EyeLock Offers Solution to Server-Side Biometrics Vulnerability

Iris scanning specialist EyeLock says it has developed a more secure cloud-based biometric authentication system. Employing both EyeLock’s patent-pending BioTag protocol and sophisticated AI, the system is detailed in a new whitepaper entitled “What You Should Know About Biometrics in the Cloud”.

EyeLock Offers Solution to Server-Side Biometrics Vulnerability

The aim is to offer a biometric authentication system that also incorporates two key advantages of password authentication – the ability to encrypt credentials, and to revoke them. To do that, the system would essentially create a cryptographic pattern out of a given biometric sample, and use that for authentication. That cryptographic key can be stored on a server, and the user can rest assured that even if the server is compromised, the scrambled biometric snippets in the key are useless to hackers, and can easily be revoked and changed. Meanwhile, the actual authentication process is helped along by an AI system designed to put together the cryptographic key even when not every puzzle piece is present in a given biometric scan.

The system has some more subtle details that are elaborated by EyeLock CISO Christopher Ream in the whitepaper, but the main point is that it offers a means of using server-based biometric authentication that won’t permanently compromise a subject’s credentials if it’s hacked. As such, it could offer a solution to organizations that aren’t able to pursue the on-device biometric storage approach advocated for by groups like the FIDO Alliance.

February 3, 2017 – by Alex Perala