The Bio-T: The Biometric Internet of Things

By

Expansion of the Internet of Things (IoT) is surging. A recent Gartner report predicts IoT spending to increase to $2.5 million a minute, with 1 million new IoT devices being sold every hour by 2021.

Products and services within the IoT represent an opportunity for massive growth and potential. Unfortunately, as the IoT proliferates, so do the potential security risks and attack vectors.

As the IoT rapidly grows, biometric technology also is being adopted at a fast rate, with analysts estimating the biometrics market will reach $30 billion by 2021.

Analysts also predict a revenue shift alongside this growth, with biometrics to veer away from the governmental sector and migrate to the consumer and financial services sectors.  We’re already seeing this happen at a rapid pace. Apple’s newly-introduced Macbook Pro includes Touch ID, and Mastercard recently launched selfie-pay, to name just two examples.

Together, biometrics and IoT technology represent a symbiotic match that together will drive further IoT adoption.

The rise of the Bio-T

With the growth of IoT and biometric technology, authentication is being completely reimagined. We’re in an era where baby monitors, insulin pumps and other items traditionally not associated with security can be – and have been – hacked. Deploying IoT security is one of the great challenges of our connected world, and it requires a solution that relies on the strongest authentication.

Device manufacturers for the most part recognize that a shift is needed, and biometric authentication offers a method of doing so that is relatively easy for users. Passwords and PINs are easily forgotten or guessed, but no two people have the same biometric indicators.

Why rely on a metal key or plastic swipe card that can easily be lost or stolen and be misused? It’s little wonder that enterprises across sectors are looking to biometrics for their authentication needs. Biometric authentication also offers a vastly improved user experience – no longer requiring people to carry around physical keys or remember a complicated password. Your fingerprint, face or iris is always with you.

There’s a catch though. Biometric authentication does offer a great alternative to passwords, but it also brings in another major concern for companies: protecting that biometric data.

Risk factors

Cavalier use of biometric data is even riskier than the way passwords or credit card numbers already occurs. You can replace those numbers, have your bank cancel compromised accounts and open new ones, but you can’t get a new fingerprint or change your retinal scan.

For years, cryptographers have warned of potential risks such as the so-called gummy bear hack, in which clear gelatin was used to spoof a downmarket fingerprint scanner.

That was back in 2002. Just as hackers have innovated with increasingly sophisticated methods of stealing passwords and other identifiers, you better believe they’re also developing novel ways to pilfer biometric data.

A safe and secure IoT requires best-in-class next-gen security and a pristine user experience. Biometrics done the right way offers just that.

Tokenization and decentralization

Traditionally, biometric data is stored in one location and if someone wants to authenticate to a system, they provide their unique info, which is then compared to the database. There’s a core defect with this, however; it creates a central repository of sensitive data that is a valuable target for malicious activity.

In a decentralized system, no two persons’ biometric data is stored in the same place, rendering moot the allure of a multi-target storehouse. Users can authorize transactions and permissions via mobile, on-device, across the IoT without exposing sensitive data to the Internet.

Biometric tokenization operates similarly to the commonly known form of encryption used to secure payment card numbers and other sensitive information. With biometric tokenization, the actual fingerprint or other biometric data is translated into a meaningless rendering that can be safely stored on a user’s mobile device. When needed, a cryptographic challenge-response function allows an action-specific or time-stamped, action-specific verifier to be drawn from the biometric and sent via cloud or Bluetooth to activate the log-in, vehicle start, or any other function the mobile app is designed to perform.

The bottom line

As with any technology, biometric tokenization for the IoT is not a panacea. However, when implemented properly and with the aforementioned redundant safeguards in place, biometric authentication for connected home, connected car, and smart lock physical access is a superior alternative to old, staid methods – and one that should complement the IoT especially since, absent passwords, it offers the seamless user experience that IoT adoption requires

About the Author

George Avetisov is the CEO and co-founder of HYPR Corp., provider of secure and decentralized biometric authentication for the Internet of Things.  As a repeat entrepreneur, George has focused on eCommerce security, specializing in fraud and identity for a decade. Years ago, a chance encounter with a computer virus that turned his PC into a bitcoin mining zombie inspired George to pursue technological advances in cyber security. George can be reached at george@hypr.com.  




Edited by Alicia Young


SHARE THIS ARTICLE
Related Articles

How Can I Tell If a Website Is Safe? Watch for These Important Signs

By: Special Guest    6/30/2020

It seems we spend the bulk of our time on devices these days, and many of us depend on the internet to help us complete our jobs, communicate with fam…

Read More

Using Data Analytics and Technology to Combat the Impacts of the Global Pandemic

By: Arti Loftus    6/25/2020

The Coronavirus pandemic has driven leaders to rethink the way that we do things, and although the threat to our health has placed many obstacles in o…

Read More

Cloud computing - can it be the key to the future of our society?

By: Special Guest    6/24/2020

Cloud computing is far from being a novelty technology, but it's only recently that we've started to really use it to its full potential. The global c…

Read More

Cryptocurrency Trading Strategies: Complete Guide

By: Special Guest    6/24/2020

Today we get to the heart of the matter, that is, we will study all the most interesting and productive strategies for investing in cryptocurrencies a…

Read More

What is Node.js used for, and what global companies use it?

By: Special Guest    6/24/2020

Hiring the software development talent pool for an innovative IT project has been a challenge for big companies and start-ups. They have to explore th…

Read More