Nok Nok Labs CEO Phil Dunkelberger on adoption
06 April 2016 16:39 GMT

Rapidly growing interest in the security and convenience created by the use of biometric technology on mobile devices has also thrown a spotlight on the authentication solutions that will be needed by the multitude of related apps and services.

A key player in this field and force in the success of the FIDO Alliance, Nok Nok Labs has established itself as a thought leader in the evolution of mobile identity.

Planet Biometrics talks to CEO Phil Dunkelberger about the challenges that the industry still faces in terms of adoption, privacy and security.

What do you see as the big themes for 2016 around biometric adoption?

Yes, I can answer that question in two ways:

a.     Biometrics is going from a novelty to a must have - in platforms, devices and core customer experience.  Intel, Microsoft and multiple mobile OEMs (Samsung, Sharp, Fujitsu, Huawei, etc) led the way in 2015 and major enterprises like Bank Of America have deployments in full production for consumer-facing applications. There is a proliferation in authentication methods and more of them are going mainstream including fingerprints, eye and face recognition. The question will become - after fingerprint, which modality will win out? There is furious experimentation in wearables like Apple Watch etc. and customers will have to navigate this complexity.  The key theme is use cases, today it is payments and banking, but you have regulations from privacy and in europe with PSD2.  Biometrics seems to be the weapon of choice.

b.    Passwords, the prevalence of dongles, keys and cards will continue to decline.  Passwords are here and will be here in the near term, but they will be replaced over time. It took us 50 years to dig this hole and it will take time to move beyond passwords.  With all change, particularly user behavior change and re educating users is an incremental process. Traditional authentication tools will decline into obsolescence and ever more niche use cases as mobile devices and wearables start to subsume their functions and consumers dictate their preference for ease of use through their connected devices.

Have you seen hesitation on the part of deploying organizations in light of the US government Office of Personnel Management compromise of 4M fingerprints? Are there lingering concerns around the privacy of biometric information?

In regards to the OPM breach, there was definitely some initial concern around the security of biometric information. For example, if your fingerprint gets compromised with one vendor, does that mean it can be compromised in other places? Biometrics, used in conjunction with FIDO standards, can be used to augment and improve authentication. Biometrics for online authentication are generally used in one of two architectures; local-match and remote-match with a centralized database.  In a remote-match architecture, the biometric must be stored on the server, just like passwords. Therefore, like passwords, remote-match biometric authentication systems are vulnerable to data breaches like what you saw with OPM.  FIDO uses local-match and explicitly does not use a remote-match biometric architecture. In fact, its Privacy Principles prohibit the sharing of biometric data beyond the user’s personal device.   New generations of authentication architectures should avoid this.  In a similar way to current efforts to avoid the big attack surface provided by usernames and passwords on the back end, people are trying to avoid biometric data being stored on the backend.

What's new with FIDO and are you seeing wide market interest for the new standards?

Back in November, FIDO submitted the FIDO 2.0 platform enablement components to World Wide Web Consortium, which marks the first time the Alliance has submitted their specifications to an outside standards development organization. The components comprise of three technical specifications required to define a standard web-based API intended to drive FIDO into the platform layer.

By measurement of people joining - we're now at over 250 members - and certified products - you now have 100+ FIDO Certified products, things are moving up and to the right.

At Nok Nok Labs, as a founder of the FIDO Alliance and as a co-chair and editor for the FIDO 2.0 and FIDO UAF working groups, we could not be more proud of achieving this milestone.  Also, as members of the W3C, Nok Nok Labs expects to continue to contribute to the completion and ratification of the work by the W3C and support adoption by the major web platforms.  Nok Nok Labs is providing a bridge for today’s deployments to embrace FIDO 2.0 when it eventually arrives, so people can deploy today and leverage FIDO 2.0 in the future. FIDO 2.0 is good news for Nok Nok Labs because it will provide more endpoints for our Authentication Server.

Biometrics is a trendy topic, but nobody wants to be the first to deploy and encounter problems.  What have you seen in terms of deployment dynamics?

Biometrics have been on the client side for a while but are frequently not used.  It is a matter of driving down the cost and proliferating biometrics.  Biometrics are trendy right now and that trend is up and to the right.  It is being led by things like FIDO Alliance that are driving an ecosystem that provides lower cost solutions, better security, simplicity and improved privacy. 

Nok Nok Labs has a few deployments under our belt including PayPal, NTT DOCOMO, and Alipay. Something that is astounding with these large consumer-facing apps is the speed with which the market has embraced FIDO authentication. Don’t forget that the FIDO specifications were finalized a little over a year ago, and you already see production deployments with millions of consumer devices.  That is amazingly quick. The organizations we typically find are establishing a biometric strategy that goes beyond fingerprint sensors.  They recognize that consumers will dictate the best ways to authenticate and they need a platform that can embrace different modalities including fingerprint, face, eye, voice, whatever.  One of the beauties of our approach is that we can future-proof authentication to adapt to consumer preferences with a standards-based approach.



Related articles

Nok Nok Labs announces jumpstart plan for GSMA’s Mobile Connect
Nok Nok Labs launches new version of authentication suite
Nok Nok Labs and Japan’s DDS form partnership