Biometric Authentication Richard Lobovsky's post
Are Consumer-Grade Biometrics Leaving Your Networks Exposed?
OCT 21, 2017
What if we told you there’s now a way to access your cash by scanning your face in front of an ATM? No pin or card needed. More convenient, more consumer-friendly and, most importantly, more secure.
Samsung SDSA America, Inc. partnered with Diebold Nixdorf to create a pin-free, card-free ATM user transaction leveraging a mobile banking application, Near Field Communications (NFC) and facial recognition from Samsung SDS Nexsign™, a FIDO (Fast Identity Online) certified biometric authentication platform. This technology wouldn’t have been possible without the use of enterprise-grade biometrics. Enterprise-grade biometrics goes beyond using just your fingerprint to unlock your mobile devices. Here’s why that’s important for your business.
Why Enterprise-Grade Biometrics Matter
The quintessential example of enterprise-grade biometrics is Samsung SDS’s Nexsign solution. Nexsign uses something called the public key biometrics (PKB). PKB consists of three elements: a public key, a private key and a biometric template. Once a user has enrolled their biometrics, you no longer need to enter a password to be authenticated to a web service or mobile application. You simply complete a single gesture, like a fingerprint or a voice response, and you’re set.
So, how does this work? Upon enrollment of a biometric a private key, public key and biometric template are created and encrypted using the highest form of security on an Android or iOS device. The system stores your biological data as a biometric template, which is a numerical sequence that never leaves your device. That means it’s impossible for hackers to infiltrate or attribute back to you and your fingerprint isn’t saved somewhere on the cloud. The public key is sent to a Nexsign server, which sits on premise behind the bank’s firewall. Every time a biometric authentication request occurs, there’s a handshake between the private and public keys and a successful match enables authentication without the use of a password. Enterprise-grade biometrics are sometimes called application-layer biometrics because you're actually embedding code right into the application source code. Typical consumer grade biometrics such as Touch ID simply enables login to a user’s phone or an application but lacks the PKB underpinning that enables a higher level of security.
Imagine you’re at work when you suddenly need to use the bathroom. You rush off and accidentally leave your mobile phone unattended. It’s the perfect window of opportunity for a hacker to steal your data. With enterprise-grade biometrics, your unique biometric template is stored inside your phone like memory. If a hacker were to try to break into your phone, he or she would be unsuccessful because the device wouldn’t recognize him or her. Your phone would reject the attempt because it’d be impossible for an intruder to replicate your biological data.
Where Consumer-Grade Biometrics Fall Short
If you're an iPhone user, you know all about consumer-grade biometrics, which encompasses things like facial or touch identification. Biometrics owe a lot to Apple for introducing the technology to mainstream consumer use. But does that mean consumer-grade biometrics are safe? If only your unique fingerprint can be used to access your phone, it's perfectly secure, right?
That's not necessarily true. The iPhone and other consumer-grade biometrics are considered “device-layer biometrics.” This means your biometrics only exist on the device level and while it can unlock your device and prevent other people from accessing it, it doesn't protect against phishing, hacking and other common attacks against user credentials. This also lacks the additional layer of security provided by a FIDO solution such as Nexsign.
Single Modality Versus Multiple Modalities
Consumer-grade biometrics are typically limited to a single modality, meaning you can only authenticate using just Face ID or just Touch ID. Samsung's enterprise-grade FIDO solution offers three modalities: face, touch and voice identification, with new modalities coming in future releases.
It goes beyond just using one type of biometrics to log into your account. Let's say your standard authentication procedure for your daily deposits and withdrawals is a fingerprint ID. However, today you might need to make a $10,000 transfer to an international client's foreign account. There’s more risk associated with this transaction than checking your balance, so the app could require that you use a different modality such as face identification, or a combination like fingerprint and voice identification. This step up authentication wouldn’t be possible with a consumer-grade biometrics option that only has one modality.
Benefits to Your Business
Samsung’s Nexsign solution makes workplace authentication easier. Consumer-grade biometrics are usually only native to its platform. Apple only works on iOS, and Android only works on Android. In reality, your employees probably use a mix of Apple and Android devices. Samsung created its solution with this in mind so that every employee in your office could leverage this platform. Having a standard approach to authentication across all your business devices, as well as no longer using passwords, can cut down traffic to your IT department, increase productivity and lower costs.
Data security is an issue every business owner should worry about, especially as the workforce becomes increasingly mobile. As employees take their devices out of the office, they’re exposing your network to an entire world of cyber security threats. Consumer-grade enterprise simply comes short of protecting them because of its limited verification factors or modalities.
With enterprise-grade biometrics, businesses can welcome the flexibility and convenience of mobile without sacrificing security or usability. Interested in deploying enterprise-grade biometrics for your business? Learn more at our website.
Whether you're looking for a specific business solution or just need some questions answered, we're here to help.