What is the Index ID?
- The Index ID better known as the Facial ID is an identifier (UUID) assigned anonymously by the underlying Facial Recognition Engine to each enrolled user on your application, after his consent when he complete on-boarding on your application.
- Enrolled users are managed in your sand-boxed application via this anonymous ID, enforcing privacy-protecting separation of biometric hashes (a stream of meaningless floating point numbers that cannot be reverse engineered), and all metadata you have already linked to a particular user on your application.
- This design is especially directed to facilitating compliance through strong data protection and pseudo-anonymized data handling.
- When you create a new FACEIO application, and implement the
fio.js
SDK on your website, web or mobile app for the first time, you agree to be bound by our Services Terms and consent to our Services Privacy Policy. - It is your responsibility now to safeguard, and to provide or proceed to the deletion of each Index ID assigned to any of your enrolled users whenever the user in question is requesting it, and to follow our Privacy Best Practices Guide.
The Facial Recognition Engine
The facial recognition engine is the critical key component that is responsible for mapping each enrolled user’s face at real-time into a mathematical feature vector, better known as biometrics hash, which is in turn stored in a sand-boxed binary index.
When you create a new application, FACEIO gives you the choice between two production hardened facial recognition engine: PixLab Insight and AWS Rekognition. Insight is the default engine developed by PixLab exclusively for FACEIO. Insight is optimized for accuracy and real-time performance for live video feed, and is architected to instantly detect and match millions of faces in near real time, even under challenging conditions where faces are in motion, at different angles, under poor lighting conditions, or partially obscured with face covers. Both engines (Insight and AWS Rekognition) are able to search and match potentially millions of faces from images or video feed at near real-time. You can freely test the accuracy of both engines by creating a new application on the FACEIO Console.
Facial Vectors (Biometrics Hash)
Facial vectors (hence biometrics hash) are stored as an array of floating point numbers. The data is meaningless on its own, effectively acting as a hash, and cannot be reverse engineered. Only your application have access to the currently built index. You can manage, download, grab your encryption key as well as collect analytics on this index via the Application Manager on the FACEIO Console. You can learn more about our privacy practices and compliance via our Trust Center & Privacy Best Practices pages.
Deleting Index IDs
Index ID deletion are done via simple REST (HTTP) API call to the /deletefacialid endpoint. That is, you specify the Index ID you want to remove from the target application via a simple GET
or POST
HTTP request, and you are done. Refer to this Python code sample on how to delete a given Index ID from a particular application.
On success, the meta-data and facial vectors (biometrics hash) linked to the deleted Index ID are completely purged from the application's facial index and you can no longer authenticate this particular user with the purged Index ID until he enroll again and another Index ID shall be assigned to him in such case.
Index IDs falls in the category of Personal data just exactly email addresses, and therefore subject to Data Protection including the right to be forgotten.
It would make sense to write a set of security and privacy requirements for your project team(s) that specify usage of such features to mitigate the associated risks. You should enlist the help of a web security expert to write these requirements, and consider both user needs and welfare, as well as other issues like policy and regulation enforced by legislation such as the EU General Data Protection Regulation (GDPR).
Consider the following scenarios where you have to delete the user's Index ID:
If your implementation includes user profiles or accounts (i.e. A dashboard), and a user deletes his/her account/profile, you should interpret this as a revocation of consent and thus proceed to the deletion of the Unique Index ID assigned to this user on the target application if any.
For detailed informations on when to provide or delete the Index ID of a given user, please refer to our Privacy Best Practices Guide.
Addressing Privacy & Security
Internally, FACEIO uses TLS encrypted transactions for all metadata transfers between the selected facial recognition engine and your website or web application, and no data passes through the Internet if run on Premises.
Privacy & Security are thoughtfully addressed from a full set of security configurations options available to you via the application manager. Options includes easy opt-out capabilities, PIN code requirements, country code or domain name based restrictions, and many other settings as advertised in our Privacy & Security best practices guides.