Fingerprint biometrics have been around for at least 25 years or more. The current mass adoption was long in the making. Much longer than any respected analyst firm had predicted. The Forresters and Gartners of this world underestimated the public scepsis and privacy concerns at first.
In the '90's there were a lot of initiatives to promote and implement fingerprint biometrics* but not often these projects ended earlier than expected because of above mentioned reasons.
The public opinion on biometrics in general and fingerprint biometrics in particular changed this millennium because of a variety of reasons; the tragic 9/11 event being the trigger to fuel the global security market, followed by the increased online personal-data collection which leads, per definition, to increased internet criminality.
Biometric fingerprint technology was, in the last decade of the previous century, thought to play an important role in the early days of the e-commerce. Companies like SAFLink, Lennard & Hauspie, Iridian Visionics, Authentec and others as pioneers paved the way and shaped the market as it is today.
The majority of those companies are not around anymore, they went bankrupt or were acquired at some stage.
With the consumeration of IT and biometrics being embedded in smartphones, the payment industry drives the biometric adaption in the e-commerce space with neat apps.
The market as it is today is divided into 3 segments;
The enterprise market stores biometric templates typically in central directories like AD or eDir and they are controlled by the user and administrators, whereas templates in the consumer market are stored locally on the device and are fully controlled by the user.
Slowly but surely these markets converge. We're moving to a world where your mobile phone is your digital you and fully trusted by Governments across the globe.
Back to fingerprint biometrics. the market for fingerprint biometrics matured the last decade. After a lot of consolidation in the market, the prices dropped to an acceptable level and they will drop even further.
What technology vendors learned is to embed fingerprint technology in such a way that it's easy to enroll for the user and automatically is being adopted in the various apps (thank Steve Jobs for the app-store)
The downside of fingerprint biometrics is that every fingerprint reader can be spoofed.
The essence of fingerprint technology is of course your fingerprint. Something you leave behind everywhere you go. In other words, it's easy to obtain your fingerprint without you even knowing.
Fingerprint readers are build to recognize you and some have anti-spoofing systems build-in. Sometimes very rudimentary and sometimes very sophisticated. If you pay more you get more quality in general. However, even the most sophisticated systems are not fully spoofing proof.
The more applications, the more (business)value, is protected by fingerprint biometrics, more advanced attacks on the system will happen and force users and corporations to implement other (biometric) technologies besides fingerprint biometrics.
Let's take a look at the most likely biometric technology candidates.
Voice & Face
Given the fact that there is no 1-fits-all, Face & Voice are not likely to be winners since for them to work correctly you will need to be able to control the environmental settings (lighting, noise etc) under all circumstances. And that will proof to be a mission impossible. So face and voice will not be the most likely candidates to be the biometric successor of fingerprint.
Iris is becoming interesting again. After Iridian screwed up the market with their idiot patent threats, now with the expiration of the various patents the innovation in iriscamera's reach a new peak. They are becoming affordable and the cameras are getting smaller and the next-gen will probably be embedded in smartphones.
Iris algorithms are fast and perfectly suitable for 1:N matching. Making them a more likely candidate for border-control rather than enterprise and consumer biometrics. As you can see in the video below there is always something needed called "hamming distance" (20cm in the video) the range where the actual iris is captured. It is simply not a very user-friendly technology. It's a bit clumsy to be honest.
My first encounter with vein technology was back in 2005. I had a nasty issue with fingerprint technology by BMF (pressure sensitive readers) in a datacenter and Hitachi as supplier of BMF in Europe invited us to test new groundbreaking technology first hand.
I met the director of biometric technology in Hoofddorp where I saw finger vein technology for the first time. I immediately thought it was a far better technology than fingerprint biometrics, but little too late to enter the border control market. The standards for fingerprint were already set.
A year later Fujitsu launched palm vein technology. Their are both technologies looking at the vein pattern with the differentiator that finger vein technology reads the pattern "through" the finger whereas palm vein technology is based on an reflected image of the pattern.
I leave it up to the reader to judge which of the methods is most secure than the other.
Fact is that the vein algorithms are not suitable for 1:N matching like the iris one. You need additional technologies like fusion in-memory databases to get performance, which increases the total costs of ownership.
The other downside to palm & finger vein technology is the way the two vendors structured their licensing model. In short, it sucks. It's a showstopper for the mass adoption of vein technology. I wrote about this in my previous blog on the "biometrics 2015".
Another vein tech provider is Eyeverifi. This Kansas based startup "reads" the vein pattern in the corner of your eye. It is cool technology as demonstrated below. But like iris recognition one can wonder if it is suitable for mass adoption by consumers. It's a nice add-on, doesn't require any additional hardware but is not very user-friendly as it is now. Maybe in the future when camera's are even beter to recognize from a distance. You always have to look straight in the camera, which you cannot do under every circumstance. Like face recognition you will need to be able to influence the environmental variables needed to acquire a correct and usable picture. And I wonder if it works flawlessly in Asia where people tend not to be able wide open their eyes.
Conclusion vein is a candidate but still has to overcome hurdles technology- and businesswise.
Heartbeat & Behavior technology
I've talked about heartbeat and behavior biometrics in a previous posts. I really like the technology but it is still early stage for heartbeat, and behavior is well suited to be just the additional layer of security. It's an add-on to existing biometric technologies or other security systems.
Heartbeat and Behavior biometrics are both poised for greatness. It will be a long, rough and costly road but the reward will be there. Behavior is taking off now. Companies like Behaviosec changed their business strategy to make it easier to be embedded in the big authentication frameworks. That helps the mass adoption.
As for heartbeat, still a couple of technology breakthroughs will be needed in order to get the technology embedded easily in wristbands of f.i. smartwatches. Smartwatches by itself needs to prove that they are here to stay.
There are various other biometric technologies like handrecognition, signature recognition, ear recognition, the way you walk and yes even butt-recognition.
All nice technological achievements but no serious threats to the fingerprint crown.
My prediction for the successor to fingerprint is;
How the technology works
The Nymi band looks quite simple in its form factor which is a good thing. It's a rubber band with on one end a Nymi reader and on the other end a flap with another scanner that has snaps on the reader with magnetic force. Quite easy indeed.
Once fully charged you can put the Nymi band on your wrist. As soon as the flap snaps on the reader, the battery/bluetooth indicator turns on warning you that the band is ready for action.
After you downloaded the "companion" app in the store of your choice, you can begin to setup the band and enroll your "heartbeat".
Out of the box the band's first task is the update the firmware. Since Nymi is continuously working on improving the technology and user-experience, the firmware update will probably be something every user will experience on the first run.
I had a funny experience. The update began, installed and after installing it messaged an installation error (see photographs below). As soon as I tried to re-install, the app warned me that the firmware was already up-to date. Hmm.
The next thing is setting up your profile with the app. It is all reasonably straightforward. It works as expected and provides the user the opportunity to leverage Touch ID as well.
One of the big benefits of the Nymi band is the U2F compliance. U2F is one of the new standards that is being developed by the FIDO Alliance. U2F stands for "Universal 2-Factor" authentication. It's an industry-wide standard to make sure that hard-& software connects easily and the user has complete end-to-end protection, which is a good thing.
Operating systems and Nymi
As you can see above, I tried to hook Nymi onto my Macbook Air. Unfortunately I am a beta-tester @ Apple and my version of OSX was understandably not supported. The Nymi website states that correct.
I will connect Nymi to my Surface Pro later this week and let you know Windows user-experience.
Nymi band clearly has a bright future but has still development ahead. The current band form factor is not ideal. It fitted my wrist (I have a rather small wrist, all though the band was marked "Large") but it doesn't have a way to adjust it.
Like my Apple watch, reading the heartbeat is only successful and accurate if the band is strapped tied around your wrist. With the Dutch climate (where it is hold and cold) my wrists tend to get bigger when it's hot and I wonder if the band then is still comfortable to use.
I know Nymi is working on other form-factors. The technology screams to be embedded in smart watches.
Below you find more pictures of the Nymi unboxing and screenshots of the app, the enrollment and the way Nymi integrates with existing operating systems.
Last year I ordered a Bluesmart Carry-On. I ordered the second perk, so I coughed up $270 to get myself a IoT all connected carry-on.
Today I received the little wonder and here are my first impressions.
First of all it started by receiving an email from the Bluesmart-team telling me that the unit was about to arrive, shortly followed by an email of the transportservice that the delivery would be in roughly 1.5hrs.
Nice planning and very good communication. I immediately downloaded the app on my iPhone and took another cup of tea, sat down and waited ;-)
The packaging was sturdy and the carry-on was delivered in it's dustbag, very handy.
The quick-start guide is hardly needed, the setup is quick and easy. Since the carry-on has a rather large battery in the bottom (which is needed for the Bluetooth communication, the electric lock and which can be used to charge your phone) it takes 5-10 hrs to fully charge it.
A USB/USBmini cable is part of the delivery and fits almost every phone charger .
The carry-on itself is well designed. Since I travel a lot, it's very convenient that you have a separate compartment for your laptop and/or pad which is easily (un)locked electronically via the app.
The app shows the battery power level too and of course the location and last but not least the weight of the whole package through the build-in scale.
Below a few pictures of my Bluesmart travel compagnon so you can see for yourself how well it looks.
The first week of 2016 I will be traveling to the UK. I will let you know how the Bluesmart survived that trip ;-)
Till then, enjoy the holidays and cya in 2016!
In a previous post I made you aware of the kickstarter initiative by Stephen La Rivière to re-create three episodes of the famous '60's TV-show Thunderbirds.
Yesterday I had the pleasure to visit the set and "be part" of the Thunderbirds revival.
I received a warm reception and met the wonderful crew who's bringing this project alive.
The director of the original series, David Elliott was there directing , David Tremont came all the way from New Zealand leaving his precious Weta workshop behind ;-) and last but not least Richard Gregory puppeteer, modelmaker and prop maker was there. Not to forget master puppet maker Barry Davies in action. And then of course the "new" crew.
A bunch of talented people who put a smile on my face all day long.
I had the pleasure of talking to David Elliott and after asking him his feelings and how it was to get back after all those years at the Slough Estate, I asked him about the "Attack of the Alligators" shoot.
David, now 84 years old but still going strong, told this little anekdote;
The show used real alligators and although they were small, even alligators that size had a nasty bite. The late Derek Meddings was just about ready setting up the models for a shot in the water, when David called to release the alligators in the water. David never saw someone get out of that pool so quickly.
While David was telling the story you could see that he relived the moment as he had a bright smile of his face.
"The studio is now exactly the same as it was back in the '60's, nothing's changed" he added.
I really enjoyed the day and it was an awesome experience to meet people that made much of a difference in my life with their wonderful creations. Thanks again.
I've made a couple of photographs at the set of Thunderbirds1965 and posted these below. I hope you enjoy them as much as I do.
Every market has it's holy grail. In the strong authentication market it's something called "continuous authentication".
It means that the user isn't bothered by typing a PINcode and/or present a card or biometric, the system simply knows it's you.
There are a couple of promising techniques that strive to become the holy grail that I'll discuss here:
- Behaviosec, a,Swedish startup that delivers keystroke biometric algorithms and
- Nymi, a Toronto based startup that measures "the noise" your heartbeat makes to identify you.
Behaviosec developed a so-called behavior biometric algorithm. Basically the algorithm interprets your typing behavior on keyboards/mice and smartphones or tablets, and based on your unique "flight, swipe or touch" times and motions, the algorithm flawlessly identifies you in a short period of time.
Usually it takes 1-2 seconds after you starts typing/swiping for the algorithm to make a positive ID.
Besides the algorithm, Behaviosec developed a cloud based system which makes it easy for Identity providers to add Behaviosec's technology to their authentication eco-system.
This kind of behavior biometrics is often implemented as part of a multi-layer authentication system, that sits behind a website or payment system, to add more security to the accountholder's data.
Because the technology is non-intrusive to the user (he simply does what he always did; typing), these technologies are very elegant to implement and often implemented without the user knowing.
It was early 2006 that I was first approached by an investor to give my opinion on an investor paper on "project Heartbeat" as it was called then. I don't know whether or not that old investment proposal is related to Nymi in any way, fact of the matter is that I advised negative at that time.
The reason was that fingerprint technology already caused a public debate and in my experience technology like finger-vein recognition basically scared the consumer finger-vein sounded very intrusive (where it actually is not).
We're now almost 10 year further. Fingerprint readers are widely exerted by the public (smartphones, biometric passports and so on) and people are not surprised by biometrics anymore.
The Nymi algorithm which interprets your heartbeat in order to be able to identify you, finds it's form factor in the Nymi band. You can see a picture above. During enrollment it asks you to touch the band with the other hand so that an ECG can be made on which the algorithm can do it's trick.
The Nymi band form factor is chosen so that developers can easily integrate the technology into their systems and applications. It's expected that in the near future the algorithm will be embedded in other devices like smartwachtes and fitnessbands.
The two technologies are examples of "continuous authentication". Authentication that is "always-on" and non-intrusive to the user. It simply always works and as part of a layered-authentication-framework delivers the next-gen authentication systems.
Today I presented on the current status of the FIDO alliance at the "Biometrics in Banking and Payment" seminar organized by the European Association for Biometrics.
Although I live in Amsterdam, this was the first time I visited the Amsterdam Planetarium.
I found it a very nice and convenient place to have these kinds of events organized.
Specially when you want to attract a lot of interest of financials, they are literally around the corner.
So all of Dutch major banks send their representatives and all in all it was a well organized and interesting seminar.
You can find my presentation here:
Everything about the new iPad Pro is impressive. The size, the storage and yes the multitasking capabilities. I love it!
I picked up the following configuration at the Amsterdam Apple store;
- iPad Pro silver 128gb,
- iPad Pro sleeve,
- Logitec keyboard/sleeve with iPad connector.
Because I've multiple accounts, I've installed the office-suits from;
- Microsoft and
Depending on the workload I choose either one. Each has it's pro's and contra's.
I'v loaded a few pictures I took with my Leica Q camera to test the screen. It's simply gorgeous.
Unfortunately Apple pencil was sold out, so I plan to pick one up next week in Salt Lake City's Apple store at City Creek.
I've downloaded the Adobe apps already and their look and feel and functionality is perfect.
In short; iPad rules again. I think this will be my office computer for the next few years.
Interactive watches, smart-rings and now the full-tablet form factor hits the wrist. Will it be a hit or will it all be the next 3D-television hype that never took off seriously?
Hardware manufacturers are beginning to explore the wrist to the fullest. With Microsoft kicking off in the early years of this century, it's now Apple that tries to rule the wrist with their Apple Watch, leaving early innovators like Pebble and HotWatch behind.
One can wonder if the battle for the wrist will ever end. Personally I like my wrist to be silent, smooth and functional. I really like the Dutch watchmaker Christiaan van der Klaauw. These amazing astronomical mechanical watches will survive "empty" batteries a long time and will be a good investment too. Superb craftsmanship to tell time, tides and moon phases, what else does a man need?
I am Reinier van der Drift. owner of FERGIL. Serial Entrepreneur & Technology Freak. Expert on Strong Authentication.
Blog on StartUps, Gadgets, Technology in general and my day to day busy-ness.