by Nuno Menezes
Now, more than ever before, security has become a critical aspect of the digital life of any person or company and the field of biometrics is becoming a key player in the quest for ultimate security. One of the key players in this field is HYPR, the developer of a Biometric Security Platform that decentralizes and encrypts biometric data to enable secure password-less authentication across mobile, desktop and IoT systems.
HYPR offers a product suite that can be used independently without the intervention of a third party and converts any mobile device into a biometric authenticator. From medical devices to smart cars, users can embed biometric IoT security into their connected devices.
It decentralizes biometric credential storage, enabling secure authentication through fingerprint, voice, and facial recognition. HYPR is also available as a tamper-proof token for mission-critical settings, or as a cross-platform SDK for easy deployment of biometric security across billions of existing devices.
Recently the company partnered up with BitGo, one of the leading companies in blockchain security. It is also about to conclude a Series A funding round and is currently assembling a syndicate of value-added professional investors.
BTCMANAGER interviewed George Avetisov, the Co-Founder & CEO at HYPR Biometric Security, for an in-depth look at the role that biometrics can play in the ongoing quest for decentralized security.
Avetisov on HYPR’s history
HYPR Corp. was formed in spring 2014 by a group of experts in the fields of cryptography, blockchain and digital currency, information security, mobile devices, and payments. Following months of development, we debuted its biometric tokenization platform — including our proprietary HYPR-3 hardware token — at the 2015 International Consumer Electronics Show (CES) in Las Vegas, Nevada. The company now works with Fortune 500 enterprises to eliminate passwords and deliver top security by implementing an end-to-end fully interoperable biometric tokenization platform. Their product suite consists of HYPR-1 (software), HYPR-2 (firmware), and HYPR-3 (hardware) and secures desktop, mobile, and IoT systems.
On the need for increased security in the web
Not to delve too deeply into this, but it is said that the weakest link in the security chain is the user and what makes that true and intensifies it is the use of passwords. Removing passwords and doing biometrics the right way — by decentralizing and encrypting them — is a giant leap forward.
On the solutions HYPR has developed
We’ve already helped a Fortune 50 financial institution by bringing them closer to full deployment of our HYPR-1 to millions of users. They are deploying our technology for thousands of internal users on employee systems and millions of users of desktop and mobile consumer-facing applications. This process has been repeated for many Fortune 500 customers.
HYPR-2 is being embedded into global automaker vehicles for connected car: password-less entry, comfort settings, infotainment, navigation, etc. HYPR-2 is also being embedded into commercial and residential physical access structures, smart locks, and smart home product suites.
HYPR-3 is being deployed for mission critical applications in workplaces where Bring Your Own Device (BYOD) is unsupported, such as in heavily-regulated settings like government, healthcare, and financial services. These employers do not permit consumer-facing devices so the essential features of HYPR-1 are mimicked by our own secure device. Untamperable, HYPR-3 has an embedded biometric sensor and a trusted zone to safely store the biometric template.
On setting up an infrastructure for the future of security
The main infrastructure change HYPR brings about is eliminating passwords, the central weak point in information security on all platforms, devices, and operating systems. HYPR replaces passwords with biometrics by decentralizing biometrics across all devices. To do this, we leverage trusted platform modules, embedded biometric sensors (fingerprint scanners, cameras, microphones), and new operating systems such as Windows Hello. We turn late-model mobile devices into authenticators so that users can securely log into desktop, mobile, and IoT systems—without passwords and communicating over Bluetooth low energy (BLE) or Near-field communication (NFC).
An important feature of the HYPR solution is decentralization—user biometrics are stored and encrypted on-device and not stored in a central repository like passwords are. In theory, biometrics could be worse than passwords if used under the same model of enterprises centrally storing them, such as in the example of the U.S. Office of Personnel Management (OPM) data breach. Today’s technology enables HYPR to decentralize the biometrics, eliminating a giant payload of biometrics stored on a server and scatter the encrypted templates across devices that are in the user’s possession (mobile) and/or reliant on user action (mobile and desktop) for login. This decentralization disrupts the commonplace fraud model of going after a treasure trove of user data and forces hackers to go from device to device to device in the hopes of a payoff: one user’s Personally Identifiable Information (PII).
On Reducing Risk
HYPR lowers an enterprise’s risk of holding their internal and external users’ PII. While replacing the username/password scheme with the option to use biometrics, the enterprise also does not store biometrics the way they used to store passwords. Enterprises also know that HYPR does not—and has no desire to—store user biometrics. So the risk for enterprises is even lower than before.
With this lower risk and much more stringent security comes a seamless user experience (UX) that passwords can never deliver. Passwords have proven risky and because of that, users are cautioned to create strong passwords with strings of alphanumeric and special characters. Not only do studies show users are reluctant to use strong passwords, these so-called strong passwords offer a terrible UX especially on mobile.
Two-factor authentication (2FA) security in the form of a passcode generated on a hardware token worn on a keychain, or in the form of a numeric code sent via SMS to a user’s mobile device reinforce and worsen the already-bad UX of the username/password method of login. They also—especially the soft tokens texted to a mobile device—are insecure because they are vulnerable to remote exploits and on-device malware.
In addition, many large enterprises are seeking to employ solutions based on known protocols and for that reason HYPR is a working member group of the Fast Identity Online (FIDO) Alliance. HYPR offers enterprise customers a fully end-to-end FIDO compliant solution as well as biometric OTP so that customers receive what is most desired or appropriate for their use case.
So HYPR can offer enterprises top security, the best UX, and it sidesteps all of the security Band-Aids such as intermediary 2FA appendages. HYPR can demonstrate the power of tomorrow’s security and usability paradigm today through rapid prototyping in a matter of weeks.
On partnering with BitGo
The partnership with BitGo will help enable financial institutions adopting blockchain and biometric security technologies to reduce friction for their customers by providing one integrated solution rather than a disjointed combination of solutions. With this partnership comes the adoption of Fast Identity Online (FIDO) security standards, signifying a major push by a digital currency giant towards the FIDO protocol. The BitGo-HYPR partnership will enhance customer experience and security needs on both sides of the fence for use cases such as: decentralized identity, streamlined UX through HYPR-Secure biometric login, and the integration of BitGo’s multi-signature platform for HYPR customers.
On IoT and Virtual Reality
The HYPR Biometric Security solution can be differently ported to secure and improve the UX of desktop, mobile, and IoT systems. For the IoT including physical access, connected home, and connected car solutions, the HYPR-2 product provides OEMs a firmware chip they can embed into devices. The devices become standalone validation servers that communicate with a user’s corresponding app and mobile device over BLE or NFC depending on mobile device capability and the enterprise or user preference. IoT device adoption will only succeed if people are confident that their devices—homes, cars, other property—are secure and only if the UX is as comfortable with connected life as it is with unconnected life. That means no passwords, and no worsening UX with 2FA.
For virtual reality (VR), when provided on desktop HYPR-1 can provide the same top security and UX that is needed. When provided on devices such as headgear and the like, HYPR-2 can be embedded for the same seamless login experience.
Addressing a major point of friction
Acute security need has caused a poor UX in the digital asset space which is solved by the removal of passwords, and since movement of digital assets largely occurs on mobile, the use of mobile is greatly appreciated. Also appreciated is that decentralization is a feature of our technology, so by integration and just through association there is a comfort level achieved more so than through other security solutions.