The global Authentication and Identification market is expected to witness significant growth during the forecast period (2018-2023) registering a CAGR of 22.54% and expected to grow into a $52 Billion market by 2023 (Source: Businesswire)
As a company who has focused on Automated Testing & DevOps, we have embarked on several project to evaluate various 3rd party Biometric Authentication platforms for a client who is looking to pilot these technologies as part of their Continuous Authentication initiatives. While this might seem like somewhat of a departure from the “traditional” Mobile, Browser, API and Data Automation we’ve focused on over the years, we see tremendous potential in this space and a convergence of the Traditional Testing sub-disciplines as companies look to integrate different types of Biometric Authentication technologies & SDKs into their existing Mobile & Browser offerings.
Continuous authentication is a relatively new concept but it is gaining attention as the frequency of security breaches continues to skyrocket and the traditional forms of verification such as single-factor authentication (SFA) (Tradition Login User ID/Password Security), and two-factor authentication (2FA), adding a second layer (e.g. 1-Time Security Code, OTP, etc.) of security at login, are being increasingly compromised. This has spawned the need for new identity and access management (IAM) strategies fueling the demand for continuous authentication due to escalating cybercrime.
Through our experience on these projects, we’ve been exposed to a slew of Biometric Authentication Technologies, Companies and Use Cases that will only continue to grow in the coming months and years as the technology landscape rapidly evolves.
How does Continuous Authentication Work
Continuous authentication systems are continuously gathering information about a user’s actions and activities (e.g. Swipe Velocity & Acceleration, Typing Speed & Intervals, Pressure, Geolocation, Movements, etc. etc.) to “learn” user behavior and verify expected or normal behavior based on historical data. Based on this continuous analysis, the user can access the system and/or be required to provide additional verification (Password, OTP, Face ID, etc.).
The continuous authentication platforms build predictive models that are constantly learning user behavior and consequently become more accurate over time. If the user behavior is flagged as inconsistent, access to a particular session can be revoked and user automatically logged out and/or notified. The predictive model determines a “score” based on which a user’s authenticity is determined. The sensitivity and threshold score is typically configurable and the desired behavior can be customized (e.g. Application will ask for additional security questions or initiate 2FA) if the threshold is not met.
Different Types of Continuous Authentication
There are numerous technologies and vendors providing Continuous Authentication solutions:
Fingerprint Identification
This is a historic, traditional and reliable type of identification. No two persons share a fingerprint which makes it a unique characteristic for identification and, was the primary form of authentication for Mobile Phones from 2013 until it was replaced by Facial Detection in 2017.
Some of the Vendors for Fingerprint Identification are: HID, Suprema, NITGEN, CROSSMATCH, SecuGen
Face Recognition:
This technology identifies a person from a digital image or a video captured beforehand. Identifies the uniqueness of our face by analyzing the specific features on the face like location of the eyes, distance between the eyes, the shape of nose, etc,. Face recognition is used to unlock phones, find missing persons, detect diseases by observing visible chromosome changes, recognize drivers, track pets. Some of the vendors for Face Recognition are: OnFido, Mitek, Idemia
Voice Detection:
This technology recognizes a person by his voice. It is classified into Speech Recognition and Speaker Recognition. Speaker Recognition refers Who is Speaking? and Speech Recognition refers What is Spoken? A person’s voice is differentiated by the unique way of talking, physical structure of the throat, usage of words and the modulation of each word. Voice Detection is used in Alexa, Microsoft Cortana, Healthcare industry, service delivery. Some Vendors for Voice Detection are: Dragon, Google Assistant, Google Docs Voice Typing, Siri, Cortana, Speechnotes
Retinal Scan:
Retina is present in the posterior of the eye and is unique for each individual. The pattern of the veins or capillaries in the retina is captured using Retina Scanner. Retinal Scan can be used by government markets in FBI, CIA, NASA. Retinal scan has extensive usage in medical industry. Some Vendors for Retinal Detection are: AITOMU, YSENMED, ZD MEDICAL
Iris Recognition:
Iris is present in the eye but the pattern of the Iris could be seen from the exterior of the eye. An Iris Scanner is used to capture the complex Iris pattern and applies Mathematical Pattern-Recognition techniques to extract the patterns from the eyes. Iris Recognition is used in diverse Government Security Systems like Border Security, Airports, Police Department and different domestic basis. Some Vendors for Iris Recognition are: IRIS ID, CMI TECH, Princeton Identity, Sensor Access Technology
Other types of Authentication mechanisms like Swipe Authentication (which is increasingly becoming popular as mobile usage continues to climb), Keystroke Based Authentication, Location based Authentication, Hand Geometry and Vein Pattern Recognition (used in facility access control) and we’ll continue to see tremendous innovation in this space as the human-machine interactions change and the number of distinguishable interaction and behavioral characteristics continue to rise.