Jim  Sullivan  Sean  Dyon  

November  2013

Agenda  

•  BIO-­‐key  background  •  The  problems  we  solve  •  Biometric  Opportunity  •  Architecture  •  BIO-­‐key  +  AMD  +  TrustZone  •  FreeChoiceID  •  The  Biometric  Debate    

•  US-­‐Based  -­‐  Headquartered  in  Wall,  NJ  with  development  labs  in  Eagan,  MN    

•  Founded  in  1993,  public  since  1997      

•  Fast,  high  accuracy  fingerprint  authenScaSon  and  idenSficaSon  plaTorm  with  device  interoperability,  and  cloud  ready  infrastructure.  

•  IntegraSons  and  agreements  with  leading  IAM  and  healthcare  technology  companies  such  as  IBM,  CA,  Oracle,  Allscripts  &  Epic  

The  leader  in  fingerprint  biometric  idenSficaSon  soluSons  

BIO-­‐key  InternaSonal,  Inc.  

SOME COMMERCIAL CUSTOMERS

Commercial  Customer  Track  Record  

!  AT&T  –  Retail  store  wireless  network  employee  ID      !  McKesson  –  PharmaceuScal  dispensing  cabinets  in  thousands  of  

hospitals  naSonwide    !  NCR  (Radiant  Systems)  –  40,000  restaurant  POS  units  &  self  

service  kiosks    !  LexisNexis  –  ID  verificaSon  and  fraud  prevenSon  for  all  MCAT,  

CPA,  FINRA  and  CAT  examinees  at  2000  Prometric  tesSng  centers  worldwide  –  RealSme  5  year  alias  lookback  

 !  Allscripts  –  (Healthcare  soluSon  provider)  Electronic  Health  

Record  access  soluSon    

BIO-­‐key  value  proposiSon  

5  

Fingerprint  enabled  endpoint  devices  plus  BIO-­‐key  yields  connecHvity  to  exisHng  enterprise  IAM  plaIorms  and  integrated  enterprise  applicaHons    

Frost  &  Sullivan  recognizes  BIO-­‐key  Interna9onal,  Inc.  (BKYI)    with  the  2013  North  America  Frost  &  Sullivan  Award    for  CompeBBve  Strategy  InnovaBon  and  Leadership.    

The  company  exclusively  offers  mobile  and  Internet-­‐based  soGware  solu9ons,    giving  it  an  unbeatable  edge  in  the  cloud-­‐based  fingerprint  biometric  solu9on  market.  

THE  PROBLEMS  WE  SOLVE  

Problem  1:  Rapidly  evolving  Fingerprint  Scanner  Marketplace  

•  2006  –  Fujitsu  EOLs  fingerprint  scanner,  OEMs  stuck  

•  Sept  2010  –  Authentec  acquires  UPEK  for  31M  

•  Nov  2012,  Apple  acquires  Authentec  for  $356M,  ceases  offering  OEM  sensor  modules  

•  October  2013  –  SynapScs  acquires  Validity  

•  Rumors  abound  about  who’s  next  

Who’s  Lei/Next?  

SoluSon:  Interoperable  Soiware  

•  Insulates  device  manufacturers  and  ISVs  from  strict  dependence  on  scanner  specific  soiware  –  reduces  risk  

•  Offers  NIST  cerSficaSon  of  accuracy,  required  for  many  regulated  applicaSons  

•  Allows  for  free  interchange  of  scanners,  and  creates  a  longer-­‐lived  asset  in  the  fingerprint  enrollment  

•  ExisSng  integraSons  with  leading  IAMs  

BIO-­‐key  Supported  Fingerprint  Scanners  

Problem  2:  Algorithm  Accuracy  Letdowns  

•  Apple’s  scanner  hack  raised  the  awareness  of  the  vulnerability  of  having  a  poor  algorithm.  

•     Most  scanner  manufacturers  focus  on  the  hardware  image  quality,  and  the  soiware  gets  short  shrii.  

•  The  natural  inclinaSon  is  to  make  the  thresholds  for  match  low  to  create  a  more  easy  to  access  result  

ImageCapture

ImageEnhancement

ModelCreation Matchingv

•   BIO-­‐key  technology  enhances  each  fingerprint  43X  •   Extracts  between  1,200  –  1,600  data-­‐points  vs.  the  norm  of  50-­‐60  •   MathemaScal  template  extraced  using  patented  Vector  Segment  Technology    

Positive Identification in One Second or Less

Patented  Technology  

False Non Match Rate

BIO-key Imprivata IDS Lockheed Avalon Parima

Averages 0.0113 0.1684 0.0179 0.0515 0.0133 0.0200

Equal Error Rate

BIO-key Imprivata IDS Lockheed Avalon Parima

Averages 0.0066 NA NA 0.0225 0.0067 0.0094

BIO-­‐key  achieves  Top  Tier  Scores  for  Accuracy        

SoluSon:  Select  a  bemer  algorithm  Accuracy  is  usability  

NIST's  mission  is  to  promote  U.S.    innovaSon  and  industrial  compeSSveness  

by  advancing  measurement  science,    standards,  and  technology  in  ways  that    enhance  economic  security  and  improve    

our  quality  of  life.    www.nist.gov  

     

Table 1: TAR at FAR of 0.0001 Name ID DHS2 DOS POE BIO-key 2C 0.9909 0.9978 0.9990 Sagem 1C 0.9908   0.9969   0.9988  L1 1Y 0.9907   0.9994   0.9996  Sagem 1H 0.9905   0.9974   0.9989  ID Solutions Q 0.9874   0.9960   0.9975  Neuro 1T 0.9844   0.9951   0.9980  Thales 1I 0.9782   0.9920   0.9962  BioLink 1E 0.9748   0.9731   0.9880  

Table 9: Equal Error Rates Name ID DHS2 DOS POE BIO-key 2C 0.0047 0.0012 0.0005 L1 1Y 0.0051   0.0004   0.0004  Sagem 1C 0.0058   0.0017   0.0009  Sagem 1H 0.0062   0.0013   0.0008  BioLink 1E 0.0072   0.0113   0.0043  ID Solutions Q 0.0080   0.0023   0.0013  Thales 1I 0.0087   0.0036   0.0019  Neuro 1T 0.0089   0.0023   0.0014  

Fact:  BIO-­‐key  Far  Outperforms  NaSve  Algorithms  

Real  World  Performance  Results  

•  Capture  1,500  to  2,000  points  of  data  •  40+  layers  of  image  enhancement  •  Validated  by  The  NaSonal  InsStute  of  

Standards  &  Technology  (NIST)  •  Superior  “One  to  Many”  

idenSficaSon    

Month  Average  ID  

Score   Successes   Failures   Success  Rate  %  

November   89.56   251,447   1661   99.34%  

Staff  ID#   FuncBon     QuanBty  Average  ID  

Score   Low  Score     High  Score   Failures     Success  Rate  %  

xxxxxxxxx   ID  Submit   5,999   92   52   99   0   100%  

#4  Ranked  Hospital  251,447  authenScaSons  with  a    99.34%  success  rate      

Problem  3:  Inside  the  box  thinking  

If  the  only  enabled  applicaSon  for  the  scanner  authenScaSon  is  to  unlock  the  device,  then  the  value  to  the  user  is  limited.  

SoluSon:  IAM  SoluSon  Architecture  

Cloud

User’s  Device

Browsers

Applications

Utility  Functions

Device  Options

WEB

-­‐key  Client

DataStore

•  CA  –  Validated  SiteMinder  IntegraSon  –  Joined  Cloud  Commons  

•  On  Sales  and  SoluSons  Catalogs  

•  IBM  –  Validated  ISAM  for  Web  IntegraSon  –  OEM  into  ESSO  

•  Oracle  –  OAM  IntegraSon  –  OEM  into  ESSO  

   Integrated  with  WAM  &  ESSO  

14  

OpenID  Flexible  MF  AuthenScaSon  RP  

User  

OpenID  Client  /  Browser  

MulH-­‐Factor    Auth  Proxy  

Biometric    Client  

SIM  /  UICC  

OpenID  Server  

MulH-­‐Factor  Auth  Layer  (Server)  /  Master  IdP  

PWD    Server  

Biometric  Proxy  

FuncHon  AAA  

Biometric  Auth  Server  

SIM  

HSS  

UE  

USER  AUTH  

BIOMETRIC  USER  AUTH  

DEVICE  AUTH  

BIOMETRIC  OPPORTUNITY  

   

0

1000

2000

3000

4000

5000

6000

7000

8000

2000 2002 2004 2006 2008 2010 2012 2014

From  Millions  to  Billions

Focus on WarLSID

Physical Access

Electronic Health RecordsGov’t Incentive Program

DEA ePrescription GuidelinesApprove Biometric Technology

$261M In 2000

Dot Com Crash

9/11 Increased

Need

L1 Investment Partners Biometrics Roll-up

Lockheed Martin Wins F.B.I

BIO-key & Morpho

Bangladesh Voter ID

$6 Billion Dollar Market

Mobility Mobile Banking & NFC

Government & Civil ID Mainstream Consumer Healthcare Payments Account Access

Traditional ID Physical Access

Biometric  Market  Growth  

Light the fuse

1993  BBG  Engineering  Seek  to  create  fingerprint  ID  soluSon  

1995  SAC  Technologies  First  Patent  

1996  Company  Publically  Traded  

2000  –  2001  BIO-­‐key  Formed  

2004  Acquire  Public  Safety  Group  Acquire  Aether  Systems  Mobile  Gov’t  Div.  

2009  Sell  Law  Enforcement  Division  for  $11.3M  

2010  FBI  Contract  

2013  Hospitals  Blood  Centers  Retail  IAM  

2013:  Tremendous  Track  Record  70+  Hospital  EHR  Systems  

3,000+  Drug  Dispensing  Cabinets  3,000,000  Blood  Donors  

80,000,000  Large  Scale  ID  Project  10  Registered  Patents  

The  market  we  were  built  to  address  is  the  next  market  

2007  Sell  Fire  &  Safety  Division  for  $7.4M  

Biometrics  is  a  mulS-­‐phase  market  

•  BIO-­‐key  is  a  soGware  development  company  providing  full  and  complete  finger  biometric  soluSons  for  local  and  enterprise  use,  including  cloud  ready  server  plaTorms.  

•  Soiware  supports  and  provides  interoperability  for  all  major  fingerprint  reader  manufacturers,  devices  and  plaTorms.    

•  BIO-­‐key  provides  a  secure,  web-­‐based  infrastructure  supporSng  the  most  innovaSve  finger  scanning  devices  for  remotely  capturing  fingerprint  data  to  idenSfy  individuals  

•  BIO-­‐key  has  targeted  consumer  markets  with  our  plaTorm,  and  we  conSnue  to  innovate  on  how  to  make  that  plaTorm  meet  all  needs,  including  the  privacy  needs  of  the  end  customers.  

This  infrastructure  quickly  scales  to  any  size,  and  can  be  accessed  from  any  device  with  an  internet  connecHon  using  any  supported  fingerprint  reader  

Ambidextrous  Biometric  Approach  

p  25  

Yesterday’s  market  views  biometrics  as  a  point  soluSon,  responding  to  the  opportunity  to  get  creaSve  with  authenScaSon  with  a  myopic,  fear-­‐based  approach.    Some  symptoms  are:  

•  Ignorance  of  biometric  enrollment  lifecycle  –  “only  match  here  in  the  device”  –  This  leads  to  non-­‐interoperable  algorithms  being  used,  and  vendor  lock  

•  Thinking  that  the  scanner  technology  is  the  only  consideraSon  –  Apple  fell  vicSm  to  this  in  putng  all  their  eggs  into  the  “market  leading”  sensor  company  without  

the  algorithm  chops  behind  it  to  really  make  an  impact  on  security.    Now  they  can’t  let  the  data  off  the  phone,  and  they  were  quickly  hacked.  

•  Forgetng  about  the  benefits  of  a  highly  trustworthy,  long-­‐lived  biometric  idenSty  asset  to  associate  an  idenSty.  

–  Everyone  is  so  focused  on  the  print  never  leaving  the  phone.    What  if  I  already  gave  my  fingerprint  to  my  bank  and  they  just  want  to  match  the  person  effecSvely  standing  there  with  a  withdrawal  slip,  using  the  “you  will  know  it’s  me,  if”  metric?  

•  Missing  the  benefits  of  the  fricSonless  authenScaSon  that  biometrics  offers  (think  of  a  doorman),  focusing  instead  on  a  bristling  authenScaSon  process  that  feels  more  like  Checkpoint  Charlie.  

 

     

Yesterday’s  Market  vs.  the  Next  Market  

p  26  

The  Next  market  views  biometrics  as  an  asset  –  the  more  you  have  to  associate  with  it,  the  more  strategic  it  becomes.    PosiSve  indicators  are:  

•  Broad  use  of  biometrics,  in  different  contexts  –  face  to  face,  mobile,  at  kiosks,  and  at  home.    The  quesSons  being  asked  are  “What  about  other  applicaSons?”  

•  Realizing  that  the  scanner  is  going  to  be  an  evolving  capture  commodity  –  one  size  will  not  fit  all!  

–  Don’t  get  hung  up  on  the  belief  that  there  are  any  staSc  truths  about  all  fingerprint  capture  technology.    The  interoperable,  highly  accurate  enrollment  is  the  asset,  and  at  the  end  of  the  day,  only  one  person  has  the  real  finger  that  matches  the  enrollment.  

•  Biometrics  can  be  your  door  man,  making  a  secure  entry  easier  to  navigate    The  Next  market  operates  from  a  place  of  opportunity,  offering  idenSty  security  and  businesses  certainty  by  allowing  your  idenSty  to  be  in  a  vault,  not  just  watched  over.    The  Next  market  will  leverage  BIO-­‐key’s  privacy  enhancing  plaTorm  features  to  make  biometrics  palatable  to  all.    

     

Yesterday’s  Market  vs.  the  Next  Market  

IdenHficaHon…Anywhere,  Anyplace,  AnyHme  

ACCURACY  " Superior  “One  to  Many”  idenSficaSon  for  de-­‐duping  

" Biometric  indexing  scalability  

SPEED  &  SCALABILITY  "  Integrates  quickly  with  exisSng  hardware  &  web  applicaSons  

" Scalable  over  many  servers,  scale  up  and  out  

INTEROPERABILITY    

 

" Device  independence  with  a  single  enrollment  

" Every  major  fingerprint  reader  manufacturer  supported!  

Key  DifferenSators  

So  what  can  Cloud  Biometrics  do?  

•  Works  face  to  face  when  it’s  just  you  wanSng  to  prove  who  you  are  –  not  device  dependent  – Really  important  when  you  lose  your  device  

•  One  enrollment  works  across  the  Internet  of  Things,  not  trapped  inside  one  device  

So  what  can  Cloud  Biometrics  do?  

•  Allows  you  to  quickly  and  automaScally  prove  who  you  are  in  the  growing  disintermediated  economy  

ARCHITECTURE  

WEB-­‐key  

•  Primary  Features  – Complete  Framework  for  Enrollment/AuthenScaSon  

– Security  Handling  – ReporSng  FuncSons  – MulS-­‐Factor  Support  – Flexible  AdministraSve  ProperSes    – Simple  IntegraSon  – Reader  Independence  

33  

WEB-­‐key  Architecture  

• WEB-­‐key®  –  Network  /  ApplicaSon  Security  –  Strong  EncrypSon  

•  PKI  EllipScal  Curve,  Unique  keys  –  Thin  Client  Plug-­‐in  

•  Browsers  •  ApplicaSons  •  Other  

–  Easy  to  Configure    –  Adaptable  User  Interface  –  Managed  from  ApplicaSon  

Run  local  or  remote  –  your  choice  

34  

User  Device

Browser

Application

WEB-­‐key  Client

Cache

App  Server

Application

App  Server

Proxy

WEB-­‐key  

Security  Service

Data

Users Audit Config

WEB-­‐key  APIs

WEB-­‐key  APIs

BIO-­‐KEY  +                                          +      

TrustZone  IntegraSon  

•  BIO-­‐key’s  products  are  being  integrated  to  leverage  TrustZone  on  the  client  and  the  server.  – Trustonic  as  a  bridge  

Page  36  

WEB-­‐key  and  TrustZone  

37  

User  Device

Browser

Application

WEB-­‐key  Client

Cache

App  Server

Application

App  Server

Proxy

WEB-­‐key  

Security  Service

Data

Users Audit Config

WEB-­‐key  APIs

WEB-­‐key  APIs

FreeChoiceID  –  What  is  it?  BIO-­‐key’s  FreeChoiceID  is  a  patent-­‐pending  technology  soluSon  to  the  longstanding  problem  of  having  to  choose  between  trusHng  a  recipient  of  sensiSve  data  and  not  giving  the  data  at  all    Raises  comfort  levels  of  users,  reduces  liability  of  recipients    Has  broad  applicaSons  for  any  sensiSve  data  given  voluntarily  to  or  held  by  any  recipient  who  wants  to  offer  users  control  over  their  data  

Typical  Biometric  Repository  

TradiSonal  ProtecSon  

Single  Key  

TradiSonal  ProtecSon  -­‐Problems  

•  Requires  enrollees  to  trust  recipient’s  privacy  policy  (if  they  even  read  it)  

•  Revocability  –  data  is  “out  there”  •  Data    is  subject  to  unintended  access  outside  of  policy  –  Insider  access  – Data  thei  – Subpoena  – Snooping  agencies  

BIO-­‐key  FreeChoiceID:  Per  User  EncrypSon  +  Per  User  Control  

Each  key  is  different,  and  is  controlled  by  the  user  

FreeChoiceID  –  User  remains  in  command  of  their  private  data  

•  Every  request  for  access  to  secured  data  in  the  server  has  to  first  be  approved  by  the  data  owner  before  a  one-­‐Sme  use  decrypSon  key  is  sent  to  the  server  – Always-­‐on  smartphone  connecSvity  allows  this  – Human  created  key  can  also  be  used.  

•  All  decrypSon  and  matching  may  be  placed  in  TrustZone  to  ensure  that  data  access  is  limited  and  secure.  

THE  BIOMETRIC  DEBATE  

Widespread  Myth  =  Fear  

Many  believe  that  a  biometric  system  behaves  like  a  password-­‐  or  token-­‐based  system,  in  that  possessing  or  knowing  something  empowers  anyone  to  be  an  imposter  for  another  person.    This  leads  to  concerns  that  a  hacked  database  costs  you  your  idenSty.  

The  Truth  Will  Set  You  Free  

Biometrics  in  fact  are  just  that,  “measurements  of  you.”    The  measurements  are  of  your  finger  ridge  detail.    The  credenHal  is  your  finger,  not  the  fingerprint  that  it  leaves  behind.      The  key  issue  is  ensuring  confidence  in  a  live  capture  of  an  actual  finger.    Only  if  we  believe  this  is  not  possible  to  assure  should  we  live  in  fear.    

The  Biometric  Debate  

Will  FEAR  or  EFFICIENCY  win  out  in  the  end?    Could  misconcepSons  about  biometrics  ulSmately  deny  our  economy  the  incredible  benefits  it  conveys?    Or  will  there  be  an  understanding  that  the  power  of  the  cloud  applies  in  biometrics,  to  ensure  that  only  you  can  use  your  idenSty?              

The  Biometric  Debate  

Will  FEAR  or  EFFICIENCY  win  out  in  the  end?    Is  fear  a  valid  reason  to  not  transmit  a  biometric  to  a  secure  server  which  in  most  cases  will  already  have  your  biometric  data  –  because  you  want  them  to  have  it,  to  protect  your  ID?    Aren’t  there  beler  ways  for  the  government  to  track  a  person  versus  biometric  matching?            

Look  to  History  for  the  Answer  

“EZPass”  Toll  Transponders:  FEAR:  The  government  will  track  you,  issue  speeding  Sckets  Reality:  They  may  track  you,  but  the  benefit  of  cruising  through  tolls  is  worth  it.  

Look  to  History  for  the  Answer  

Electronic  Devices  on  Planes  during  take-­‐off  FEAR:  Electronic  acSvity  might  affect  the  plane’s  electronics,  or  distract  you  in  a  crash.  Reality:  These  fears  have  been  shown  to  be  unfounded  –  airlines  now  allowing  electronics  gate  to  gate  

ArSficial  market  limitaSons  projected  onto  consumers  that  are  based  solely  on  FEAR,  not  actual  risk  impact,  will  eventually  be  challenged  and  displaced  in  favor  of  greater  efficiency  and  acceptance  of  managed  risk.