The most known methods used to authenticate users when logging into web and other digital applications and platforms, including cryptocurrency and crypto wallets, is passwords, PINs and digital dot patterns. But researchers agree that biometric authentication achieves a higher level of security.
Biometric authentication is where the user needs to physically authenticate transactions or entry into a platform by using their facial, iris, finger or thumb patterns that are considered unique to each human being and thus cannot or are hard to be replicated. Its future looks really bright especially because security is in huge demand for electronic communications especially cryptocurrencies and money exchange platforms where money is involved.
A biometric system scans the finger, face, iris, veins and then stores biometric data is in a database. Traditionally, this data is stored in a centralized database, which can easily be accessed by many people within short time and if these people have malicious intentions, they could steal the data and gain access to people's digital platforms and steal coins. It could also compromise privacy of users. Thus centralized database data is not so fit for cryptocurrencies.
The most modern shift that suits cryptocurrencies is the storage of this data in a decentralized way, which makes it hard to be accessed by malicious third parties. Some companies in the world of cryptocurrencie are already using biometric identification and authentication methods with decentralized databases as we shall see.
Biometric authentication systems seem to have a bright future. Although no cryptocurrency is using lip patterns, palm patterns and heart rate analysis as methods of authentication, we have working inventions in the areas of iris scanning, several in facial scanning and several others in finger scanning.
Types of biometric security methods
Iris scans, fingerprint scans, hand geometry analysis and scans, retina scans, facial scans, and voice analysis are the most common types of biometric security methods. They are considered almost impossible to replicate thus a more sure way of authenticating users inside digital platforms. These are the most commonly talked about, but there are others: voice, handwriting, pulse or walk.
Today, most high-end smartphones now include fingerprint sensors and users can unlock their phones using their fingers but the technology is not wide-spread in cryptocurrency platforms.
Each of these security methods present their advantages and disadvantages:
Finger-print identification is cheap and it is possible to find a ready-made solution out there. However, these scans are easier to fake.
Iris scans, where a scanner scans the iris from a distance, are more expensive but relatively harder to replicate the scans. Facial recognition can be in the form of 2D or 3D scans. 2D scan fail on a number of occasions such as changing weather, or when the person changing their hairdo or putting eyeglasses or grows (or cuts) a beard. 3D scans are more reliable even on these occasions but more expensive.
Veins pattern recognition relies on infrared scanning and is not easy to fake the patterns. But conditions such as sunlight and vein-related medical conditions can cause it to fail.
Retina scanning is more reliable but takes more time to process. The equipment is very expensive.
How different security methods have been applied in the crypto world
Finger and thumb scanning
One of the earliest platforms to use finger print biometrics is the Hypr cryptocurrency security platform. It uses a sticker-size or price tag-size or bandage-size biometric token that is placed at the back of the user's phone case and communicates with it via Bluetooth. The sticker reads fingerprints when the user swipes his or her finger on the device, and registers the static discharge from the finger motion to authorize a transaction.
But that is part of a three factor authentication system in Hypr. Users can use finger scanning after the other two -- PIN and the sticker itself. With HyprKey, users can spend Bitcoin even without touching the digital currency by linking the debit cards -- This is done by HyprKey creating a biometric authentication bridge between the user and the mobile wallet built on top of it. This biometric TOTP (time-based one-time password algorithm) token generator that converts Bitcoins in real time is the real deal that eliminates fraud. Biometric data is stored in a decentralized way.
By eliminating fraud, it also eliminates interchange fees in addition to making sure that the person doing or authorizing the transaction is 100 percent the owner.
The decentralized biometric authentication platform also supports voice, touch, eye, palm, and many more factors to secure transactions and communications and authenticate users, in addition to finger scanning. Users can employ a combination of two or more to deploy user-based security -- simply by adding voice, face, touch, eye, palm or any combination.
Hypr partners with BitGo, a Blockchain security company that became the second company after Ledger, in the Bitcoin space to implement Fast Identity Online (FIDO) security standard protocol which are open and scalable standards for secure user authentication that can be applied across many websites and mobile services.
PayPal is also entering the cryptocurrency world. The company applied, on May 26 this year, a patent for a payment device that can process cryptocurrencies including Bitcoin, Litecoin, and Dogecoin. The patent was filed with the United States Patent and Trademark Office (USPTO) and establishes a device that uses thumb scan for user security and authentication.
PayPal will use TrueCrypt - -a discontinued encryption software -- to secure credit card and cryptocurrency wallet information is protected It includes a payment module engine and a payment module database. The payment module includes one smaller component for storing funding source information and another for securing information.
Read the full patent by PayPal here
Another invention, Case, a small credit-card shaped device used in transacting and trading Bitcoin, uses biometric identification and security features. It has a tiny screen, fingerprint sensor, camera and a GSM chip and a few buttons.
To make a transaction, you simply press a button, scan a QR code with the camera, then swipe your finger. No smartphone apps or passwords. You can buy and sell Bitcoins from this device.
This hardware Bitcoin wallet uses a multi-signature, multi-factor architecture to secure customer data and transactions in addition to encryption of data. It has three keys. One key identifies the user with owning the device being used. The second is stored on the server and only a user with a matching fingerprint scan is allowed access to the bitcoin wallet. The second key means your Bitcoins are safe even when your device is lost or the servers are compromised. The third key is in an offline vault and helps users to recover their Bitcoins if they ever lose their Case is lost.
Humaniq, a blockchain auditing and biometrics technology, launched on July 31st, an eponymous flagship app that uses facial recognition provided by VisionLabs for user authentication.
The Android app allows users to test the company's cryptocurrency while using biometrics to avoid obscure passwords. Users are promoted to register biometrics in order to login and access HMQ, which they can use to store and transfer the currency to others -- even to those that have not yet signed for the app.
The company hopes to launch an iOS app later this year.
Biometrics is already being used by crypto exchange markets. Coinbase, a cryptocurrency exchange platform that allows users to buy, sell, or trade digital currency and send it across the globe; has, since 2016, been using facial recognition technology developed by Jumio. Jumio's Netverify matches smartphone and PC users against their ID documents.
Using the platform, users confirm their identities through a live video feed for facial recognition and the system matches it against existing photo of their photo ID, so it uses machine learning. The system is designed to detect even the slightest facial movements to ensure liveliness detection.
The company uses this additional security system to approve increased buy/sell limits within the marketplace.
BitCad also announced on May this year that they will be using biometric authentication for their platform. The platform involves a decentralized architecture of databases that processes and stores the biometric data which solves the security problem. Although, that could slow the processing according to some opinions, Bitcad said they had solved the problem "their response time is comparable to the best centralized solutions like Fujitsu PalmSecure” said Vladislav Mitrofanov, founder and CEO of BitCAD.
In this platform, once biometric data is collected, it is encrypted in the distributed database. It means you only can be allowed access into your wallet through use of personal and unique features like veins pattern or fingerprints. For instance, it could use a a USB stick with a camera and an infrared illumination or the technology integrated in a regular smartphone to facilitate vein identification. The system is intended for facial recognition, fingerprint analysis and veins analysis. It will help read and analyze vein patterns in motion, phone camera-based facial recognition,
Bitcad is a platform that connects various professionals in any field to allow each of them automate their workflow and business routine processes, find performers and contractors for their tasks, and improve multi-stakeholder participation.
It can be applied in project management, automatic online accounting and the payment system , dispute resolution systems, single electronic legal language.
Swiss Banking wallet, three months ago, launched the world's first blockchain phone, the BitVault, which employs fingerprint and iris scan for use user identification and authentication. Since Iris patterns are unique to an individual and virtually impossible to replicate, it means iris scanning is one of the safest way for keeping private.
But that's not all, the phone helps integrate cryptocurrency with everyday services and products by enabling secure messaging, secure browsing, voice and video calling, secure storage and banking.
The phone has just started shipping this September and costs €949.00 on pre-launch.
Heart rate analysis
It turns everyone has got a unique heartbeat based on the size and shape of the heart as well as the orientation of the valves and physiology -- all which do not change unless you underwent a major cardiac event like a heart attack.
Based on this fact, other methods proposed for user authentication include heart rate analysis where, for instance, electrocardiogram (ECG) is used to authenticate user identity in systems such as Nymi, which is a small, wearable device. The device turns the user's heartbeat into a unique key that is used to unlock devices.
However, no known cryptocurrency platform is using this method of authenticating users.
Hong Kong Baptist University computer science professor Cheung Yiu-ming invented and patented (patent granted) in the U.S. in 2015, the “lip motion password” system that verifies a person's identity by simultaneously checking whether the spoken word and behavioral characteristics of lip movement match what is stored in the database.
It takes into account the user's lip shape, lip movement and lip textures as the user utters the password. It turns out that same password spoken by two people produces different results in lip dynamics so, even if a hacker knows your password, it would be hard to get access to impersonate. It can lock out impersonators using recorded videos of users speaking the password.
Palm print recognition
Palm print recognition is based on the unique patterns of the various characteristics in people's hands. It uses a camera-based application to scan the patterns, as well as software and machine learning to match and recognize what is stored in database.
More particularly, palm scanners use optical, thermal or tactile methods to detect the ridges (pattern of raised areas on the palm) and bifurcations (branches on the palm) and scars, creases and texture. The three methods rely on visible light analysis, heat-emission analysis, and pressure analysis, respectively. The hand can be in contact or contactless with the screen.
Disadvantages of biometric features
But there are problems with using biometric features: first, they can be compromised according to this post and this one and once compromised, are unchangeable. There are several ways you can safeguard that though for instance using a combination of techniques as advanced by Hypr.
Other authentication inventions
TREZOR, a small Bitcoin hardware wallet used for trading Bitcoins, uses two factor authentication where in addition to logging in websites using a passwrod and username, the user confirms logging in by physically clicking on the device which has a unique private key only with and known to the user -- it is not even stored in the database or sent via internet as is with other Time-based One-time Password (TOTP). Each user has a unique signature given at signup.