Expansion of the Internet of Things (IoT) is surging. A recent Gartner report predicts IoT spending to increase to $2.5 million a minute, with 1 million new IoT devices being sold every hour by 2021.

Products and services within the IoT represent an opportunity for massive growth and potential. Unfortunately, as the IoT proliferates, so do the potential security risks and attack vectors.

As the IoT rapidly grows, biometric technology also is being adopted at a fast rate, with analysts estimating the biometrics market will reach $30 billion by 2021.

Analysts also predict a revenue shift alongside this growth, with biometrics to veer away from the governmental sector and migrate to the consumer and financial services sectors.  We’re already seeing this happen at a rapid pace. Apple’s newly-introduced Macbook Pro includes Touch ID, and Mastercard recently launched selfie-pay, to name just two examples.

Together, biometrics and IoT technology represent a symbiotic match that together will drive further IoT adoption.

The rise of the Bio-T

With the growth of IoT and biometric technology, authentication is being completely reimagined. We’re in an era where baby monitors, insulin pumps and other items traditionally not associated with security can be – and have been – hacked. Deploying IoT security is one of the great challenges of our connected world, and it requires a solution that relies on the strongest authentication.

Device manufacturers for the most part recognize that a shift is needed, and biometric authentication offers a method of doing so that is relatively easy for users. Passwords and PINs are easily forgotten or guessed, but no two people have the same biometric indicators.

Why rely on a metal key or plastic swipe card that can easily be lost or stolen and be misused? It’s little wonder that enterprises across sectors are looking to biometrics for their authentication needs. Biometric authentication also offers a vastly improved user experience – no longer requiring people to carry around physical keys or remember a complicated password. Your fingerprint, face or iris is always with you.

There’s a catch though. Biometric authentication does offer a great alternative to passwords, but it also brings in another major concern for companies: protecting that biometric data.

Risk factors

Cavalier use of biometric data is even riskier than the way passwords or credit card numbers already occurs. You can replace those numbers, have your bank cancel compromised accounts and open new ones, but you can’t get a new fingerprint or change your retinal scan.

For years, cryptographers have warned of potential risks such as the so-called gummy bear hack, in which clear gelatin was used to spoof a downmarket fingerprint scanner.

That was back in 2002. Just as hackers have innovated with increasingly sophisticated methods of stealing passwords and other identifiers, you better believe they’re also developing novel ways to pilfer biometric data.

A safe and secure IoT requires best-in-class next-gen security and a pristine user experience. Biometrics done the right way offers just that.

Tokenization and decentralization

Traditionally, biometric data is stored in one location and if someone wants to authenticate to a system, they provide their unique info, which is then compared to the database. There’s a core defect with this, however; it creates a central repository of sensitive data that is a valuable target for malicious activity.

In a decentralized system, no two persons’ biometric data is stored in the same place, rendering moot the allure of a multi-target storehouse. Users can authorize transactions and permissions via mobile, on-device, across the IoT without exposing sensitive data to the Internet.

Biometric tokenization operates similarly to the commonly known form of encryption used to secure payment card numbers and other sensitive information. With biometric tokenization, the actual fingerprint or other biometric data is translated into a meaningless rendering that can be safely stored on a user’s mobile device. When needed, a cryptographic challenge-response function allows an action-specific or time-stamped, action-specific verifier to be drawn from the biometric and sent via cloud or Bluetooth to activate the log-in, vehicle start, or any other function the mobile app is designed to perform.

The bottom line

As with any technology, biometric tokenization for the IoT is not a panacea. However, when implemented properly and with the aforementioned redundant safeguards in place, biometric authentication for connected home, connected car, and smart lock physical access is a superior alternative to old, staid methods – and one that should complement the IoT especially since, absent passwords, it offers the seamless user experience that IoT adoption requires

About the Author

George Avetisov is the CEO and co-founder of HYPR Corp., provider of secure and decentralized biometric authentication for the Internet of Things.  As a repeat entrepreneur, George has focused on eCommerce security, specializing in fraud and identity for a decade. Years ago, a chance encounter with a computer virus that turned his PC into a bitcoin mining zombie inspired George to pursue technological advances in cyber security. George can be reached at [email protected].