Security used to mean “difficult,” says Phil Dunkelberger, CEO of Nok Nok Labs. It’s easy to see why he thinks this. Organizations have struggled for decades to find security tools that kept out bad guys while admitting authorized persons. This is both a physical security and cybersecurity issue.
But, Dunkelberger adds, thanks to the impact of biometrics over the past few years, security is no longer quite as difficult. “Every day,” he says, “millions of people interact with a sliver of glass in their pocket that will tell them everything from the current age of the universe to when their shampoo will be delivered to their doorstep to how much money they have in their retirement account. Each of these interactions, thanks to biometrics, can be accomplished seamlessly and without friction. No longer are they required to create and remember a highly entropic code to use as a shared-secret; now they can simply look at that sliver of glass and blink.”
Biometrics are changing the way we think about security. Here are some of the more innovative ways biometrics are being used and what we can expect in the future.
Biometrics: Moving Far Beyond Fingerprints
Biometrics are changing the way we think about security. Here are some of the more innovative ways biometrics are being used and what we can expect in the future.
A new way of thinking about consumer-grade security
Rather than one large, all-access door, we can introduce a multi-gate system where access to information or functionality at a lower level can be a simple fingerprint swipe, but higher levels of access require additional levels of proof of identity, according to Dunkelberger. “Historically, a single password was the only thing necessary to access and approve all levels of a transaction — from seeing a balance, to paying a regular bill, to transferring vast amounts of funds. Now, a fingerprint can be used to view an account balance, but a consumer would need a fingerprint plus a facial recognition scan to pay a bill or a fingerprint, face and voice authentication to transfer funds. Even in combination, the friction to the user will still be less than typing in a complicated password on a tiny touch-screen.”
Gait detection: How a person walks
The unique advantage of gait detection is ID at a distance, says Jason Chaikin, president of Vkansee. You can use this type of identification to recognize or authenticate an individual 100m away or more, where other more traditional biometrics (iris, facial recognition, etc.) may struggle to perform. “This makes gait detection ideal for critical infrastructure security in places such as embassies, government buildings, jetways and other controlled areas for security for high-profile individuals,” he says. “Matching how a person walks to what’s been pre-registered in a database allows these buildings or areas to identify guests who are on the approved white list or, conversely, on a black list before they are within close range.”
Biometrics in restaurants
According to Yi Chen, VP of Product at Toast Restaurant Operating System, transactions in restaurants will be even faster when biometrics move past fingerprint hardware to things like facial recognition. Fingerprint is hardware expensive and, especially in a restaurant setting, people’s fingers can get dirty because they are around food, drinks and dirty cups/dishes. “Facial recognition scanning is a very interesting new technology leveraging built-in cameras of cloud-based tablets, no need for additional hardware that has to be maintained (which slows down lines),” Chen says. It can even allow management to see which employees are excelling and provide better incentives to those employees.
Using your heart
SoftServe’s BioLock is an electrocardiogram biosensor analysis system, and the world’s first to use ECG analysis embedded in steering wheels to identify the identity of drivers. The technology is also expected to play a key role in the safety and security of smart cities and within the industrial space by using EGC biosensors over other forms of authentication such as passwords, security cards and fingerprint recognition.
Verifying identity in one-time transactions
Facial recognition technology is taking advantage of the popularity of selfies with Acuant’s Facial Recognition & Match. The technology can ensure that the person who is registered on the account is the same person logging into the account. Facial recognition systems for logging into an account ensure that the person who is registered on the account is the same person logging into the account. During the customer onboarding process, the facial biometric/image is stored in the customer account so that it can later be accessed during the login process and matched to the selfie taken. This technology can be used in a variety of ways, such as verifying identity for air travel or allowing virtual check-in for hotel reservations, for example.
Biometrics vs. bots
Detecting bad bots from good ones has been very difficult, and this has led to a number of bot-generated cybersecurity attacks. NuData Security is using biometrics to be able to separate the good from the bad. “Because bots cannot replicate the nuanced variables in human behavior that are the hallmark of human/machine interaction, NuData’s biometric authentication can detect when a bad bot’s attempting a brute-force authentication in a specific transaction, or even when a bot army is seeking to take down entire sites,” Lisa Baergen, marketing director with NuData Security, explains. “From the pitch and angle of a handheld device to the length of gaps between typing and swiping, biometrics can identify valid users by their patterns, and immediately differentiate them from bad ones using a myriad of ingrained, highly individual behaviors that non-human attempts can’t reproduce.”
Body odor biometrics
According to researchers at the Polytechnic University of Madrid (UPM) and Ilía Sistemas SL, there are unique characteristics in each person’s body odor that remain constant and can be used to determine identity. “The biometric technique has an error rate of 15 percent in early stages of development, leaving room for improvement, but also showing promise that it could be a viable method with more fine-tuning,” explains Jonathan Levine, CTO of Intermedia. While it’s bizarre to imagine our smart devices and electronics “sniffing” us to verify our identities, primary body odor is impossible to replicate and isn’t masked by secondary odors (e.g., dietary, environmental) or tertiary odors (e.g., lotions, perfumes).
Body tattoos and biometrics
MC10 is reshaping the health care industry with its electronic skin patches designed to monitor patient vitals, such as heart rate, in real time, to improve human health, according to Levine. The patches, which are thinner than human hair, can bend, stretch and twist naturally with our bodies. In addition, MC10 announced a recent partnership with custom products designer PCH to expand its application beyond the medical field. Other areas being explored include ticketed events, cashless payments and security, where the electronic tattoo could include our login credentials. “MC10’s WiSP technology could very well turn us into living, breathing passwords soon,” he says.
Relying on voice biometrics
“Voice biometrics is solving the customer service authentication process by creating a quicker and more efficient authentication process. Voice biometrics is a technology used to identify a person based on the physical and behavioral characteristics of an individual’s voice. A voice print is unique to each individual, similar to a person’s fingerprint. It can help customers avoid a long authentication process by identifying them in just seconds within the natural flow of conversation with an agent or during an IVR call, where all the caller has to state is their name or phone number,” says Erica Thomson, fraud and authentication specialist at NICE.
Using your behaviors
Intensity Analytics’ TickStream.KeyID technology provides identity solutions by applying complex geospatial mathematics and machine learning algorithms to your physical behavior on a device. This is done primarily by measuring your effort on a keyboard or smartphone and, when used with a password or known string of text, it is as effective at identifying a person as a fingerprint. And if someone else tries to use your TickStream KeyID, it will be futile. Without the ability to match your unique physical behavior, they will not be able to login to your system.