Can a printed photo bypass your system?

No — liveness detection is mandatory, not optional. We test against the ISO 30107-3 attack list (printed photo, 2D video replay, 3D silicone mask, deepfake video) during development and include the test evidence in the handover documentation.

Where is biometric template data stored?

On-device in the Secure Enclave (iOS) or StrongBox / TEE (Android) wherever possible. For cross-device scenarios, templates go into an encrypted vault with access keys held on the device — never in a database accessible by a server-side query. Raw biometric data never leaves the sensor.

What about BIPA and GDPR?

We include a biometric data compliance baseline covering BIPA (Illinois), GDPR Article 9, and Texas CUBI. This means written retention policies, explicit consent flows, and a deletion mechanism before any template is stored. We'll flag your specific jurisdiction's rules in discovery.

Can you integrate with our existing access control system?

Yes — we've integrated with Lenel OnGuard, Genetec Security Center, CCURE 9000, and custom PACS. The middleware layer we build translates digital biometric identity into the credential format your physical access controller expects, without replacing your existing system.

Biometric Identity Systems

Biometric Identity Systems — Built to Pass Liveness and the Audit

A biometric system that can be bypassed with a printed photograph isn't a security upgrade — it's a liability. We build biometric authentication that passes ISO 30107-3 liveness checks, handles fallbacks correctly, and integrates with your physical and digital access control infrastructure.

Biometric verification pipeline

1
Capture
Camera / sensor acquires the biometric signal
2
Liveness check
ISO 30107-3: print, replay, 3D mask attacks blocked
3
Feature extract
On-device — raw data never leaves the sensor
4
Template match
Encrypted compare against stored template
5
Access granted
Digital auth or physical access controller triggered

Fallback chain is designed with the same security bar — biometrics don't fall back to SMS OTP.

What you get

Biometric SDK integration — Apple Face ID / Touch ID, Android BiometricPrompt, or third-party hardware (HID, ZK, Suprema) — chosen for your platform and security tier

Liveness detection and anti-spoofing covering print attacks, replay attacks, 3D mask attacks, and deepfake video — validated against the ISO 30107-3 attack list

Fallback chain that maintains the security bar: biometric → hardware token → PIN (not biometric → SMS OTP that defeats the purpose)

Template security: on-device storage or encrypted template vault with zero raw biometric data transmitted over the network

Physical access middleware bridging digital biometric identity to door controllers, turnstiles, and PACS (Lenel, Genetec, CCURE, custom)

Compliance baseline for BIPA, GDPR Article 9, and sector-specific biometric data retention rules

When it fits

Your use case has a real security or UX driver for biometrics — not 'it would be cool'
You need to bridge digital and physical access (the same identity unlocks the app and the door)
Regulatory environment requires MFA with a possession or inherence factor — biometrics satisfies inherence
You can architect template storage on-device or in an encrypted vault — raw biometric data should never leave the device

When it doesn't

The real goal is removing friction, not improving security — consider passkeys instead
You can't store templates securely — a biometric system with a breachable template database is worse than passwords
The fallback is password-only — that makes biometrics the weaker path once users learn to use 'forgot password'

Process

Week 1–2: threat model, ISO 30107-3 compliance gap analysis, platform survey. Weeks 3–6: biometric SDK integration on target devices with liveness detection. Weeks 7–10: physical access middleware and PACS integration (if applicable). Week 11–12: penetration testing focused on presentation attacks, handover, and compliance documentation.

Full delivery process

Pricing

Fixed-price by scope. Digital biometric auth (one platform): $60–140k. Physical + digital bridge: $120–280k. Template vault for multi-platform: add $40–80k. Compliance documentation and third-party pen test coordination included.

See engagement models

Case studies

Smart Communities & Security

Residential Access Control System

A beautifully simple portal to interconnected secure environments, delivering ease of use and peace of mind for residential communities.

FAQ

Can a printed photo bypass your system?: No — liveness detection is mandatory, not optional. We test against the ISO 30107-3 attack list (printed photo, 2D video replay, 3D silicone mask, deepfake video) during development and include the test evidence in the handover documentation.
Where is biometric template data stored?: On-device in the Secure Enclave (iOS) or StrongBox / TEE (Android) wherever possible. For cross-device scenarios, templates go into an encrypted vault with access keys held on the device — never in a database accessible by a server-side query. Raw biometric data never leaves the sensor.
What about BIPA and GDPR?: We include a biometric data compliance baseline covering BIPA (Illinois), GDPR Article 9, and Texas CUBI. This means written retention policies, explicit consent flows, and a deletion mechanism before any template is stored. We'll flag your specific jurisdiction's rules in discovery.
Can you integrate with our existing access control system?: Yes — we've integrated with Lenel OnGuard, Genetec Security Center, CCURE 9000, and custom PACS. The middleware layer we build translates digital biometric identity into the credential format your physical access controller expects, without replacing your existing system.

Ready to talk biometric identity systems?

30-minute scoping call. No obligation, no hard sell.