Mobile devices are powerful pieces of technology. Enabling an unprecedented level of communication via multiple channels and methods, smartphones are designed to capture our human experience and translate it to the digital world. When it comes to the context of our lives – what we do, what we hear, see and think – the hardware and software have us fully covered in terms of sharing (with the exception of taste and smell, I suppose). But what about when it comes to what we are?
The versatility of a modern mobile device has come to encompass our biological identity, thanks to new hardware innovations and software that can leverage existing sensors on a handset to measure the unique traits of our bodies. Fingerprints, irises, facial features and the sound of our voices can all be measured by today’s mainstream smartphones. This information can, in turn, be used to prove our identity online in a more trustworthy way than passwords and keys.
Rather than a single modality emerging to dominate the authentication market, what has evolved is a robust landscape that has a biometric option for every situation. Authentication on mobile devices has become similar to the ways that we communicate through the platform. In the same way that a picture might be the best way to capture what you want to express, maybe facial recognition is the best biometric to use when logging into your email. Whatever is best suited for the job – whether it’s a single modality or multiple ones – can be used to get the job done efficiently.
In the identity industry there has been a long standing discussion as to where authentication should be happening in the verification process: in a secure cloud or on device’s secure element. For some time it looked like the two authentication paradigms were at war, and indeed, they seem incompatible. Thought in this matter has started to shift, however, and true to the multimodal nature of mobility, the future might actually accommodate both concepts.
The subject of on-device versus cloud based authentication was brought up during our webinar, Mobile Biometrics & The Next Generation of Digital Identity, and Maxine Most, principal at Acuity Market Intelligence, outlined a future that can accommodate both.
“There are appropriate times when you’re going to authenticate yourself on board – I’m going to make sure my phone is mine and I can have access to it – obviously I want to do that on the phone,” said Most. “I think what happens is, as the value of the interaction [increases] – whether it’s the transaction or the information that you’re seeking – the risk associated with that transaction or that interaction and the quality of the information. I think you have to start moving to cloud-based authentication because there are limitations to authenticating yourself to a device and then simply transferring a “Yes this is me,” or “No this is not me,” versus actually saying, “Okay, I’m going to capture a template, encrypt that template and transfer it to a centralized location because in this case I need better authentication.”
This two pronged approach opens up a great deal of options for the future of mobile biometric authentication but presents a challenge too.
“We’re going to have to get a lot better as an industry in understanding how you can use cloud based systems to augment device based authentication as appropriate and to create a security infrastructure that is going to allow us to do that safely,” said Most.
A suggestion Most presented during the webinar is the concept of independent Biometrics-as-a-Service (BaaS) providers. Arguing that a lot of organizations aren’t going to want to take on the risk associated with storing authentication information on their own, despite the benefits offered by cloud-based authentication.
Most offered: “They’re not going to want to take on that liability, so there’s a huge opportunity for folks to really focus on how you build a secure, cloud based biometric authentication service and make that work in a way where people have a high degree of trust and that there are paths to mitigate potential issues that are associated with that kind of technology.”
Convenience has been a great driver in the adoption of biometric technology among consumers and mainstream adopters. That demand for ease of use will not diminish, but, thanks to the consistent threats to modern cybersecurity, a high level of trust will be equally important when it comes to high risk mobile interactions. As such, we once again are turning to the versatility of the mobile device to find the best of all possible worlds. Just like picture messaging and voice calls or fingerprint sensors and facial recognition software, on-device and cloud based authentication can both find welcome space on the devices that connect us to a digital world of possibility.
Stay posted to FindBiometrics throughout October as we continue to bring you a featured examination of mobile identity. Follow us on Twitter and tweet using the hashtag #FBMobile during Mobile Identity Month to be a part of the conversation.
October 15, 2015 – by Peter B. Counter