Biometric Authentication Richard Lobovsky's post
Bridging the Gap between User Experience and Mobile Security
MAY 26, 2018
“Asking someone whether security is more important than user experience is like asking whether your left arm is more important than your right arm,” says Alexey Khitrov, CEO and cofounder of ID R&D. You may have a dominant hand, but having one without the other makes things more difficult.
ID R&D develops solutions that increase authentication security while also enhancing the user experience. Here’s how ID R&D’s offerings, available through the Samsung SDS Digital Identity Platform, provide mobile end users with a frictionless digital experience:
Use Your Voice
It happens more than you care to admit. You forget your password. You reluctantly follow the prompt to reset or recover your password only to be struck by another obstacle. You can’t remember the name of the street you lived on in college or what you chose that day as your favorite food. According to Khitrov, a quarter of people cannot remember the answers to their security questions, which almost defeats the purpose of having them in the first place.
The Samsung SDS Digital Identity Platform features Nexsign, a FIDO certified risk-based biometric authentication solution, which forgoes passwords in favor of biological information, such as fingerprint, facial or voice scan, to authenticate customers. ID R&D’s voice biometrics allows Nexsign to verify user identities by the way they speak (voice biometrics) or interact with devices (behavioral biometrics). Through the platform, users create a passphrase that could be as simple as a favorite sports team or the name of a pet, which they authenticate by speaking that passphrase into the phone.
If the users are who they say they are, a few simple words are all that is required to get access to mobile and web resources. However, if a malicious actor possesses the device, the phone will simply reject any attempt to impersonate the rightful user. Moreover, capabilities from ID R&D would prevent any type of “record and replay” attack as this unique solution can distinguish between “live” human speech and a recording of a voice.
The burden of creating a secure password is lifted from the user because even if a potential hacker has access to the user’s passphrase, he or she still needs to replicate the user’s voice, which is impossible. You end with an authentication process that is more secure than answering where you were born or your mother’s maiden name, and much more user friendly than constantly re-setting forgotten passwords.
Ask, and You Shall Receive
Imagine picking up your phone, and simply asking your banking app for your balance and retrieving the information without ever having to login. The Digital Identity Platform and ID R&D offer one of the world’s first frictionless, multimodal biometric authentication solutions for a conversational interface (virtual assistants, chatbots). Existing chat applications can use the platform’s face, voice and behavioral biometrics to authenticate the customer and secure the conversation without disrupting the user experience.
So, if you ask your phone how much money is in your account, you will receive a quick response with the answer. If somebody else were to grab your phone and try to direct a transfer with a voice command, the operation would be immediately stopped as the biometric information (voice, face, and behavioral) would not match the profile of the rightful owner.
Additionally, Nexsign enables multifactor step-up authentication for any transaction requiring identity confirmation. Using keystroke dynamics as a secondary authentication method, simply type your question into your device. The platform analyzes each tap, stroke and swipe to ensure it is truly you. It is virtually impossible to imitate each unique behavior that defines how you interact with your keyboard whether it’s on a mobile phone, laptop or desktop. In addition to the step-up authentication use case, keystroke dynamics can be used to silently authenticate a user to log into an application. If the system recognizes the user’s behavioral pattern, then no password or modality-based biometric authentication is required but if an anomaly is detected, Nexsign would be invoked to challenge the user with authentication using fingerprint, face or voice. This powerful combination optimizes both security and the user experience.
Looking to the Future
The Samsung SDS Digital Identity Platform exemplifies what Khitrov sees as the future of biometrics. In the next five years, Khitrov sees interactions between customers and enterprises mimicking a “friend” experience. What he means here is that when you meet your friends and family, you don’t shake hands and show them your passport or start with stating a password. Your family and friends know you. In the near future, businesses will know their consumers too through advancements in biometric authentication.
How do you think biometric authentication will impact the relationship between businesses and consumers? Let us know by sending us a tweet at @SamsungSDSA.
Intrigued by Nexsign? Check out the introduction video below and click here for more information about the solution.
Whether you're looking for a specific business solution or just need some questions answered, we're here to help.