Thursday , December 12, 2024

Security Notes: It’s Time For Bionic ID

More and more people are identifying themselves online through their unique biometric data. The method is robust in so far as the original biological data is in analog format, which means one decides how many digital bits to use to represent that data. The bit-flow of the reading may be very high, since analog-to-digital conversion is fast.

In practice, people lay a thumb, show an iris, or put a palm on a surface. Very convenient. Yet this method suffers from two serious and related flaws. The first is that biometric data cannot be replaced. Once compromised, the victim is forever at risk of having his identity stolen over and over again. The second flaw is that each time the method is used, the same data is sent out for verification. It can be used by an identity thief again and again. Take facial recognition. It’s so easy, so effortless. Alas, our faces are in the public domain. That means a mask can be made that could open high-value targets like your phone or iPad.

Biometric identification has gained so much momentum that its cardinal flaws are stubbornly ignored. Fortunately, a path to a solution has been identified. Recent technology exploits the benefit of biometric identification while bypassing its fundamental flaws. How? By going bionic, replacing the natural finger, the iris, and the palm with an artificial device that carries an overwhelming amount of data in analog format. Bionic readers replace biometric readers, and the device itself is activated only with its owner’s biometric data—so its first user is the only user.

A stolen bionic finger is useless to its thief. He can’t activate it. The biometric data would reside in the device itself and would not be communicated to the network. Only the artificial biometric data would stand the risk of being compromised. And in that case, the device would be replaced.

The artificial biometric is engineered with the “Rock of Randomness” technology (U.S. Patent No. 10,467,522). Here’s how it works: Unlike a fingerprint, which repeats itself each time it is used, the bionic finger sends different data each time to prevent replay fraud. A thumbprint is easy to lift from a discarded glass, and it is relatively easy to prepare a false thumb skin. But the rock of randomness, even if its reading is known, cannot be manufactured so that it gives the specified reading.

The bionic finger may take shapes other than a finger. A particularly attractive shape is a ring. The wearer tucks the face of the “jewelry” to the reader, much as in the days when kings wearing a seal on their fingers identified themselves by pressing their ring on a hot lump of red wax. Bionic identification may be expanded to groups, clubs, and other communities, with members sharing the same bionic signature to prove their membership.

Both biometric identification and bionic identification represent an important principle guiding the future of cyberspace: material grounding. Identities must be physically established because today, be it Russian trolls or Bitcoin thieves, fake identities bring the cyber towers down. Take blockchain, the hottest thing in town. It is based on the power of the majority of nodes in a network. It is relatively easy to manufacture one or a million fake nodes and defeat the cryptographic foundation of the chain. But bionic identification constitute a seamless data flow from material to digital.

Not only people will use a bionic finger. Artificial-intelligence entities, robots, avatars will, too. Humanity is about to be served with tens of billions of Internet of Things devices, talking to and paying each other—and presenting a solid bionic identification.

Meeting the identity challenge will signal victory in this hard-fought cyber war.

—By Gideon Samid, gideon@bitmint.com

 

Check Also

CardFlight Eases Card-on-File Access; Bill Debuts 1099 Form Filing Service

Merchants using the CardFlight SwipeSimple app have gained easier access to managing customer data and …

Digital Transactions