301.519.9237 exdirector@nesaus.org
(Image: photon_photo/stock.adobe.com)

8.27.21 – Todd Seeley 

A combination of biometrics and Cloud-based identity technologies immediately meet clients’ expectations by making the user experience more convenient.

The world is about to get much more convenient as a combination of biometrics and Cloud-based identity management solutions drive an evolution in how people interact with technologies to access to buildings, applications and services. Trusted identities have played a historical role as the means for granting access.

However, customers now want technology to make their life more convenient when they experience banking, hospitality, ticketing, vending, retail and access to other services while ensuring trust that the system knows who is interacting with it and that it is not someone else.

Companies that adopt a combination of biometrics and Cloud-based identity technologies immediately meet their customer’s expectations by making the user experience more convenient and enjoyable, which results in significantly greater loyalty to their brand. 

Creating Trusted Interactions

Trusted identities on cards have been used to manage how people enter and move through buildings and access resources and services. They increase confidence that people are who they say they are because the user ID the system employs to grant or deny access is issued by a trusted source and cannot be copied to another card or media.

However, this has not prevented someone from sharing a card, or the potential for unauthorized access when a card is lost or stolen. This situation changed with the advent of mobile trusted identities. Not only do people generally not share their mobile device with others, but both the system administrator and the mobile device user can choose to require a successful device authorization prior to allowing any transaction to start.

As a result, many have migrated to mobile devices for access, along with the Cloud-based identity management systems to which they are connected.

Managing Cloud-Based Trusted Identities

A trusted identity is data, and data can represent anything. It can represent an employee ID, a credit card, a driver’s license, a baseball or concert ticket, or a loyalty card for the local creamery. In fact, people use Cloud-based systems on a daily basis to load their credit cards into their mobile wallets and purchase gas or a soda at the convenience store.

These and other Cloud-based systems allow the secure creation, delegation, delivery and presentation of data for any application.

One of the first examples was HID Seos platform technology, which incorporates a cryptographically protected secure vault designed to provide a consistent model for storing and using data so a user can access buildings, resources, and services. As shown in Figure 1, the HID Seos Cloud-based platform provides a secure connection between a system backend to a user device enabling the secure creation, delegation and delivery of data.

Once this data is on the user’s mobile device, the user can experience access to any application in a convenient way whether to open doors, enter sports venues or interact with banks or retail loyalty systems.

The HID Seos platform is said to enable any application to become a Cloud-based ID management solution using secure cryptography to create, delegate, deliver and present data.

Convenience and security are further improved by adding biometric solutions such as fingerprint and facial recognition. These technologies simultaneously play a huge role in how people gain access to devices and services.

Biometrics and ID Management in the Cloud

Biometric solutions have been embraced for their convenience as they enable people to use their face to unlock their phones, and their fingerprint to log-in and authorize payment while shopping online. In these and other applications biometrics improves the user experience and enhances security.

Not only is there no need to enter a username, password, or credit card information, but the system knows without a doubt, by default, that users are who they say they are, and their intent is to log-in and pay for their goods or service.

The time is coming when local convenience stores will provide the option of paying with one’s fingerprint or face, eliminating the need to bring a wallet or phone to the cash register. There is a misperception, though, that biometrics poses privacy risks, and this has slowed adoption to some extent.

The reverse is true: biometric solutions improve privacy, especially when combined with Cloud-based ID management.

Baseline privacy protections start with the software provider’s end-user license agreement (EULA), which the customer signs during the enrollment process. In addition to defining what the application is, the EULA should state that the biometric data is anonymized and used for the application only when the user selects the option for their biometric template to be captured. This means, for instance, that the camera is not turned on unless the person has selected the facial biometric option.

Generally, the EULA must include prohibitions against sharing data as well.  As normal practice for greater privacy protection, all transactions, photographs, biometric data, and other personal information should be encrypted and stored in a separate section within the operator’s network.

Other ways to protect privacy with mobile-based access solutions include using document scanning technology to read and validate whether a government-issued ID is real or not (mobile phones, alone, can scan cards but not validate them in this way).

In the case that a biometric template is stored on the phone by the Cloud-based ID management system, the user approaches the biometric reader to capture either a fingerprint or face, then places the phone on the reader. This allows secure transfer of the template to be compared on the reader itself. Then, an ID such as an anonymized loyalty account number can alert the backend system of a desired transaction.

Early Successes

Some of the earliest adopters of Cloud-based ID management and biometric solutions are in the entertainment, banking and government sectors.

One example is the Birmingham City Football Club in the United Kingdom, which uses Cloud-based ID management so fans can experience convenient ticketing, stadium entry and digital vouchers for having their favorite beer delivered during the game.

By rewarding fans for their participation and engagement at events, venue owners and event sponsors can create unforgettable experiences. Additionally, data collected through a fan app reveals insights into fan behaviors and demographics which can be used to personalize future experiences associated with games, competitions, and giveaways.

The digital vouchers are customized to improve brand visibility and exposure. Adding biometrics to this model will eliminate the need for fans to bring money or identification to the game.

Biometrics has transformed the user experience at the ATM. In Brazil, for example, all major banks have implemented programs to use fingerprints captured by Multi-Spectral Imaging (MSI) technology to protect billions of ATM transactions annually. The technology has also virtually eliminated the vulnerabilities and inconvenience of PINs by allowing customers to present their card, place their finger on the sensor and get cash — all in 20 seconds or less.

In addition, customers can now visit an ATM at the beach, and even without their wallet, using only their finger placed on the sensor. Biometrics have also been implemented in several government identity and payment distribution systems across Central and South America.

Looking Ahead

Future innovations are on the horizon with technologies like Ultra-Wideband (UWB) wireless connectivity, which HID expects will become ubiquitous on mobile devices.  It provides unprecedented accuracy and security when measuring the distance or determining the relative position of a target.

It is not HID’s expectation that UWB will replace Near Field Communication (NFC) or Bluetooth, but rather supplement Bluetooth and other technologies to provide the assurance, reliability, and granularity of device position that enables truly seamless experiences.

Consider the combination of UWB with biometrics. Consumers will prepare their transaction on a mobile banking app before arriving at the ATM or teller window. All that will then be required to authorize a transaction is to “sign” with a face or finger.

The same transformation can be expected to happen at the fast-food drive-through. No longer will a barcode scanner be pointed down at the customer’s cellphone (which risks blinding the person depending on the angle of the counter to the car). Instead, the barcode scanner will be replaced with a much more simple, seamless, and convenient wireless transaction at or before the pickup window.

These technologies will similarly transform the retail and grocery store experience, for instance, enabling a loyalty account number to be sent to the customer’s phone, as well as a biometric template that ensures the customer is linked directly to the program (see Figure 2).

Sending a combination of an ID and biometric data to the phone with end-to-end encryption increases security by distributing the biometric data to the device carried by the user rather than a centralized database. Add UWB and the result is a faster and more consistent biometric-matching process at a Point-of-Sale (POS) terminal.

Full implementation of a Know Your Customer (KYC) system.

Anyone who has ever forgotten their phone or wallet can appreciate the convenience that using only their face or finger for identification offers. It also creates a multitude of compelling new consumer experiences while still meeting or exceeding privacy and security requirements.

This will drive maximum customer satisfaction and loyalty by enabling product and service providers to know who is using their systems, and for customers to be confident that the systems know them, too.

Todd Seeley is Senior Manager, Project Management, Biometrics Business Unit, Extended Access Technologies with HID Global.