The frequency of cyberattacks is constantly increasing and they are only improving, especially since the rapid digital transformation left companies with additional vulnerabilities, such as employees using their personal devices and networks.
Unfortunately, many users are giving up security for the sake of convenience – using a few similar passwords for every site. That’s why passwordless authentication solutions, such as biometrics, are a necessity for many businesses and could ensure having less attacks.
To learn about identity management, biometric authentication, and its benefits, Cybernews invited Rahul Parthe, the Co-Founder, Chairman, and CTO of TECH5 – a company that provides identity management technologies and products.
How did TECH5 originate? What would you consider the biggest milestones throughout the years?
TECH5 was founded in Geneva, Switzerland by a team of experts with a combined 100+ years of experience in the industry. TECH5 originated not only out of the need to innovate in the field of biometrics, but also to ensure that any and all members of the society, at the national or local level, would be able to obtain and use biometrically secure digital identities. In other words, TECH5 focuses on inclusion, and in fact, our company slogan, “Technology for Inclusion,” reflects this mission.
Our biggest achievements have been the development of in-house inclusive technology platforms based on all three biometric modalities – face, fingerprint, and iris – for which we also own the IP. We have also been successful in deploying them in some of the world’s largest programs. Our innovative approach to the digital ID concept, which includes a unique architecture and platform, and works in the digital and physical realm serves every step of the identity lifecycle irrespective of the availability of digital infrastructure or digital skills.
Can you introduce us to your TECH5 platforms? What are their main features?
TECH5 offers several technologies and biometric platforms that facilitate contactless biometric capture with mobile devices for face and fingerprint modalities, identification, verification, and authentication, as well as the issuance of a digital credential.
The TECH5 algorithms that underlie our recognition technology are based on domain-specific AI/ML-based approaches that achieve high accuracy for both identification (1:N match) and verification (1:1 match) with a lower hardware footprint compared to traditional approaches. TECH5 algorithms are trained on diverse databases, and as such, the algorithm remains invariant across different nations, ages, and genders.
The flagship offering of TECH5, T5-Digital ID, combines our latest technologies to ensure uniqueness using biometric deduplication, issuance of a reusable credential that can be issued to a citizen’s smartphone and verified against its owner biometrically in an online or offline manner. T5-Digital ID generates a T5-Cryptograph – a high-density digital container that can be stored on the phone or printed out using regular printers for presentation. It can be verified offline using just a smartphone. A T5-Cryptograph contains a compressed facial image of the holder, biometric templates of the face and fingers, and substantial biographical data. Data in T5-Cryptograph is protected by triple-level encryption, including PKI.
Finally, we would like to introduce our latest innovation – T5-AirSnap – a fully contactless biometric capture technology powered by AI and deep learning for face and fingerprint biometric modalities. This technology allows to capture, package, and send face and fingerprint images for identification or verification using only a smartphone, reducing dependency on purpose-built devices.
In your opinion, which types of organizations should be especially attentive to implementing biometric identity verification solutions?
Simply – all of them. Biometric-based identity verification, if implemented properly, is already proving to be the most secure, frictionless, and privacy-friendly approach. The use cases vary from the general population in the lowest tier of the society accessing their basic needs, such as government subsidies, to private sectors, such as banking and fintech. They are also used in security-related use cases like access control.
At the same time, in a world where identity is moving away from the physical documents and is becoming increasingly digital, online, and mobile, a solution is needed that can ensure citizens’ trust in the organizations that collect, store, and access their data and frictionless usage.
We at TECH5 believe that individuals require a digital identity solution where biometric data binds the digital credential to the holder when verified, where that data stays with the holder, where private means private, and where the holder controls what data to share under what circumstances. We need to ensure that the safeguards we put in place are fit for purpose in this new world where your identity can be verified at a distance, passed between devices, checked online, and so on.
Our offering, T5-Digital ID, is built for the world where, when biometric-based identities can live on smartphones, every other smartphone is potentially a reader (a verifying device), and where citizens, banks, government agencies, retailers, law enforcement, and so on, can all verify the parts of your identity that they need without necessarily having to access data they do not need. Verification takes place in real time, against the holder, biometrically, whether the holder is physically present, on the phone, or online.
How do you think the pandemic affected the cybersecurity landscape?
The global impact of the pandemic has led to the accelerated development of new technologies and solutions that led to rapid digital transformation. One of the most popular use cases was allowing many businesses to leverage the huge advantages of digital onboarding, eKYC, and remote authentication. As a result, eKYC has come into even sharper focus and regulators have thrown their support behind digital onboarding to ensure financial transactions are possible. The move to eKYC has transformed onboarding from a tedious, costly, and bureaucratic process to a streamlined, optimized, and quick process.
Equally important to keep in mind is that the onboarding process is also a time when a business is most vulnerable to fraud. Until the eKYC process is complete, online interactions are literally conducted with “strangers”. Indisputably verifying that an individual is who they claim is therefore vital.
A smooth, fast, and efficient digital onboarding process, such as that proposed by TECH5 is no longer a luxury, but a vital element for growth and the retention of the customer base. TECH5 offers a state-of-the-art solution that will make real the ability to keep our identity locked within our own person, thus allowing us to navigate the new reality of a predominantly digital world with complete confidence. The technology allows for the creation of the right size solution for any organization, maximizing the inclusion of any individual with effortless, affordable, and secure AI-driven intellectual property across 3 biometric modalities.
What are the most common methods threat actors try to use to bypass biometric identity verification measures?
Currently, the face is the most widespread biometric being used. For a 1:1 match, an image of a person’s live face is captured and compared against the image stored in the database, for example, on the mobile device. We are all aware of how easy it is to find one’s face on the Internet. To avoid someone using such faces found on the Internet, liveness detection technology is used together with biometric matching technology to avoid spoofing attacks by users, making sure that the presented face is real. The most common variants of attacks are the usage of silicone masks, photos, and videos presented to the camera to bypass biometric identity verification. Now that we can capture very good fingerprints using mobile cameras, fingerprint matching, which was the old favorite, is gaining traction. And guess what, you cannot find one’s fingerprints on the Internet!
Besides quality Identity & Access Management solutions, what other cybersecurity measures do you think every company should implement nowadays?
I am sure we all agree that everything we do today revolves around identity and systems have to ensure that only authorized identities are able to use the systems. That said, there are various aspects of the system that should be considered from a security perspective.
As the foundation, we should ensure that the identity of every user/customer/employee is unique, every system should have a biometric deduplication technology (1:N match).
Furthermore, in order to avoid fraud, it is imperative to have objective proof at the time of enrollment and authentication that the person being identified is alive and that the matching is not occurring against photos, screen displays, video, and 3D masks. These approaches optimize the security of the identity.
The other most important aspect is to implement decentralized identity systems such that they do not create the so-called honey pots for hackers. Ideally, if everyone carries their own ID and has control over who can authenticate, the attack vectors are reduced significantly. State-of-the-art encryption technologies should be implemented to not only achieve security but also privacy. Such consideration in design reduces the burden of cybersecurity safeguards required.
There are developments in the space of matching in encrypted space like FHE.
However, despite the best efforts and sophistication of any organization, cyberattacks still happen. As a result, it is equally important to be cyber resilient. The concept of “cyber resiliency” has recently emerged as it has become obvious that traditional cybersecurity measures are no longer sufficient to protect against continually evolving cyberattacks. As such, every organization must have the ability to prepare for, recover, and respond to a cyberattack. In the case of a biometrics-based system, this would also mean the ability to revoke the store biometrics and reuse them without having to re-enroll the population.
In general, in addition to identity, access control, encryption, and detection, organizations need to implement both a formal information security management program and a risk management program, which include incident response management, training, continual improvement, and both internal audit and external certification.
As for personal use, what security measures can average individuals take to prevent their identity from being stolen?
There are so many things that people can do today that can help prevent the theft of their identity – everything from changing your passwords to two-step verification, signing up with an identity protection service, and opting for biometrics-based verification factors. We also recommend refraining from putting personal information on the Internet, especially biometrics.
We at TECH5 believe that the single greatest protection you can afford your identity is to store it in such a fashion that it cannot be accessed without the holder’s “biometric authorization” (the real person’s face or fingerprint, for example). In this way, the data remain private and unusable by an unauthorized party, and any authorized verifying party only has access to an individual’s data when they are granted permission.
Furthermore, we believe that the owner of the identity should be able to differentiate or segregate the use of their information such that different verifiers can only access certain parts of the data. For example, a bartender could gain access to an “over 18” confirmation but no other data, a car rental company could gain access only to a license number, validity, and outstanding infraction information, but a law enforcement officer could be granted access to the entire record. These features not only give individuals greater control over their identity but ensure greater security by giving the holder ultimate control over the information shared. Because we believe in this approach, to protect digital identities of the future, we created T5-Digital ID that is linked to its holder biometrically and helps to protect the identity from theft and unauthorized usage.
What do you think the future of identity and access management is going to be like? Do you think the use of biometrics is going to take off?
Biometrics is the most secure way for identity access and management – it has skyrocketed and is here to stay. No doubt that in the future, we will witness new and ingenious methods to increase the sophistication in the way in which biometrics will be used to render them even more secure to maintain control over our identity.
We believe in the Digital ID approach, in decentralized digital identity owned by an individual and linked to its holder biometrically.
Would you like to share what’s next for TECH5?
We will continue innovating and evolving the technologies for contactless capture with mobile phones, artificial intelligence, and machine learning-based biometric matching technologies, as well as disruptive digital ID issuance and verification with granular control over consent-based claim verification.
All our matching platforms are multi-modal: we have three biometric modalities – face, fingerprint, and iris – developed in-house, and looking for opportunities to develop and implement other biometrics. We invest in enhancing our technologies to meet our internal mission of race to zero error and to ensure that top-notch technologies are available for our partners across the world. We believe that with our innovative digital ID technology and artificial intelligence-based biometrics, we will be able to serve most of the people on this planet.