UnifyID gait recognition API provides passive behavioral biometrics capabilities for mobile developers
UnifyID has launched a behavioral biometric authentication capability for mobile devices based on gait recognition to provide frictionless security for developers to deploy in a wide range of applications.
Asked about the difference between UnifyID and other behavioral biometric authentication technologies on the market, the company’s Founder and CEO John Whaley told Biometric Update in an email interview that collecting and processing information passively in the background provides a huge advantage.
“Even before you interact with the service, we already know it is you with high confidence, which means the behavioral signals are strong enough to use for authentication, not just detecting anomalies after the fact,” Whaley writes. “Passive background collection also solves the enrollment challenge with most behavioral biometric systems – that is, how to collect enough samples from a user to build a reliable model of the user’s behavior. Other solutions may claim ‘one-shot enrollment’ – that is a lie. You need much more data to build a robust and accurate model of user behavior.”
GaitAuth is offered to developers as a way to provide authentication which the company says is comparable to fingerprint biometrics in strength, running in the background on the user’s mobile device. In this way, GaitAuth turns the device into an “authenticated key” with behavioral biometrics to enable integration with access control systems. As a way of providing the identification of confidence without asking people to remove masks for facial recognition or gloves for fingerprints, the data from smartphone sensors can uniquely identify individuals, and tell genuine users apart from bots, the company says.
The main use cases the company expects it to be used for include physical access control, such as for doors or vehicles, as an additional passive factor in multi-factor authentication processes, device authentication and access to secure apps, according to Whaley. GaitAuth can also be used to provide strong biometric authentication for lower-end devices without native biometric capabilities, and in risk and fraud solutions, to identify account takeover events and duplicate or shared accounts.
But how comfortable are users going to be with gait recognition?
“Gait-based authentication is not as well-known as other biometrics like face or fingerprint, but it has robust science and peer-reviewed research behind it,” Whaley answers. “Regarding the notion of whether users want implicit authentication, the general trend is to reduce the friction associated with security and authentication.”
He cites the transition in smartphone unlocking, and notes that “users consistently reject even the most minimal steps to add security.”
“The second point is by a factor being completely passive, it makes it much easier to layer on security and build an adaptive system,” Whaley continues. “There may be cases where it is important to maintain the “ritual” of authentication, for example entering a pin or signing your name. These add at best a modicum of security and are mostly symbolic, whereas the real authentication is happening in the background. And nobody, nobody, nobody likes passwords or SMS OTP codes, or KBA questions. Those forms of authentication will not be missed by anyone – users, product managers, or security professionals.”
UnifyID has produced a short video to show how the technology works in action. The API is now available through the company’s developer portal.