HYPR Corp. is a biometric security company that focuses on making the financial world safer for consumers and businesses alike. Led by CEO and blockchain enthusiast George Avetisov, the company recently partnered with blockchain security firm BitGo, producing an alliance that could secure the entire finance industry with blockchain-powered biometrics.
Also read: Bitcoin Price Blunders, Suffers $15 Decline
Combining the Blockchain With Biometric Security
Bitcoinist got the chance to sit down with CEO George Avetisov to discuss his company, its involvement in the blockchain industry, as well as hurdles faced by both biometric and blockchain security.
Tell me a little bit about HYPR. What kind of biometrics do you do?
Just a little bit about us. We provide a technology called biometric tokenization. It’s a relatively new term. Are you familiar with FIDO, or the FIDO Alliance, or the FIDO protocol — Fast Identity Online?
No, I’m not.
Ok, so it’s an open standard for biometric authentication. When you use your Samsung S5 or S6, or log into your paypal account, you’re using a FIDO-based authentication channel. The purpose of FIDO is to push an open standard that was designed by Google, Microsoft, Bank of America — some of the key players in tech — to decentralize and secure biometric data.
We’re a working group member of FIDO Alliance. Our purpose is to push decentralization and security of biometric data. How we do that is through a platform we call the HYPR suite. I’ll show you how that works in a minute.
Just a little bit about us: we’re based out of New York City. The company is mostly enterprise security veterans. Bojan, the CTO, is the founder of the Bitcoin Security Project. He wrote Aegis Wallet, might’ve heard of this wallet. Bojan is an expert in bank security consulting and blockchain technologies as a whole. When we came together, it was really interesting because we had this idea two years ago for — could we decentralize biometric security? Could we use some of the principles we see in bitcoin — around elliptic curve digital signatures and other aspects of the blockchain — and could we apply that to an authentication protocol? And what was really cool is that FIDO was just getting started, and we started really building a stack of software for enabling this type of architecture.
To make it really short and sweet: Our customer are Fortune 500 enterprises who are basically implementing TouchID or Windows Hello or the Samsung readers. Basically any type of biometric that is available on a mobile device, and our stack is securing that data.
What is the tokenization part? Where does tokenization come in?
How Biometrics used to be done, is you used to do a one-to-many match. You used to take a fingerprint template and you used to match it against a database of fingerprint templates, and you’d get a match. That’s sort of like passwords. Now what’s happened is biometrics have inverted into a one-to-one match on-device. So what you’re doing when you use TouchID, for example, is you’re basically pasting in your password. But in order to do that, you’re authenticating a one to one template. One fingerprint against one fingerprint. And that template never leaves the device. So that’s essentially what a one to one matching protocol looks like.
But where tokenization comes in is a lot of our customers are realizing that simply using TouchID by itself doesn’t actually replace the password. You’re just putting a wall in front of what is essentially a password paste. In order to really replace the password, you need to implement a FIDO-like architecture. That looks like this: when you log in with a HYPR secure system, and you might be doing so through your bank already, what you’re seeing is a login request, during which a cryptographic challenge is sent you your registered device. When you authenticate with your on-device biometric, HYPR signs that cryptographic challenge, send it back up to the server, signature is validated, and you’re logged in.
That’s pretty cool.
Yeah, what’s happening here is instead of simply replacing the password with a biometric to paste the password in, you’re killing the password.
So this is the technology that — is it BitGo — that you partnered with recently?
Yeah, so that’s probably what put us on your radar. BitGo — great company, we’ve known those guys for a long time — a lot of our customers in the banking sectors are adopting blockchain technologies and they would come to us and say, “do you guys have multisig, do you have a blockchain security platform you could help us with?” And at that point we said, “Hey BitGo, do you want to come in and integrate and handle some of these engagements with us?” It’s a two-way street; for BitGo, we improve their using experience with biometric tokenization, and for our customers, we give them blockchain security through BitGo.
Are you planning on doing anything else specifically in the blockchain space? Or is BitGo just like a one time thing?
What it is with blockchain technologies is the space has been so fragmented. And that’s sort of the same problem we’re dealing with in biometrics. One thing I always say is: “there’s no money in biometrics, but there’s money in biometric security.” Because there are so many biometrics companies. And we don’t write any biometric software. We don’t write any algorithms, we don’t write any of the matching stuff — there’s a whole ecosystem around this. But the problem is there’s no way to bring that all together in a suite.
So what I like about what we’re doing is handling this problem of fragmentation in the biometric technology space is big enough as it is. And BitGo seems to be doing that for the blockchain space. They now support Ethereum, and there’s a lot of really cool stuff they’re doing. So I think by offloading that to a partner like them, we don’t have to have the headache of going into blockchain use cases.
So you’re working with BitGo, I would assume you’re at least interested in bitcoin and blockchain. Do you have an opinion on how it will change finance? If you do, do you think that change will be as radical as some bitcoin enthusiasts think? Like, they think it’s going to take over the world, everything will be on a blockchain. What do you think about that?
I could talk all day about this. Let me give you a little bit of background. When Bojan and I came together, we originally wanted to build a biometric security stack for the purpose of securing Bitcoin. We assumed early on that the problem with Bitcoin is its irreversible nature. When banks are adopting this technology, they’re going to need a security stack that’s radically different than what they have now. I guess over time with some of our customer engagements we realized, this is so much bigger than just blockchain security — than just securing private keys — this goes beyond what we set out to do. So we really expanded our offering.
But with regards to where bitcoin’s going, I absolutely agree. It’s becoming ubiquitous in the banking sector. I would say 7 out of 10 of our customers are piloting blockchain technologies whether it’s through us or through our partners or through their own — I’m sure you know the big names who are handling this push right now — most of our banking customers are already up to speed with this. Where it’s really interesting are our IoT customers. I don’t know if you know, one of the components of our suite is iot focused firmware. We extend HYPR’s biometric tokenization protocol for manufacturers for door locks, automobiles. What’s really interesting is that we’re starting to see those guys piloting blockchain technologies
So yes, I agree with the sort of Bitcoin radicalists who think it’s going to dominate the world, but not from a currency standpoint. I gotta disagree there. I do not think people are gonna be walking around with coin, aware that they’re using coin. I think that the underlying rails for banks and the underlying rails for the IoT, for smart contracts, will be blockchain-based or sidechain-based, it’s just gonna be really under the hood.,
Do you think the integration of biometric security and blockchain will help push along this advance?
I think what’s great — that’s a really good point you made — because what we’re seeing is companies piloting biometric security and blockchain technologies in parallel. They’re not that different from each other, they’re not that far apart. Biometrics are maybe a year or two ahead in terms of rollout, whereas blockchain technologies are just now sort of the year of the pilot, with nasdaq and these other big firms.
But here’s the problem: you’re pushing out blockchain-based use cases, but the user experience sucks. You’ve gotta have strong authentication on top of that. Strong authentication usually reduces usability. So you have 2FA through text messages or 2FA through additional apps. I’m sure you’ve heard of the various hacks that have happened with 2FA systems on bitcoin wallets. And this is all pretty ABC stuff, me losing some coin through a 2fa hacker, through a breach from my coinbase wallet or something like that.
When you’re talking about using the blockchain –using private keys or cryptographic hashes for IoT use cases — now you’re talking about, can 5 years from now the energy grid be put at risk because we don’t have a good security infrastructure in place around these blockchain systems? And I think that’s why biometrics give a really good parallel to what’s going on with blockchain. If we can grow this around the same time these companies are rolling out bitcoin-based technologies, we’re increasing security and also user experience simultaneously.
Do you think the block size controversy will have any impact on how fast it gets rolled out to the mainstream?
That’s an awesome question. I try to stay clear of r/bitcoin when those things flare up. But I think if block size does not — I don’t know if we’re expecting a hard fork, or if this is just gonna keep going back and forth with the Chinese miners — the longer this takes, the more banks are gonna either start implementing off-chain or sidechain solutions or just their own blockchains. It makes the core blockchain look worse as a whole. It makes it look less desirable. Put yourself in the shoes of a COO at a Fortune 500 company, you’re faced with the decision of going with some side chain or off-chain solution or building it yourself, or going with the solution where 9 guys can’t decide on a protocol for 8 months, like come on.
We would like to thank Mr. Avetisov for taking the time to speak with us. His experience in financial security gives him interesting insight into the state of the blockchain industry, from both a security and business perspective. Bitcoinist will continue to follow HYPR’s work in the blockchain space.
What do you think about George Avetisov’s views on the blockchain and biometric security? Let us know in the comments below!
Images courtesy of HYPR Corp., IT Briefcase.