Interview: HYPR CEO George Avetisov on biometric tokens
20 April 2015 16:17 GMT

By Craig Guthrie, deputy editor

Silicon Alley cybersecurity startup HYPR has had an early impact on the market with its potentially disruptive plans for a biometric token platform that could work on almost any mobile device or desktop.

The HYPR solution to the password problem is an open platform enabling device-to-cloud biometric security, either leveraging existing biometric security on devices or using a “bio-sticker” the firm has developed.

Just 3.2mm in width, the bio-sticker features a fingerprint reader that carries over a year of battery life, and which communicates via low energy bluetooth.

The firm says that its platform can make military grade encryption available for everyone through a system that uses a cryptographic challenge and response method.

The system begins by requesting a challenge token from the server and then signing it when the biometric authenticator verifies the user’s identity, meaning that that the user’s biometric data never leaves their personal device and no sensitive information is stored on the verification server.

The company will ship biometric developer kits in June that includes HYPR application, a mobile and desktop SDK and a HYPR fingerprint reader. 

HYPR was in the news last week as it joined the FIDO (Fast IDentity Online) Alliance. Planet Biometrics caught up with George Avetisov, CEO, HYPR Corp, to discuss the benefits of joining FIDO and their plans for the future.

PB: Why is the FIDO Alliance a good fit for HYPR?

GA: The FIDO Alliance is a good fit for HYPR because the conformity that FIDO interoperability creates enables us to provide device-to-cloud security to many more players in the marketplace. 

FIDO is doing great work in bringing players of all sizes at every stage of the login and device use experience toward the goal of eliminating passwords.  So that conformity is not only going to result in an important level of testing or certification, it’s going to create an atmosphere of accredited players but so many of them that it will eventually remove friction from the security marketplace.

PB: The Windows 10 deployments highlight how biometrics and secure processors are going to play a big part in authentication, where does your solution come in?

GA: HYPR provides an end-to-end solution consisting of: 1. Server-side validation in a SaaS or on-premise model to 3rd party platforms and 2., Specialized Firmware for device manufacturers that are embedding biometric readers in devices. 

The Windows 10 deployments are being discussed as being a FIDO-compliant client side solution. That means Microsoft or any manufacturer of a FIDO-compliant primary device like a mobile phone, tablet, desktop, or laptop can integrate their security protocol with our server side component.

The beauty of the FIDO protocol is its modularity in all elements of the ecosystem, from the hardware level to the cloud - although the protocol does rely on specialized hardware and server side solutions.

Windows 10 presents a valuable element to the Fast IDentity Online protocol through a mass-deployed client side component. As an end-to-end solution, HYPR provides the server-side validation necessary for 3rd parties to utilize the Windows 10 biometric authentication system - as well as the specialized firmware required by coming devices to interact with the Windows 10 client layer.

PB: What are the early lessons in 2015 in terms of eliminating cyber fraud?

GA: The single most important lesson we can glean from 2015 concerning the elimination of cyber fraud is that the attacks we are seeing, no matter how large or catastrophic, come down to the lack of security on the end user level. Password vulnerability, insecure MDM protocols, and large scale user account theft are the root cause of platform or enterprise vulnerability - but they all tend to begin through a single user exploit. 

It’s human nature to fall victim to social engineering and phishing attacks whether or not the infrastructure behind which those attacks are executed is sufficiently protected.  All of these elements to the security problem are why password elimination is huge step in putting cyber criminals out of business.

A move to true three-factor biometric security that in part employs the responsible use of one’s unique biometric signature will result in a giant leap forward in the battle against cyber fraud - by eliminating the most common and highest volume attack vectors.

PB: Can you give us some insight into the fingerprint sensor on the device?

GA: The fingerprint sensor on our biometric security developer kit is the smallest one on the market that still offers a sound degree of accuracy.  Our developer kit’s token has an embedded fingerprint swiper manufactured by Fingerprint Cards AB out of Sweden.  Given its small size yet robust capability, we felt their FPC 1080 was a good fit.  Our token, I should mention, is going to be FIPS 140-2 Level 3 compliant so combined together we’re offering developers an excellent product that they are going to love working with.

PB: Is your team excited about the upcoming launch of the HYPR Biometric Security Developer Kit?

GA: Our team, myself included, is understandably excited about deployment, customer engagement, and the opportunity to share our plans to attack cyber fraud head-on with those who ‘get it’ - like Planet Biometrics

With this excitement comes a humbling sensation that our target—cyber fraud—is a big one that only laser focused determination and industry wide cooperation will eliminate.  We’re doing our best to make sure that cyber fraud meets its match with mass-deployment of biometric security, but by no means do we take a cavalier approach. 

PB: Have you had any feedback from prospective merchants, customers or developer about using the solution?

GA: We are actively engaged in the process of deploying bulk orders of HYPR tokens to companies across the enterprise and financial sectors, and our aim is to provide them the most secure, cost-effective solution on the market.  We have been seeing positive response to the scalability and ease of use, coupled with substantial feedback on future iterations of the technology with regards to the Internet of Things and wearable technologies.

Related articles

HYPR gets sticky with the FIDO alliance
15/04/15
Hypr-3 launches pre-orders of biometric mobile payments platform
07/01/15