called “homomorphic encryption”. Unlike other encryption methods, homomorphic encryption allows computations on encrypted data without decrypting it.

In facial biometric systems like SALT, identities are verified by comparing two face images. This comparison produces a similarity score that indicates the degree of similarity between the faces. In the case of the SALT-solution, the comparisons are carried out entirely within an encrypted domain – using homomorphic encryption – and the result from the comparison is encrypted as well.

In order to compare face images, biometric features are extracted from images of the user’s face. Every biometric feature on the image is then given a vector-representation. This vector-representation of the image constitutes a dataset which is machine readable and fit to use for facial recognition. This dataset is called a “biometric template”. The similarity score is generated by comparing the set of biometric features in the biometric templates.

It is important to note that the biometric templates contain only plain text, and not the images themselves. However, it has been demonstrated that some degree of facial information and traits can be reconstructed from biometric templates. To prevent this, it is necessary to apply strong security measures to protect them.

The generation of “protected templates” is one such security measure. Protected templates are – in short – a security measure where the plaintext templates are transformed and encrypted. In “SALT”, the protected templates are encrypted using homomorphic encryption.

The benefits of these protected templates are that they can be used for face recognition – just like plaintext templates. However, with the current state of technology, it is assumed to be virtually impossible to re-generate the plaintext template from a protected template, and therefore not possible to restore facial images (or other characteristics) pertaining to the user.