Veintree launches | Veintree SAS

Veintree launches its biometric solution based on the capture and analysis of hand vein networks to authenticate users, without identifying them.

From media article of Global Security Mag

https://www.globalsecuritymag.fr/Veintree-lance-sa-solution-biometrique.html

Veintree's technology is forgery-proof, stores no biometric data and is resistant to cyber-attacks, even those originating from quantum computers, the most powerful developed to date. It protects users' personal data and identity in the digital world.

Origin of the concept

Founded in 2017, the Veintree concept originated in 2010 during the devastating earthquake in Haiti. Dr Christophe BRON and his associates Eduard TSCHAN and Patrizia COPPOLA, then involved in the International Federation of Red Cross and Red Crescent Societies' "Earthquake" operation, witnessed the heartbreaking consequences resulting from the severance of family ties and the inability of victims to formally identify themselves to the authorities. This powerful experience inspired the founders to dedicate years of research and development to the creation of a forgery-proof solution, based on the natural physicality of hands, which enables rapid and accurate authentication of individuals without the need to know their identity.

Each key is unique

Nature has created human beings as unique as their hands. Inspired by this reality, the Veintree authentication system is based on digital locks created from the biometric data of a hand's vein network, and these locks can only be opened by the hand that originated the lock. By capturing and analyzing the images and flows of the hand's vein network, Veintree's patented algorithms generate a unique encrypted key. Each time it is used, the authentication key is different, but always corresponds to the lock originally created by the same hand.

All biometric data deleted

Once the biometric reading has completed its task, it is immediately deleted to prevent identity theft. Veintree's secure servers store no biometric data, and are based on a zero-trust model. No reference databases are used, no image comparisons are made, no biometrics are archived. The keys created become unusable after each use, thus preserving the confidentiality of personal data. Neither keys nor locks store biometric data.

Authentication is dissociated from identification

The basic principle of the Veintree solution is to authenticate that a person is indeed authorized to access the rights and services associated with the digital accesses and transactions they carry out (banking, commerce, permissions, etc.). At Veintree, authentication is dissociated from personal identification: personal identifiers are not included. However, for use cases where personal identification is considered necessary for authentication (for example, an employer or a government department), this aspect is managed internally by the company or organization using the Veintree authentication system, and not by Veintree itself.

A solution resistant to quantum attacks

This palm vein network authentication method, which is resistant to the cyber-attacks used against identity servers and Single-Sign-On methods, has also been certified as resistant to quantum attacks by NIST (the US National Institute of Standards and Technology). Its inviolability is guaranteed by the uniqueness of each individual's vein network. The Veintree system verifies five distinct yet related factors within the hand, including the shape of the venous network, the positioning of individual veins and the rhythm of blood flow. The verification of these five factors, the result of a patented process, enables authentication to be highly reliable and confirmed. The technology is also tamper-proof, as it recognizes signs of biological activity in the hand, making it impossible to manufacture inert copies.

The individual controls access

The security of the Veintree authentication system is further enhanced by the fact that each lock created is unique and specific to each service or application. What's more, it is always possible to easily terminate access to a previously authorized service, or delete any lock created in connection with a service. The termination of Veintree permissions granted to any service is at the sole discretion of the person concerned. In a way, this is a form of personal digital sovereignty, an approach at the heart of Veintree's code of ethics.