Published on 16 November, 2015
Are smart phones poised to replace all biometrics hardware in the next several years?
That’s the bold prediction of Hector Hoyos, CEO of Hoyos Labs, one of the pioneers of biometrics technology who owns 59 patents (pending and issued) related to the field. The advent of the smart phone, which amounts to everyone carrying a computer in the palm of their hand, provides all the ability anyone needs to capture biometric information to use for verification, he says.
Breakthrough in technology
“Proprietary biometrics-based hardware will go away in the next three to five years,” Hoyos says. “You don’t need a proprietary sensor with smart phones getting more sophisticated. The time for proprietary hardware for biometrics is over – killed by the mobile industry. The technology is obsolete.”
Instead of biometrics readers costing “thousands of dollars,” capabilities of smart phones will continue to develop to provide the same level of security, says Hoyos. For example, related to physical access control, the smart phone will communicate with an electronic lock using near field communication (NFC). It’s an extension of the idea we have already seen in the market of using a smart phone as a credential.
Many current smart phones have fingerprint authentication, but phones can also be used for other types of biometrics, including face recognition and even iris scanning, says Hoyos.
You don’t need a proprietary sensor with smart phones getting more sophisticated. The time for proprietary hardware for biometrics is over – killed by the mobile industry
Hoyos Labs has also introduced a proprietary four-finger authentication technology – 4F ID – that uses a smartphone’s rear camera and LED flash light, without additional hardware, to capture a person’s four fingerprints to increase reliability and security for the user.
In fact, Hoyos Labs has enabled every major biometric – face, iris, voice and fingerprint – to be captured with a smart phone and applied across a myriad of industries. In addition to physical access control, the technologies can be used for financial services, healthcare, and telecommunications. Hoyas says Microsoft’s three new Lumia smart phones will feature an iris scanner and facial recognition capabilities right on the device.
Addressing security concerns
“On the consumer side, the reality is that all you need is an electronic lock, and your smart phone device becomes the biometric,” says Hoyos.
If greater security is required, applications can deploy hybrid, multi-authentication systems, such as fingerprint combined with a facial or iris scan, he says.
Keeping individual biometric credentials encrypted on smart phones is a more secure option than storing them in a centralised database on a server, which could be subject to hacking despite best efforts to keep it secure. Biometrics contained on smart phones is the best approach to providing verification.
However, in applications that require absolute proof of identification, such as banking applications, a central database is needed and must be protected. A centralised database can ensure that someone doesn’t open multiple accounts at a variety of banks using different names, for example.
Keeping individual biometric
credentials encrypted on smart
phones is a more secure option
than storing them in a centralised
database on a server
Protecting biometrics data
Three years ago, Hoyos Labs developed the BOPS (Biometrics Open Protocol Standard) framework, providing a global infrastructure ensuring end-to-end authentication of biometrics data for applications worldwide. In effect, it is the “back-end” technology for a range of biometrics used in any market.
Hoyos says the framework is a vendor-agnostic infrastructure to support and protect use of biometrics data on the Internet and mobile devices. “Anybody’s train can run on those tracks, any type of biometric,” says Hoyos. “Our infrastructure is agnostic; we provide the plumbing that everybody needs to plug into.”
Among the protections BOPS provides for centralised biometrics required for identification are encryption, secure storage and the practice of dividing a biometric into two parts – stored in different locations – so that violation of any single database would not provide a complete biometric. BOPS protocols also enable secure communication of biometrics to various devices, so a person could use a biometric to secure an Internet of Things device without having to reprogram a user name and password. The BOPS framework has been contributed to IEEE and has been published as the IEEE 2410-2015 standard. [IEEE is the Institute of Electrical and Electronics Engineers.]
Hoyos says several physical access control companies are in the process of integrating BOPS into their products. Also, 20 of the Fortune 100 companies are using the standard, which he says is essential for use of biometric data to secure the coming Internet of Things (IoT).