Embed Size (px)
Citation preview
-W H I T E P A P E R
Biometrics and cloud-based identity technologies fuel new user experiences
The world is about to get much more convenient as a combination of biometrics and cloud-based identity management solutions drive an evolution in how people interact with technologies to access buildings, applications and services. Trusted identities have played a historical role as the means for granting access.
However, customers now want technology to make their life more convenient when they experience banking, hospitality, ticketing, vending, retail and access to other services while ensuring trust that the system knows who is interacting with it and that it is not someone else.
Companies that adopt a combination of biometrics and cloud-based identity technologies immediately meet their customer’s expectations by making the user experience more convenient and enjoyable, which results in significantly greater loyalty to their brand.
How Trusted Identities of the Future Will Fulfill the Convenience Factor
C R E A T I N G T R U S T E D I N T E R A C T I O N S
Trusted identities on cards have been used to manage how people enter and move through buildings and access resources and services. They increase confidence that people are who they say they are because the user ID the system employs to grant or deny access is issued by a trusted source and cannot be copied to another card or media.
However, this has not prevented someone from sharing a card, or the potential for unauthorized access when a card is lost or stolen. This situation changed with the advent of mobile trusted identities. Not only do people generally not share their mobile device with others, but also both the system administrator and the mobile device user can choose to require a successful device authorization prior to allowing any transaction to start.
As a result, many have migrated to mobile devices for access, along with the cloud-based identity management systems to which they are connected.
M A N A G I N G C L O U D - B A S E D T R U S T E D I D E N T I T I E S
A trusted identity is data, and data can represent anything. It can represent an employee ID, a credit card, a driver’s license, a baseball or concert ticket or a loyalty card for the local creamery. In fact, people use cloud-based systems on a daily basis to load their credit cards into their mobile wallets and purchase gas or a soda at convenience stores.
These and other cloud-based systems allow the secure creation, delegation, delivery and presentation of data for any application.
One of the first examples was HID Seos® platform technology, which incorporates a cryptographically protected secure vault designed to provide a consistent model for storing and using data so a user can access buildings, resources and services.
As shown in Figure One, the HID Seos cloud-based platform provides a secure connection between a system backend to a user device enabling the secure creation, delegation and delivery of data.
Once this data is on the user’s mobile device, the user can experience access to any application in a convenient way whether to open doors, enter sports venues or interact with banks or retail loyalty systems.
Convenience and security can be further improved by adding biometrics such as fingerprint and facial recognition. These technologies simultaneously play a huge role in how people gain access to devices and services.
HID Seos® CLOUD-BASEDID MANAGEMENT
Mobile Networks, Partner Channels, Etc.
ResidentialHomes
Offices
Hotels
Figure One: The HID Seos platform enables any application to become a cloud-based ID management solution using secure
cryptography to create, delegate, deliver and present data.
B I O M E T R I C S A N D I D M A N A G E M E N T I N T H E C L O U D
Biometric solutions have been embraced for their convenience as they enable people to use their face to unlock their phones and their fingerprint to log-in and authorize payment while shopping online. In these and other applications, biometrics improves the user experience and enhances security.
Not only is there no need to enter a username, password or credit card information, but also the system knows without a doubt, by default, that users are who they say they are, and their intent is to log-in and pay for their goods or service.
The time is coming when local convenience stores will provide the option of paying with one’s fingerprint or face, eliminating the need to bring a wallet or phone to the cash register. There is a misperception, though, that biometrics poses privacy risks, and this has slowed adoption to some extent.
The reverse is true: biometric solutions improve privacy, especially when combined with cloud-based ID management.
Baseline privacy protections start with the software provider’s end-user license agreement (EULA), which the customer signs during the enrollment process. In addition to defining what the application is, the EULA should state that the biometric data is anonymized and used for the application only when the user selects the option for their biometric template to be captured. This means, for instance, that the camera is not turned on unless the person has selected the facial biometric option.
Generally, the EULA must include prohibitions against sharing data as well. As normal practice for greater privacy protection, all transactions, photographs, biometric data and other personal information should be encrypted and stored in a separate section within the operator’s network.
Other ways to protect privacy with mobile-based access solutions include using document scanning technology to read and validate whether a government-issued ID is real or not (mobile phones alone can scan cards but cannot validate them in this way).
In the case that a biometric template is stored on the phone by the cloud-based ID management system, the user approaches the biometric reader to capture either a fingerprint or face, then places the phone on the reader. This allows secure transfer of the template to be compared on the reader itself. Then, an ID such as an anonymized loyalty account number can alert the backend system of a desired transaction.
E A R LY S U C C E S S E S
Some of the earliest adopters of cloud-based ID management and biometric solutions are in the entertainment, banking and government sectors.
One example is the Birmingham City Football Club in the United Kingdom, which uses HID Seos cloud-based ID management so fans can experience convenient ticketing, stadium entry and digital vouchers for having their favorite beer delivered during the game.
By rewarding fans for their participation and engagement at events, venue owners and event sponsors can create unforgettable experiences. Additionally, data collected through a fan app reveals insights into fan behaviors and demographics that can be used to personalize future experiences associated with games, competitions and giveaways.
The digital vouchers are customized to improve brand visibility and exposure. Adding biometrics to this model will eliminate the need for fans to bring money or identification to the game.
Biometrics have also transformed the user experience for the banking industry. In Brazil, for example, all major banks have implemented programs to use fingerprints captured by multispectral imaging (MSI) technology to protect billions of ATM transactions annually. The biometric technology has also virtually eliminated the vulnerabilities and inconvenience of PINs by allowing customers to present their card, place their finger on the sensor and get cash — all in 20 seconds or less.
Biometrics have also been implemented in several government identity and payment distribution systems across Central and South America.
L O O K I N G A H E A D
Future innovations are on the horizon with technologies like ultra-wideband (UWB) wireless connectivity, which HID expects will become ubiquitous on mobile devices. It provides unprecedented accuracy and security when measuring the distance or determining the relative position of a target.
It is not HID’s expectation that UWB will replace near field communication (NFC) or Bluetooth, but rather supplement Bluetooth and other technologies to provide the assurance, reliability and granularity of device position that enables truly seamless experiences.
hidglobal.com
North America: +1 512 776 9000 | Toll Free: 1 800 237 7769Europe, Middle East, Africa: +44 1440 714 850Asia Pacific: +852 3160 9800 | Latin America: +52 (55) 9171-1108For more global phone numbers click here© 2021 HID Global Corporation/ASSA ABLOY AB. All rights reserved. Part of ASSA ABLOY2021-09-17-eat-trusted-identities-wp-en PLT-06238
Consider the combination of UWB with biometrics. Consumers will prepare their transaction on a mobile banking app before arriving at the ATM or teller window. All that will then be required to authorize a transaction is to “sign” with a face or finger.
The same transformation can be expected to happen at the fast-food drive through. No longer will a barcode scanner be pointed down at the customer’s cellphone (which risks blinding the person depending on the angle of the counter to the car). Instead, the barcode scanner will be replaced with a much simpler, seamless and convenient wireless transaction at or before the pickup window.
These technologies will similarly transform the retail and grocery store experience, for instance, enabling a loyalty account number to be sent to the customer’s phone, as well as a biometric template that ensures the customer is linked directly to the program (see Figure Two).
Sending a combination of an ID and biometric data to the phone with end-to-end encryption increases security by distributing the biometric data to the device carried by the user rather than a centralized database. Add UWB and the result is a faster and more consistent biometric-matching process at a point-of-sale (POS) terminal.
Anyone who has ever forgotten their phone or wallet can appreciate the convenience of using only their face or finger for identification. It also creates a multitude of compelling new consumer experiences while still meeting or exceeding privacy and security requirements.
This will drive maximum customer satisfaction and loyalty by enabling product and service providers to know who is using their systems and will allow customers to be confident that the systems know them too.
CLOUD-BASEDID MANAGEMENT
Retailer’s LoyaltyProgram &Pay System
ID Document Validation
Self EnrollBiometrics
Services
UWB
Loyalty App
Loyality Age Bio
avp1295 bvqsadY
APPROVED
>21
Figure Two: Know Your Customer (KYC) systems use biometrics to ensure customers are linked directly to the program. This is done by sending a combination of the customer’s loyalty account
ID number as well as his or her biometric template so the two can be matched.
