Passwords will soon be in the past, since they can easily be cracked. They are also too expensive to operate, since changing one password may cost a company $ 100, according to a research by Infotech. PINs are being substituted by static biometrics (fingerprints, voice or face features). In Europe, this technology is being actively introduced by banks, security services, healthcare industries and governments. Within couple of years, it will be integrated into blockchain platforms. Johann Caubergh, founder of BioSSL, a UK startup, explained in his interview to Invest Foresight, how cryptography attacks may be prevented and why blockchain needs biometrics. Last year, his project got a SeSames for the best cybersecurity solution and a silver Fintech award for the best biometrics solution.
– You have been working in the biometrics industry for over 15 years…
– You could almost say that I am a dinosaur in the biometric world. It all happened more than 15 years ago, the day a man showed a big box with a fingerprint reader and a screen. I felt immediately that will be the future. And that person was looking for a Sales and Marketing. With ups and down, wrong partners I decided to go my own path.
At that time, every fingerprint sensor had his own fingerprint algorithm. I knew that the future was to work with a fingerprint algorithm that works independently from fingerprint sensor; A spin-off company of a French university had a promising technology.
With our team, we developed some applications for police and army and consulted their solution to large integrators. Unfortunately, their success and money greed went into their heads, and they broke the existing contracts. Though the litigation is still open, we had to continue and found ID3, a fast and highly accurate fingerprint algorithm. The founder and CEO Jean-Louis Ravel and our company was a direct match. Apart from fingerprint recognition, we found Ayonix, owned and managed by Sadi Viral, a face recognition algorithm, unique in his kind by her 2D-3D verification. Both technology partners brought QiSQi where it stands today, an integrator and solution provider of identification technologies.
– Then why do you need BioSSL? Under what circumstances did this project arise?
– We had a request to develop a money-driven crowdfunding website where people could put their real money online, and buy and sell shares of companies. If we could integrate fingerprint verification, the platform would be compliant towards the International Crowdfunding Organisation, where every user needs to be a unique user. After 6 months hard work, our team managed to create a secure layer between the user and his fingerprint reader and the main server of the crowdfunding platform, by registering and verifying the 10 fingerprints, without storing nothing locally, and registering unique keys on the server. We managed to keep the privacy of the user. The biometric passwords on the server are useless for hackers. After some research, we saw we were unique in our concept. We could not bring in under the hood of QiSQi, whose market is more Government and LEA. The biometric security platform is for the Financial Industry, eGovernment and every application that is protected by a password. BioSSL is born. BioSSL stands for Biometric Secure Socket Layer. QiSQi is still running and has the advantage to use BioSSL platform for her own customers, to protect data.
– What is BioSSL uniqueness?
– BioSSL does not store any data locally. And what is stored ‘in the cloud’ or on the server is rubbish for hackers. And every time you use your fingerprint, a face of voice, the password is unique. Some mobile manufacturers have integrated fingerprint readers and perform a local security. A hacker can go behind that layer and take control of the device. BioSSL has other security features and logic, which we cannot reveal here.
Thanks to Diamond Fortress, company based in the USA, we are also the first to use a mobile camera to take a selfie of the fingerprint, which is immediately converted to a unique password. We are independent of the iPhones and other smartphones with integrated fingerprint sensors.
– You received an investment of $ 250,000. What solutions are already ready to enter the market?
– Today, BioSSL is an early stage company, creating worldwide relationships with integrators and agents. We are now publishing our ICO. Have funds to make BioSSL mature for the world. QiSQi is self-funding without loans or funding, but BioSSL needs a financial input. Thanks to 2 business angels, we gathered the funds to develop and deploy in 6 months time, Fingerprint, Face and Voice Registration and Verification, Mobile and Web-enabled. We proofed to be completely operational with the $250K (Investors’Angel and The Arzam Group), and have existing customers. We are proud to achieve it within the budget. The funds are a whisper if you compare it with other funding adventures, where millions are on the table. We enjoy our freedom and like to grow organically, but reality reminds us that we have to look for new funds to cover our growth. A lot happens behind the scenes.
– Service for hiring security operatives ArmourAgent to verify the identity of the member by using the BioSSL mobile application. Who else does work with your program?
– Armour Agent is the first who came in officially as a customer that we could announce. We cannot mention the new customers yet, they are under non-disclosure. Negotiations with banks and governments are ongoing. We do have to say that with Yobi, the biometric blockchain security, we have hit a new market: all companies related to the blockchain and cryptocurrency. Weekly we receive a request to secure the link between their customers and the blockchain application. BioSSL can handle today the security, off the shelf. With Yobi, we dive inside the ledger and develop a new security protocol.
– What differs BioSSL from Yobi? How does biometric identification work in the blockchain?
– BioSSL performs verification, not identification. BioSSL compares different data to each other, verifying 2 different hashes. The word ‘Identification’ is used when you ask the application to find someone in a large database, without knowing his/her name. Yobi, the biometric blockchain security will be the next step to increase the security of transactions, communications and keeping the privacy of the user bulletproof, for life! Every existing customer will be merged to that new platform. One of the applications Yobi can handle is the biometric blockchain handshake. We will reveal this concept later.
– What blockchain are you working with, and why was it chosen?
– Blockchain, our own blockchain.
– How do you monetize the project? How much does it cost to use a biometric password?
– The business model is quite simple, a license fee per user in the database and fee per transaction, in case the project is handling transactions. The cost is less than a 2FA SMS verification or any other web security.
– There are a lot of disputes about the security of biometric passwords. How would you comment on the main argument – a password or PIN would still be safe, but someone could unlock your mobile device with facial recognition or your fingerprint while you are asleep or unconscious.
– There is a misunderstanding between cybercrime and personal crime. If someone is threatening you to give your password or pin, you give your credentials. If you are sleeping and someone is stealing money from your mobile phone then you have family or friend problem. BioSSL and Yobi are protecting the identity from the man in the middle, who steals your pin code, or hack your mobile phone, or take your identity. You never will meet that person, he is gone with your money or coins, silently and anonymous.
– In your opinion, how will the biometric industry develop in the next couple of years?
– There are new hardware sensors coming in the market, where the usability and live recognition are the issues to cover. Fingerprint and face verification will remain the major biometric standards. Voice will increase in speed and accuracy. Bankcards will have integrated fingerprint sensors, ATM machines will be equipped with sensors, etc.
Biometrics is taking its place in the industry and will be needed more than ever: the coming quantum computers can reveal your password in fractions of seconds, where it normally takes centuries. DNA is the future, but can only come available if someone can invent mobile sensors and the related calculation power that is needed to verify. Our platform will be ready to integrate it. We are a candidate for every government or financial organization to work on international biometric transaction and identity standards.