TRST Docs

Appearance

Platform Overview

trst is an Identity as a Service (IDaaS) platform that enables organizations to deploy palm vein biometric authentication using Fujitsu's PalmSecure technology. This page provides a high-level overview of the platform architecture and core concepts.

What is Palm Vein Authentication?

Palm vein authentication uses near-infrared light to capture the unique pattern of veins inside your palm. This biometric method offers several advantages:

Security:

  • Vein patterns are internal and difficult to forge
  • Non-replicable biometric identifier
  • No visible external characteristics to copy

Hygiene:

  • Contactless scanning (about 50mm distance)
  • No physical contact with sensor surface
  • Ideal for high-traffic environments

Accuracy:

  • False Acceptance Rate (FAR): < 0.00001% (1 in 10 million)
  • False Rejection Rate (FRR): < 0.01% (1 in 10,000)
  • One of the most accurate biometric technologies available
  • Consistent performance across demographics

Privacy:

  • Template data is encrypted and non-reversible
  • Cannot reconstruct palm image from template
  • Compliant with biometric privacy regulations

Platform Architecture

Core Components

Organizations

Organizations are the root entity in the trst platform:

  • Create and own environments for palm data storage
  • Create and manage projects for applications
  • Control access and billing

Types:

  • trst-managed Organizations: Created by trst for regional compliance (e.g., org_trst_sg, org_trst_us)
  • Customer Organizations: Created by businesses when they sign up

Environments

Environments are logical encapsulations that store palm vein data:

  • Owned by an organization (owner_org_id)
  • Store encrypted biometric templates
  • Support 1:N matching
  • Control access based on project ownership

Global Environments (trst-owned):

  • Regional or national identification databases
  • Support privacy and data locality requirements
  • Public user enrollment via apps or terminals
  • Read-only for projects (users control their data)

Organization Environments (customer-owned):

  • Organization-specific databases
  • Business-controlled enrollment
  • Full control for org's projects

Learn more about Environments →

Projects

Projects are the operational unit for biometric applications:

  • Created by organizations (org_id)
  • Point to one environment (environment_id)
  • Manage sensors, terminals, and memberships
  • Control level depends on environment ownership

Control Model:

  • If project.org_id == environment.owner_org_id: Full control
  • If project.org_id != environment.owner_org_id: Read-only

Learn more about Projects →

Sensors

PalmSecure sensors capture palm vein patterns and communicate with the trst platform:

  • USB-connected sensors
  • Real-time biometric capture
  • Secure encrypted communication
  • Manageable via Device-Com API

Learn more about Sensors →

Devices & Trst Terminals

Trst Terminals are pre-built kiosks with integrated PalmSecure sensors:

  • Turnkey solution for enrollment and verification
  • Managed via Device-Com API
  • Suitable for access control, payment, and enrollment

Customer Devices can also integrate PalmSecure sensors using SDKs or Device-Com API.

Learn more about Sensors & Terminals →

Enrollment

Enrollment is the process of capturing and storing a palm vein template:

  • Typically requires 2 scans for each hand
  • Templates are encrypted and stored in environments
  • User identity is linked to biometric template
  • Can be performed via trst terminals (Global and Customer Environments), or custom integrations (Customer Environments only)
  • Control depends on environment ownership
  • In Global Environments, users self-enroll and control their data

API Architecture

trst provides two distinct API groupings for different use cases:

RESTful API

Standard HTTP API for querying and managing project data:

Use Cases:

  • Query project information
  • Retrieve enrollment data
  • Manage environments
  • Access analytics

Authentication:

  • API Key authentication

Base URL: https://api.prod.trstinc.ca/v1

Example Request:

bash
curl -X GET https://api.prod.trstinc.ca/v1/projects/proj_abc123 \
  -H "Authorization: Bearer YOUR_API_KEY"

View RESTful API Documentation →

Device-Com API (Coming Soon)

HTTP-based API with long polling for terminal devices with connected palm vein sensors:

Terminal Types:

  • Access control terminals - Building entry, secure facilities (Android, Linux, Windows)
  • Payment terminals - Point-of-sale with biometric authentication (Android, Linux, Windows)
  • Enrollment kiosks - Dedicated user registration stations (Android, Linux, Windows)

Use Cases:

  • Sensor registration and configuration
  • Real-time enrollment capture
  • Verification operations
  • Device status monitoring

Protocol:

  • HTTPS (TLS 1.3)
  • Long polling for real-time events
  • End-to-end encryption
  • Low-latency communication

Base URL: https://api.prod.trstinc.ca/v1

Note: For Android terminals, consider using the Android SDK which provides higher-level abstractions and UI components. The Device-Com API is ideal for Linux/Windows terminals or custom Android implementations.

View Device-Com API Documentation →

Webhooks

Real-time event notifications sent to your application via HTTP POST requests:

Use Cases:

  • Receive notifications when users complete enrollment
  • Get alerted on successful demo scans
  • Monitor biometric events in real-time
  • Trigger downstream workflows automatically

Event Types:

  • enrollment.completed - User completes biometric enrollment
  • demo.scan.success - Demo scan identifies a user
  • webhook.test - Test event for verification

Delivery Guarantees:

  • Automatic retries with exponential backoff
  • Up to 336 attempts (~14 days)
  • HMAC-SHA256 signature verification
  • 20-second response timeout

Security:

  • HTTPS required
  • HMAC-SHA256 signature on every request
  • Configurable secrets per webhook
  • IP allowlisting available

Example Webhook Payload:

json
{
	"event_id": "550e8400-e29b-41d4-a716-446655440000",
	"event_type": "enrollment.completed",
	"timestamp": "2024-11-02T15:30:00Z",
	"project_id": "proj_abc123",
	"data": {
		"session_id": "session_xyz789",
		"member_id": "member_456",
		"device_id": "device_789",
		"completed_at": "2024-11-02T15:30:00Z"
	}
}

View Webhooks Documentation →

Integration Options

SDKs

trst provides SDKs for seamless integration:

Android SDK (Private Beta):

  • For Android-based terminals with connected sensors
  • Higher-level abstractions over Device-Com API
  • Pre-built UI components for enrollment and scanning
  • Type-safe Kotlin API

Linux SDK (Coming Soon):

  • For Linux-based terminals and kiosks
  • Support ARM and x86_64 architectures

Windows SDK (Coming Soon):

  • For Windows-based terminals and workstations

View SDK Documentation →

Sample Applications - Coming Soon

Pre-built examples to accelerate development:

  • Android Integration Sample
  • External Business Application Sample

Security Architecture

End-to-End Encryption

All biometric data is encrypted:

  • In Transit: TLS 1.3 for all API communication
  • At Rest: AES-256 encryption for stored templates
  • Processing: Encrypted memory during template generation

Authentication Layers

Multiple layers of authentication:

  1. API Authentication: API keys or Admin User Authentication
  2. Device Authentication: Device-specific certificates
  3. Secure Channel: End-to-end encrypted HTTPS sessions

Template Security

Palm vein templates are secured:

  • Non-reversible: Cannot reconstruct palm image
  • Encrypted: AES-256 encryption at rest
  • Isolated: Tenant data segregation
  • Audited: All access logged

Learn more about Authentication →

Performance Characteristics

Enrollment

  • Capture Time: 1-2 seconds per scan
  • Total Enrollment Time: 5-10 seconds (4 scans)
  • Quality Check: Real-time feedback
  • Success Rate: > 99% on first attempt

Verification

  • Capture Time: 1-2 seconds
  • Matching Time: < 100ms
  • 1:N Search: < 1s for population scale environments
  • Accuracy: FAR < 0.00001% (1 in 10 million), FRR < 0.01% (1 in 10,000)

API Performance

  • RESTful API Latency: < 100ms (p95)
  • Device-Com Latency: < 50ms (p95)
  • Throughput: 1,000+ verifications/second per environment
  • Availability: 99.9% uptime SLA (Enterprise plans only)

Scalability

The trst platform scales to meet your needs:

Environments:

  • Support for millions of enrolled users
  • Distributed database architecture
  • Regional data replication

Sensors:

  • Thousands of concurrent sensors per project
  • Real-time HTTP connections with long polling
  • Load-balanced API endpoints

API:

  • Auto-scaling infrastructure
  • Global CDN for low latency
  • Rate limiting and throttling

Use Cases

Access Control

Secure building and facility access using palm vein authentication:

  • Replace key cards and badges
  • Tailgate prevention
  • Time and attendance tracking
  • Visitor management

Payment Systems

Contactless biometric payment verification:

  • Point-of-sale terminals
  • ATM authentication
  • Mobile payment apps
  • Account linking

Healthcare

Patient identification and medical record access:

  • Emergency room patient ID
  • Medication administration verification
  • Medical record access control
  • Hospital facility access

Government Services

National ID and citizen services:

  • National identification programs
  • Border control and immigration
  • Social services authentication
  • Voter registration

Retail and Hospitality

Customer recognition and loyalty programs:

  • VIP customer recognition
  • Hotel room access
  • Loyalty program enrollment
  • Age verification

Next Steps

Now that you understand the platform overview:

  1. Understand Organizations & Environments → - Learn about data storage and control
  2. Learn about Projects → - Organize your infrastructure
  3. Explore Sensors → - Select the right hardware
  4. Start Building → - Begin your integration

Additional Resources