Decentralized Biometrics Landscape
                     Deciphering the Decentralized Biometrics Landscape
DecipheDreicnipgh etrhineg tDhe cDecnetnrtarallizedd B iBomioemtriecst Lraicndss cLaapnedscape
A storrmmi sisb brerwewinigngin inth ethied eindteitnytiintyd uisntdryu. sItriys. bIte iinsg bceaiunsge dcabuysaedtr ibfeyc ta torfifefacctoar sof- 
fcaoncstuomrse r- dceosinresufomr emro rdeecsoinretr ofloorv emr othrei rcpoenrstoronla lodvaetar, tnheeveir epnedrisnogndatl adbarteac, hnees vaendr 
elanckdionfgt rudsattian bourer aincshtietust ioansd’  albaiclikty otof tsreucusrte inan douprr oitnesctitouutriopnerss’o naabl iilditeyn ttitoie s.eOcuthrer 
atrnendd sparroetealcsto coouarle spcienrgs-ornealeln tildesesnrtiisteieosf. diOgithaleirn tetraecntidonss ,aerme eraglesnoc ecoofaWleesbc3i,nNgF T-s 
raenldencrtyleptsosc urrriesnec ieos,f anddigtihtae l usientoefrablcotcikocnhsa,in etemchenrogloegnycien goefn erWaletbo3s,t oNreFaTsn d ahnosdt 
cdirgyitpatloccruedrreenntiaclise.sT,o agentdh etrh, eth euysea roef dbrilvoincgkcuhnapirne cteedcehntneodloggroyw itnh gaendnearcacle ptota nscteoroef 
abinodm ehtroicsta sdtihgeitiarrl efcurteabdlenlitnikalbse. twTeoegnetahpeerr,s otnhaenyd tahreeir idreinvtiintyg.  Thuenpqurescteiodneinstneodt 
gwrhoewthtehr, bauntdh owac, tcoedpetpalnoycebi oomfe tbriicosminethtreiclasr gearsc otnhtex tirorfeidfuentatibtylem alninakge mbentwt. een a 
pWeer’vseonp uatntodg etthheeirr tihdeetnatbiltey.b Telhoew qtouealsigtinonst aikse hnooldt ewrshoenththeer, dbifufetr ehnot wde, fitnoit idonespalonyd 
bmieotmhoedtorliocgsie isnt hthate clanrgberc coonsnidterxetd o, fp aidrteicnutlaitryly masarnealagtesmtoendte.centralized identity and
Wdeece’vnetr aplizuetd tboiogmeethtreicrs .tIht ies btyabnolem beeanloswex htaou satilvige,nr asthtaekr,eithios lmdearnst otonc rtehaete dainffaenrcehnotr 
donefithneitmioonstsi mapnodrt anmt teetrhmosdtohalotgariesc ritihcaltf orcsaynst embed ecsiognsthidaet reendha, ncpeasrotviceurallal rsleyc uraitsy 
raenldapterost etcots pdercsoenatlrparliivzaecyd. identity and decentralized biometrics. It is by no 
means exhaustive, rather, it is meant to create an anchor on the most 
iFmeepl ofrreteatnotc otnetramctsu sthwaitth anrye sucgrigteicstaeld faodrd istiyonssteomr e ddites.sign that enhances overall 
security and protects personal privacy. 
Feel free to contact us with any suggested additions or edits. 
Term Description Anonybit Relationship
Concepts and Frameworks
MPC is a technology that gives different parties 
to a relationship the ability to compute data and Anonybit’s core architecture uses MPC to enable 
  arrive at a mutually desired result without Multi-party Computing (MPC)
  requiring parties to the transaction to divulge 
decentralized storage and processing of personal 
data, including biometrics and other digital 
their private data. MPC also uses complex assets. 
encryption to distribute computation between 
multiple parties or network nodes. 
Zero-knowledge proof, also known as zero-
knowledge authentication, is a cryptographic Zero-knowledge proofs are used by Anonybit to 
Zero-Knowledge Proof authentication protocol in which one party (the provide biometric authentication responses 
  prover) can prove to another party (the verifier) without recompiling or revealing the original 
that a given statement is true without conveying 
any additional information apart from the fact biometric data set. 
that the statement is indeed true. 
Personally identifiable information (PII) is 
information that, when used alone or with other There is an increasing call to protect PII in the 
relevant data, can identify an individual. There digital world because of the possible fraud 
are various levels of personal information associated with compromising a person's 
Personally Identifiable Information (PII) sensitivity within PII. Biometrics is a form of PII, personal information.  Anonybit’s framework is 
along with name, email address, device ID, designed to store all kinds of PII in a 
location and other elements that are used to decentralized manner.
identify a person.
A distributed ledger is a peer-to-peer network 
that doesn’t have a central administrator or 
central database. This design is intended to Anonybit does not use distributed ledger or 
increase network security and remove corruption 
by replacing a single point of failure with a blockchain technology due to limitations around data processing, the need to be able to delete 
distributed network of devices that work 
Distributed Ledger (Blockchain) together to verify the accuracy of data. per privacy regulation, and performance issues. Rather, Anonybit’s patent-pending infrastructure 
Distributed ledgers are usually associated with 
blockchain technology but blockchain is just one relies on proprietary derivatives of MPC and Zero Knowledge Proofs to achieve the decentralized 
use of distributed ledgers. Distributed ledgers are 
very powerful to exchange trusted information storage and processing capabilities. 
between unrelated parties while maintaining its 
integrity, and possibly anonymity.  
A digital wallet (or e-wallet) is a software-based 
system that securely stores users' payment Anonybit provides a secure infrastructure for 
information, passwords and other identity digital wallets and makes them accessible across 
information, as well as cryptographic assets, devices. Anonybit also allows for the storage of 
health information, and more. By using a digital the wallet’s contents in its decentralized digital 
Digital Wallet wallet, users can complete purchases easily and asset vault and leverages biometric 
  quickly with near-field communications (NFC) authentication to protect the assets, ensuring 
technology, present digital credentials, and share that only the right person is invoking them. This 
their information at their own discretion. Digital reduces the risks of wallet takeovers by attackers 
wallets are used by the payments industry, using stolen credentials (e.g. usernames and 
cryptocurrency industry, self-sovereign identity passwords). 
frameworks, and many more. 
Decentralized identity
Decentralized identity, often used interchangeably with 
“self-sovereign identity” (SSI), is an alternative to 
centralized and federated identity infrastructures. With 
SSI, credentials are managed in a digital wallet and are 
verified using a public key that is anchored on a Anonybit secures the digital wallet where the SSI assets 
distributed ledger. The SSI may be generated from an are stored. This ensures that the SSI is invoked only by the 
Self-Sovereign Identity (SSI)  issuer’s database (e.g., government, university, health authorized person and enables  cross-device access to the 
institution, social media account, etc.), but does not wallet’s framework. This is important if an individual gets 
actually contain any personal information. The SSI can be a new device or is using a shared device. 
used to interact with third parties at the sole discretion of 
the individual. Personal data therefore does not need to 
be transferred as individuals interact, however, the 
issuer’s database may still be centralized. 
Decentralized Identifiers and Verifiable Credentials make 
up Self-Sovereign Identity. The DIDs are holders for the 
Decentralized Identifiers (DIDs) and Verifiable Credentials digitized credentials themselves. When the VCs are Anonybit allows the issuer to associate a biometric to the generated by the issuing party, they are signed with a DID for use in downstream applications, ensuring that the 
(VCs)
  public key that is stored on the blockchain. When correct person is invoking it and allowing for easy someone wants to verify the authenticity/validity of the reissuance if the person gets a new device. 
credential, they can check the blockchain to see who 
issued it without having to contact the issuing party.
Decentralized biometrics is the process of splitting 
biometric data into pieces and storing/distributing them 
over different computers or nodes. Most decentralized 
biometric schemes require that the pieces come back 
together again for matching, which create performance 
and security problems. As a result, the alternative has Anonybit leverages multi-party computing and zero-
been to use device-based biometrics which ensure no knowledge proofs in a proprietary manner to deliver fully 
Decentralized biometrics central repository of the biometric data, but as noted decentralized biometrics and support both privacy and 
elsewhere in this document and on the blog, this method security. 
is easily circumvented. New breakthroughs 
allow both the storage and the processing of the data to 
be done in a distributed way, eliminating the tradeoffs and 
problems seen with centralized and device-based 
biometric approaches. 
Identity Management
Identity verification (IdV) is an approach for verifying and authenticating 
  Anonybit integrates with the identity verification flow to enhance overall the physical identity of individuals onboarding  to a digital application. 
IdV is sometimes used for step up verification as well. It uses knowledge- identity assurance levels downstream. The biometric data that is 
Identity Verification based user attributes and document verification to confirm that a person captured during the onboarding process is sent to Anonybit for sharding 
  and distribution throughout the peer-to-peer network and this same enrolling a service is who they say they are in the physical world. Part of 
enrollment data is used for subsequent authentication and account 
the process involves matching the photograph on the identity document 
to a live selfie. IdV is typically used for onboarding digital applications and recovery in all future interactions with the service. 
for KYC and AML compliance.
Passwordless authentication is a method that allows a person to gain 
access to an application or network without the use of a password or 
other knowledge elements (pin code, personal questions) . In many 
cases, passwordless authentication methods rely on a biometric Anonybit provides turnkey passwordless authentication via cloud-based 
signature that is tied to a cryptographic signature which gets sent to the decentralized biometrics. Because Anonybit is cloud-based, there is no 
Passwordless Authentication authenticating service. Almost always, the biometric signature comes device dependency and the solution can be linked to the onboarding 
from a local template that is stored on a user’s device (PC, smartphone or process for added security in downstream applications including account 
external security token). Except in very specific cases, the authenticating recovery. 
service does not manage the user’s device or the biometric identity, and 
the fallback in case of account recovery or other failure is typically a 
password or other knowledge-based authenticator.
One of the biggest challenges for providers of online services is allowing a Anonybit addresses the online account recovery by giving providers a 
secure and accurate account recovery process. The need for account 
recovery is driven by users losing access to their original credentials biometric trust-anchor with the user, to which they can tie any access to 
Online Account Recovery the service. By providing cross-device biometric authentication that is 
(“forgot my password”), and must account for risks of fraudulent online 
attacks, lost or stolen passwords, lost or stolen devices, or compromise connected to identity proofing and fraud resistant, account lock-out and losses are securely prevented. 
from insider threats.
Zero Trust is a security framework requiring all users, whether in or 
outside the organization’s network, to be authenticated, authorized, and 
continuously validated for security configuration and posture before Anonybit provides accurate, secure, and private biometric authentication 
Zero Trust Security  being granted or keeping access to applications and data. Zero Trust for access to digital applications.  This authentication process can be 
assumes that there is no traditional network perimeter; networks can be invoked at any time within an application or central authentication facility 
local, in the cloud, or a combination of hybrid with resources anywhere such as single-sign-on (SSO). 
as well as workers in any location
Multi Factor Authentication (MFA) is a method of user verification that 
utilizes two or more unrelated authentication modalities that includes 
something the user knows (password, pin, knowledge), something the 
  user owns (device, token, cryptographic key), and something the user is 
Anonybit uses multiple biometric authentication modalities within its 
Multi Factor Authentication (MFA) (physical biometric traits such as face, iris, fingerprint, voice, etc., as well framework, which are combined with device binding to create 
as behavioral biometric). It is possible to combine passwordless decentralized, passwordless MFA.
authentication methods with other authentication methods to make up 
MFA. 
Anonybit can serve as a common anchor of trust across organizational 
trust-domains by ensuring users are authenticating at the same high level 
Federated Identity Management is an arrangement between multiple of assurance. The high assurance level is achieved by incorporating the 
organizations or online services that enables their users to use the same Anonybit authenticator into the federated authentication flow. Through 
Federated Identity Management  identification data (digital identity) to access across their networks. These that, the trusting organization receives a consistent level of assurance 
partners are also known as trust domains. A trust domain can be an across all its federated partners against a consistent, biometrically proven 
organization, a business unit, a smaller subsidiary of a larger organization, trust anchor.  With the ability to securely manage identities with the 
etc. and are trusted by a similar organization called the Relying Party. Anonybit network, the architecture can support Federated Identity 
Management by protecting the user's personal information across 
multiple trust domains.