HumanAuthn Overview
HumanAuthn represents a step forward from authentication standards like WebAuthn, created by the FIDO Alliance.
As its name implies, HumanAuthn is dependent on human presence, a revolutionary approach to the old standard of hardware-root-of trust, based on authenticating users by verifying the device they previously enrolled.
HumanAuthn is both an authentication and cryptographic primitive that combines Biometrics + Cryptography + Randomness (stored entropy), that enables the creation of IDs, and privacy-preserving data structures, that works as verifiable credentials. Rather than storing biometric templates, feature vectors, or keys, HumanAuthn relies on stored random entropy and face-conditioned cryptographic operations to perform authentication.
A core property of HumanAuthn is zero-knowledge disclosure at the system level: the system reveals no biometric information beyond a binary authentication outcome. This is a system property, not a cryptographic zero-knowledge proof primitive. As a result, users can be authenticated using face recognition without their biometric data ever being stored, reconstructed, or exposed to verifiers.
| Layer | FIDO Alliance | Verifik |
|---|---|---|
| Framework | FIDO Framework | Proprietary Framework |
| Primitive | WebAuthn | HumanAuthn |
| Type of Primitive | Authentication | Authentication + Encryption |
| Implementations | PassKeys | smartENROLL smartACCESS Access Control |
| Consumer Product | Products built on Passkeys (Apple, Google, Microsoft integrations) | Products built on Verifik's implementations |
Differences between WebAuthn and HumanAuthn
WebAuthn
- User proves possession of a device, where private key resides
- Biometric / PIN unlocks the device authenticator
- Signature proves authenticity
- Device-centric trust or Hardware RoT
HumanAuthn
- User proves live biometric presence = key reconstruction
- Biometric + stored randomness reconstructs an ephemeral key
- Successful decryption proves authenticity
- Human-centric trust or Biometric RoT
Contract Architecture Comparison
Browser → Authenticator → Yes / No
- Developer never handles private keys
- Browser abstracts hardware & crypto
- Output is a cryptographic assertion
System → Human → Yes / No
- Developer never handles biometric data
- System abstracts face recognition & crypto
- Output is successful decryption (or failure)
- The secret never leaves its boundary
- The developer only gets a verifiable outcome
Comparison Table
| Security | WebAuthn | HumanAuthn |
|---|---|---|
| Anchor Trust | Hardware | Biometric/Human |
| Stored element | Private Keys | Randomness |
| Private Key lifetime | Long-term | Ephemeral |
| Private Key storage | Secure Enclave / TPM | Never stored |
| Private Key Reuse | Yes | No |
| Biometric data stored | No | No |
| Biometric templates | No | No |
| Encrypted metadata | No | ✅ |
| Credentials correlation | Sometimes (per RP ID) | No (structurally unlinkable) |
| Offline verification | Limited | Native |
Benefits
Private Encryption
We use elliptic curve cryptography to encrypt metadata without storing facial biometric features.
Facial authentication
HumanAuthn authenticates the user without storing biometric data.
Offline/Online Functionality
HumanAuthn works with or without internet connection, providing flexibility and security.
Decentralized
HumanAuthn works P2P, allowing distributed verification without relying on central servers.
Properties
Irreversibility
Biometric data cannot be reconstructed from stored information. No template, no biometric database risk.
Unlinkability
Authentication events cannot be correlated across services. Each interaction generates fresh cryptographic material.
Renewability (Revocability)
Compromised randomness? Generate new randomness. Your biometric identity remains intact.
Unlike static private keys, HumanAuthn generates ephemeral keys
How It Works
Encryption Phase
During encryption, also known as the enrollment phase, HumanAuthn receives a live biometric sample from the user and independently generates high-entropy random material that contains no biometric features, keys, or feature vectors. This random entropy is stored. Using the biometric sample and the stored entropy, HumanAuthn derives ephemeral cryptographic key material to encrypt identity metadata and generate a verifiable credential (VC) we named HumanID, often encoded as a QR code. All ephemeral keys are immediately discarded after HumanID creation.
Summary:
- Capture biometric sample (face image) with optional liveness detection
- Ephemeral key generation
- Generation of HumanID (verifiable credential)
- Storage of HumanID on cloud/IPFS
- Return of HumanID token for future verification
Decryption
During decryption, also known as authentication phase, HumanAuthn receives a live biometric sample from the individual seeking access. The system combines the biometric input with the stored random entropy to reconstruct ephemeral cryptographic key material. If the biometric sample corresponds to the enrolled individual, the correct key is reconstructed and the HumanID is successfully decrypted, revealing authorized metadata. The act of successful decryption itself constitutes authentication. If the biometric sample does not match, key reconstruction fails and decryption is impossible.
Summary:
- Present HumanID token with biometric input (facial image)
- HumanAuthn reconstructs ephemeral key
- Returns verification result with optional metadata
Preview
At the preview phase, anyone, including user or developer, can visualize the public information of the HumanID (verifiable credential), that is any information made available to the public which is not sensitive and was configured by the developer.
Summary:
- Examine HumanID contents without full verification
- View public data and configuration settings
- No biometric verification required
HumanID
Foundational ID functionality in HumanAuthn.
In this section, we detail the main the components and characteristics of creating/verifying a HumanID:
- HumanAuthn - authentication and encryption primitive with live biometric presence.
- HumanData - raw bytes generated and encrypted through HumanAuthn which can be stored in a database, NFC card or HumanID-QR code. During decryption, the HumanID owner's face is used to unlock the private metadata contained in the HumanData.
- HumanID-QR - Portability of a HumanID in the QR code format containing HumanData, public and private metadata.
- Encryption and Decryption. HumanAuthn is the only software capable of encrypting raw bytes (private metadata) into HumanData and decrypting it revealing the contents with the live biometric presence of the HumanID owner.
Use Cases
Digital Identity
- Secure login systems
- Identity verification for services
- KYC (Know Your Customer) compliance
Access Control
- Physical and digital access management
- Event attendance verification
- Secure document access
Financial Services
- Banking authentication
- Payment verification
- Fraud prevention
Healthcare
- Patient identity verification
- Medical record access
- Prescription verification
Getting Started
To begin using HumanAuthn:
- Create a HumanID: Use the
/encryptendpoint to generate your first HumanID - Verify Identity: Use the
/decryptendpoint to verify against stored HumanIDs - Preview Contents: Use the
/previewendpoint to examine HumanID metadata - QR Code Integration: Use
/encrypt-qr-codefor HumanID QR generation
Technical Requirements
- Authentication: Valid API token required
- Image Format: Base64 encoded images
- Platform Support: Desktop, iOS, Android
- Liveness Detection: Optional but recommended for security
- Password Protection: Optional additional security layer
Next Steps
Explore the individual endpoints to understand how to implement HumanAuthn in your application: