Indicio’s market-changing solution gives people control over their biometric data, removes the need for centralized storage, and solves the challenge of generative-AI identity fraud, all while delivering the simplicity, privacy, and security that everyone needs to feel confident in biometric authentication. No need to abandon biometric systems, BYOB-VC can be added as a layer for rapid digital transformation.
Today, Indicio announces the launch of its groundbreaking solution to the risks and challenges of biometric authentication, BYOB-VC solution: Bring Your Own Biometrics using Verifiable Credentials.
BYOB-VC is a simple, easy-to-implement way for enterprises or governments to authenticate portable biometric data without having to store it.
Simply give people their biometrics in a Verifiable Credential (as part of an identity assurance process) and require them to present the biometric template in the VC (held in a digital wallet on their mobile device) when they do a liveness check. Verification software compares the live biometric with the authenticated biometric in the credential.
This radically simplifies biometric authentication — and provides a simple, intuitive, and powerful way to bypass the risk of AI-generated deepfakes.
BYOB-VC was developed by Indicio for pre-authorized travel and seamless border crossing and is in use in Digital Travel Credential solutions. Now, it is available in an easy-to-implement form for any organization reliant on biometrics for authentication and access management.
Global surveys show public are alarmed over biometric security and privacy
BYOB-VC addresses deep public concerns over biometric authentication. The recent International Air Transport Association (IATA) Global Passenger Survey 2024 found that a majority of airline passengers are worried about biometric data breaches and how their biometric data is being used.
A global consumer survey by mobile payment platform Jumio found that 72 percent of respondents are concerned on a daily basis that they may lose money or sensitive data to a deepfake.
And a 2024 survey by GetApp found that only 5 percent of consumers believed that their biometric data was secure.
Giving people control of their biometric data and the ability to consent to share that data, as BYOB-VC does, is a critical step to reassuring the public and governments over the safety of biometric processes. It meets the demands of the European Union’s Data Protection Board, which stipulates that “individuals should have maximum control over their own biometric data.”
By combining a liveness check with the cryptographic, tamper-proof verifiability of Verifiable Credential technology, BYOB-VC is the most powerful multi factor authentication available for biometrics — and it can be enhanced to meet the most critical security requirements by easily combining other Verifiable Credentials — such as a government-issued ID — to the authentication process.
Benefits
Portable trust
You can prove the source of the Verifiable Credential and that the biometric data in the credential hasn’t been altered or faked. You can prove that the credential is bound to the person presenting it.
Bypasses generative AI deepfakes
Biometric authentication is a quick, two-step process: the person presenting themselves for a biometric scan also presents their authenticated biometric template in a Verifiable Credential from their digital wallet. Verification software compares the two and they have to match. There are multiple layers of biometrics, cryptography, and other security binding the credential to the wallet and the wallet to the device and the device to the person.
Faster, flexible, and simpler biometric management
No centralized biometric storage. BYOB-VC removes the complexity around biometric systems. There’s no need to worry about them going offline or protecting against data breaches — because there’s no data to access! Verification software is simple and mobile, allowing you to take advantage of portable, trustable biometric authentication.
Makes data privacy compliance much easier
By enabling people to store their own biometric data you’ve not only solved the security risk of centralized storage, you’ve solved the compliance challenge of centralized storage and data minimization.
Addresses critical public concerns over biometric data
With generative AI being used in ever more elaborate scams, BYOB-VC provides robust reassurance, not only that their data can’t be stolen but that it can’t be used in ways they aren’t aware or approve of. The IATA Global Passenger Survey found that 39 percent of people would reconsider using biometrics if they were reassured about their privacy.
Why the future of biometric authentication needs to be decentralized
Biometrics have emerged as a powerful, frictionless way to authenticate identity. They are better than username and password-based authentication because they can’t be forgotten, don’t need to be reset, and — in the case of an iris — are unique to an individual.
But as biometrics have proliferated as a method to access systems, the upside of their uniqueness has revealed a precipitous downside. Biometrics need to be stored in a database so that the verifying party can compare the scan of a person presenting themselves for a biometric scan with a stored copy of their biometrics. If they match, the person is authenticated.
This centralized storage means they are at risk of being stolen in a data breach, and when this happens, people cannot reset their fingerprints, faces, or irises.
And if this wasn’t a big enough existential problem, the rapid rise of generative AI has made it astonishingly easy to convincingly fake biometric data.
Entrust Cybersecurity reported a 3000% increase in deepfake attempts between 2022 and 2023, while Deloitte’s Center for Financial Services is predicting AI-generated “fraud losses to reach US$40 billion in the United States by 2027, from US$12.3 billion in 2023, a compound annual growth rate of 32%.”
So far, typical responses range from “be more vigilant about security” to “don’t post detailed pictures of yourself online,” to “we need an AI solution to detect AI fakes.”
So simple, so fast, so cost effective
BYOB-VC is a simple way around both wishful thinking and an AI arms race, as it leverages the revolution in decentralized digital identity. Here’s how it works.
When a person has their biometric data first scanned as part of identity assurance, the data is digitally signed and issued to them in a Verifiable Credential that they hold on their mobile device.
Verifiable Credentials have three powerful features:
1 The source of the credential can be proved using cryptography.
- If someone tries to manipulate the data in a credential, they break the credential.
- The credential is cryptographically bound to the person and their device.
By rendering the biometric template taken during identity assurance in the form of a Verifiable Credential, any organization can authenticate it using simple verifier software. The source of the credential is authenticated, the integrity of the template data is authenticated, and finally, the template data is compared with the live biometric scan, all in one seamless process.
BYOB-VC also bypasses the problem of deepfakes. Rather than just rely on a still or moving image, or a voice, you also ask for cryptographic proof of that same data created by a trusted issuer. And if you need further proof, ask them to add other Verifiable Credentials to their presentation, multiplying the layers of cryptographic proof and credential binding.
In use by Indicio customers and now widely available
BYOB-VC was pioneered by Indicio for use in travel, where a passport’s biometric data is compared with a liveness check and then issued as a Verifiable Credential following the International Civil Aviation Organization’s standards for Digital Travel Credentials. This enables travelers to use a Verifiable Credential for pre-authorized travel and seamless border crossing. Acuity Market Research’s The Prism Project described our biometric solution as “masterful.”
Now, Indicio’s masterful approach and technology is available to any company, organization, industry or sector that wants a simple, powerful solution to managing biometric authentication.
Learn more about Biometric Authentication through Verifiable Credentials on Indicio’s website, or if you have specific questions you can get in touch with our team of experts.