BIO-keyInternational 270005UJ6R 155 Visits
BIO-keyInternational 270005UJ6R 143 Visits
BIO-key will be demonstrating the company's newest innovation. Mobile fingerprint authentication on Android smartphones at the Mobile World Congress in Barcelona. Read more OpenID based Secure Multifactor Authentication for Android
BIO-keyInternational 270005UJ6R 174 Visits
Goode Intelligence offers some insights into the future of mobility and biometric technology. Enjoy...
BIO-keyInternational 270005UJ6R 548 Visits
The race in the global adoption of fingerprint authentication on mobile devices continues as Samsung plans to include fingerprint sensors on the Galaxy smartphone.
BIO-keyInternational 270005UJ6R Tags:  password biometric authentication security fingerprint 196 Visits
BIO-keyInternational 270005UJ6R 381 Visits
Wall, NJ, January 2, 2013 - BIO-key International, Inc. (OTCBB: BKYI), a global leader in fingerprint biometric identification solutions, advanced mobile authentication and identity assurance technologies, today announced that Jim Skidmore, has joined BIO-key and has been appointed Senior Vice President of Global Sales.
“Jim Skidmore brings a deep understanding of technology, security and channel development to BIO-key,” stated Mike DePasquale, BIO-key CEO. “We’re extremely excited about incorporating Jim’s talents along with his ability to extend BIO-key’s partner footprint by leveraging his twenty plus years of existing business relationships, within the security industry. Most recently, as Vice President of Encode, a software and hardware reseller, Jim increased revenue from start-up to $7.5M in eighteen months and ultimately helped build a $20M business focused on identity and access management. We believe, based upon his leadership skills and industry knowledge that Jim can have a similar impact at BIO-key.”
Before joining BIO-key, Jim was Vice President of the Solutions Group with Encode. Prior to that, he was Regional Vice President for Cotelligent a solutions integrator focused on CRM, Customer Loyalty, Mobility and Wireless Managed Solutions and Large Scale Integration. Previous to Cotelligent, Jim held several executive sales management positions all focused on implementation and integration of technology to increase security, meet compliance demands and improve workflow. Jim is a graduate of Susquehanna University and also participated in the IBM Executive Leadership Group at Duke University and is a member of IBM’s Security Advisory Committee.
The IT and security industry are well aware of his past accomplishments; as demonstrated by the various awards Jim’s received from IBM, Oracle/BEA, Microsoft, Blue Martini, ATG, and Evergreen.
Jim’s responsibilities at BIO-key include driving revenue, managing, expanding and the further development of the sales team with a primary focus in identity and access management and the healthcare and market. Jim, will also manage the BIO-key sales partner network with the objective of leveraging his existing relationships and adding new ones to the channel.
BIO-keyInternational 270005UJ6R 298 Visits
BIO-key introduces FAST a Fingerprint Authentication Security Test.
Reducing the cost and risk of testing fingerprint biometric technology.
FAST is introduced to support the growing demand for biometric authentication as enterprise customers seek an alternative to passwords, PINS and cards which have proven vulnerable and inconvenient.
FAST is for organizations that want to evaluate the potential benefits of incorporating fingerprint biometric technology, yet are unsure where and how to start. BIO-key is providing a complete suite of services so that organizations can learn about fingerprint technology in their environment.
FAST starts with a consultative session, which addresses the current authentication scheme and challenges; leading to a proof of concept roadmap, specifically designed to meet the customer’s authentication objectives, as they relate to security and workflow.
Want to learn more about FAST? Contact firstname.lastname@example.org or call (732) 359-1113
BIO-keyInternational 270005UJ6R 217 Visits
There are two new mobile payment systems being tested and Apple isn't a player.
Learn more about what Android means to mobile.
BIO-keyInternational 270005UJ6R 321 Visits
Passwords are failing us
“Our passwords are failing us.” said Michael Barrett, PayPal’s Chief Security Officer.
He’s not alone. According to the Verizon 2013 Data Breach Investigation Report, roughly 76% of all data breaches were enabled by weak credentialing and user authentication. So, we might safely say that most, if not all of our traditional security measures do little to close credentialing vulnerabilities. If that’s safe to assume, then we need to discuss replacing them with something that does work.
In fact, according to a May 2013 whitepaper, US Mobile Payments Landscape-Two Years Later, which was produced jointly by the Boston and Atlanta Federal Reserve Banks, mobile payment services are advancing faster than expected, but without much regard to standards and security. The Paper notes “unresolved security and privacy issues.” It further suggested that “as the [mobile payments] ecosystem matures, it will challenge new entrants in their ability to achieve scale and sustainability.” It further concluded “the need for interoperability, industry guidance and standards to ensure a secure and cost-efficient ecosystem.”
The story is bigger than you think
Yet, the story is bigger than that. You’ll hear us repeat phrases like “Secure Credentialing“ or “Privilege Entitlement and Access Control.” That’s because it’s actually the correct way to think about things like mobile payments. After all, what are “mobile payments?” Aren’t they your ability to pay, crammed into your phone? What are we cramming into that phone? A credit card or debit card? What’s that? A credit card is nothing but a piece of plastic, with a number written on it, which represents your PRIVILEGE to use a pre-approved bank line-of-credit.
Now just consider how many credentialed privileges we enjoy on a daily basis.
We enjoy these privileges daily without even thinking about them and they are all represented by a credential of some sort. Of course, these privileges are extremely valuable, which is why people try to steal them or damage them. Thus, the credentialing system is nothing but an access control system designed to protect access to those valuable privileges. With seemingly countless data-points and frequent news reports of data breaches, it’s hard to argue, with a straight face anyway, that what we have been using to protect our valuable online assets, services and privileges actually works. Biometrics seem inevitable.
The case for biometrics
Of course, the privileges are represented by a numeric value, aren’t they? A card number? A user ID number? (We are all “just a number” to them, aren’t we?). Those ID numbers are being digitized, but still represent the same entitled privileges. They can and are being stored in computer files within our PCs, laptops, tablets and smart mobile devices. And so, as we step back to account for this movement, we can see the evolutionary migration of all our credentials into our smart devices, which are increasingly mobile.
In fact, we see major technology providers attempting to stand up “digital wallets,” exactly for the purpose of administrating those digitized privilege credentials. For sure, one day soon, all our credentials will reside in our smart mobile devices. Those devices will communicate and guard those privilege credentials. Consequently, each mobile device and credential must interoperate with the multitude of disparate services and providers accessed by the credentials housed in the device.
Why the password is dead
Central to any Privilege Entitlement Access Control negotiation is the concept of risk. The level of potential risk to the asset or service determines the required level of security, including strong user authentication, before access is granted. Further, the binary decision to deploy strong authentication, including biometrics, is also risk based and, specifically economic risk-based, which can also be viewed as economic feasibility. Stakeholders won’t deploy it if they lose money at it.
The reason industry stakeholders and technology leaders have declared traditional Credentialing & Access Control systems dead, like password/PIN, is because the expense of the frauds and breaches has become sufficiently large enough to offset the cost of replacing those systems. The risk of relying on traditional access control mechanisms is now too high.
Today, the question of “should we upgrade our Privilege Entitlement & Access Control Systems?” has been replaced with:
To answer these questions, we must consider the authentication system design, in terms of economic feasibility, liability, trust and convenience. Unfortunately, these concepts are perceived and valued very differently by service providers than by consumer privilege holders.
Importantly, the location of the authentication transaction affects the risks, liability, convenience and economic feasibility for the service provider and consumer differently. Consider that there are effectively only two locations the user-authentication transaction can occur; on the device, and/or in the cloud. Let’s consider each location in terms of economic feasibility, risk, liability and trust.
Authentication on the device
Authentication on the device implies just that, processing the authentication of the user on the phone. Many phone manufacturers contemplate including fingerprint sensors on the device to authenticate the phone user, presumably the entitled privilege holder associated with the credentials stored on the phone or in some data repository elsewhere.
On-device authentication suggests that the fingerprint comparison occurs, or is transacted, literally on the phone, with a binary result then transmitted securely to the service provider for acceptance or rejection. In this case, the service provider accepts higher risk and liability, as that service provider must agree to trust any and all authentication data transmitted from that phone. This means the service provider has limited control of the risk and may be unlikely to accept this authentication in higher-value transactions. Moreover, this model may be less economically feasible as that service provider must also support the potential multitude of disparate and proprietary authentication data sources that could be generated by any number of handset manufacturers, cellular operators, fingerprint sensors or matching algorithm template providers. This could be costly to administrate and support.
However, refusing to support various disparate authentication systems could create inconvenience for the potential customer, including and maybe especially the enterprise customer, requiring the customer to use a select phone manufacturer or forgo the benefit of the service. Moreover, the customer owning multiple devices would be required to enroll on each device and potentially for each service. Further still, the enterprise customer may experience significant friction and cost related to upgrades and end-of-life replacement plans and is, thus, unlikely to invest in this model. Therefore, in my opinion, this model may be utilized early in the adoption cycle for strong mobile credentialing, but is less likely to enjoy long-term or deep penetration. The system will evolve to something different.
Authentication in the cloud
Authenticating in the service providers cloud implies capturing the biometric data on the phone and securely retrieving or transmitting it to the service provider’s cloud, where the authentication transaction takes place. In this case, the service provider could reduce risk by comparing user-authentication data, captured during applicant enrollment, to data of existing customers to negate dual enrollments and fraud. This is not possible when enrolling and authenticating on the phone. Further, the service provider would enjoy reduced risk by maintaining control of the authentication process. It seems natural that the service provider can trust its own, in house, systems more than those owned and operated outside the service provider’s control.
Deploying a hardware and operating system agnostic authentication engine in the service providers cloud would provide complete interoperability with handset input devices, significantly reducing the service provider’s capital investment in multiple disparate authentication engines. This would further allow the individual and enterprise customer the choice of handset providers, without disrupting service availability, reducing friction and cost, while increasing convenience of upgrade and end-of-life replacement. Both consumer and enterprise customers are likely to prefer and invest in this model, as a result.
In my opinion, this model reduces risk and capital outlay to the service provider, while increasing convenience to the consumer. This model is viable in enterprise environments, while the on-device model is not. Thus, I believe strong authentication in the mobile credentialing evolution will emerge on-device, primarily in consumer applications, but will migrate to the cloud over time, which will facilitate enterprise adoption.
Identity anywhere: Secure Mobile Credentialing & Identification
There is, however, a third design option involving a third-party authentication service in the cloud. In this case, the on-device sensor captures the print, converts it to a template and securely sends it to the third-party cloud, which presumably would utilize the aforementioned single hardware/operating system agnostic and interoperable authentication engine. The service provider must agree to trust binary authentication confirmation data from the third-party provider, but this would eliminate the need to trust more than one outside source. Otherwise, this design would operate similarly to that of the service provider cloud-based system.
Assuming the third-party authentication service provider incorporates hardware and operating system agnostic (interoperable) systems, the consumer and enterprise customer would enjoy open choices between handset providers, who also would enjoy open choices between sensor providers. This would reduce risk and cost to the service provider, the handset manufacturer and, both, the consumer and enterprise customer. The third-party authentication system would allow the consumer and enterprise customer to enroll only once, but associate that single user identity with multiple services and across multiple devices, regardless of make or design. In effect, the third-party, cloud-based authentication service would allow for “Identity Anywhere” or “Identity Everywhere.”
Mobile payments are part of a larger Secure Credentialing & Identification evolution. Our Privilege Entitlement & Access Control systems are migrating into the emerging smart mobile computing ecosystem and must satisfy both risk and economic requirements, without excessive friction. The migration of these strong authentication systems, including biometrics, will emerge on devices in relatively cumbersome consumer-facing applications. They will continue to migrate to the cloud and ultimately will largely reside and function in the cloud. Risk determinations, including economic feasibility, will determine whether the authentication occurs in the service providers cloud (highest risk assurance), or in the third-party cloud (middle risk assurance), or on the device (light risk assurance). End-user convenience and cost, will likely drive the majority of Mobile Credentialing authentication to the cloud, especially at the enterprise level.
I encourage you to consider the evolutionary trajectory of such capabilities and invest accordingly.
BIO-keyInternational 270005UJ6R Tags:  iris facial fingerprint biometric authentication 401 Visits
CBS News in Miami recently presented this news item to viewers.
Biometric technology and the consumer....a growing trend.
BIO-keyInternational 270005UJ6R Tags:  one to many authentication large id scale fingerprint biometric 678 Visits
BIO-key International, Inc. (OTCBB: BKYI), a global leader in fingerprint biometric identification solutions, advanced cloud-based mobile credentialing and identity assurance technologies, today announced it has achieved a technology breakthrough that provides large-scale fingerprint matching speeds that are orders of magnitude faster than previous fingerprint matching platforms, while increasing accuracy rates and dramatically reducing the cost to deploy.
“Using Commercial-Off-The-Shelf (COTS) products, BIO-key is expanding the way a biometric search can be performed which dramatically improves speed over conventional approaches. This revolution comes from the use of a highly parallel search architecture, allowing our solutions to perform faster and look deeper while improving speed and accuracy”, stated Renat Zhdanov PhD, Vice President, Chief Scientist, BIO-key International.See News Announcement
BIO-keyInternational 270005UJ6R 425 Visits
A recent article highlights the challenges faced by Iris biometric technology; especially in pregnant women.
Read more Issues with Iris biometric ID
The Revolution is at the Gate
There’s a revolution at the gate and every company is facing this same dilemma. There are customers, prospects, employees, executives, cyber thieves all clamoring at the door trying to gain entry. Complicating issues there is more than one gate to protect. Some gates protect non-vital information and data; therefore require minimal security. Yet there are other gates protecting privileged information and highly sensitive documents. These are the gates that absolutely can’t be vulnerable to the revolution at the gate. What’s the solution? Can there possibly be a sole solution that could deliver multiple levels of security?
Risk Based Authentication
Entry level employees only need access to entry level applications and alike. A traditional password might suffice in the case of delivering level one security. We’re all familiar with the downside of using passwords, which can be lost, stolen or shared; but serve a purpose at level one.
Sophisticated passwords like those that are used in the EHR department of most hospitals present a second set of security and workflow challenges. Users are required to enter 16 digit passwords including capital letters, numbers, symbols, etc. They are nearly impossible to remember which means t they will be written down somewhere; presenting security breakdown number one. Sophisticated passwords slow down the log-in process as it’s impossible to create a natural flow. Entering a password might take 6-10 seconds each and every time and this is a time killer for those that authenticate dozens of time daily. Additionally the administrative department is constantly providing new passwords for those that were lost or compromised and the monthly or quarterly across the board resets waste valuable time and money.
Cards, tokens and PINS are all an extension of passwords. Some more secure and some more convenient, yet to date none have proven to perform without compromise. Although the solutions are in place globally there does not seem to be one universal solution that’s leading the pack.
The Subtle Momentum of Biometric Technology
In 2000 the market for biometric technology was just $261M; by 2017 it’s forecasted to be a $17 Billion dollar industry. Why? Your first response might be a natural one “security”. Biometric technology, including fingerprinting has been around for ages and has been relied upon by law enforcement and the federal government as the “absolute identifier.” We all can remember the look on the defendants face as the prosecutor bellows “We found your fingerprints at the crime scene” as it means this case is closed. Yet, convenience is a primary driver for biometric technology. Airports and stadiums are constantly investigating methods to benefits from using facial or iris recognition and we’ve all used voice biometrics on our phone at one time or another. In healthcare and the enterprise companies are calling upon BIO-key to improve workflow by eliminating the need for passwords. BIO-key reduces 6-10 second log-in times to less than a second; optimizing efficiency and delivering additional interface time back to the end user. This means more time with patients in healthcare and more time with prospects and customers in the enterprise. The efficiency ends up generating new revenue; revenue generated without doing anything more than just modifying the log-in process and delivering end user convenience that improves “the quality of work environment.”
A Family of Solutions
Without an absolute universal authentication solution in place it seems that a multi-factor option will take president. The common password may continue to exist as a layer of very soft security protecting the least vulnerable gate. Other solutions such as cards and tokens will still exist, but will encounter challenges trying to grow market share as the cost and administrative time to manage cards or tokens does not compete well versus their biometric counterparts. A fingerprint is more secure and does not require issuing cards (cost) for all users.
Ultimately one must be prepared to consider several options. Ideally, as you design the architecture for a risk based authentication solution scheme, your team will understand the value of integrating layers of security appropriate with the sensitivity of accessing each level of information.
But who’s the leader and what is the future?
When Apple invested $356M to purchase AuthenTec a leading fingerprint sensor developer, the company made a bold statement about the future of fingerprints as an ID solution. More important to those that play in the fingerprint space, Apple was bridging the gap of consumer adoption. A gap that was broad and existed for a longtime was narrowed the moment Apple pulled the trigger. As we fast forward to today, we learn that Samsung is following in Apple’s footsteps. Why is this so important? Because once the consumer recognizes the swipe of their fingerprint as the normal way to authenticate or ID; because that’s what they are doing on their iPhone to access applications, they will be more open to using their fingerprint as their UNIVERAL FORM OF ID.
Proof is in the Pudding…
The best way to understand biometric technology is to test biometric technology. Develop a proof of concept or pilot program to see if biometric technology is suited for your environment. Segment your audience and conduct a 30 day test. Be sure to include someone from IT, admin, executives and those with some doubt as part of your test. In essence, make sure you have a balanced cross section of users.
In summary, today’s perimeter-less world offers security specialists many challenges, with the primary challenge being the revolution at the gate. We can’t rely on a single gatekeeper under these circumstances. It requires a risk based authentication solution….one that should include biometric technology.
Rohan Nadgir 270005AEA7 331 Visits
Using BIO-key’s fingerprint biometrics, organizations are able to find the right balance between security and convenience. Fingerprint biometrics provides operational savings compared to other authentication solutions:
BIO-key’ secure fingerprint authentication alternative can provide the following benefits: