Posts Tagged ‘biometrics’
October 16, 2015
I saw a LinkedIn message to one of the biometrics groups in which I’m a member linking to a new video on biometrics:
I was quite surprised to see that I am actually in it!
It’s a great topic…Banks turning to biometrics. The video doesn’t talk too much about what’s really happening and why, so I’ll blog about a few salient points, worthy of understanding:
1) Passwords are on their deathbed. This is old news and everyone gets it, but worthy of repeating. Too easy to crack and/or too hard to remember
2) Mobile is everything, and mobile biometrics will be the entry point. Our mobile phones will be the tools to control and open a variety of things. Our phones will know who we are and keep track of the probability of that changing as we use them. Mobile banking apps will be accessed through biometrics and that will allow us to not only check balances, but pay or send money or speed ATM transactions.
3) EMV credit cards are here…Biometric credit confirmation is next! Did you get a smart card from your bank? Europay, Visa, and MasterCard decided to improve fraud by shifting fraud risk based on security implemented. Smart cards are now, biometrics will be added to aid fraud prevention.
4) It’s all about convenience & security. So much focus has been on security that convenience was often overlooked. There was a perception that you can’t have both! With Biometrics you actually can have an extremely fast and convenient solution that is highly accurate.
5) Layered biometrics will rule. Any one biometric or authentication approach in isolation will fail. The key is to layer a variety of authentication techniques that enhance the systems security but don’t hurt convenience. Voice and face authentication can be used together, passwords can be thrown on top if the biometric confirmation is unsure, tokens or fingerprint or iris scans can also be deployed if the security isn’t high enough. The key is knowing the accuracy of match and increasing the security to the desired security level in a stepped function so as to maximize user convenience.
October 1, 2015
Todd Mozer’s interview with Martin Wasserman on FutureTalk
TrulySecure From Sensory Becomes First Face and Voice Biometrics Technology to be FIDO UAF Certified
August 20, 2015
Santa Clara, Calif., – August 20, 2015 – TrulySecure Multimodal Biometric Authentication from Sensory, Inc. Has Been Fully Tested and Certified for Compliance with the FIDO Universal Authentication Framework Specifications V1.0
Sensory Inc., a Silicon Valley based company focused on improving the user experience and security of consumer electronics through state-of-the-art embedded voice and vision technologies, today announced that its TrulySecure™ is the first multimodal face and voice biometric authentication software to be FIDO Certified™. The FIDO (Fast Identification Online) Alliance tested TrulySecure for compliance with the FIDO UAF (Universal Authentication Framework) 1.0 specifications, which determines that implementations of the FIDO specification are uniform across products and that those products are interoperable with other products and services that support the FIDO 1.0 specifications.
“We recognize Sensory for building TrulySecure to be fully compliant with the FIDO Universal Authentication Framework specifications and are excited to add their innovative multimodal biometric authentication solution to the FIDO Alliance’s prestigious roster of FIDO UAF Certified authenticators,” said Brett McDowell, FIDO Alliance executive director. “As more enterprises, application developers and mobile device makers shift away from password authentication, solutions like Sensory’s TrulySecure multimodal biometric authentication software will continue to prove valuable as an essential, secure means of authenticating users and keeping their data safeguarded.”
Working with the FIDO Alliance to certify compliance with FIDO standards and interoperability of TrulySecure demonstrates Sensory’s commitment to advancing the current state of user authentication, by ensuring that the industry’s most secure multimodal face and voice authentication software can be easily integrated within authentication solutions from FIDO Certified™ providers. Sensory joined the FIDO Alliance in early 2015 to work alongside other companies eager to create more secure user authentication protocols. Sensory has been a strong supporter of the FIDO Alliance since its inception and has worked with companies like Nok Nok Labs to ensure the biometric authenticator portion of their authentication solution, powered by TrulySecure from Sensory, was fully compliant with FIDO UAF 1.0 specs.
“Sensory’s TrulySecure is a great example of what can be delivered with multimodal biometrics and we are happy to support the solution within our own FIDO Certified S3 Authentication Suite,” said Ramesh Kesanupalli, founder of Nok Nok Labs and FIDO visionary. “Enterprises are looking for turnkey user solutions that offer a mix of authentication methods. Working with Sensory allows Nok Nok Labs to provide its customers with a greater variety of solutions that offer superior security compared to vulnerable passwords.”
TrulySecure leverages Sensory’s deep strengths in speech processing, computer vision, and machine learning. The combination of face recognition and speaker verification to authenticate a specific individual allows users to rest assured that their device is secure, without the hassle of fumbling around with a fingerprint reader or entering a password or PIN every time they want to access it or authenticate to sites and services. Consistent with FIDO standards, TrulySecure is an on-device biometric not requiring a cloud connection. Embedded authentication is a preferred approach for consumers and businesses that don’t want their biometric information stored outside of their personal devices. Embedded biometric solutions are also preferred for their higher security and reliability compared to cloud based systems, which have proven to be vulnerable to hackers and break-ins, and undependable in low-signal/no Internet environments. In addition to the security and dependability benefits of being embedded, TrulySecure further safeguards devices and data by requiring two forms of biometrics, making it at least twice as secure as even the best fingerprint readers found on mobile devices.
The advantages of TrulySecure when compared to other biometric authentication methods include:
“We at Sensory are huge supporters of the work the FIDO Alliance has done to create an exciting consortium focused on streamlining user transactions with on-device biometrics,” said Todd Mozer, chairman and CEO of Sensory, Inc. “Promoting biometrics for more than two decades, we are pleased that our TrulySecure technology has become the first multimodal face and vision biometrics technology to be awarded the status of FIDO Certified. By working with companies across the entire authentication ecosystem to certify the interoperability of their FIDO Certified technologies with TrulySecure, we have made it even easier for companies to integrate the industry’s easiest to use and most secure biometric authentication technology within their products.”
# # #
About The FIDO Alliance
About Nok Nok Labs
June 3, 2015
When I started Sensory over 20 years ago, I knew how difficult it would be to sell software to cost sensitive consumer electronic OEMs that would know my cost of goods. A chip based method of packaging up the technology made a lot of sense as a turnkey solution that could maintain a floor price by adding the features of a microcontroller or DSP with the added benefit of providing speech I/O. The idea was “buy Sensory’s micro or DSP and get speech I/O thrown in for free”.
After about 10 years it was becoming clear that Sensory’s value add in the market was really in technology development, and particularly in developing technologies that could run on low cost chips and with smaller footprints, less power, and superior accuracy than other solutions. Our strategy of using trailing IC technologies to get the best price point was becoming useless because we lacked the scale to negotiate the best pricing, and more cutting edge technologies were becoming further out of reach; even getting the supply commitments we needed was difficult in a world of continuing flux between over and under capacity.
So Sensory began porting our speech technologies onto other people’s chips. Last year about 10% of our sales came from our internal IC’s! Sensory’s DSP, IP, and platform partners have turned into the most strategic of our partnerships.
Today in the semiconductor industry there is a consolidation that is occurring that somewhat mirrors Sensory’s thinking over the past 10 years, albeit at a much larger scale. Avago pays $37 billion dollars for Broadcom, Intel pays $16.7B for Altera, and NXP pays $12B for Freescale, and the list goes on, dwarfing acquisitions of earlier time periods.
It used to be the multi-billion dollar chip companies gobbled up the smaller fabless companies, but now even the multibillion-dollar chip companies are being gobbled up. There’s a lot of reasons for this but economies of scale is probably #1. As chips get smaller and smaller, there are increasing costs for design tools, tape outs, prototyping, and although the actual variable per chip cost drops, the fixed costs are skyrocketing, making consolidation and scale more attractive.
That sort of consolidation strategy is very much a hardware centered philosophy. I think the real value will come to these chip giants through in house technology differentiation. It’s that differentiation that will add value to their chips, enabling better margins and/or more sales.
I expect that over time the chip giants will realize what Sensory concluded 10 years ago…that machine learning, algorithmic differentiation, and software skills, are where the majority of the value added equation on “smart” chips needs to come from, and that improving the user experience on devices can be a pot of gold! In fact, we have already seen Intel, Qualcomm and many other chip giants investing in speech recognition, biometrics, and other user experience technologies, so the change is underway!
April 6, 2015
Lets face it, 20 years ago passwords made sense and were an easy and somewhat secure way for keeping our private stuff private. But today, as a result of countless cyber attacks on the public, minimum password requirements vastly skew from site to site, forcing many people to remember upwards of 20 (some highly complex) passwords. Thankfully, better methods for identity authentication exist, and an organization called the FIDO Alliance is working with numerous players in the space, Sensory being one of them, to change the nature of online authentication by defining an open, scalable, interoperable set of mechanisms that reduce the reliance on passwords.
As many of you already know, Sensory is a leading provider of deep learning face and voice recognition biometric solutions, and we believe that with solutions like TrulySecure, your face or voice alone can serve as a very accurate method for identity authentication, and when combined, offers the strongest level of security feasible. We have learned a great deal about how to utilize deep learning principles for biometric authentication and are working with the FIDO Alliance to have our solutions FIDO-Certified, which will enable us to offer them to customers of end-to-end FIDO solutions.
The FIDO (Fast IDentity Online) Alliance is a 501(c)6 non-profit organization nominally formed in July 2012 to address the lack of interoperability among strong authentication devices as well as the problems users face with creating and remembering multiple usernames and passwords. The FIDO Alliance plans to change the nature of authentication by developing specifications that define an open, scalable, interoperable set of mechanisms that supplant reliance on passwords to securely authenticate users of online services. This new standard for security devices and browser plugins will allow any website or cloud application to interface with a broad variety of existing and future FIDO-enabled devices that the user has for online security.
March 23, 2015
This month had three very different announcements about face recognition from Alibaba, Google, and Microsoft. Nice to see that Sensory is in good company!!!
Alibaba’s CEO Jack Ma discussed and demoed the possibility of using face verification for the very popular Alipay.
A couple interesting things about this announcement…First, I have to say, with a name like Alibaba, I am a little let down that they’re not using “Open Sesame” as a voice password to go with or instead of the face authentication… All joking aside, I do think relying on facial recognition as the sole means of user authentication is risky, and think they would be better served using a solution that integrates both face and voice recognition (something like our own TrulySecure), to ensure the utmost security of their customers’ linked bank accounts.
Face is considered one of the more “convenient” methods of biometrics because you just hold your phone out and it works! Well, at least it should… A couple of things I noticed in the Alibaba announcement: Look at the picture…Jack Ma is using both hands to carefully center his photo, and looking at the image of the phone screen tells us why. He needs to get his face very carefully centered on this outline to make it work. Why? Well, it’s a technique used to improve accuracy, but this improved accuracy, trades off the key advantage of face recognition, convenience, to make the solution more robust. Also the article notes that it’s a cloud based solution. To me cloud based means slower, dependent on a connection, and putting personal privacy more at risk. At Sensory, we believe in keeping data secure, especially when it comes to something like mobile payments, which is why we design our technologies to be “embedded” on the device – meaning no biometric data has to be sent to the cloud, and our solutions don’t require an internet connection to function. Additionally, with TrulySecure, we combine face and voice recognition, making authentication quick and simple, not to mention more secure, and less spoofable than face-only solutions. By utilizing a multi-biometric authentication solution like TrulySecure, the biometric is far less environmentally sensitive and even more convenient!
Mobile pay solutions are on the rise and as more hit the market differentiators like authentication approach, solution accuracy, convenience and most of all data security will continue to be looked at more closely. We believe that the embedded multi-biometric approach to user authentication is best for mobile pay solutions.
Also, Google announced that its deep learning FaceNet is nearly 100% accurate.
Everybody (even Sensory) is using deep learning neural net techniques for things like face and speech recognition. Google’s announcement seems to have almost no bearing on their Android based face authentication, which came in the middle of the pack of the five different face authentication systems we recently tested. So, why does Google announce this? Two reasons: – 1) Reaction to Baidu’s recent announcement that their deep learning speech recognition is the best in the world: 2) To counter Facebook’s announcement last year that their DeepFace is the best face recognition in world. My take – it’s really hard to tell whose solution is best on these kind of things, and the numbers and percentages can be deceiving. However, Google is clearly doing research experiments on high-accuracy face matching and NOT real world implementation, and Facebook is using face recognition in a real world setting to tag photos of you. Real-world facial recognition is WAY harder to perfect, so my praise goes out to Facebook for their skill in tagging everyone’s picture to reveal to our friends and family things might not have otherwise seen us doing!
Lastly, Microsoft’s announced Windows Hello.
This is an approach to getting into your Windows device with a biometric (face, iris, or fingerprint). Microsoft has done a very nice job with this. They joined the FIDO alliance and are using an on-device biometric. This approach is what made sense to us at Sensory, because you can’t just hack into it remotely, you must have the device AND the biometric! They also addressed privacy by storing a representation of the biometric. I think their approach of using a 3D IR camera for Face ID is a good approach for the future. This extra definition and data should yield much better accuracy than what is possible with today’s standard 2D cameras and should HELP with convenience because it could be better at angles can work in the dark. Microsoft claims 1 in 100,000 false accepts (letting the wrong person in). I always think it’s silly when companies make false accept claims without stating the false reject numbers (when the right person doesn’t get in). There’s always a tradeoff. For example I could say my coffee mug uses a biometric authenticator to let the right user telepathically levitate it and it has less than a 1 in a billion false accepts (it happens to also have a 100% false reject since even the right biometric can’t telepathically levitate it!). Nevertheless, with a 3D camera I think Microsoft’s face authentication can be more accurate than Sensory’s 2D face authentication. BUT, its unlikely that the face recognition on its own will ever be more accurate than our TrulySecure, which still offers a lower False Accept rate than Microsoft – and less than 10% False Reject rate to boot!
Nevertheless, I like the announcement of 3D cameras for face recognition and am excited to see how their system performs.
July 25, 2014
I see a bit of irony that a great Saturday Night Live alumnus is launching a campaign to decrease spoofing. I’m talking about Senator Al Franken, who has been looking into the problem of stolen fingerprints, see article.
Senator Franken challenges Samsung and Apple with some fair concerns about the problem of stolen or spoofed biometrics. The issue is that most biometrics that could be stolen can’t be easily replaced. We only have one face, two eyes, and 10 fingers, so not a lot of chances to replace or change them if they are stolen.
The mobile phone companies, challenged on the fingerprint issue, had two responses:
I think Franken is right to question the utility of biometric fingerprints, because a product like Sensory’s TrulySecure (combining voice and vision authentication) offers a large number of advantages:
Here’s a more canned demo on Sensory’s home page that better showcases some of the anti-spoofing features.
June 30, 2014
May 7, 2014
If you read through the biometrics literature you will see a general security based ranking of biometric techniques starting with retinal scans as the most secure, followed by iris, hand geometry and fingerprint, voice, face recognition, and then a variety of behavioral characteristics.
The problem is that these studies have more to do with “in theory” than “in practice” on a mobile phone, but they never-the-less mislead many companies into thinking that a single biometric can provide the results required. This is really not the case in practice. Most companies will require that False Accepts (error caused by wrong person or thing getting in) and False Rejects (error caused by the right person not getting in) be so low that the rate where these two are equal (equal error rate or EER) would be well under 1% across all conditions. Here’s why the studies don’t reflect the real world of a mobile phone user:
A great case in point is the fingerprint readers now deployed by Apple and Samsung. These are extremely expensive devices, and the literature would make one think that they are highly accurate, but Apple doesn’t have the confidence to allow them to be used in the iTunes store for ID, and San Jose Mercury News columnist Troy Wolverton says:
“I’ve not been terribly happy with the fingerprint reader on my iPhone, but it puts the one on the S5 to shame. Samsung’s fingerprint sensor failed repeatedly. At best, I would get it to recognize my print on the second try. But quite often, it would fail so many times in a row that I’d be prompted to enter my password instead. I ended up turning it off because it was so unreliable (full article).”
There is a solution to this problem…It’s to utilize sensors already on the phone to minimize cost, and deploy a biometric chain combining face verification, voice verification, or other techniques that can be easily implemented in a user friendly manner that allows the combined usage to create a very low equal error rate, that become “immune” to conditions and compliance issues by having a series of biometric and other secure backup systems.
Sensory has an approach we call SMART, Sensory Methodology for Adaptive Recognition Thresholding that takes a look at environmental and usage conditions and intelligently deploys thresholds across a multitude of biometric technologies to yield a highly accurate solution that is easy to use and fast in responding yet robust to environmental and usage models AND uses existing hardware to keep costs low.
April 25, 2014
It’s not often that I rave about articles I read, but Ian Mansfield of Cellular News hit the nail on the head with this article.
Not only is it a well written and concise article but its chock full of recent data (primarily from JD Power research), and most importantly it’s data that tells a very interesting story that nicely aligns with Sensory’s strategy in mobile. So, thanks Ian, for getting me off my butt to start blogging again!
A few key points from the article:
Now, let me dive one step deeper into the problem, and explore whether customer satisfaction can be achieved with minimal impact on cost:
Seamless voice control is here and soon every phone will have it, and it doesn’t add any hardware cost. Sensory introduced the technology with our TrulyHandsfree technology that allows users to just start talking, and our “trigger to search” technology has been nicely deployed by companies like Motorola that pioneered this “seamless voice control” in many of their recent releases. The seamless voice control really doesn’t add much cost, and with excellent engines from Google and Apple and Microsoft sitting in the clouds, it can and will be nicely implemented without effecting handset pricing.
Sensors are a different story. By their nature they will be embedded into the phones and will increase cost. Some “sensors” in the broadest sense of the term are no brainers and necessities, for example microphones and cameras are a must have, and the six-axis sensors combining GPS and accelerometers are arguably must haves as well. Magnetometers, barometers are getting increasingly common, and to differentiate further leading manufacturers are embedding things like heartbeat monitors; stereo 3D cameras are just around the corner. To address the desire for biometric security Samsung and Apple have the 2 bestselling phones in the world embedded with fingerprint sensors!
The problem is that all these sensors add cost, and in particular those finger print sensors are the most expensive and can add $5-$15 to the cost of goods. It’s kind of ironic that after spending all that money on biometric security, Apple doesn’t even allow them as a security measure for purchasing iTunes. And both Samsung and Apple have been chastised for fingerprint sensors that can be cracked with gummy bears or glue!
A much more accurate and cost effective solution can be achieved for biometrics by using the EXISTING sensors on the phones and not adding special purpose biometric sensors. In particular, the “must have sensors” like microphones, cameras, and 6-axis sensors can create a more secure environment that is just as seamless but much less difficult to crack. I’ll talk more about that in my next blog.