With a little time to contemplate Tuesday’s announcement of Apple’s iPhone 5S, featuring a fingerprint scanner as the central new innovation in their flagship device, it is clear that Apple has given BIO-key two wonderful gifts: 1) validation of our patient belief that mobile devices are, in and of themselves, the “killer app” for fingerprint biometrics, and 2) always on, cloud-connected end user touch-points with integrated fingerprint scanners – lots and lots of them!
Finally, the world will understand “first hand” fingerprint authentication’s value proposition, thanks to personal experience. Not to mention Apple’s marketing engine, which I know will have me and other long-timer fingerprint advocates beating our heads saying, “why didn’t I think of that messaging?” What comes next should be fun, and is going to be great for our company. Our number one challenge is that too many people in high places don’t realize that there is a better way to authenticate or identify people in person with just a USB scanner attached to their existing registration devices, or over the internet with their phone, tablet or laptop. Or, they incorrectly believe that people will be reluctant to use their fingerprint in that capacity. On Tuesday, Apple changed all that. This technology is ready for prime time, mission critical applications (which, for the younger set, may be checking your twitter feed or ESPN scoreboard).
BIO-key has been preparing for this moment for several years, with apps on the iTunes Store and Android market that allow for mobile device fingerprint identification against our customers’ WEB-key-based authentication or identification back end. However, until now, we lacked the end point devices in the market to make the app deliver that capability to meaningful numbers of end users. Everyone who has experienced a BIO-key authentication loves its one-touch simplicity and elimination of passwords. Make no mistake, we plan to enable our iOS WEB-key Client app to use the Apple Touch ID module to perform authentications for WEB-key customers. For now, the fingerprint matching will take place within the companion chip in the iPhone 5S, but we firmly believe the power of true cloud-based authentication will become apparent to Apple after their competition allows it, and that they, like the laptop manufacturers and Motorola with the Atrix before them, will soon allow this important security module to be leveraged to its full potential by thinking “outside the box,” not just “inside the box”.
Why allow true cloud authentication? There are many reasons, including the need for a consistent authentication experience across the coming explosion of smart devices with which we will need to interface. I shouldn’t need to carry my iPhone 5S to approve my son watching a PG-13 movie on AT&T U-Verse. One of the best examples of why is one that my friend and longtime BIO-key customer Eric Schulties, CIO of ITxM, pointed out to me yesterday as we discussed Apple’s announcement at the Healthcare ID user conference. ITxM already has been using BIO-key to allow its million plus donors to positively ID themselves with just a touch of their finger when they check in to give blood at any of ITxM’s LifeSource (Chicago) or Central Blood Bank (Pittsburgh) facilities. They shortly will offer this convenience to millions of donors in Virginia with their acquisition of Virginia Blood Services. ITxM already has a BIO-key database of voluntarily captured fingerprint template enrollments to allow for this identification. They and their donors would love to enable their donors with shiny new iPhone 5S’s to log in to their blood center’s donor portal to schedule a donation, view their results, or just stay connected, using the fingerprint scanner on their phone to identify that donor against the existing database. Unfortunately, because Apple insists that the fingerprint image cannot be used by anything except their on-board matcher, every donor will have to take extra steps to first associate their Touch ID identity with their donor ID, before they can do so. In a true cloud authentication model, any donor could grab any iPhone 5S and be allowed to access their donor portal with the scanner. Now that’s thinking outside the box.
What’s interesting is that Apple revealed, in my opinion, a disappointing lack of leadership in how they are presenting this new technology to the market. Apple has for years told the market what it needed and why. In this case, rather than lead the market to a better understanding about what makes biometrics different and better than passwords in terms of cloud based authentication, Apple stared into the abyss of potential anti-biometrics knee jerk reactions and blinked – hard. They emphasized that the fingerprint is not going to be available to any application except their on device matcher, instead of using their bully pulpit to explain that a biometric is different from a password or PKI Private Key, which must be kept secret. A fingerprint template – or any biometric – is just a detailed series of measurements of a real person’s features – truths about you, if you will. These features are available to be measured by anyone, so they cannot be presumed to be secret. The fact that Apple’s announcement seems to miss is that simply having the measurements of your finger doesn’t enable an imposter to create one to defeat a properly implemented biometric system. It’s just like the real world – I can see your face, and even take a picture of you, but cannot walk up to a guard at your workplace and hand them your picture, saying, “look here – this is who I am.” BIO-key takes that level of assurance to the max, ensuring that the cloud based match being performed is of a real finger on the sensor, not some imposter submitting a stolen template or fake fingerprint.
This announcement is very exciting, and we are confident that the market will demand more from Apple than being limited by a closed identity subsystem, driven by fear, not reality.
This blog was submitted by:
VP Strategy & Business Development