Back
Independent certification reinforces the future of privacy-preserving biometrics and high-assurance digital identity
April 2, 2026 — Potomac, MD — Private Identity has achieved certification to ISO/IEC 24745:2022, the international standard for biometric information protection, marking a significant milestone in the evolution of secure, privacy-first digital identity systems.
As biometric authentication becomes foundational to modern identity infrastructure, the need to protect sensitive biometric data has never been more critical. Unlike passwords or tokens, biometric identifiers are persistent and non-revocable by nature, creating unique security and privacy challenges. ISO/IEC 24745 directly addresses these risks by establishing requirements for:
- Confidentiality and integrity of biometric data
- Renewability and revocability of biometric templates
- Secure binding between biometric data and identity
- Privacy-preserving processing architectures
Why ISO/IEC 24745 Certification Matters
This certification validates that Private Identity’s platform adheres to a rigorous, independently audited framework for biometric protection—a key differentiator in an industry where biometric systems are often deployed without sufficient privacy safeguards.
“Biometric identity systems require the highest bar for privacy engineering,” said Mike Pollard, Co-Founder and CEO of Private Identity. “This certification demonstrates that our approach to biometric protection is not just theoretical—it is disciplined, auditable, and operationalized.”
For enterprises, governments, and healthcare organizations, this provides assurance that biometric authentication can be deployed without introducing unnecessary risk to sensitive personal data.
The Shift Toward Privacy-Preserving Biometrics
The future of digital identity is no longer defined solely by biometric accuracy. Instead, leading organizations are prioritizing systems that:
- Minimize or eliminate centralized storage of biometric data
- Enable revocable and renewable biometric credentials
- Provide auditability and cryptographic proof of authentication decisions
- Support regulatory compliance across jurisdictions
Private Identity’s architecture is built around these principles, ensuring that biometric data remains protected at every stage of the identity lifecycle.
Introducing Ultrapass: A New Standard for FIDO-Based Authentication
Alongside this certification, Private Identity is advancing Ultrapass®, its next-generation on-device FIDO software authenticator designed for phishing-resistant, high-assurance authentication.
Ultrapass combines:
- On-device biometric verification
- FIDO passkeys for passwordless authentication
- Policy-driven step-up authentication
- Transaction binding for high-risk actions
- Secure account recovery mechanisms
- Signed decision evidence for audit and compliance
Privacy by Design: No Biometric Data Leaves the Device
A core innovation of Ultrapass is its on-device processing model, which ensures that:
- No raw selfies
- No biometric templates
- No liveness or presentation attack detection (PAD) data
- No derived biometric artifacts
are transmitted off-device.
This architecture significantly reduces the risk of centralized biometric data breaches, aligning with both ISO 24745 principles and emerging global privacy regulations.
A Cross-Channel Identity Control Plane
Ultrapass is more than an authenticator—it functions as a cross-channel identity control plane, enabling consistent, high-assurance identity workflows across:
- Mobile and desktop applications
- Kiosks and in-person systems
- Contact centers and call verification
- Regulated enterprise workflows
This unified approach supports:
- Identity proofing
- Phishing-resistant login
- Step-up authentication
- Credential lifecycle management
- Audit-grade evidence generation
Reframing Biometrics as a Security Boundary
“For too long, biometrics have been treated as a feature rather than a protected security boundary,” Pollard added. “Private Identity is redefining this paradigm by making privacy protection foundational, enforceable, and verifiable.”
This shift is especially critical in regulated sectors such as:
- Financial services
- Healthcare
- Government and public sector
- Digital platforms handling sensitive user data
where identity assurance, fraud prevention, and privacy compliance must coexist.
Key Use Cases for Ultrapass
Ultrapass is designed to support a wide range of high-consequence identity interactions, including:
- Secure, passwordless login
- Transaction approval and authorization
- Account recovery without weak fallback mechanisms
- Call center identity verification
- Step-up authentication for sensitive actions
Each use case benefits from person-bound, phishing-resistant authentication combined with strong privacy guarantees.
About Private Identity
Private Identity is a privacy-first identity technology company focused on:
- Biometric identity and authentication
- Age assurance and digital trust
- High-assurance identity verification
Its architecture is purpose-built to deliver secure, scalable identity solutions while minimizing exposure of sensitive personal data through on-device processing and privacy-preserving design.