Peter O’Neill, President, Mobile ID World (MIDW): Can you please give our readers a brief background of your company?
Conor White, President, IdentityX (IdX): IdentityX is an affiliate of Daon, a 13-year old company that is a leading provider of identity assurance and identification and verification software to governments worldwide. While initially focusing in the very demanding space of mission-critical national systems, we continued to watch the ever growing threats and sophisticated attacks on people’s identity in the consumer and enterprise markets. About four years ago, we realized that we could help increase consumer and enterprise security by bringing the strength of biometric (and other) factors to that market. A key barrier had been the availability of suitable (smart) devices and thanks to the adoption of smart phones, most people now have the ability to do strong multi-biometric authentication in the palm of their hands. IdentityX was formed in 2010 to bring biometric authentication technology solutions to the enterprise and consumer markets. Since then, IdentityX has pioneered methods for securely and conveniently combining multiple identity factors (including biometrics, device authentication, PIN, and location), empowering users to choose the factor or combination of factors that best meet their situational needs and preferences. We are headquartered in Fairfax, VA.
MIDW: We at Mobile ID World and findBIOMETRICS have been talking heavily about the fact that the password is dead for about the past year, where do your solutions fit into solving this problem?
IdX: Passwords are probably the single weakest vector of exploitation right now because you either have to make them so strong that you can’t remember them, or so weak that they can be guessed or socially engineered. And as our online presence grows, and the number of password protected systems we access increases, the problem grows exponentially.
IdentityX solves this problem by providing choice to consumers. We work with several major banks here in the United States as well as other companies around the world and our message is very simple – what they need is a platform that will allow users to mix and match authentication factors of the past (such as tokens and passwords) with authentication factors of today (such as biometric voice and facial recognition) and tomorrow (such as emerging technologies like iris recognition). That is what the Infinity Platform does. It is the world’s first universal authentication platform for mobile devices.
It is difficult for any company to tell their customers how they must authenticate because people want choice. There are those who will always want to use passwords and will insist upon it. But the vast majority want something that is easy, more convenient and more secure. What we provide is a platform that enables organizations to provide choice to their customers, employees and partners with boundaries set by their organization.
For example, you could have one person use a fingerprint swipe on a phone, a second person might use face, a third person might use face and voice, a fourth might prefer a PIN with SMS, a fifth person might want a simple out of bound authentication to the phone for a website where they just pick yes and approve. Other customers may just want combinations of all of the above. What we provide is a platform that gives you all of those choices. Then you decide as the organization about how you want to deploy it, what policies you want to enable and give your customers that maximize choice and convenience (and thus customer satisfaction) while maintaining the level of security you need to run your business.
MIDW: So for different industry verticals or different security levels your solution offers with biometrics, without biometrics… How do you advise your clients which is the best way to proceed?
IdX: A lot of organizations will start biometric pilots that don’t go very far because they look at a biometric system from a very simplistic perspective. We take a different approach. We work with our customers to plan, deploy, and fine-tune the solution. You also get the maximum adoption when you provide flexibility and enable a level of choice with your customers. People love to embrace a technology that makes their life more convenient and more secure.
That is why we advise our clients not to just deploy the system but to allow us to work with them to configure a solution that addresses their unique requirements. We bring some of the deepest expertise and experience from deployments around the world to enable us to fine tune the operation of the system for our customers.
There are so many dimensions on which you can measure biometric systems – false match, false non- match, failure to acquire, and failure to enroll are just a few examples. We bring expertise that enables us to get the greatest levels of security but most importantly, the greatest level of inclusivity. Nobody wants to buy a system that only works for 95 percent or even 98 percent of their population. Many uni-modal (single factor) systems suffer from that. That defeats the purpose. You’ve got to deploy a “platform” that enables you to have true inclusivity of your population especially for large organizations that want a platform that will serve the vast majority of their consumers.
MIDW: Can you please describe some of the vertical markets that you are interested in? I know that financial and health care are areas that are experiencing growth, are these areas that you are after?
IdX: Absolutely. We are finding tremendous growth in financial services and healthcare like you mentioned. In fact, we are seeing growth in many of the regulated industries where strong authentication is mandated – and complex and insecure password or token-based systems just can’t cut it. Obviously government sectors both here in the United States and true democracies around the world are key markets for us as well.
Your typical chief security officer understands that passwords by themselves don’t work, hardware tokens that are dedicated to just security have a tremendous cost of ownership. The biggest thing that is going on in those industries is the ‘bring your own device’ (BYOD) phenomenon where they don’t get to regulate as much as they used to, but they still need to maintain a level of security. This is proof that consumers and employees today are demanding choice! These organizations have to bring alternative forms of authentication (than just passwords or dedicated tokens) to the table and that is another area where our Infinity platform plays very well.
MIDW: That is a very important aspect. We had Dr. Halamka from the Harvard Medical School speak at a gathering that we organized in Tampa, called “Mobility Rules” and he spoke about the fact that in his area there are now so many mobile devices …and he didn’t buy a single one of them! Yet he has to make sure they are secure and have access to his system. It is quite a challenge for most enterprises or hospitals environments or areas like that. So your solutions help companies try and resolve those issues?
IdX: Correct. Our solution allows the likes of Dr. Halamka and others to bring a Samsung or an iPhone or whatever into the environment and we have a solution that will allow us to authenticate you securely enough to allow you to use that device.
We believe that it is not our job to tell the industry or the consumer what authentication system they must use. It is our job to create a solution that allows them to choose what they need for their specific purposes and enable organizations like banks and healthcare companies and hospitals to give the greatest service to their customers and employees with minimum inconvenience while maintaining the level of security that they need. For that you need flexibility and you need to be able to adapt quickly. One size doesn’t fit all here so it has to be a platform based approach which is fundamentally part of our DNA but you also have to be able to protect and future proof and be able to react quickly to the market so when the next round of fingerprint sensors in smartphones comes out you’ve already got it covered. If you have a platform that is committed to embedding those new technologies as you go, you have a much quicker ability to provide that higher level of assurance and better service to your customers because the platform behind the scenes has evolved and your customer won’t be impacted by it.
It’s not just a security platform, it’s a platform that supports continuous innovation of service to your customers.
MIDW: Well speaking of flexible platforms how easy is it to integrate your technology into legacy systems?
IdX: Very easy. Right out of the box we provide adaptors for most of today’s authentication solutions – everything from single sign-on systems to time and attendance to active directory. Then there is also the legacy environment, the environments that are not off the shelf, but are custom built and we are able to work within those as well. Our backend interfaces are all web service enabled so it is very, very easy.
I remember we had an engineer from a customer to our office one day and work with one of our engineers – the customer in question had a home-grown system that they wanted to integrate with our mobile authentication solution. Ninety minutes later that engineer walked out of our building with a demo available for his management and executive team. We are a technology heavy, smart engineering company and we have designed our APIs and interfaces to be very, very easy to integrate into these deployments.
MIDW: Conor thank you very much for taking the time to describe your activities with us. You are certainly on the cutting edge of what is happening in the industry and look forward to hearing more as the future unfolds as the password disappears.
IX: Thank you Peter, it’s been a pleasure.