Rekor One® Intelligence Engine: Securely De-identifying Sensitive Data

Utilizing proprietary computer vision, edge processing, pattern recognition, and predictive algorithms — Rekor One ingests trillions of data points from multiple sources and transforms this data into intelligence to power all our platforms and applications.

Rekor One utilizes SHA-256, an industry standard hash function to store all license plate data captured by our hardware systems. This function preserves vehicle uniqueness while preventing personal identifiable information from being uncovered.

What is SHA-256?

The SHA-256 algorithm is one type of SHA-2 (Secure Hash Algorithm 2) created by the National Security Agency in 2001. It is a cryptographic hash function that outputs a value that is 256 bits long. In cryptographic hashing, the hashed data is modified and made completely unreadable and non-reversible. This importantly distinguishes it from an encryption function, which can be reversed with access to the encryption key. Since 2011, the US government has required agencies to protect certain sensitive information using SHA-256.

It is considered one of the most secure algorithms on the market for a few reasons:

1. It is not possible to reconstruct the initial data from the hash value without brute force guessing every possible input—a process that would take years, even with the most powerful of computers.
2. Having two messages with the same has value (called a collision) is extremely unlikely. With 2256 possible has values (more than the total number of atoms in the known universe), the likelihood of two being the same is unimaginably small. This means we can rely on vehicle hashes being unique.
3. A minor change to the original data alters the hash value so much that it's not apparent the new hash value is derived from similar data; this is known as the avalanche effect.

How does this improve Rekor’s platforms and applications?

While Rekor One uses SHA-256 to hash all license plate data, there are a few additional pieces that help ensure best practices when it comes to general cybersecurity.

First, all data is stored in either an RDS (Relational Database Service) table or an S3 (Simple Storage Service) bucket in AWS (Amazon Web Services). Both services encrypt their data on disk and while in transit to our servers. Additionally, both use secure passwords that are automatically rotated every 60 days and stored in AWS Secrets Manager.

Moreover, Rekor One never returns the hashed license plate values to Rekor Discover™ (our comprehensive AI-driven traffic analytics platform). It only returns analytics. This means that someone would first need to gain root-level access to our AWS GovCloud environment, which is FIPS (Federal Information Processing Standards) certified, to see any hashed data.

Ultimately, Rekor One serves as a powerful, secure intelligence engine that strikes a careful balance. It provides actionable,holistic traffic analytics to the Rekor Discover platform while not revealing any personal identifiable information.