A new partnership announced today between HYPR Corp. and BitGo, Inc. extends biometric authentication to the blockchain space to secure digital assets, cryptocurrency, identities and private keys.
Silicon valleys top blockchain vault and silicon alleys biometric security experts team up to bring decentralized biometrics to the world of digital assets.
This alliance of key players brings together biometric security with the blockchain, a continuously growing public ledger of all Bitcoin transactions that have ever been executed. BitGo secures over $1 billion per month in digital assets with over 10,000 transactions on any given day a staggering figure for any startup. HYPR enables enterprises to keep encrypted biometric data decentralized, offline and out of hackers reach. The introduction of HYPRs decentralized biometric security platform to the digital asset space alongside BitGo enables an unprecedented push towards enhanced usability and security across blockchain-centric use cases.
The BitGo-HYPR partnership will enhance customer experience and security needs on both sides of the fence for use cases such as: decentralized identity, streamlined UX through HYPR-Secure biometric login, and the integration of BitGos multi-signature platform for HYPR customers.
This partnership will help enable financial institutions adopting blockchain and biometric security technologies to reduce friction for their customers by providing one integrated solution rather than a disjointed combination of solutions. With this partnership comes the adoption of Fast Identity Online (FIDO) security standards, signifying a major push by a digital currency giant towards the FIDO protocol.
George Avetisov, CEO, HYPR Corp. said:
Its astounding how often our enterprise clients request a solution for blockchain security upon the integration of our technology. Bitgo and hype share a common view of the importance of decentralized security protocols. I cannot imagine a better team to partner with.
Mike Belshe, CEO, BitGo, said:
All of our customers are asking how to use biometric security to protect their digital assets. The hype team has been laser-focused on this and provides a great solution for us.
Planet Biometrics caught up with George Avetisov, CEO and co-founder, HYPR Corp, to discuss the new partnership and the future of blockchain, biometrics and secure digital identities.
Do you believe the worlds of biometric authentication and the blockchain/digital asset space will increasingly intersect?
Were already seeing the worlds of biometric authentication and the blockchain/digital asset space connect, as both technologies are seeing rapid adoption in parallel. There is a very interesting and almost serendipitous reason for this.
Two of the key issues that have hindered adoption of digital assets are security and usability. Decentralized biometric authentication addresses both issues as it manages to drastically increase security while also improving usability.
As with any scenario of unauthorized access to private keys, the transfer of bitcoin is instant and permanent. To avoid a total loss, and with little oversight and no recourse for the victim of an attack, blockchain-based platforms are in dire need of bleeding-edge security solutions.
The total loss nature of blockchain-based transactions has also meant that the use of strong passwords and other security features have been implemented. But solutions like strong passwords and legacy 2-Factor Authentication remain a usability nightmare, especially on mobile devices. HYPR combines the security that digital assets require and markedly improves the user experience that is essential for greater adoption and trust.
Can you explain the concept behind a decentralized biometric security platform?
A decentralized biometric security platform is one where the storage and encryption of biometric credentials is distributed across all devices. This means that an enterprise wishing to replace or augment passwords with biometrics for authentication switches to a system where their users employ biometrics but the enterprise does not centrally store biometric data as they currently do with passwords.
A great example is in how law enforcement and border access use biometrics. An employee or suspect reaches an agency terminal with a sensor, and their biometric (often fingerprint or photo) is compared against a database of thousands or millions of others biometric signatures in a one-to-many matching scheme. Decentralized biometric authentication employs a one-to-one matching scheme where an employee or consumer matches a biometric against their pre-registered biometric on a trusted device they have in their possession.
A one-to-many matching scheme is risky since hackers are known to target an agency or enterprise that has a central repository of biometric credentials as they currently do passwords. These stockpiles of user data are a juicy target for hackers because the reward for obtaining them is tremendous as in the case of the U.S. Office of Personnel Management data breach. A one-to-one matching scheme disrupts the hacker attack model by forcing them to go from device to device to device for individual biometrics. This is an unscalable attack that requires them to be in possession of the device, physical biometric, and the users knowledge (e.g., PIN, a second factor, etc.).
In an HYPR-Secure architecture, biometrics for each user remains on-device, and are used to sign a cryptographic challenge sent from a server. By decentralizing the biometric data across millions of devices, encrypting it, and tokenizing their use at the time of account access, there are multiple benefits. The end-user is protected, the enterprise deploying the application has lower risk, the UX is superior to passwords, and users are protected against device loss through revocability as the enterprise simply disables the public keys used to respond to the authentication in the event of a lost device.
In theory, biometrics for authentication could remain a far worse solution than passwords if their storage were centralized and if there were no additional encryption employed. Todays increased adoption of standards-based protocols such as those of the Fast Identity Online (FIDO) Alliance has created a growing ecosystem in which convenience is vastly improved and risk is reduced for enterprises.
Do you see biometrics playing a role in smart contracts?
Biometric authentication is going to play a key role in validating a users identity for smart contracts. As in the case of any other blockchain based scenario, smart contract execution needs both security and usability upgrades to be implemented at scale. We expect the use of a physical biometric and a decentralized authentication protocol will make a lasting impact on answering the most important question during such a transaction Am I who I say I am?
Is HYPR targeting the enterprise market with collaborations like this?
HYPR and BitGo have received inquiries from customers on both sides about blockchain security solutions and biometrics as a means for improving access to blockchain-enabled services. This partnership was formed expressly to deliver a secure biometric blockchain experience to customers through Bitgos Multi-Signature technology and the HYPR biometric encryption suite. Use cases already discussed include decentralized identity, streamlined UX through HYPR-Secure biometric login, and the integration of BitGos multi-signature platform for HYPR customers utilizing biometrics for identity. This partnership is also powerful for accelerating adoption of specifications like those put forth by the Fast Identity Online (FIDO) Alliance across the digital assets sector.
Are there any issues you feel arent getting enough coverage in the biometrics industry?
I think that the biometrics industry should focus more on security. Lots of people understand biometrics, but very few understand biometric security. There are many biometrics companies that do an excellent job of creating matching algorithms and authenticators but have a fundamentally flawed understanding of data security. Biometric technologies have been around for a long time, but never really went mainstream because the risk of a centralized repository of fingerprints or faces is too great of a risk to deploy at scale. To this day, we are surprised to see so many talented engineers continue to push for legacy systems that rely on the centralized one-to-many matching schemes when the industry is clearly leaning the other way. For this reason, we have launched the HYPR-Secure partner program and invite vendors to augment the security of their technologies through our platform. We look forward to seeing many more HYPR-Secure architectures across the biometrics industry in the years to come.