As we approach the end of 2016, I would like to share my thoughts on what I believe will be some of the most important trends for biometrics for 2017. This year has been an amazing one for biometric technology, with an acceleration of adoption across many industries and the increasing availability of biometric services in a wide range of readily-available consumer technology. What will 2017 hold for biometrics, how will it affect different markets and what devices and biometric technologies will dominate?
It has only been three years since Touch ID fingerprint biometrics was first introduced to the Apple iPhone, heralding the arrival of convenient mobile biometric authentication in 2013. It certainly was not the first attempt at integrating a fingerprint sensor onto a smart mobile device but it certainly lifted the bar in terms of usability, security, and linking to services that people use, including account verification (Apple ID) and payments through Apple Pay.
If we fast forward to 2016, every major mobile platform and every major mobile OEM is shipping devices with at least an integrated fingerprint sensor. Fingerprint sensors in smart mobile devices are becoming ubiquitous, and we forecast that one billion smart mobile devices equipped with an integrated fingerprint sensor will be available in 2017.
In addition to fingerprint sensor integration, there are native biometric APIs that enable third-parties to leverage out-of-the-box biometric authentication.
During 2016 we saw the arrival of another integrated biometric sensor – iris. It is still early days for this modality on mobile and the debacle of the combustible Samsung Galaxy Note 7’s did not help with wider adoption. For 2017, I am predicting that iris will start to appear on more devices and that by the end of the year there will be tens of millions of device available that support it. I don’t see iris replacing fingerprint, but rather augmented it, providing a different user experience and a potentially higher level of security assurance.
Biometrics isn’t just reserved to integrated sensors on mobile devices, though, there are many innovative biometric software apps that leverage the available hardware and features of a modern smart mobile device. Cameras are available for touchless fingerprint, eye, and facial recognition, the microphone can be used for voice recognition, and other built-in components, including the touch screen, can be used for behavioral biometrics.
Smart cards have a range of applications like payments, physical access control, and state-issued identity. There are two main models for the use of biometrics in smart cards, integrating a biometric sensor on the card or storing a biometric template (captured on a separate sensor) in the chip on the card.
This is currently at the innovation stage with a handful of pilots for payments and physical access control.
Goode Intelligence forecasts that there will be 145 million biometric cards being used for payments during 2017.
Integrated Sensor on Card
This model involves integrating a biometrics sensor into a card and aims to replace PINS and passwords. The card will only work after the enrolled user activates it with their biometric. Fingerprint is the dominant modality but there is potential for other modalities, including ECG (heart rate).
Fingerprint sensor manufacturers are investing considerable effort in creating low-power, small-area size and flexible sensors for this market and are ramping up production to meet the expected demand in 2017.
Biometric Template on Card
This model involves storing a biometric template, captured on a non-integrated sensor, in a secure chip on the card. It is being used commercially today, with fingerprint as the main biometric modality.
Applications include banking, payments, physical access control, transportation, and national identity. India’s Aadhaar service is a prime example of how this can be used, as the world’s largest biometric program. With over one billion citizens currently enrolled, it uses both fingerprint and iris modalities with enrollment supported by external high-end sensors. One of the key project aims is to allow the card to be used in commercial applications like banking and payments. The concept of a hybrid identity and payment card is appealing for biometric cards and is being adopted in other regions, including Nigeria.
Wearables have been slow to adopt biometrics for identity. There are plenty of examples of health, lifestyle, and fitness applications that are based on biometric sensors, but few for identity. However, I believe that this will change shortly, with devices like the Nymi band that uses ECG biometrics and is being used in payments and access control applications, demonstrating their capabilities.
I use a Nymi band in the office and it enables me to authenticate into my Windows PC, while its proximity features enable my PC to be automatically locked when I walk away from the device. I can foresee that this type of wearable could be used in the enterprise to allow employees to access the physical office and then gain access to digital resources – converged physical and logical access control controlled by a biometrically-enabled wearable.
I predict that this market will grow in 2017, once a major wearable device manufacturer or wearable platform (Apple Watch/Android Wear) integrates biometric sensors specifically for identity applications.
Internet of Things
Another emerging area of technology that offers great potential for biometrics is the Internet of Things (IoT). IoT covers a vast array of “things” and I feel that biometrics could support identity in a number of areas, including in the home, the workplace, and for automobiles.
IoT for the home is a very fragmented market at the moment with no common standards or platforms to enable biometrics for connected smart devices. Entertainment, access (doors), security, control systems (temperature control and lighting), and computing is usually installed separately and supplied by a different vendor for each device. This makes it difficult to provide common biometric platforms for the IoT.
There is evidence, however, that IoT vendors and service providers are planning to integrate biometric user authentication into their products and solutions. Smart speaker devices like Amazon Echo, using the Alexa voice recognition platform, and Google Home, provide an opportunity to link speech recognition, control, and voice biometrics. For instance “Alexa, can you reorder me those print cartridges” could allow Amazon to prove the identity of the person based on voice biometrics with the right upgrade.
Use of biometrics for another “thing,” the connected car – which some are beginning to call a smartphone on wheels – again shows promise, but there is very little actual deployment. We have the Jaguar Land Rover patenting a biometric system to allow car owners to open the door based on a combination of facial and gait recognition, and other auto manufacturers testing various models where sensors are integrated into door handles, key fobs, touchscreens, and steering wheels. Similar to wearables, this capture of biodata is initially being used for health and fitness applications and answering vital questions of “is this person fit enough to operate this vehicle?”
We expect 2017 will see an acceleration of connected “things” being adopted in greater numbers, and the beginning of specific applications, those that carry most risk, being biometrically enabled.
2017 – Another Exciting Year for Biometrics
2017 will see biometric adoption at an ever-increasing pace, with the availability of biometric sensors in yet more device. These include smartphones, tablets, PCs, peripherals, trackpads, touchscreens, keyboards, smart speakers, automobiles, door locks, luggage locks, and home security systems, to name a few.
I believe that we are only scratching the service of its capabilities, and the combination of the availability of “good enough” biometric sensors in 100s of millions of consumer devices along with the development of secure biometric applications and identity platforms is supporting an identity evolution that’s enabling enormous amounts of disruption.
Basing this on a scalable enterprise-grade platform with strong levels of identity assurance and end-to-end security is critical. But these solutions also need to be matched with a technology provider that can support a variety of biometric authenticators – both device (sensor) and software based.