Inside HYPR’s biometric token solution, FIDO certification
Biometric security firm HYPR is hoping to disrupt the authentication market with its cloud-based biometric token platform, which uses sensors and trusted execution zones in mobile devices to provide device-to-cloud security.
The company’s three-factor authentication products meet the strict requirements to secure enterprise and government deployments.
The open platform works by leveraging either a device’s existing biometric security or a tiny “bio-sticker” that HYPR developed in-house, which features a fingerprint reader.
The system initially requests a challenge token from the server and registers the user once the biometric authenticator verifies the user’s identity.
The user’s biometric data is fully encrypted and stored on the personal device itself, ensuring that it is completely secure and free of being compromised.
HYPR recently joined the Fast IDentity Online (FIDO) Alliance, and in doing so, will share its authentication technology and collaborate with the nonprofit organization to deliver open specifications for universal authentication methods that are interoperable, more secure, and easier to use.
“For us, being a member of the FIDO Alliance is not only a stamp of approval, it also shows that when we refer to FIDO we’re talking about an organization that we are actually a part of,” said Avetisov.
The partnership is mutually beneficial as HYPR will help to promote FIDO Alliance’s password-less experience (UAF) and second factor experience (U2F) specifications, to ultimately replace antiquated, fragmented and insecure authentication solutions.
“As a nonprofit that has spent a lot of time putting together this specification, we feel that FIDO has done a great job,” said George Avetisov, CEO of HYPR Corp. “I think their main challenge is getting everyone to implement something that’s so new and vastly different from the authentication protocols that we’ve had for many, many years.
“I think the more companies they have that are selling a branded suite of FIDO certified authentication products, the better it is for them — to get that out to the SMBs, the individual developers and the mid-sized platform, as opposed to just the large massive enterprises.”
The HYPR Protocol enables 3-Factor security, all without requiring additional apps or add-on hardware.
HYPR’s modular solutions can be implemented in various configurations across the device layer, via BYOD, or by using the HYPR developer kit, which is expected to ship in July.
The developer kit includes the HYPR application, a mobile and desktop SDK, and a HYPR fingerprint reader manufactured by Fingerprint Cards AB.
HYPR will support a wide range of specifications and protocols, including all FIDO UAF specifications (UAF server, UAF client, UAF authenticator, and UAF ASM) and FIDO UAF specifications (U2F server and U2F authenticator).
Additionally, HYPR will enable token generation via the TOTP RFC6238 specification, while HYPR tokens are FIPS 140-2 Level 3 Compliant and tamper resistant.
With its recent FIDO certification and the upcoming launch of its SDK, 2015 is set to become the startup’s biggest year yet.
And despite being relative newcomers to the biometric authentication field, HYPR has aspirations of becoming a top player, Avetisov said.
“We would like to be the de facto biometrics FIDO authentication solution,” said Avetisov. “We’re working to bring together an end-to-end suite that handles the enterprise, government and hardware components necessary to bring biometric authentication to the masses.”