Security continues to be a hot topic in the age of the smartphone as consumers are becoming increasingly comfortable storing more personal information on their mobile devices. What was once an inconvenience of having to re-input phone numbers should a wireless phone be lost, has become a security risk for many who have stored the accounts and passwords to their lives on their device.
Device makers for the most part have attempted to solve this issue by offering security through various screen lock options, including passwords, personal identification numbers and “patterns.” Some have even tapped into the camera on the front of smartphones to use facial recognition or a fingerprint reader for unlocking a device. However, these more advanced offerings are still somewhat limited by concerns over the accuracy of such services, which could leave a customer locked out of their own device should the embedded solution somehow fail.
One company looking to improve the quality of fingerprint reading technology, and thus potential consumer acceptance, is NexID Biometrics, which develops and licenses “liveness detection software that enables fingerprint-scanning technologies to more accurately authenticate scanned images by mitigating spoof-related risks.”
According to the company, the “liveness detection algorithms work by exploiting the fundamental image differences between a live fingerprint and a spoof. These algorithms can be retrofitted and tailored to fingerprint systems with minimal cost and effort to enhance security.” The company licenses its technology to firms looking to implement a more robust fingerprint security option, something many feel could prove particularly beneficial to enterprise customers.
NexID COO Mark Cornett provided some insight into how the company started and where it sees its technology fitting into the mobile device space.
RCR Wireless News: How did NexID get involved in the fingerprint ID authentication business?
Mark Cornett: NexID is an academic spin-out from West Virginia University and Clarkson University. The four founding members’ research in fingerprint liveness detection earned them an SBIR award in 2007 to commercialize the software technology they invented and patented (liveness detection feature extractor algorithms). We signed on our first client in 2009.
RCRWN: Why is fingerprint ID authentication important to the mobile industry?
MC: A positive, convenient user experience coupled with a broad array of applications has been a key driver of the mobile industry. Incorporating a more convenient form of user authentication (fingerprint ID), further enhances the important element of convenience. Moreover, greater security through the use of “spoof proof” biometric ID authentication will also broaden the array of applications users are confident in using their mobile devices for, such as financial and health transactions.
RCRWN: How do you see it becoming the main security feature on a mobile device?
MC: Fingerprint authentication makes unlocking the device extremely convenient and free of the hassle associated with remembering and keying in pins/passwords. In addition, fingerprint authentication can be part of a multi-factor authentication system (something you know, something you have, and something you are), reserved for applications requiring high levels of security and user ID.
RCRWN: Where do you see existing fingerprint ID authentication solutions falling short?
MC: Most fingerprint sensors on the market today lack liveness detection (a.k.a. spoof mitigation) functionality. Those that do offer this function are generally more expensive and space consuming in a mobile device. As such, early implementations of fingerprint authentication on mobile devices are highly vulnerable to spoofing. In our lab we have successfully spoofed the Apple 5S and the HTC One Max, as we have done with all fingerprint devices tested in our spoof lab.
RCRWN: How does the industry tackle the challenge of making consumers comfortable with fingerprint ID authentication?
MC: Our obvious recommendation is the adoption of NexID’s Liveness Detection technology. We are able to reduce the risk of being spoofed to around 2% to 4% on most fingerprint sensor technologies marketed today. Beyond this, we believe consumer education on the limitations of biometric authentication and taking proper steps to better protect their identity.
RCRWN: How important is it for a smartphone leader like Apple to move such technology into the mainstream?
MC: We consider the introduction of the Apple 5S to be a watershed moment for the biometrics industry, precisely because it brought biometric authentication into the mainstream. However, just as with the emergence of e-commerce, greater security features (such as liveness detection) and consumer education will likely be necessary for biometric authentication to become pervasive.
Bored? Why not follow me on Twitter?