7
Token or No Token: Bringing Sanity And Order To The World of Identity Assertion By: Hector Hoyos, Chairman and CEO Hoyos Labs It is said that the definition of insanity is doing the same thing over and over again, expecting a different result every time. I feel that this is the direction into which the identity assertion industry is headed-into the realm of insanity. A few years ago, in 2010 I deployed the world’s first completely iris-based access control system at Bank of America Headquarters in Charlotte, North Carolina. It was based on the original proprietary technology and products, the HBOX and Eyelock, that I invented at the company I founded Global Rainmakers, Inc., now known as Eyelock Corp. It was true sights of beauty to see thousands upon thousands of Bank of America (BAC) team members gain entry to their workplaces all around the city of Charlotte with nothing more than a glance of their irises. Yes, that is correct, no tokens or access cards of any kind were used, and yes this was the HQ of one of the largest financial institutions in the world. It took us nearly 3 years to achieve such milestone. That deployment in the Summer of 2010 reshaped the face of the access control and the biometrics industries. Yet today, 3 years later, like the setback that general aviation suffered when the Condorde was removed from service, it appears that both industries have forgotten the lessons learned from that BAC deployment. One word defines all those lessons: CONVENIENCE. Back then there was a single paradigm that drove the success of that deployment and every other successful deployment across the world: CONVENIENCE. Think about this for a minute. If you knew that it was as safe as using your access card, would you rather not have to carry an access card and just use 1

Token or no token-2,000 word arti cle

Embed Size (px)

Citation preview

Page 1: Token or no token-2,000 word arti cle

Token or No Token: Bringing Sanity And Order To The World of Identity Assertion

By: Hector Hoyos, Chairman and CEO Hoyos Labs

It is said that the definition of insanity is doing the same thing over and over again, expecting a different result every time. I feel that this is the direction into which the identity assertion industry is headed-into the realm of insanity.

A few years ago, in 2010 I deployed the world’s first completely iris-based access control system at Bank of America Headquarters in Charlotte, North Carolina. It was based on the original proprietary technology and products, the HBOX and Eyelock, that I invented at the company I founded Global Rainmakers, Inc., now known as Eyelock Corp. It was true sights of beauty to see thousands upon thousands of Bank of America (BAC) team members gain entry to their workplaces all around the city of Charlotte with nothing more than a glance of their irises. Yes, that is correct, no tokens or access cards of any kind were used, and yes this was the HQ of one of the largest financial institutions in the world. It took us nearly 3 years to achieve such milestone. That deployment in the Summer of 2010 reshaped the face of the access control and the biometrics industries.

Yet today, 3 years later, like the setback that general aviation suffered when the Condorde was removed from service, it appears that both industries have forgotten the lessons learned from that BAC deployment.

One word defines all those lessons: CONVENIENCE. Back then there was a single paradigm that drove the success of that deployment and every other successful deployment across the world: CONVENIENCE. Think about this for a minute. If you knew that it was as safe as using your access card, would you rather not have to carry an access card and just use what you never leave home without, your iris-biometrics? Well, a good portion of the folks at BAC at first did not accept our Iris systems, voicing many concerns over privacy and data security; however, all those concerns were quelled upon seeing their co-workers waltz into the building right through the access points, without having to dig into their wallets or purses to pull out an access card. I was a personal witness to this. I wanted to understand the human behaviors factor in all that we were doing. It turned out to be The key element in the success of our deployments.

I remember an exchange I had with a very nice lady who worked at BAC HQ in Charlotte. She was holding a cup of coffee in her left hand, her bag and coat in her right hand, and had files tucked under her right arm. I glanced at her and very quickly inquired what she thought of my irisgate. “ Look at me, are you kidding, its as CONVENIENT as a fast food drive-through,” she responded. There it was! After all the years of R&D and the tens of millions invested, after all the long hours discussing the sleek look of the housing, after all the science and

1

Page 2: Token or no token-2,000 word arti cle

technology innovation accomplished, it was best summed up from a real world user and her 20 second experience-what the user wants, recognizes, cares about, and remembers is the CONVENIENCE. I felt like a famous producer at the premiere of his hit movie, except that my premiere only lasted 20 seconds. Then I glanced back across the lobby of this fantastic Gold Leeds structure BAC built in the center of Charlotte, and felt a warm fuzzy feeling as I saw hundreds of additional users take for granted what everyone had originally thought to be impossible, daunting, unacceptable-token-less iris-based access.

Fast-forward 3 years. I am reading a Forbes article about Google introducing Google ID in 2014. Hmm, Interesting. As I progress through the article the more confused and perplexed I become. Google is proposing a 2-factor authentication system (2FA) using a username, a pin, plus a Yubikey token that connects to the USB port of your computer. Wow! What just happened? Had I gone back in time unknowingly? I knew Google was a member of the FIDO (Fast identity Online) Alliance, which supports biometrics in combination with a similar token. Yet now they had changed their minds and decided to completely drop biometrics?

To begin with, like many, I never agreed with the flawed proposition of the FIDO Alliance requiring carrying a physical token to identify you. For years I had spread the “gospel of biometrics according to Hoyos”, in which I predicted that at some point in the near future we would have to drop usernames, passwords, and pins, and that all of them would be replaced with biometrics on mobile devices-smartphones to be precise. Many of my writings throughout the years pointed in this direction. The main reason I pointed to smartphones as the biometrics acquisition tool is because of the issue of CONVENIENCE. Its something we always carry that we cannot do without, not an extra something. Many folks over the years, in both the private and public sector, discounted my position of a world in which all identities will be asserted by means of our biometrics, simply telling me that passwords would never go away, even though they had nothing to back their position other than their corporate opinion. I based my position on facts stemming from my real world experiences.

Today, I feel vindicated, because it is no longer the “gospel of biometrics” or even the “gospel of CONVENIENCE” according to Hoyos that is sending the message out to the world. Today, studies abound from Ericson, Paypal, IBM, Microsoft, and the Ponemo Institute that say exactly what I have been saying for the last 10+ years.

According to Ericson’s study titled: “Your Body The New Password”, 52 percent of smartphone users want to use their fingerprints instead of passwords, a further 61 percent of people want to use fingerprints to unlock their phones, and 48 percent are interested in using eye-recognition.

Another study by Paypal shows that consumers “are OK” with biometrics, and that 53 percent of those surveyed are “comfortable” replacing passwords with

2

Page 3: Token or no token-2,000 word arti cle

fingerprints, and 45 percent would opt for a retinal scan. I’m sure they meant an iris scan, which shows how successful the biometrics industry has been educating consumers about types of biometrics.

IBM Fellow and Speech CTO David Nahamoo states that over the next five years, your unique biological identity and biometric data – facial definitions, iris scans, voice files, even your DNA – will become the key to safeguarding your personal identity and information. and replace the current user ID and password system.

Microsoft Research funded a study titled “The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes.” Among its main conclusions they state that the replacement to passwords should conform to the following criteria: nothing to carry, efficient to use, and easy recovery from loss. They go so far as to state that these criteria are achieved mostly by biometric schemes, and further state that tokens do NOT achieve this.

After reading this I was really confused, because as Google did before, Microsoft had also joined the mighty ranks of the FIDO Alliance. Yet FIDO’s standard identity authentication protocol requires the use of a Yubikey token, but Microsoft Research’s Cormac Herley in Redmond placed his name representing Microsoft Research on the study cited above. So which is it: To use a token or not to use a token? Is Microsoft going against their own study because they don’t believe in its results or have they lost faith in biometrics at a time when the overwhelming majority of consumers are clamoring for biometrics to replace their usernames and passwords?

What makes a company and a product successful is the adoption and continued support by consumers of its offerings. If there is something I have learned in all my years in the technology business is that this is an absolute truth. Consumers rule!!! Consumers the world over, all want the same thing: CONVENIENCE. Sure they want to be secure, but NOT at the cost of their CONVENIENCE. Any proposed scheme by any company or Alliance that intends to go against the grain of consumers in this sense will fail. So there it is, I just predicted the fall of the FIDO Alliance, as well as anyone else that attempts to architect and engineer an inconvenient identity authentication process. So much for swinging at windmills! Yet this time I am armed with something called HoyosID.

3

Page 4: Token or no token-2,000 word arti cle

HoyosID is an identity assertion platform, which utilizes your smartphone as the biometrics acquisition device by using an app, which runs on Iphone and Android.

The HoyosID Identity Assertion Platform leverages all available resources to secure the digital access management in a unique, convenient, and secure way. If you don’t want to use usernames and passwords, and securely login with your biometrics, HoyosID will facilitate such for you. You simply click on the login in a web page, which awakens the HoyosID app on your smartphone, you look at it, it acquires your biometrics, and logs you in. If you are not you, then our IDS (Intrusion Detection System) will block your smartphone and you. To hack you, someone must first appropriate your smartphone, and then attempt to hack it. So the HoyosID architecture effectively forces hackers to have to attempt hacking a user at a time. Gone will be the days of massive attacks that affect multitudes of consumers from a single breach.

At Hoyos Labs we have invested most significantly into spoofing counter measures development. Spoofing is passing an authentication on the digital systems using a false credential that seems to be valid of an actual user registered in the system, such as a high-resolution photograph of you. Liveness detection counter measures are how the mobile application could recognize a live person from decoy images.

HoyosID also prevents replay attacks, which is when someone attempts to “inject” a recording of yourself into the system as someone else.  HoyosID employs 2-way SSL to connect to the server that uses IDS and proprietary algorithms for encryption. The IDS identifies the attempts to replicate timestamp and blacklists the offending devices quickly and permanently.

A very critical differentiator to HoyosID is that it provides a Biometrics Open Protocol Standard (BOPS), which is an open source API that enables the integration into the HoyosID identity Assertion Platform of any third party biometrics solution in the market. Yes we did! 3rd party. So if you want to use your fingerprint through your Iphone 5S or the Samsung with iris identification, when available, on the HoyosID Platform, you could do that. The HoyosID platform through BOPS enables the interconnection to it of any device that opens, closes, and turns on or off, to be controlled with any biometrics device(s) that communicates through it.

In HoyosID there are no biometrics stored anywhere, except in your smartphone, and in an encrypted mode. When the SSL private key is generated it is done by the server and not the device, and is not stored anywhere, since its lifetime is limited to a few seconds. The IDS and HoyosID proprietary algorithms that work in the back-end allows detecting the real user from someone who tries to impersonate you over the network. The HoyosID Identity Assertion Platform

4

Page 5: Token or no token-2,000 word arti cle

currently runs on Amazon Web Services for its server, which uses proven cryptographic methods to secure its infrastructure.

Users will soon be able to download the HoyosID Identity Assertion Apps at no cost to them, for use in their Iphones or Android phones from the Google Play Store and Apple’s App Store in the first quarter of 2014. Hoyos Labs’ HoyosID will initially support iPhone, Samsung Galaxy S4, Galaxy Note 2, and as well the HTC One. Those who think of themselves as my competitors will most likely dismiss me; however, I place my Faith in the hands of consumers who rule. It’s a brand new identity assertion world.

5


Visa Token Service - Cloud Token Framework Fact Sheet

Visa Token Service - Cloud Token Framework Fact Sheet

Documents
LED-Module and LED-Module AC integrated Module CLE for ... · For diffused LED downlights and wall luminaires Engine CLE Engine CLE integrated Engine CLE Quadrant Engine CLE Shallow

LED-Module and LED-Module AC integrated Module CLE for ... · For diffused LED downlights and wall luminaires Engine CLE Engine CLE integrated Engine CLE Quadrant Engine CLE Shallow

Documents
CLE -- FIRM CLE SEPTEMBER 2015 FLSA AND HOT TOPICS

CLE -- FIRM CLE SEPTEMBER 2015 FLSA AND HOT TOPICS

Documents
DreamTeam Token Sale Token Sale Agreement · 2020-05-06 · DreamTeam Token Sale Token Sale Agreement Last Updated: April 12, 2018 This Token Sale Agreement of DreamTeam Token Sale

DreamTeam Token Sale Token Sale Agreement · 2020-05-06 · DreamTeam Token Sale Token Sale Agreement Last Updated: April 12, 2018 This Token Sale Agreement of DreamTeam Token Sale

Documents
Token and Taboo_ Behavior Modification Token Economies and The

Token and Taboo_ Behavior Modification Token Economies and The

Documents
Sweeper Whitepaper V.1 · 2020. 11. 27. · SWEET Token SWEET Token Information Token Name SWEET Token Token Symbol SWT Token Symbol Mark Standard ERC-20 (PoS) Total Supply 1,000,000,000

Sweeper Whitepaper V.1 · 2020. 11. 27. · SWEET Token SWEET Token Information Token Name SWEET Token Token Symbol SWT Token Symbol Mark Standard ERC-20 (PoS) Total Supply 1,000,000,000

Documents
Token User Guide · Renaming a token 10 Deleting a token 10 Viewing token details 11 Uninstalling Soft Token for Android 11 Soft Token for BlackBerry® 11 Installing Soft Token for

Token User Guide · Renaming a token 10 Deleting a token 10 Viewing token details 11 Uninstalling Soft Token for Android 11 Soft Token for BlackBerry® 11 Installing Soft Token for

Documents
CLE Engineering

CLE Engineering

Documents
20 - zigzag.cle-international.comzigzag.cle-international.com/9782090383850/asset/cle-037640-Zigzag... · cle international 33. cle international 34. cle international 35. cle international

20 - zigzag.cle-international.comzigzag.cle-international.com/9782090383850/asset/cle-037640-Zigzag... · cle international 33. cle international 34. cle international 35. cle international

Documents
LED Module Module CLE for wall and ceiling luminaires · 2016-11-16 · CLE Integrated 160 CLE Integrated G2 220 CLE Integrated G2 220 CLE Integrated G2 220 EM As simple and extremely

LED Module Module CLE for wall and ceiling luminaires · 2016-11-16 · CLE Integrated 160 CLE Integrated G2 220 CLE Integrated G2 220 CLE Integrated G2 220 EM As simple and extremely

Documents
Blockstack Token Sale Mechanics - CoinList Token Sale Mechanics By Blockstack Token LLC token@blockstack.com DISCLAIMER: The following summary of terms and description of the sale

Blockstack Token Sale Mechanics - CoinList Token Sale Mechanics By Blockstack Token LLC [email protected] DISCLAIMER: The following summary of terms and description of the sale

Documents
PENGGUNAAN TOKEN REINFORCEMENT SYSTEM … · sistem token efektif dalam pengendalian perilaku. Meskipun terdapat token reinforcement system. token reinforcement system. adaptif anak

PENGGUNAAN TOKEN REINFORCEMENT SYSTEM … · sistem token efektif dalam pengendalian perilaku. Meskipun terdapat token reinforcement system. token reinforcement system. adaptif anak

Documents
TOKEN BUS AND TOKEN RING

TOKEN BUS AND TOKEN RING

Documents
CLE PRESENTATION_sjk

CLE PRESENTATION_sjk

Documents
OIO OIDC profiles 0 · Server and a Refresh Token also used with the Token Server. • The App can subsequently exchange the Access Token for a Service Token with the Token Server–

OIO OIDC profiles 0 · Server and a Refresh Token also used with the Token Server. • The App can subsequently exchange the Access Token for a Service Token with the Token Server–

Documents
SafeNet’s Tokenization Manager · > Token Vault - holding the tokens and keys information: > Two tables are added: Token Vault & Key Table > Token Server- running the Token Manager

SafeNet’s Tokenization Manager · > Token Vault - holding the tokens and keys information: > Two tables are added: Token Vault & Key Table > Token Server- running the Token Manager

Documents
Authentication Devices - hidglobal.com · ActivID OTP Token ActivID USB Token Pocket Token Desktop Token BlueTrust Token ActivKey SIM Product Description Small, durable token with

Authentication Devices - hidglobal.com · ActivID OTP Token ActivID USB Token Pocket Token Desktop Token BlueTrust Token ActivKey SIM Product Description Small, durable token with

Documents
PowerPoint Presentation Book final.pdf · $5,200 Year Wellness Bonus Yearly $800 $1,300 $2,000 $2,000 $2,000 $2,000 $2,000 ANNUAL INCOME $15,264 $20,364 $51,380 $68,246 $101,048 $135,624

PowerPoint Presentation Book final.pdf · $5,200 Year Wellness Bonus Yearly $800 $1,300 $2,000 $2,000 $2,000 $2,000 $2,000 ANNUAL INCOME $15,264 $20,364 $51,380 $68,246 $101,048 $135,624

Documents
BGG WhitepaperBGG Whitepaper Official Site: bgogo.com v1.0 Contents Introduction of Bgogo Exchange BGG Token Plan What is BGG BGG Token Distribution Token Distribution Breakdown Token

BGG WhitepaperBGG Whitepaper Official Site: bgogo.com v1.0 Contents Introduction of Bgogo Exchange BGG Token Plan What is BGG BGG Token Distribution Token Distribution Breakdown Token

Documents
@let@token @let@token Mestrado em Segurança da …rcorreia/seginforg/11-processos_comunicacao.pdf@let@token @let@token Mestrado em Segurança da Informação e Direito no Ciberespaço

@let@token @let@token Mestrado em Segurança da …rcorreia/seginforg/11-processos_comunicacao.pdf@let@token @let@token Mestrado em Segurança da Informação e Direito no Ciberespaço

Documents
Cle Ascension

Cle Ascension

Documents
Cle Nilson

Cle Nilson

Documents
Tokenization - MeaWallet · support card tokenization. Token 1 Token 2 Token 3 Token Token Introduction A significant benefit of tokenization is the fact that a token is only valid

Tokenization - MeaWallet · support card tokenization. Token 1 Token 2 Token 3 Token Token Introduction A significant benefit of tokenization is the fact that a token is only valid

Documents
Cle Dynamometrique

Cle Dynamometrique

Documents
CLE Conference

CLE Conference

Documents
PLANO ELECTRICO ESC:1:100repositorio.ug.edu.ec/bitstream/redug/39862/4/ELECTRICO Y...2,000 0,700 2,000 0,700 2,000 0,700 2,000 0,700 2,000 0,700 2,000 1,000 2,000 1,000.05 4.95 1.00.20.20

PLANO ELECTRICO ESC:1:100repositorio.ug.edu.ec/bitstream/redug/39862/4/ELECTRICO Y...2,000 0,700 2,000 0,700 2,000 0,700 2,000 0,700 2,000 0,700 2,000 1,000 2,000 1,000.05 4.95 1.00.20.20

Documents
Cle Slides

Cle Slides

Documents
NDB LIST CLE No. 187 DX and HOME Reporters · NDB LIST CLE No. 187 DX and HOME 24 - 27 Oct. 2014, midday-midday local time COMBINED RESULTS NDBs more than 1,250 miles (2,000 km) away

NDB LIST CLE No. 187 DX and HOME Reporters · NDB LIST CLE No. 187 DX and HOME 24 - 27 Oct. 2014, midday-midday local time COMBINED RESULTS NDBs more than 1,250 miles (2,000 km) away

Documents
Cle Presentation

Cle Presentation

Documents
Catalogo Cle

Catalogo Cle

Documents