Two-factor authentication isn’t good enough for the Internet of Things. So says HYPR, a 3-factor biometric security platform that’s offering an extra layer of protection.
“The goal of the team at HYPR is to provide a unified, end-to-end solution that enables military grade encryption for everyone – from the consumer mobile sector to developers, small ansd medium-sized businesses, enterprises, banks and government agencies,” says HYPR Corporation CEO George Avetisov.
The HYPR protocol is an open platform enabling device-to-cloud three-factor security by leveraging existing biometric processors in devices. The company provides a solution that can provide validation in a cloud or on-premise model for device manufacturers that are embedding biometric readers in devices, Avetisov says.
The three factors are:
1. Something I have – the biometric trusted execution zone located on biometric devices.
2. Something I am – the actual biometric signature of the user (face, retina, fingerprint)
3. Something I know – the application layer pin, password, or any other form of knowledge-based credentials.
Avetisov says the current landscape is void of trusted execution zones and biometric readers, and current multi-factor solutions fall short. “Sophisticated malware attacks still pose a threat to even the latest multi-factor authentication solutions including ones that employ biometrics because basically any validation taking place on the operating system layer is vulnerable,” Avetisov says. “In addition, multi-factor solutions, such as ones that send an SMS message to one’s mobile device, present a token-based system in which authenticated codes can be easily intercepted and spoofed.”
HYPR recently became a member of the FIDO Alliance. “Having established a core principle that true authentication requires specialized hardware such as that of FIDO compliant devices and biometric readers – we’ve established a platform that is future proof and ready for a coming infrastructure,” Avetisov says.
HYPR developed a biometric security developer kit that can be bought as an individual purchase for $50 (to be shipped in July) or deployed in bulk to enterprises that want a FIPS 140-2 Level 3 token for secure login. The company says large orders of the end-to-end solution will be deployed in the fall across banking and enterprise sectors.