With employees working from home and on the go, strong authentication becomes even more critical to positively identify end-users when they are logging in from an unknown device or a new location. Even on-site shared workstations present the same concern: how do you know if the person using the device or machine is authorized to do so? How can you be confident that the user who signed into the account is who they say they are?
In this blog, we will cover:
- What Identity-Bound Biometrics (IBB) is?
- How does IBB differ from traditional biometric technologies in the market today?
- Example use cases of IBB
- Options for deploying IBB in your environment
- Supporting hardware and software for IBB
What is Identity-Bound Biometrics (IBB)?
Identity-Bound Biometrics (IBB) is a flexible, secure, server-based biometric authentication platform. This means that biometric information is stored centrally — on-premises or in BIO-key's data centers — and thus supports device-agnostic security.
To understand the concept of IBB, let’s look at Apple Touch ID (device-based biometric authentication) as a comparison. Touch ID ties the authentication to the device, not to the identity of the user. In other words, Touch ID assumes that the authorized device is in the hands of your expected user, and this is the biggest pitfall. As an administrator, you don’t really know if the person authenticating with Touch ID is truly the authorized user because:
- the user might have shared backup/recovery credentials with another person
- the user enrolled additional users on the device without the company’s consent (unauthorized delegation)
- the user lost the device and it fell into the wrong hands
These are just some scenarios where the security of device-based biometrics can be compromised.
In contrast to device-based biometrics, Identity-Bound Biometrics (IBB) ties the authentication to the user — not to the device we think the user is holding. As an administrator, you will have the highest degree of confidence that the person trying to access your environment and privileged sensitive data is the person they claim to be — you can know for a fact it’s that particular user who signed into the account or device. Coupled with BIO-key's IBB management software, administrators will be able to audit users who performed a sign-in, check confidence scores, and even store fingerprint images from an enrollment or authentication event (configurable).
Why Should I Consider Identity-Bound Biometrics?
IBB offers the highest levels of security, integrity, accuracy, availability, and accessibility.
Security and Integrity
With IBB, you can be confident in who the user is. IBB can identify and prove that it’s a particular user who’s accessing the secured resources, not someone with a trusted device. All biometric information is securely hashed and not reversible; data is also encrypted at rest and in transit. The control will always remain with the relying party: administrators can control who can/can’t enroll and whether users can re-enroll.
With biometric authentication, FAR and FRR are both important metrics to consider.
- FAR (false acceptance rate): accidentally approving an unauthorized user
- FRR (false rejection rate): accidentally rejecting an authorized user
You don’t want to be accepting people you’re not supposed to, but at the same time, you don’t want to be rejecting valid users constantly because that will undermine productivity, convenience, employee confidence, and happiness.
BIO-key's IBB solutions have the lowest FAR and FRR in the industry and are NIST-tested. Our new MobileAuth app with PalmPositive is 400x more accurate than Touch ID, which takes a picture of the user’s palm during enrollment with liveness detection. BIO-key's fingerprint scanners with our proprietary WEB-key matching technology are estimated to be substantially more accurate than Touch ID and many similar technologies.
BIO-key's IBB biometric authentication platform supports over 50 fingerprint sensors, including our own line of fingerprint scanners and third-party scanners, with more added to the list every day. >> If you want to check if your existing fingerprint readers are IBB-supported, don’t hesitate to contact the BIO-key team today.
Because IBB supports device-agnostic security, as long as the fingerprint sensor is supported, you can use any of them interchangeably. For example, fingerprint enrollment on device type A is good for biometric sign-in on device type B and device type C. This makes IBB a great option for authenticating roaming users and users on shared workstations, such as in banks, government organizations, healthcare, public safety entities, factory floors, and retail environments.
Biometric authentication is also user-friendly when it comes to verifying a user on a device. With BIO-key's biometric hardware, users only have to present their fingerprint or palm for authentication and the hardware can be left plugged into the computer.
Deploying IBB is also less expensive compared to the cost of paying for employee phone plans or providing multiple hardware tokens for each employee. You simply need to implement BIO-key's IBB platform, the scanner hardware, or your Android or iOS device (with the MobileAuth app installed) to begin your IBB journey.
Example Use Cases of Identity-Bound Biometrics
National ID Programs (Large-Scale Biometrics)
BIO-key's VST (vector segment technology) matching algorithm has been used by several countries to build their national IBB platforms for government identification cards. For example, BIO-key has been working with the government in Nigeria and other African countries to improve their digital infrastructure, building ID systems (ID cards and passports) to include biometrics.
WEB-key and its VST algorithm have been integrated into ATMs, point-of-sale devices, and even in hospital pharmacies, as part of controlled substance dispensary units to secure high-risk materials with IBB.
A number of state and local government entities use our WEB-key and PortalGuard platforms to secure their sensitive data, with critical uses like public safety, state and local elections, and more.
BIO-key's award-winning PortalGuard platform is deployed all around the world across SMEs and large enterprises to provide security and convenience to users with IBB.
Here’s a quote from our current customer:
“Our team at Orange Bank is partnering with BIO-key to provide our financial institution with a cloud IDaaS solution that delivers advanced biometric authentication. BIO-key provides both biometric authentication and a proven suite of IAM solutions that provide security, flexibility, and value over approaches offered by other vendors.”
— Kathy Pinto, VP IT, Orange Bank & Trust Company
How to Implement IBB in Your Environment
BIO-key is very flexible when it comes to helping organizations incorporate IBB into their workflows and environment. There are 3 deployment options, including:
- Build one yourself
BIO-key currently owns 11 patents on biometric matching algorithms, and our matching algorithm VST can be purchased outright for use in your own in-house developed software with a full SDK. However, you will need to build your own database, storage, and APIs for your own software.
- Pick up our WEB-key
BIO-key's WEB-key software is our web-ready framework and IBB management platform. With this option, you will get the platform, deployment examples, and SDK, but will require some work on your part.
The WEB-key software has been deployed domestically and internationally for many years and has been proven reliable, efficient, and secure for customers across both government and private institutions.
- Implement PortalGuard
Our award-winning PortalGuard Identity and Access Management platform is ready to deploy with no need for custom codes and many configuration options. Aside from IBB, PortalGuard supports over 20 authentication methods for multi-factor authentication, single sign-on (including thick apps and form-fill websites), and self-service password reset functionalities.
With this option, the BIO-key team will come and set it up in your environment and configure it to your preferences and needs. If you’re currently using PortalGuard, IBB can be easily incorporated into the authentication process to help make it more secure and convenient for end-users.
BIO-key's IBB Hardware & Software Solutions
Backed by over 25 years of experience, BIO-key's patented IBB technology is trusted by industry leaders across verticals — from Fortune 500 companies to government agencies.
Why do so many businesses choose BIO-key's IBB? First and foremost, the flexibility and wide range of applicability, including:
- 1:1 (verification): a user provides his/her ID and fingerprints, the system looks at the enrollment information for that user and performs a match.
- 1:N (identification): a user provides his/her fingerprint, the system looks at all the known records in the environment, finds the user, and identifies who he/she is.
- Integrated enrollment: a user can perform fingerprint enrollment from a web browser and Windows desktop if using PortalGuard or PortalGuard desktop.
BIO-key also offers a variety of Microsoft-qualified Windows Hello USB fingerprint scanners and has recently launched a biometric authentication app for use with our IBB software:
- Optical-based sensor (e.g. BIO-key PIV-Pro)
- Capacitive sensor (e.g. BIO-key SidePass)
- Radio frequency-based sensor (e.g. BIO-key SideSwipe)
- Active thermal-optic sensor (e.g. BIO-key EcoID 2)
- BIO-key MobileAuth with PalmPositive
Not sure which IBB hardware and deployment option is best suited for your environment?
By implementing Identity-Bound Biometrics (IBB), you can avoid the pitfalls of traditional device-based biometrics and positively authenticate your users so that only authorized users are granted access to your secured resources, not just someone who’s using the trusted device. With IBB, your users will be their own authentication — something that can't be stolen, lost, or hacked — improving the login experience and reducing overhead costs associated with other forms of authentication. As cyber threats continue to evolve and bad actors come up with new ways to bypass traditional multi-factor authentication methods, IBB will be the ideal solution for enterprises looking to secure their organizations.