• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to footer
  • Our Services
  • Contact Us
  • Newsletter
  • Top Nav Social Icons

FindBiometrics

FindBiometrics

Global Identity Management

  • Biometrics
    • What are Biometrics?
    • FAQ
    • Biometric Associations
    • Companies
    • Premier Partners
  • News
    • Featured Articles
    • Interviews
    • Thought Leadership
    • Podcasts
    • Webinars
    • Year in Review
  • Applications
    • Biometric Security
    • Border Control and Airport Biometrics
    • Consumer and Residential Biometrics
    • Financial Biometrics
    • Fingerprint & Biometric Locks
    • Healthcare Biometrics
    • Justice and Law Enforcement Biometrics
    • Logical Access Control Biometrics
    • Mobile Biometrics
    • Other Biometric Applications
    • Physical Access Control Biometrics
    • Biometric Time and Attendance
  • Solutions
    • Behavioral Biometrics
    • Biometric Sensors and Detectors
    • Facial Recognition
    • Biometric Fingerprint Readers
    • Hand Readers & Finger Scanners
    • Iris Recognition
    • Biometric Middleware and Software
    • Multimodal Biometrics
    • Physiological Biometrics
    • Smart Cards
    • Vein Recognition
    • Voice and Speech Recognition
  • Stocks
  • Events
  • Companies
  • Podcasts

On-Device Biometrics Month: The Primer

May 3, 2019

On-Device Biometrics Month: The Primer

‘On-device biometrics’ is probably one of the most important concepts in today’s digital security landscape, yet it’s also an idea that is not widely understood by everyday users. It refers to a question that a lot of people don’t even think of – where does my biometric data go when it’s scanned?

It’s a crucial question. Any data transmitted to external servers – often referred to as “the cloud” today – is vulnerable to hack attacks against those servers, while data stored on a given device is only vulnerable to hack attacks against that specific device. That’s why the on-device approach is so popular among many security professionals, even if it isn’t the most appropriate security setup for every situation.

The Mobile Biometrics Revolution

On-Device Biometrics Month: The Primer

The on-device movement started to gain prominence in tandem with the mobile biometrics boom launched by Apple in 2013. That’s when Apple introduced its Touch ID fingerprint scanning system, in the iPhone 5S. It was the first big-name biometric authentication system on a smartphone, and would establish a great many copycats as fingerprint authentication went mainstream in the ensuing years. And Apple set the table by storing the user’s fingerprint data on the iPhone, with this approach, too, emulated by many rivals. Indeed, even when competitors have tried to pioneer new approaches to mobile authentication, such as Samsung with its recent smartphones’ iris scanning technology, they’ve tended to stick to keeping user data on-device.

And Apple has maintained this approach with Face ID, its big new face-scanning authentication system. It’s still done on-device. There is no external server storing users’ facial biometrics data – not the images themselves, nor any cryptographic hashes of the data. It’s all stored on the device, helping to ensure that it can’t be hacked remotely and speeding up the authentication process by eschewing the practice of transmitting biometric data for server-based matching. In the big picture, this means spoof attacks against Face ID, though possible, are not scalable; each attempt to impersonate a user for wrongful access requires that specific users’ iPhone.

A Game-Changing Alliance

On-Device Biometrics Month: The Primer

All that having been said, even if it helped to shift things into a high gear, Apple certainly didn’t invent the on-device movement. IT security experts had long determined that this is a strong approach to authentication, and one of the biggest advocates for on-device authentication – and strong, post-password security processes in general – was formed about a half a year before Apple first unveiled Touch ID:. In February of 2013, Nok Nok Labs, Validity Sensors, Infineon, Lenovo, PayPal, and Agnitio officially announced the launch of the FIDO Alliance, a cross-industry conglomerate with mandate to develop and promote standards for strong authentication. Other big names like Google, NXP, and Yubico were soon to follow, joining the Alliance a couple of months later.

From the outset, FIDO’s standards took an on-device approach to authentication, in the form of specifications like FIDO UAF and FIDO U2F, both of which launched in December of 2014. Things escalated quickly from there. With mobile-based commerce starting to take off, major financial services providers like ING and USAA started to join the FIDO Board of Directors. In late 2015, FIDO partnered with the World Wide Web Consortium, the internet’s biggest standards organization. In January of 2016, the number of FIDO Certified solutions had reached 100; by that summer, the number had reach 200.

Now, there are well over 500 FIDO Certified products, and the Alliance’s recently-launched FIDO2 standard is starting to gain traction. The main aim of the standard is to promote strong authentication online, allowing end users to authenticate directly through a web browser via biometric authentication on a smartphone or through a USB or NFC security key. The important thing here is that while this kind of authentication involves communication with an external server, the user’s data stays on their device. You can’t authenticate without possessing the authenticating device. And all of the major browsers now support FIDO2, extending this security functionality to many millions of users around the world.

New Solutions Take Heed

On-Device Biometrics Month: The Primer

Together with the proponents of the mobile biometrics revolution, the FIDO Alliance has thus helped to make the on-device approach to biometric data mainstream. It’s almost a given that this is the way to go for most applications of biometric authentication, with new kinds of products embracing it as a matter of course. BIO-key, for example, has established itself as an expert provider of fingerprint-scanning USB keys, and its solutions are designed to keep all biometric data on the device, from enrollment on through every subsequent authentication event.

Biometric payment cards offer another compelling example. These are debit and credit cards for contactless, tap-and-go payments that feature embedded fingerprint sensors to ensure that the user is the correct cardholder. Multiple solutions are currently in the trial phase, and the organizations behind them are starting to roll out messaging to get consumers ready for large-scale launches. And one note that keeps popping up in this messaging is that users’ biometric data is stored directly on a given card, and not sent to a bank’s servers. Indeed, one of the UX hurdles that solutions providers have had to overcome in preparing this technology is finding a way to let users enroll their fingerprints at home, and with no need to somehow connect the card to the internet for processing. Because the emerging solutions keep users’ biometric information on the device, this has been accomplished pretty easily with solutions like Gemalto’s registration sleeve for its biometric card solution, which simply asks the user to scan their fingerprint multiple times for on-device registration, in much the same way as fingerprint are registered on a smartphone.

Then there are the software solutions that have emerged for strong mobile authentication – solutions that can often surpass the security of biometric hardware built into the smartphones running them. Sensory Inc., for example, has made waves with its TrulySecure voice and facial recognition solution, which keeps data on a given smartphone for authentication not only as a means of keeping it secure, but also to make sure that the authentication process is as fast as possible, with no need to wait for data to be sent out for matching. Likewise, Aware’s Knomi SDK platform enables facial and voice recognition on any standard smartphone, and again it keeps user data on the device.

Importantly, both of these solutions are FIDO certified, with Aware’s Knomi system having become one of the first products to get FIDO UAF 1.1 certification last September. It all goes to show how the mobile biometrics pioneers, the FIDO Alliance, and today’s biometric authentication specialists have dovetailed in their efforts to keep user data secure, with all recognizing the advantages of on-device biometrics.

*

On-Device Biometrics Month is made possible by our sponsor: Aware, Inc.

–

May 3, 2019 – by Alex Perala

Related News

  • On-Device Biometrics Month: The RoundupOn-Device Biometrics Month: The Roundup
  • Apple Biometrics Protect Google Drive App for iOS UsersApple Biometrics Protect Google Drive App for iOS Users
  • Mobile Biometrics Remains Paramount in This Week’s Top StoriesMobile Biometrics Remains Paramount in This Week’s Top Stories
  • Will Apple’s Touch ID Make a Full-Screen Comeback?Will Apple’s Touch ID Make a Full-Screen Comeback?
  • The Convenient Revolution: How Biometric Tech is Driving Financial InnovationThe Convenient Revolution: How Biometric Tech is Driving Financial Innovation
  • Apple Looks to ‘HCSEL’ Laser Tech to Bring Face ID Under Display In New Patent FilingApple Looks to ‘HCSEL’ Laser Tech to Bring Face ID Under Display In New Patent Filing

Filed Under: Featured Articles Tagged With: Apple, Aware, Biometric, biometric authentication, biometrics, Face ID, facial recognition, FIDO, FIDO Alliance, fingerprint recognition, industry standards, iris recognition, mobile authentication, mobile biometrics, on device, on-device authentication, on-device data storage, Samsung, Sensory, Touch ID

Primary Sidebar

Identity is Shaping Air Travel – Time to Invest

Sponsored Links

facetec logo

FaceTec’s patented, industry-leading 3D Face Authentication software anchors digital identity, creating a chain of trust from user onboarding to ongoing authentication on all modern smart devices and webcams. FaceTec’s 3D FaceMaps™ make trusted, remote identity verification finally possible. As the only technology backed by a persistent spoof bounty program and NIST/iBeta Certified Liveness Detection, FaceTec is the global standard for Liveness and 3D Face Matching with millions of users on six continents in financial services, border security, transportation, blockchain, e-voting, social networks, online dating and more. www.facetec.com

TECH5 logo

TECH5 is an international technology company founded by experts from the biometrics industry, which focuses on developing disruptive biometric and digital ID solutions through the application of AI and Machine Learning technologies.

TECH5 target markets include both Government and Private sectors with products powering Civil ID, Digital ID, as well as authentication solutions that deliver identity assurance for various use cases. 

Learn more: www.tech5.ai

Mobile ID World Logo

Mobile ID World is here to bring you the latest in mobile authentication solutions and application providers. Our company is dedicated to providing users with the best content and cutting edge information on technology, news, and mobile solutions for your mobile identity management needs.

Recent Posts

  • NECAM Gets a New CEO: Identity News Digest
  • Onfido Delivers 15-second Identity Verification for UK’s Co-operative Bank
  • Two-Thirds of the Planet Have Biometric ID – ZKTeco USA President Manish Dalal at ISC West 2023
  • Biometrics and Mobile ID on the Innovation Highway: Sponsors and Sessions Announced
  • Who Are Moscow’s Surveillance Tech Vendors?—Identity News Digest

Biometric Associations

IBIA and fido

Tweets

Footer

  • About Us
  • Company Directory
  • Advertise With Us
  • Contact Us
  • Privacy Policy
  • Terms of Use
  • Archives
  • CCPA: Do not sell my personal info.

Follow Us

Copyright © 2023 FindBiometrics