Download PDF here if you are having trouble viewing.
Passwords were conceived for the computing systems of the 1960s; they are insecure and inconvenient for users of today’s Internet-centric computing environment. No matter what we do to shore up their effectiveness, hackers devise new ways to defeat them. Phishing, interception, knowledge-based guessing, brute-force attacks, and large-scale data breaches make authentication based solely on passwords unacceptably vulnerable.
To this end, biometrics bring a modern alternative to the tired password; as “something that we are”, they are inherently convenient and unique. Aware, a Boston-based biometrics company founded in 1986, is reimagining authentication with the idea that while biometric modalities such as facial recognition, keystroke dynamics, and voice authentication each have their own strengths, the combination of them used with a mobile device compels hackers to think twice about their choices.
Aware’s Knomi® is a mobile biometric authentication framework that includes SDKs and subsystems to enable password-free multifactor authentication. The modular solution simultaneously captures multimodal biometrics such as face image, voice, and keystrokes and performs liveness detection to authenticate user identity. In accordance with their business and operational requirements, clients can select Knomi’s server- or device-centric architecture, or a FIDO® Certified implementation.
Knomi’s device-centric solution (Knomi D) offers facial recognition with proprietary spoof and liveness detection capability that prevent multiple attack modes. Users can capture either keystroke plus face or voice plus face simultaneously to authenticate. While Knomi D’s on-device authenticators process and match biometrics on the device, its server-centric sibling (Knomi S) pushes much of the functionality to the server. The company also offers FIDO certified components (Knomi F) that adhere to FIDO Alliance standards for device-centric authentication.
“Knomi’s multimodality and architectural flexibility allow our clients to optimize their authentication process for their particular security, convenience, and user experience objectives,” says David Benini, VP Marketing & Product, Aware. For instance, a large fund transfer initiated from a banking app might require a rigorous multi-step authentication process, where a simpler process like checking an account balance is executed through a more convenient mechanism. For identity and access management applications, mobile biometrics can be implemented as an out-of-band multifactor authentication process. Businesses can define distinct user policies for different user groups. For instance, a user would pass one-step authentication process to know a holiday schedule whereas downloading sensitive files would trigger a thorough authentication mechanism. Additionally, if a client is focused on convenience instead of security, then authentication mechanism may just include keystroke dynamics.
Aware offers Knomi components for integration into iOS and Android applications. In a recent deployment of Knomi S, the client incorporated Knomi software components into their iOS and Android mobile apps, which is used to guide users in registering their biometrics. The apps process and capture biometrics, transmit data to the server, and perform liveness analysis and matching on the server.
Knomi proves useful for financial institutions such as banks and insurance companies that want their customers to make more frequent use of their apps for transactions that might otherwise require a branch visit or customer service call. Enterprises can use Knomi to make login to their systems by employees much more secure, by requiring out-of-band multifactor authentication with biometrics for certain activities.
Aware is a well-established and financially secure company with twenty-five years’ of success stories to share. Banking on its decades of experience deploying very large scale biometric systems worldwide, the company has now turned its broad product set, high-performance algorithms, and system-level expertise to password-free authentication. “Aware looks forward to helping banks and other enterprises leverage biometrics in ways that address their unique needs and goals, whatever they may be,” concludes Benini.