Every market has it's holy grail. In the strong authentication market it's something called "continuous authentication".
It means that the user isn't bothered by typing a PINcode and/or present a card or biometric, the system simply knows it's you.
There are a couple of promising techniques that strive to become the holy grail that I'll discuss here:
- Behaviosec, a,Swedish startup that delivers keystroke biometric algorithms and
- Nymi, a Toronto based startup that measures "the noise" your heartbeat makes to identify you.
Behaviosec developed a so-called behavior biometric algorithm. Basically the algorithm interprets your typing behavior on keyboards/mice and smartphones or tablets, and based on your unique "flight, swipe or touch" times and motions, the algorithm flawlessly identifies you in a short period of time.
Usually it takes 1-2 seconds after you starts typing/swiping for the algorithm to make a positive ID.
Besides the algorithm, Behaviosec developed a cloud based system which makes it easy for Identity providers to add Behaviosec's technology to their authentication eco-system.
This kind of behavior biometrics is often implemented as part of a multi-layer authentication system, that sits behind a website or payment system, to add more security to the accountholder's data.
Because the technology is non-intrusive to the user (he simply does what he always did; typing), these technologies are very elegant to implement and often implemented without the user knowing.
It was early 2006 that I was first approached by an investor to give my opinion on an investor paper on "project Heartbeat" as it was called then. I don't know whether or not that old investment proposal is related to Nymi in any way, fact of the matter is that I advised negative at that time.
The reason was that fingerprint technology already caused a public debate and in my experience technology like finger-vein recognition basically scared the consumer finger-vein sounded very intrusive (where it actually is not).
We're now almost 10 year further. Fingerprint readers are widely exerted by the public (smartphones, biometric passports and so on) and people are not surprised by biometrics anymore.
The Nymi algorithm which interprets your heartbeat in order to be able to identify you, finds it's form factor in the Nymi band. You can see a picture above. During enrollment it asks you to touch the band with the other hand so that an ECG can be made on which the algorithm can do it's trick.
The Nymi band form factor is chosen so that developers can easily integrate the technology into their systems and applications. It's expected that in the near future the algorithm will be embedded in other devices like smartwachtes and fitnessbands.
The two technologies are examples of "continuous authentication". Authentication that is "always-on" and non-intrusive to the user. It simply always works and as part of a layered-authentication-framework delivers the next-gen authentication systems.
I am Reinier van der Drift. owner of FERGIL. Serial Entrepreneur & Technology Freak. Expert on Strong Authentication.