Biometric Authentication Provides Body of Evidence
If you’re as plugged in as we are, then you probably have something like 150 online accounts. That means you probably have 150 variations of the same half-dozen login names and passwords. And chances are, you’ve gotten a message from a friend in the last few months telling you that it looks like you got hacked again, after he received email spam to enlarge an embarrassingly small body part. Well, we think the days of the alphanumeric password are numbered. The age of biometric authentication is dawning.
We first thought biometric authentication was another self-help yoga fad until we delved a little deeper. Rather, biometrics refers to a system that relies on measuring a person’s physical characteristics or behaviors as a means for unique identification. It comes from two Greek words, for those of you into language and stuff: bios meaning life and metrikos meaning measure.
Most of us are familiar with one of the oldest biometric systems. Fingerprinting has been around since the early 20th century. Hand geometry, a biometric that identifies a person by the shape of his hand, has been in vogue with high-tech security and spy movies since the 1980s. Again, largely thanks to Hollywood, most of us are also probably aware of eye recognition, another type of biometric authentication that scans the unique structures of the human eye such as the iris.
And then things start to get a little freakier and Big Brother-ish. Thanks to the rise of artificial intelligence and machine vision, facial identification is a fast-rising biometric authentication technology. AI and natural language processing is also quickly improving voice recognition. Some of the newest biometric authentication systems are really starting to get at the heart of the matter. Vein recognition systems, for instance, use vascular patterns from a person’s hand as a personal identifier. At least one company out there goes straight for the heart, literally measuring your heartbeat. (That one gets our vote for the best Zombie Apocalypse security measure.) Even the human ear, it turns out, can be used for biometric authentication.
And here’s something else you might want to hear: According to research firm MarketsandMarkets, the biometrics market is expected to reach $24 billion by 2020. In the mobile market alone—think mostly fingerprint authentication at the moment—Juniper Research reported that within the next two years, more than 770 million biometric authentication applications will be downloaded per year, compared to just six million apps today.
We didn’t realize the rabbit hole that we were jumping down when we first started researching this topic, so we thought we’d give you a taste of some of these biometric authentication systems by highlighting a few startups and companies.
EyeVerify is mainly flogging its EyePrint ID biometric authentication software to the financial services sector. Wells Fargo was among its earliest investors and users, bringing total investments to the Kansas City-based startup up to $10.42 million. The app only requires a 1-megapixel camera on a smartphone to image and pattern match the blood vessels in the whites of the eye.
The company claims the encryption is equivalent to a complex 50-character password and is 99.9 percent accurate. It even works if you’re hungover with bloodshot eyes. The AI-powered algorithms search for strong vein patterns and micro features in and around the eye. When your eyes are bloodshot you don’t actually grow new blood vessels; they’re just more pronounced. So drink and bank to your heart’s content. The company recently announced inroads into the European market.
Backed by $21.3 million, including a $5.9 million Series A last May, Nymi is a Toronto-based startup that goes way beyond mobile apps for biometric authentication. Its Nymi Band is basically a wearable keycard on the wrist but with loads more features. For starters, it uses HeartID, a company technology that uses an individual’s unique electrocardiogram for authentication. It can also use other biometric authentication systems, such as Apple Touch ID. Once activated, Nymi Band emits a continuous Bluetooth or other wireless signal, allowing access to your company’s most secure secret lab and unlocking your computer when you’re in range. It can also be used for personal stuff, such as tracking steps like a Fitbit or being linked to a credit card for wireless purchases. Nymi is part of the FIDO Alliance, a trade group for authentication standards.
Friends, Romans, countrymen, lend me your ear … for biometric authentication. Our apologies to Shakespeare, but we challenge the Bard to find a more interesting use of that line. Descartes Biometrics, based in Bellingham, Washington, uses a smartphone’s front-facing camera and a person’s unique ear features for authentication. The user simply lifts the mobile device to her ear—apparently, this is what people used to do with phones—and the mobile app scans, analyzes and matches the shape of the individual’s ear. Apparently, one well-known critic, a fellow known as van Gogh, was not overly impressed. We didn’t find any immediate information on company financials, and Descartes news webpage hasn’t been updated since 2015.
Nuance Communications and BioCatch
As journalists, we first came across publicly traded Nuance Communications (NASDAQ:NUAN) when we purchased its Dragon NaturallySpeaking speech recognition software to transcribe interviews. It sucked. The transcription read as if we had just interviewed Linda Blair from “The Exorcist”. Somehow, the company has survived (though it’s stock is trading near half of its $30 high a few years ago), and is now deep into biometric platforms. Naturally, its first foray was into voice authentication through its VocalPassword platform. Now it offers a biometrics security suite called FraudMiner that combines voice biometrics with other fraud detection techniques.
Last month, Nuance announced a partnership with Israeli startup BioCatch. Backed by $11.6 million, with $10 million from VC funds in 2014, BioCatch uses more than 500 metrics to authenticate an individual through human-device interaction. The company explains that its platform creates a unique identifier based on everything from which hand a person favors and muscle usage to geolocation and navigation behavior. It can even spot malicious bots.
Here’s an article we wrote on BioCatch if you’re interested in reading more about their fascinating technology.
Another company in the behavioral biometrics authentication space, Typingdna is a Romanian startup that uses AI algorithms to develop a unique user profile based on the way you type on a keyboard. It was founded in 2016 with an undisclosed seed round from a local VC firm. The company claims its AI engine is 99 percent accurate and improves over time as it gets more familiar with a user’s typing behavior. Typingdna is aiming to be more than another biometrics security company. It is researching what other traits may be detectable based on a user’s typing behavior. That includes trying to learn about a person’s gender, age, IQ, openness and even personality by how they stroke a keyboard, according to a story in PC World.
Update 01/06/20: TypingDNA has raised $7 million in Series A funding for the build-out of its developer support network and tools to integrate its services with popular web development tools. This brings the company’s total funding to $8.8 million to date.
Finally, there is New York-based HYPR, which does a little bit of everything. Fairly fresh off of a $3 million seed round in October 2016, HYPR enables users to access accounts on a mobile device with biometrics such as fingerprint, voice, face and eye recognition. The company refers to its HYPR-1 system as decentralized biometric authentication. That means the biometric scan never leaves the user’s device. Instead, the bank (HYPR mostly serves the financial industry at the moment) receives a “token” verifying the user’s identity at that moment.
There is even a HYPR-2 platform for the Internet of Things, which embeds the biometric authentication into smart devices, including cars, home security, and even medical devices. Trust us, you don’t want your pacemaker hacked.
So, get ready to ditch that Xcel spreadsheet with your secret passwords and your favorite lanyard with the magnetic key card. Passwords are so passé. Look into the future and prepare to be scanned.