Skip to content

Face SDK Security

This documentation provides guidelines to ensure the robustness and safety of your Face SDK implementation.

Securing Network Connections

For secure data transmission, use HTTPS connections:

Use HTTPS connections

Authentication of Requests

The Face SDK Web Service does not inherently support authentication and processes all incoming requests without discrimination. To mitigate the risk of unauthorized or malicious usage, it is strongly recommended not to expose the Web Service to public Internet access.

For enhanced security, you need to deploy the Web Service within a closed perimeter, like a Demilitarized Zone (DMZ), and configure a proxy server at the entrance point:

Authentication of requests and demilitarized zone

The simplest method to establish secure access is as follows:

1. Set up Basic authentication on the proxy server. This authentication mechanism requires clients to provide valid credentials to access the Web Service.

2. When sending a request to the Web Service, include the appropriate authentication header:

3. The incoming request is authenticated by the proxy server.

4. If the authentication process succeeds, the request is forwarded to the Web Service for processing.

5. If authentication fails, the request is rejected.

CSP Nonce for Web Components

Content Security Policy Nonce (CSP Nonce) is a security tool that prevents harmful content injection into web pages. It works by associating a unique cryptographic token, known as a "nonce", with specific web content.

How Content Security Policy Nonce works

CSP Nonce ensures that only approved scripts and resources run on a web page. This is achieved by generating a nonce on the server side and embedding it in the page's content and CSP header. The browser identifies unauthorized content without the correct nonce, protecting users from potential threats.

To enable Content Security Policy support for the Face SDK Web Components, use the nonce setting. For details, consult the Web Components documentation:

Certificate Pinning

Certificate Pinning is a crucial security mechanism that bolsters server identity trust in mobile applications. By implementing —Āertificate pinning, applications can establish a secure and verified connection with a designated server, mitigating the risks associated with potential man-in-the-middle attacks.

Certificate Pinning on Mobile schema