The Bio-T: The Biometric Internet of Things

By Special Guest
George Avetisov, CEO and Co-Founder, HYPR Corp.
November 11, 2016

Expansion of the Internet of Things (IoT) is surging. A recent Gartner report predicts IoT spending to increase to $2.5 million a minute, with 1 million new IoT devices being sold every hour by 2021.

Products and services within the IoT represent an opportunity for massive growth and potential. Unfortunately, as the IoT proliferates, so do the potential security risks and attack vectors.

As the IoT rapidly grows, biometric technology also is being adopted at a fast rate, with analysts estimating the biometrics market will reach $30 billion by 2021.

Analysts also predict a revenue shift alongside this growth, with biometrics to veer away from the governmental sector and migrate to the consumer and financial services sectors.  We’re already seeing this happen at a rapid pace. Apple’s newly-introduced Macbook Pro includes Touch ID, and Mastercard recently launched selfie-pay, to name just two examples.

Together, biometrics and IoT technology represent a symbiotic match that together will drive further IoT adoption.

The rise of the Bio-T

With the growth of IoT and biometric technology, authentication is being completely reimagined. We’re in an era where baby monitors, insulin pumps and other items traditionally not associated with security can be – and have been – hacked. Deploying IoT security is one of the great challenges of our connected world, and it requires a solution that relies on the strongest authentication.

Device manufacturers for the most part recognize that a shift is needed, and biometric authentication offers a method of doing so that is relatively easy for users. Passwords and PINs are easily forgotten or guessed, but no two people have the same biometric indicators.

Why rely on a metal key or plastic swipe card that can easily be lost or stolen and be misused? It’s little wonder that enterprises across sectors are looking to biometrics for their authentication needs. Biometric authentication also offers a vastly improved user experience – no longer requiring people to carry around physical keys or remember a complicated password. Your fingerprint, face or iris is always with you.

There’s a catch though. Biometric authentication does offer a great alternative to passwords, but it also brings in another major concern for companies: protecting that biometric data.

Risk factors

Cavalier use of biometric data is even riskier than the way passwords or credit card numbers already occurs. You can replace those numbers, have your bank cancel compromised accounts and open new ones, but you can’t get a new fingerprint or change your retinal scan.

For years, cryptographers have warned of potential risks such as the so-called gummy bear hack, in which clear gelatin was used to spoof a downmarket fingerprint scanner.

That was back in 2002. Just as hackers have innovated with increasingly sophisticated methods of stealing passwords and other identifiers, you better believe they’re also developing novel ways to pilfer biometric data.

A safe and secure IoT requires best-in-class next-gen security and a pristine user experience. Biometrics done the right way offers just that.

Tokenization and decentralization

Traditionally, biometric data is stored in one location and if someone wants to authenticate to a system, they provide their unique info, which is then compared to the database. There’s a core defect with this, however; it creates a central repository of sensitive data that is a valuable target for malicious activity.

In a decentralized system, no two persons’ biometric data is stored in the same place, rendering moot the allure of a multi-target storehouse. Users can authorize transactions and permissions via mobile, on-device, across the IoT without exposing sensitive data to the Internet.

Biometric tokenization operates similarly to the commonly known form of encryption used to secure payment card numbers and other sensitive information. With biometric tokenization, the actual fingerprint or other biometric data is translated into a meaningless rendering that can be safely stored on a user’s mobile device. When needed, a cryptographic challenge-response function allows an action-specific or time-stamped, action-specific verifier to be drawn from the biometric and sent via cloud or Bluetooth to activate the log-in, vehicle start, or any other function the mobile app is designed to perform.

The bottom line

As with any technology, biometric tokenization for the IoT is not a panacea. However, when implemented properly and with the aforementioned redundant safeguards in place, biometric authentication for connected home, connected car, and smart lock physical access is a superior alternative to old, staid methods – and one that should complement the IoT especially since, absent passwords, it offers the seamless user experience that IoT adoption requires

About the Author

George Avetisov is the CEO and co-founder of HYPR Corp., provider of secure and decentralized biometric authentication for the Internet of Things.  As a repeat entrepreneur, George has focused on eCommerce security, specializing in fraud and identity for a decade. Years ago, a chance encounter with a computer virus that turned his PC into a bitcoin mining zombie inspired George to pursue technological advances in cyber security. George can be reached at  

Edited by Alicia Young

Related Articles

Why Blockchain Could Be a Gamechanger

By: Paula Bernier    1/22/2018

Blockchain has become closely associated with the controversial topic of cryptocurrency. And that's fine because blockchain is an enabling technology …

Read More

Consumer Privacy in the Digital Era: Three Trends to Watch

By: Special Guest    1/18/2018

Digital advertising has exploded in recent years, with the latest eMarketer data forecasting $83 billion in revenue this year and continued growth on …

Read More

CES 2018: Terabit Fiber - Closer Than We Think

By: Doug Mohney    1/17/2018

One of the biggest challenges for 5G and last mile 10 Gig deployments is not raw data speeds, but middle mile and core networks. The wireless industry…

Read More

10 Benefits of Drone-Based Asset Inspections

By: Frank Segarra    1/15/2018

Although a new and emerging technology, (which is still evolving), in early 2018, most companies are not aware of the possible benefits they can achie…

Read More

VR Could Change Entertainment Forever

By: Special Guest    1/11/2018

VR could change everything from how we play video games to how we interact with our friends and family. VR has the power to change how we consume all …

Read More