Skip to main content

Architecture Overview

When your customers use palm authentication at your business, here’s what happens behind the scenes:

Components You Interact With

1. Palm Scanner (PVS)

What it does: Captures palm vein patterns and sends them to BOOP Your responsibility:
  • Physical installation at your location
  • Network connectivity
  • Power supply
BOOP handles:
  • Device firmware
  • Encryption
  • Communication protocols

2. Your System (Point of Sale, Access Control, etc.)

What it does: Creates authentication requests and receives results Your responsibility:
  • Integration using our SDK
  • Handle authentication results
  • Process transactions
BOOP handles:
  • All biometric processing
  • User matching
  • Security

3. Bridge Service (WebSocket Connection)

What it does: Maintains real-time connection between your system and BOOP Key features:
  • Persistent WebSocket connection
  • Automatic reconnection
  • Low latency (typically < 100ms)
  • Event-driven updates
For a high-level overview of the authentication flow, see How It Works.

Data Flow & Security

What You Send

// Authentication request
{
  "contextId": "ctx_123",
  "type": "payment",
  "amount": 2500,
  "location": "register_1",
  "requiredAttributes": ["email", "loyaltyStatus"]
}

What You Never See

  • Raw biometric data
  • Palm vein patterns
  • Biometric templates
  • MPC computation details
  • Other vendors’ data

What You Receive

// Authentication result
{
  "success": true,
  "contextId": "ctx_123",
  "userId": "usr_abc123",  // Consistent ID for this user
  "attributes": {
    "email": "john@example.com",
    "loyaltyStatus": "gold"
  },
  "metadata": {
    "matchTime": 187,  // milliseconds
    "timestamp": "2024-01-15T10:30:00Z"
  }
}

Network Requirements

Note from Trinn: Network requirement information needs to be updated.
  • Bandwidth: 1 Mbps minimum
  • Latency: < 100ms to BOOP servers
  • Connectivity: WiFi supported
  • Firewall: Outbound HTTPS (port 443) only
  • Protocols: WebSocket (WSS) for real-time, HTTPS for REST

Service Components

API Gateway (Port 40401)

  • Purpose: Main entry point for all requests
  • What it handles: Request routing, authentication, rate limiting
  • Your interaction: SDK connects here automatically

Bridge Service (Port 40403)

  • Purpose: WebSocket connections for real-time updates
  • What it handles: Persistent connections, event streaming
  • Your interaction: SDK maintains this connection

MPC Gateway (Port 40402)

  • Purpose: Biometric matching using multi-party computation
  • What it handles: Secure palm vein matching
  • Your interaction: None (internal only)

Attribute Service (Port 40405)

  • Purpose: Stores and manages user attributes
  • What it handles: Email, phone, loyalty status, etc.
  • Your interaction: Specify which attributes you need

Ledger (Port 40404)

  • Purpose: Immutable transaction log
  • What it handles: Audit trail of all authentications
  • Your interaction: Can query your transaction history

Reliability & Performance

High Availability

  • Multiple regions: Services run in 3+ geographic locations
  • Automatic failover: If one region fails, traffic routes to others
  • No single point of failure: All components are redundant

Performance Guarantees

MetricTargetTypicalSLA
Authentication Time< 1s700ms95% < 1s
Availability99.99%99.995%99.9%
Concurrent Auths10,000/s15,000/s5,000/s
WebSocket Latency< 100ms50ms95% < 100ms

Integration Points

Your Responsibilities

Network Connectivity

  • Stable internet connection
  • Firewall allows HTTPS/WSS
  • 1 Mbps minimum bandwidth

Error Handling

  • Timeout scenarios
  • Fallback payment methods
  • Retry logic

Data Management

  • Store user IDs
  • Cache attributes (if needed)
  • Handle consent

Compliance

  • Display privacy notices
  • Honor user preferences
  • Secure your systems

BOOP Handles

Biometric Security

  • Encryption
  • Secure matching
  • Data protection

Scalability

  • Load balancing
  • Auto-scaling
  • Global distribution

Compliance

  • GDPR compliance
  • Biometric regulations
  • Data residency

Maintenance

  • Updates
  • Security patches
  • Monitoring

Sandbox Environment

For testing, we provide a sandbox that mirrors production: Sandbox features:
  • Same API as production
  • Simulated palm scans
  • Test user accounts
  • No real biometric processing
  • Instant responses for testing

Monitoring & Support

What We Monitor

  • System Health: All services monitored 24/7
  • Performance: Real-time latency tracking
  • Security: Threat detection and prevention
  • Availability: Instant alerts for any issues

What You Can Monitor

Through your vendor dashboard:
  • Authentication success rates
  • Response times
  • Transaction volumes
  • Error rates
  • User adoption metrics

Frequently Asked Questions

With multiple regions and automatic failover, complete outages are extremely rare. Your existing payment methods remain as backup. We also offer an optional offline mode that caches recent authentications.
Each user gets a unique, permanent ID (like usr_abc123def456). This ID is consistent across all vendors but doesn’t reveal any personal information. You can use it to track customers across visits.
No, and this is by design. You never receive, store, or process biometric data. This protects you from liability and compliance requirements around biometric data storage.
The system auto-scales based on load. During peak times (Black Friday, major events), we pre-scale to handle 10x normal capacity. Scale-up takes less than 60 seconds.
We operate regions in US, EU, and APAC. Data stays within the region where it’s collected. For specific compliance needs, contact our team.

Next Steps

Integration Guide

Start your integration

API Reference

Detailed API docs