Machines Made to Know You, by Touch, Voice, Even by Heart

SEPTEMBER 10, 2013, 7:20 AM

Machines Made to Know You, by Touch, Voice, Even by Heart


How does a machine verify the identity of a human being? Irises, heartbeats, fingertips and voices, for starters. Authentication has been a tough nut to crack since the early days of the Web. Now comes a batch of high-tech alternatives, some straight from science fiction, as worries grow about the security risks associated with traditional user name and password systems. Apple on Tuesday introduced two new iPhones, including for the first time a model with a fingerprint sensor that can be used instead of a passcode to open the phone and buy products. The new feature is part of a trove of authentication tools being developed for consumers, and not just for phones.Some of these, like the fingerprint sensor, involve the immutable properties humans are encoded with, while others turn our phones into verification devices.

Among the most novel — and also somewhat unsettling — of biometric authentication tools is a new wristband developed by cryptographers at the University of Toronto. It contains a voltmeter to read a heartbeat.

“You put it on. It knows it’s you. It communicates that identity securely to everything around you,” said Karl Martin, one of its creators.

Security is a primary selling point of the wristband, Nymi. While a heart can be broken, Mr. Martin promises that a heartbeat cannot.

These new technologies arrive against the backdrop of mounting concerns over security and privacy, as the old ways of verifying identity online have been exposed as risky. Buckets of user names and passwords have been stolen from a variety of popular sites, and last month, it was discovered that even passwords as long as 55 characters could be broken.

Clef, a start-up firm in San Francisco, has developed a mobile app that lets you send an encrypted key from a mobile app to a desktop computer. Then, the Web site you are trying to enter can effectively recognize you based on your phone, instead of a typed-in password.

LaunchKey, a Las Vegas start-up that is in a testing phase, also looks to the mobile phone for authentication. You register with LaunchKey and connect your account to a particular cellphone. Then, when you log into a Web site or mobile app that accepts the start-up’s service, it sends a notification to that phone. Using an app, you move an icon on the screen to authorize authentication.

The start-up OneID, based in Redwood City, Calif., offers a single sign-on that can be used on various Web sites and devices. In a video, an engineer at OneID, Jim Fenton, demonstrated how he used OneID to open his garage door at home.

The Achilles’ heel of many new Internet-connected devices, Mr. Fenton said in an interview, is protecting secure access.

Jim Fenton, an engineer with OneID, demonstrated how to open a garage door using his company’s technology.

“If you connect all these things to the Internet, you need to have good ways — good from a security standpoint and a convenience standpoint — good ways to control access to things,” he said. “Having user names and passwords is not a good solution for every device.”

Biometric authentication tools, like fingerprint readers, have already been put in devices like laptops, but they have not always worked correctly. It remains to be seen how well Apple’s new fingerprint sensor will work, and whether users will adopt it.

At the same time, biometric sensors raise questions of security. When Apple’s sensor was announced on Tuesday, a flurry of skepticism and privacy concerns erupted online even though Apple said users’ fingerprints would be stored only on the phone — not sent to online servers or made available to app developers.

Another problem: Nymi, OneID and other start-ups in this field will struggle to attract consumers without high adoption rates among sites.

A promotional video for the Nymi wristband.

A more fantastical solution is being developed in a lab at the University of California, Berkeley. Computer scientists there say a simple and cheap headset will be able to read your brain waves to verify your thoughts — and save you the work of typing in a password.

Technologists say just one trick is unlikely to unlock the problem of authentication. One set of tools may verify identity on Web sites; another may unlock cars; still another could grant access to bank accounts.

A coalition of hardware and software companies, calling itself the Fido Alliance, is working on a set of specifications for password alternatives that the industry can rally around. Its guidelines are expected to be released at the end of the year. Companies affiliated with Fido are already testing products, like fingerprint readers and software that recognizes faces and voices. One day, users might be able to log into a favorite e-commerce site by speaking into a computer and buy something with a gaze at a mobile PayPal app.

Facebook has perhaps had the most success in becoming a one-stop identity verification service. Millions of Web sites allow users to log in with their Facebook credentials, which is also a way for Facebook to get to know you better — and serve you more tailored ads. The dangers are obvious. A thief with your Facebook credentials can pretend to be you across the Web.

Mozilla has been trying to popularize its Persona alternative to that single sign-on system. Mozilla makes sure your e-mail provider verifies that the account belongs to you. Then, for every site that accepts a Persona login, you can log in with the original verified e-mail. Passwords are not required.

Mozilla’s identity product is linked to only a small number of Web sites — “thousands” is all a Mozilla spokesman would say — compared with several million sites that support a Facebook login.

Johnathan Nightingale, a vice president of engineering at Mozilla, said the emergence of Internet-connected devices all around us brought a new urgency to the need to develop alternatives to passwords.

“The idea that all the things around us are going to be intelligent is great, but they don’t all have screens and keyboards and password managers,” he said. “They can’t always count on 12 uppercase letters, three lowercase letters, two punctuation marks and a percent symbol.”

He regretted that his tech colleagues had been stymied by the problem for so long. “We tell ourselves as a group we are predicting the future,” he said. “Mostly we are hoping for the future.”

About bambooinnovator
Kee Koon Boon (“KB”) is the co-founder and director of HERO Investment Management which provides specialized fund management and investment advisory services to the ARCHEA Asia HERO Innovators Fund (, the only Asian SMID-cap tech-focused fund in the industry. KB is an internationally featured investor rooted in the principles of value investing for over a decade as a fund manager and analyst in the Asian capital markets who started his career at a boutique hedge fund in Singapore where he was with the firm since 2002 and was also part of the core investment committee in significantly outperforming the index in the 10-year-plus-old flagship Asian fund. He was also the portfolio manager for Asia-Pacific equities at Korea’s largest mutual fund company. Prior to setting up the H.E.R.O. Innovators Fund, KB was the Chief Investment Officer & CEO of a Singapore Registered Fund Management Company (RFMC) where he is responsible for listed Asian equity investments. KB had taught accounting at the Singapore Management University (SMU) as a faculty member and also pioneered the 15-week course on Accounting Fraud in Asia as an official module at SMU. KB remains grateful and honored to be invited by Singapore’s financial regulator Monetary Authority of Singapore (MAS) to present to their top management team about implementing a world’s first fact-based forward-looking fraud detection framework to bring about benefits for the capital markets in Singapore and for the public and investment community. KB also served the community in sharing his insights in writing articles about value investing and corporate governance in the media that include Business Times, Straits Times, Jakarta Post, Manual of Ideas, Investopedia, TedXWallStreet. He had also presented in top investment, banking and finance conferences in America, Italy, Sydney, Cape Town, HK, China. He has trained CEOs, entrepreneurs, CFOs, management executives in business strategy & business model innovation in Singapore, HK and China.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: