Interview: B-Secur’s Alan Foreman on the era of ‘next-generation’ biometrics
14 October 2016 11:06 GMT

Lively industry debate over which modality will eventually triumph in key markets such as the commercial smartphone sector often ignores the potential of new solutions to disrupt the market.

For example, earlier this year ECG biometrics authentication business B-Secur debuted a new ECG solution that measures an individual’s unique heart pattern to quickly and securely verify identity.

Uniquely, B-Secur says that “first generation biometrics” including fingerprint, voice and iris are now commonplace, and that its concept presents the next generation.

Planet Biometrics caught up with the company’s CEO, Alan Foreman, to discuss the firm’s solutions and outlook.

What are the advantages of using ECG over other modalities?

There has almost certainly been a big uptake in what I call first-generation external biometrics - the types which are external to the body.

We offer the next generation of biometrics that are internal to the body, offering a number of advantages.

First of all, they are harder to spoof, to harvest and to potentially hack, by the nature of the fact they are internal.

Other benefits include liveness detection, and interoperability, which pure fingerprint doesn’t necessarily have.

Not only is my ECG an electrical waveform that is different to yours, each of my different heartbeats also forms a different signal. The ability to capture those uniquely means that we can form a particular pattern.

If we see an exact match of this pattern, which shouldn’t normally be the case, then we know there is likely a spoofing attempt underway.

We are working with minute variations in the heartbeat wave and only recently has the computing power grown enough to bring this to market, capturing the key benefits of higher security and revocability.

I can also attest to the convenience factor, which we see as a very big play – traditional modalities such as iris or fingerprint require specific hardware or sensors to capture the biometric.

Whether microphones or cameras, with ECG we are actually collecting a signal, and can collect that from any conductive coating – this means we can collect your biometric from any screen.

Lately there has been talk of how long an iris survives after death, presumably this would be certainly true of a heart beat?

You know, there's some scaremongering about biometrics right now, and cyber criminals are indeed catching up with a lot of things.

Although it seems to be early days, actually the history of this company goes back 13 years. We got a real boost just under two years ago when we got some significant funding from a hedge fund.

That allowed us to invest in R&D and actually bring these things forward to the commercial market, which is where we're headed right now.

We are at the early stages of the wave of internal biometrics and ECG is already key, alongside some of the other developing modalities like DNA or brainwave, which face many more years of advancement before we can put such like things into commercial applications.

One of our goals was to take something that everybody on the high street has today, whether it be a smartphone, a card, something they wear or a fitness device, and develop our technology within that.

As an organisation fundamentally what we're doing differently to potential competitors in our space is that we're embedding our software, our technology into other products. We are not building our own products. It's a very, very different model. But we're going down that B2B route and it is proving very successful for us right now.

So is there anything you can tell us about your current prototypes?

Definitely. So we're focused on three industry areas today.

The first is fintech and there are two areas in which we are bringing prototypes to the market. The first is an ATM. You don't need to use your PIN, you literally touch the screen on the ATM to authenticate.

Secondly, in the payment space we are working with a large US bank and credit card scheme on a contactless payment card.

Now some of the more traditional biometrics companies have been trying to solve this riddle, whereby we bring better authentication to the debit card world, as contactless payments have taken off.

We're making very good progress on our ability to use just a contactless card with a conductive coating as opposed to having to have an actual device embedded in a card.

Another key area that is really important for us as a small company, and which has helped us bring our product to market is biometric access control.

I liken it to the access control card that enterprises give to their employees while in the building or a secure area.

The applications are pretty wide ranging - from employees at airports through to government building access through to schools to hospitals, and airport access control for employees is the one that our pilot focuses on.

It's going very well and is a hot topic in the world at the moment, as there's been a number of high profile incidents in recent months and years that has led to a tightening of borders of airports and the like.

The third area that's really come upon us has been the health and wellness space. I call it the "Fitbit" experience, talking generically, whereby a lot of technology providers are getting on the bandwagon of a wrist worn device for fitness tracking or health.

There are security challenges with all of those things - we take a more accurate approach to measure your ECG condition.

You can pair that up with the ability to authenticate on a device that lends itself for higher value transactions. A good generic example we all know is the Apple Watch, which has Apple Pay ability but which is authenticated purely by a four-digit code - imagine if you could authenticate this using your body.

How do you envision your solutions being integrated into smartphones and mobile devices?

We actually produced a protective cover for a smartphone two years ago now, which was featured in Mobile World Congress last year, in 2015.

This simply slipped onto your iPhone and added a layer of security where you touched the sensor and it provided ECG authentication.

However, the mobile accessories market is a very difficult one to break into. It is high volume and mainly for the big players, so we have stepped away from the idea and come back with a better solution to integrate into the technology -  a much more seamless and sophisticated solution.

We’ve been talking to a number of mobile phone manufacturers around the world about implementing this technology. We are currently going down the route of this conductive coating to avoid the need for new hardware - that is where the lead time issue comes in implementing technology, and it's a very hard sell.

Interestingly, all the major manufacturers are looking not just at the device end, but also at their operating systems. It is actually at this top level that we talking to some of the technology companies about embedding our biometric systems - that's where we are going full blast on our next set of pilots.

Wearables are also a really interesting space, and actually we're seeing fashion retailers coming into this space as well. We just require a touch on some part of the body to capture the signal that we require, where better a place to do that than the clothing that you're already wearing?

We're in early discussion with a large sports retailer manufacturer which is very cool, but I would also suggest it's early days.

Do you think that future authentication on smartphones and other devices will involve multi-modal, seamless solutions?

Indeed, we have had a number of calls from bigger businesses in just the last couple of weeks that seems to underline a huge surge in the evolution of this position.

I don't think there is a single biometric that is perfect, I think it's conditional.

For example, the iris scanner doesn’t perform very well under certain conditions, voice doesn't operate very well when there’s  background noise and fingerprint authentication isn’t practical for manual workers.

What we want to get to is something that everyone has, and we know right now every live human being on the planet has a heartbeat! You cannot say this of voice or fingerprint for sure.

So did you face any challenges in developing this solution over the past few years?

Sure. I think the very first one was gaining recognition that ECG was a credible and valid modality.

We do not have 120 years of history like fingerprints to support us in terms of data.

We work with the National Physical Laboratory in the UK to develop our data, and have had to bring data to the market. Credibility here was quite key.

The second thing is that we're effectively fighting a growing swell of first generation biometric providers, many of whom are pure integrators of a fairly rudimentary technology so they can bring in the revenues and control the market and so forth.

Why would Samsung look to new disruptive technology that's still probably some months or years in the making? It can invest a certain amount in implementing an iris scanner for example - that's a tough challenge.

So we have a competitive edge where we're fighting against the first generation biometrics, and the difficulties of bringing the data to light.

Technically though, this is no more a challenge that I faced in my years of technology development elsewhere. It's about bringing together some sciences, and bringing together the cybersecurity and high tech aspects, but that is fairly stable. We've made great strides in the last two years so technology development is not the big issue, it's more about perception from the market.