At 8 a.m., you scan your eye to enter the office building. The entire process takes less than a second: the camera captures your iris image, the system completes the matching, and the access control opens.
But have you ever wondered — where is the "template" that carries your iris features stored right now?
Is it on the local device? On the corporate server? Or in a cloud data center whose address you never know?
This question is evolving from a philosophical discussion into a legal issue, and from a legal issue into a commercial risk worth hundreds of millions of dollars.
Iris, fingerprint, face — these biometric features are the last "passwords" humans have that cannot be changed. Once leaked, they cannot be revoked or reset, and the loss is permanent.
01 · Dual Regulatory Pressure: The Law Has Caught Up
Over the past five years, a regulatory wave in the biometric field has swept the globe at an unprecedented speed.
The United States: The "Sky-High Bills" of BIPA
The Biometric Information Privacy Act (BIPA) of Illinois, USA, came into effect in 2008 and remains one of the strictest biometric privacy laws in the world. The law requires enterprises to obtain written authorization before collecting biometric data, imposes fines of $1,000 to $5,000 per violation, and allows class-action lawsuits.
This provision has triggered a series of huge fines. In 2022, Meta, the parent company of Facebook, paid a $650 million settlement for unauthorized facial recognition data collection; in the same year, TikTok was accused of collecting biometrics without user consent and paid $92 million; in 2023, biometric company Clearview AI faced a compensation claim worth over $1.7 billion in Illinois. The number of BIPA lawsuits has increased more than tenfold since 2019, becoming one of the most intractable compliance risks for U.S. tech companies.
The European Union: The High-Risk Red Line of the AI Act
The EU Artificial Intelligence Act (EU AI Act) officially came into force in August 2024, classifying biometric systems as "high-risk AI systems". Among them, the provisions related to law enforcement agencies' use of remote biometric systems in public places have their enforcement period extended to December 2027. Enterprises that violate the law will face fines of up to 3% of their global turnover, which means potential fines of hundreds of millions to billions of euros for enterprises with annual revenues exceeding 10 billion euros.
The core compliance logic is consistent: whoever controls the data bears the responsibility. Storing templates in the cloud means placing risks in the cloud.
02 · Industry Trend: Template-on-Card/Mobile Is on the Rise
Regulatory pressure has forced the industry to restructure its architectural logic. Over the past decade, centralized cloud storage was regarded as a symbol of "intelligence"; today, the industry is systematically shifting to a "local template" architecture.
Template-on-Card: Biometric templates are encrypted and stored in the smart card chip held by the user. The device reads them and performs local matching, with no template data uploaded throughout the process. This solution has been widely implemented in EU electronic passports and government ID card systems.
Template-on-Mobile: Biometric templates are stored relying on the Trusted Execution Environment (TEE) of mobile phones, and recognition computing is completed locally on the device. Apple's Face ID and Google Pixel's Titan security chip both adopt this architecture, and templates never leave the device.
Major security and access control manufacturers have also transformed accordingly. The BioStation 3 Max series launched by Suprema already supports serverless local authentication mode; HID Global's Signo series card readers support the Match-on-Card architecture. The global biometric market is expected to grow from $42.9 billion in 2023 to $94.6 billion in 2030 (data from MarketsandMarkets), among which edge-side processing solutions are growing at a rate significantly higher than the market average.
The future of biometrics is not "more data on the cloud", but "data never leaves the body" — this has become a consensus among the industry, regulators and users.
03 · Technical Essence: Why Edge Processing Is Comprehensively Superior to the Cloud
The victory of edge computing architecture over cloud solutions is reflected in three dimensions:
Latency Dimension: Cloud-based biometric recognition requires transmitting images or feature vectors to a remote server. Affected by network latency, the end-to-end response time is usually in the range of 300ms to 1500ms. Edge-side local inference can compress recognition latency to less than 100ms, which is particularly critical for high-frequency scenarios such as access control and channel turnstiles. When the network is interrupted, edge solutions can still operate normally, while cloud solutions are completely disabled.
Security Dimension: Storing templates in the cloud means that a single server breach may expose millions of users' biometric features in batches. In 2019, the cloud platform Biostar 2 under security enterprise Suprema was hacked, resulting in the leakage of more than 1 million fingerprint and face templates. Edge architecture disperses the attack surface to each independent terminal. A single point of breakthrough cannot lead to systematic data leakage, essentially changing the attacker's cost function.
Compliance Dimension: Under regulatory frameworks such as GDPR, BIPA and the EU AI Act, the Data Minimization principle requires enterprises to process only the minimum amount of data necessary to complete the task. Edge processing architecture naturally conforms to this principle — feature extraction and matching are completed locally, and there is no need to transmit original biometric features to any external system, greatly reducing the cost of compliance proof.
04 · The Inherent Advantages of Qianxin™: The Hardware Cornerstone for Data Staying On-Device
The core product line of Homsh is built specifically for edge biometric scenarios.
The Phaselirs™ iris recognition algorithm adopts phase encoding technology to convert iris textures into highly compressed feature vectors, and the entire feature extraction process is completed locally. Compared with the high dependence of traditional deep learning models on computing power, the Phaselirs™ algorithm has a lightweight architecture, is naturally adaptable to resource-constrained edge hardware, while maintaining industry-leading recognition accuracy and anti-spoofing capabilities, and complies with the ISO 30107-3 Presentation Attack Detection (PAD) mainstream security standard.
The Qianxin™ FPGA series chips are the hardware foundation for fulfilling the promise of "templates never leaving the device". The reconfigurable nature of FPGAs allows them to solidify the entire process of iris feature extraction, encrypted storage and real-time matching into dedicated hardware logic, realizing true edge-side real-time inference. Qianxin™ chips have independent secure storage intervals, and biometric templates are stored locally on the chip in encrypted form. Even if the device is physically accessed, the template data cannot be directly read or cloned. The entire solution complies with the CC EAL mainstream security evaluation standards.
The OVAI platform supports fully localized deployment without any cloud backhaul. Administrators can complete the entire process of device registration, template management and permission configuration in an intranet environment, and the system operates in physical isolation from the Internet. For high-security premises, OVAI supports air-gap deployment mode, meeting the most stringent data non-exit requirements.
Phaselirs™ + Qianxin™ + OVAI form a complete edge biometric closed loop: from collection, extraction, storage to matching, the entire life cycle of biometric data is completed locally on the terminal, eliminating the possibility of cloud leakage at the architectural level.
05 · Implementation Scenarios: The Practical Choice for High-Security Industries
Financial Core Computer Rooms: Data centers and core computer rooms have far higher requirements for access control than ordinary premises. In such environments, network connections are usually strictly controlled, and cloud biometric solutions are often directly excluded simply because they "require external connections". The Qianxin™ edge solution operates completely offline, naturally fitting the network security isolation requirements of financial institutions, while complying with the regulatory guidelines of the People's Bank of China and the China Banking and Insurance Regulatory Commission on the localized storage of biometric data.
Prisons and High-Security Customs Premises: Such premises require zero network dependence, 100% availability, and absolute non-leakage of biometric data. The OVAI air-gap deployment mode enables the system to operate normally in a completely disconnected network environment, and the hardware secure storage of Qianxin™ chips ensures that data remains protected even if the device is physically attacked.
Hospitals and Medical Institutions: Medical data is protected by multiple regulations such as HIPAA (USA) and the Personal Information Protection Law (China). In hospital scenarios, patients' biometric features are highly correlated with their health information, and any cloud-based solution faces extremely high compliance risks. Localized iris recognition solutions can ensure accurate identity verification while minimizing patient privacy risks.
Smart Factories and Critical Infrastructure: Industrial networks are usually dedicated private networks, with strict isolation between OT and IT networks. The Qianxin™ solution can be directly integrated into factory access control, hazardous area control, equipment operation authorization and other systems without changing the existing network architecture, achieving minimally invasive deployment.
Privacy Is Trust, Edge Is the Future
When Meta paid $650 million for facial recognition, the entire industry saw one thing clearly: entrusting biometric templates to the cloud is not a technical choice, but a risk transfer — except that the risk is ultimately borne by the enterprise itself.
Edge computing is not a negation of cloud computing, but a sober answer to the question of "what data must stay local". Biometric features are the most definitive answer among them.
In this trend, the inherent advantages of Qianxin™ do not come from the addition of any acquired functions, but from the essential attributes of its architecture: from chip design, algorithm implementation to platform deployment, Homsh's entire technology stack was built from the very beginning for "data never leaving the body".
Regulatory boundaries are tightening, user awareness is awakening, and the industry's focus is shifting downward. This is not a product iteration, but an architectural-level historic turning point.
Privacy is the foundation of trust, and edge is the direction of the future.
