The Challenges ofBiometric Authentication
Andrew Bud, Founder and CEO
About iProov
• Founded in 2012 in London to solve a problemFounded in 2012 in London to solve a problemFounded in 2012 in London to solve a problemFounded in 2012 in London to solve a problem
• Experienced leadership team from Experienced leadership team from Experienced leadership team from Experienced leadership team from mBloxmBloxmBloxmBlox
• WorldWorldWorldWorld----class computing expertise class computing expertise class computing expertise class computing expertise from from from from UCLUCLUCLUCL
• Funded by UK Government and VCFunded by UK Government and VCFunded by UK Government and VCFunded by UK Government and VC
• Strong granted IPRStrong granted IPRStrong granted IPRStrong granted IPR
• Warm reception from industryWarm reception from industryWarm reception from industryWarm reception from industry
Cybersecurity Cybersecurity Cybersecurity Cybersecurity & & & & BBBBiiiioooommmmeeeettttrrrriiiiccccssssWinner 2016Winner 2016Winner 2016Winner 2016
The Problem
• AuthenticationAuthenticationAuthenticationAuthentication is the key to is the key to is the key to is the key to secure identitysecure identitysecure identitysecure identity
• There are no very good ways to authenticate a citizen todayThere are no very good ways to authenticate a citizen todayThere are no very good ways to authenticate a citizen todayThere are no very good ways to authenticate a citizen today
– Good means easy and secure
• Easy:Easy:Easy:Easy:
– Little to rememberrememberrememberremember
– Nothing to carrycarrycarrycarry around
– Simple, accessible and natural to dodododo
• Secure:Secure:Secure:Secure:
– Resists scaled attacks scaled attacks scaled attacks scaled attacks from determined organisations
– Invulnerable to compromisedcompromisedcompromisedcompromised devices and networks
– No dodododo----itititit----yourselfyourselfyourselfyourself attacks
The Opportunity
• Biometrics are Biometrics are Biometrics are Biometrics are usableusableusableusable!!!!– The permanently portable credential
– Simplest to use
• Good Good Good Good accuracyaccuracyaccuracyaccuracy– Good quality sensors, including selfie cameras
– Modern machine learning techniques
– Low false rejects can now be achieved
• EffectivelyEffectivelyEffectivelyEffectively keep intruders out…keep intruders out…keep intruders out…keep intruders out…– Real similar body parts are hard to duplicate
– …if system designed to meet the challenges
The Challenges
Replica biometrics-public-stolen-shared
Recordings stolen:-from the device-in transit-from the cloud
Biometric discrimination is as much about usability as security
The “Liveness” pun
Replica Issue Revealed
• Experiment to break the replica detection…Experiment to break the replica detection…Experiment to break the replica detection…Experiment to break the replica detection…
• …so that stolen/public credentials can be used…so that stolen/public credentials can be used…so that stolen/public credentials can be used…so that stolen/public credentials can be used
August 2016
November 2016
The Device Danger
Processing on the device Processing on the device Processing on the device Processing on the device creates riskscreates riskscreates riskscreates risks
• The Replica LaboratoryThe Replica LaboratoryThe Replica LaboratoryThe Replica Laboratory
– Unlimited, unobserved experiments => undetected breach
• Unfixable or reprogrammableUnfixable or reprogrammableUnfixable or reprogrammableUnfixable or reprogrammable
– Replica breach repair is either impossible…
– …or an attack vector
• Compromised devicesCompromised devicesCompromised devicesCompromised devices
– Steal the credential
– Record the session
– Fake the session
• It’s fast It’s fast It’s fast It’s fast –––– but but but but it is another it is another it is another it is another device possession testdevice possession testdevice possession testdevice possession test
iProov’s Solution
• One click, device independent and crossOne click, device independent and crossOne click, device independent and crossOne click, device independent and cross----patformpatformpatformpatform
• No selfie anxietyNo selfie anxietyNo selfie anxietyNo selfie anxiety
• A reassuring ceremonyA reassuring ceremonyA reassuring ceremonyA reassuring ceremony
It’s never been so simple…
Unique, one-time colour code sequences
Video
…to authenticate securely
Deep Learning face matcher delivers excellent performance, including photo matching
“Flashmark”reflection pattern analysis
effectively detects replicas
“Flashmark”reflection sequence analysis detects replayed recordings reliably
Faces + Flashmarks =“One Time Biometrics
A non-shareablecredential
Processed off-device – for sustainable security
Disrupting the Future of ID
• Creating endCreating endCreating endCreating end----totototo----end trust entirely at a distanceend trust entirely at a distanceend trust entirely at a distanceend trust entirely at a distance– ID check, KYC, onboarding, access credential creation
– iProov contributed to the FCA Techsprint on Inclusive Onboarding
• Liberating ID from the device– Multi-platform, cross-devices
– Independent of device integrity – undamaged by compromised devices
• Partnering with experts on document capture
Trusted remote onboarding Access authentication
MEF’s Consumer Trust InitiativeMEF’s Consumer Trust InitiativeMEF’s Consumer Trust InitiativeMEF’s Consumer Trust Initiative
• Readiness for GDPRReadiness for GDPRReadiness for GDPRReadiness for GDPR• Privacy 2.0Privacy 2.0Privacy 2.0Privacy 2.0• Digital IdentityDigital IdentityDigital IdentityDigital Identity• Powering the Personal Data EconomyPowering the Personal Data EconomyPowering the Personal Data EconomyPowering the Personal Data Economy