Ping Identity buys Keyless to boost biometric security

Ping Identity has completed its acquisition of Keyless, adding Zero-Knowledge Biometrics to its identity platform.

Ping said the deal expands its portfolio to include biometric authentication and re-verification that does not depend on a specific device. It said the technology uses cryptographic methods and aims to limit exposure of biometric data during sign-in and identity checks.

The company positioned the move as a response to a rise in AI-driven identity attacks. It cited threats such as deepfakes, impersonation and account takeover attempts.

Technology focus

Keyless developed what it calls Zero-Knowledge Biometrics. Ping said it uses cryptographic techniques so biometric data is not stored in a retrievable or reconstructable form.

Ping said the system re-verifies "the originally verified person with one glance". It said the approach supports multi-factor authentication and re-verification in under 300 milliseconds.

Ping also said the technology avoids the need for a dedicated device. It framed that as relevant for organisations with mobile users and mixed device environments.

Executive comments

The acquisition closes after Ping announced plans to buy Keyless. Ping did not disclose financial terms.

"AI is accelerating identity-based attacks. Authentication must be resilient and simple to use, while simultaneously ensuring the originally verified user is who they say they are" said Andre Durand, CEO and Founder of Ping Identity. "Keyless delivers privacy-preserving biometrics that make strong verification effortless. Now that the acquisition is complete, we can bring this simplicity and strength to customers across every digital interaction."

"Joining Ping Identity is a major milestone for our team and technology. Zero-Knowledge Biometrics allow organisations to re-verify the originally verified identity across the entire journey-onboarding, access, step up, and recovery-without ever exposing biometric data. Together with Ping, we can deliver that level of protection at a global scale," said Andrea Carmignani, CEO and Co-Founder of Keyless.

Use cases

Ping said Keyless binds a user to one or more devices. It also said the product can re-verify different users on a shared device.

The company said the combined offering extends re-verification into environments where traditional multi-factor authentication does not meet requirements. It also described "continuous identity assurance" across customer, workforce and business-to-business identity scenarios.

Ping listed intended use cases across the identity lifecycle. These included account onboarding, access, step-up checks and account recovery.

It also referenced passwordless multi-factor authentication and single sign-on as part of the combined product direction. Ping said the technology can verify a user "with one glance at the camera" and can work for mobile and frontline worker scenarios with sub-300 millisecond checks.

Compliance angle

Ping said the approach supports compliance needs tied to privacy and security rules. It cited GDPR, CCPA and eIDAS 2.0. It also referenced PSD3, which is emerging as a successor framework to PSD2 in parts of the payments sector.

Ping said Keyless technology is now available to customers.