Veridium, a leader in strong authentication using biometrics, has recently collaborated with South Africa’s blockchain start-up Wala to bring universal and affordable financial services to emerging countries in Africa.
We have received numerous calls and emails from our readers asking questions about Veridium’s authentication using biometrics an explanation of their process to provide identity all from the palm of your hand.
We have lifted information from Veridium’s white paper on biometrics.
Veridium says in its white paper that nearly every time you visit the Internet today you have to log into an account.
“Whether you’re checking your email, buying something on Amazon, or accessing a corporate server, you have to enter in a username and password. And if you’ve activated two-factor authentication, you need to input an alphanumeric code as well, to “conﬁrm” your identity,” explains Veridium.
But as security risks become better publicized it is becoming widely accepted that these methods don’t really prove that you are who you claim to be.
“Any hacker willing to spend enough time can gain access to your username and password, and a code texted to you only proves that the person attempting to log into your accounts is also holding your phone. Half the time they don’t even need to hack into your phone either, as lock screen text notiﬁcations usually make the short numeric codes used for two-factor authentication visible,” the company said.
Veridium said this, in summary, is the “identity problem” of the Internet, and until it is solved, it is simply impossible to implement a truly secure login system for any website or company.
But Veridium promises to solve this identity problem.
Veridium is the first company to develop a multi-finger touchless biometric authentication system that works on unmodified smartphones.
VeridiumID is a biometric authentication solution that tells you not only when someone logs into a system, but from where, and, most importantly, if that person is who they say they are. What VeridiumID does is authenticate who the actual person holding the device is.
Security and convenience go hand in hand with VeridiumID because of how it handles user data. The solution always uses two-way SSL connections for communication between the user’s device and the server. It also provides complete customization with regard to where biometric templates are stored and where matching occurs.
VeridiumID supports diﬀerent methods for biometric data storage and matching: A mobile-centric solution, making it FIDO-compliant, or a server-centric solution for enterprises that want to maintain complete control over deployment. It also supports a distributed data model.
The distributed data model oﬀers the highest degree of security. The biometric template is encrypted and broken into parts using Visual Cryptography. These parts are then stored in separate locations – one on the device, and the other on the server. That way, no full set of biometric data is stored in a single place. If hackers target the server or the device, they only gain an encrypted piece of the biometric vector, not the full template. And through data obfuscation, it is incredibly diﬃcult for a hacking team that manages to acquire access to both server and device to connect the dots between the two in order to access both pieces of the vector.
In addition to these security strategies, VeridiumID also includes a variety of tools, such as an admin dashboard, analytics, and a risk engine, to provide organizations with complete customization over their deployment and the reports and statistics they need to monitor security and user privacy in real time.