KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
And so if you want to repeatably, uh, connect a transaction to, to a person and actually doing it, the only way really is with biometrics because everything else essentially can be and has been circumvented by rockstars. They kind of take over a device. They can take over a session, they can steal your password, which we know they do every day. They can use your identity that stolen in breaches.
Um, by the way, there, uh, I think my last count there were 72 billion personal records stolen, um, in the last five years. Um, so fraudsters use these records to impersonate people. Hello everyone, and welcome to Frontier Talk. The world's first podcast on decentralized identity, I'm Raj Hegde. And in this podcast, we explore the intersection of identity technology and people. My guest on the pod today is a biometrics veteran who has a solid track record of building customer first relationships in a privacy first world. What makes her feel relevant?
It was a defining question that convinced her to forgo a career in foreign policy and venture into uncharted startup land. How can we deploy biometrics responsibly since the early days of the internet?
Um, she has exploded digital identity through the lens of biometrics and as passionately fought for data protection policies that are finally becoming a reality biometrics, as you know, is a sensitive type of data and deploying them effectively requires a solid understanding of not just privacy, but also societal usage. Yoda shared a take on how decentralized biometrics can help businesses build trust-based relationships with their customers. France is the last name co-founder and CEO of anonymous.
I Raj, thank you so much for having me Welcome to the pod Francis. Um, let's start off by exploring a journey so far.
Um, how were you introduced to the field of biometrics and what aspects of biometrics are you working on? So I've been in this industry for over 20 years.
Um, I actually got into it by mistake. I, I originally thought I would be some ambassador somewhere around the world trying to make a peace, um, make the world a better place.
And, um, actually I found a better way to do that in my opinion, uh, through, through my skillset. Um, we need the diplomat, but, um, my, my focus is on, uh, using technology to make the world a better place. And I got involved in biometrics, um, really as an accidental journey, um, among various startups that, that I had been involved in and I was intrigued by the technology as a way to help protect people, right.
Um, and, uh, to protect their identity and enabled them to, uh, transact, uh, and, and, uh, be, uh, more, um, effective in what they're doing on a day to day basis. And in fact, um, along the way, one of the, one of the most passionate areas that I had was around, uh, privacy, um, enabling people and also using this technology, uh, to promote and enhance social and economic development.
So, um, I got involved, uh, in very, very interesting projects and programs, um, over the years, as you know, Wow, that is some journey, um, for audience. Could you perhaps take a step back and summarize what exactly are biometrics and what are the processes of a traditional biometric system? So biometrics Are essentially a mathematical representations of your physical or behavioral attributes, your fingerprint, your face, your Iris.
Um, these are the traditional physical biometrics that, um, we've come to know, uh, and use in our daily lives. And there are also other biometrics that are considered behavioral.
Um, some are, uh, like your voice or the way you walk or the way you type. Um, and most recently within that class, there are advanced behavioral analytic technologies that, um, analyze the way you input information, um, and other, uh, types of behaviors that you exhibit when you use an application or a device that make you, you Great explanation there.
Um, short and simple. Um, you've seen the industry evolve from its infancy stages to, um, what it has become today.
Um, we have been missing a number of government and private organizations that are experimenting with biometrics and are adopting biometrics to not just identify people, but also verify that entities, uh, be at a fingertip, a face scan or even an Iris scan for that matter. Um, what, in your opinion were the biggest inflection points that put biometrics on the map?
Oh, this is an industry that has gone through a lot. Um, I would say the, the first, uh, major inflection point was actually nine 11, um, where it was recognized that, um, there are technologies that could help, um, really identify, uh, the bad guys.
Um, I would say that was the first major, um, for this industry and facial recognition in particular. Um, and actually we might, we might want to backtrack to that because about six months to a year before nine 11, there were a lot of other things going on in the industry with regards to privacy. Right.
Um, and, uh, and then, and then after nine 11, uh, the pendulum swung the other way and stayed there for quite some time, as people were afraid of, of the, you know, terrorist activity and how you can identify and predict, you know, what, what, uh, what will happen across borders within borders. Um, and then the second, I would say major inflection point for the industry was, uh, Apple's adoption of the touch ID on the, on the phone.
Um, and that put biometrics in the hands of the everyday consumer. Um, and we can thank, um, uh, my friend Scott Moody, who founded authentic the company that, um, apple, uh, ultimately acquired to do that, but that was a huge pivotal moment for the entire industry was the first time that people really thought about, you know, using their fingerprint to login to their device or to do a transaction.
Um, even though, you know, we'd been talking about this for you. Um, and then, um, you know, the evolution of that, the face ID, which became much more, um, you know, brought it even more home and globally, um, uh, around that time, um, India, um, adopted their national, um, ID framework, um, which actually is considered to be in many ways. It's not perfect, but in many ways it's considered a standard for the developing world and how to manage identity, distribute, social services, um, essentially take care of the citizenry.
And, um, we saw that in play in other countries, um, in Pakistan a few years after that there was a big unnatural disaster and they use biometrics to distribute emergency aid to people. And then you saw other countries today, Nigeria has a biometric, uh, credit card, national ID, and we see, um, uh, you know, other countries that are distributing pensions and really, um, uh, using it as, as really foundational, um, and that that's playing out in many ways today with the vaccine, you know, passport, which I'm sure you know, which I'm sure we'll get to.
Um, but you know, back to, uh, my career and, and, and, um, uh, and the inflection points. Um, one of the most interesting projects that I got involved in over the years was the use of biometrics to, um, create, uh, a system for farmers in Africa to get, um, aid, uh, to, uh, provide genetically modified seed based on the yields of their crops.
Um, once they were biometrically enabled, they could go to banks and get micro loans and things like that. So really the foundational, you know, once biometrics were out there, it really became a foundational for, for many, many, many programs.
And I think lastly, um, COVID in the last, uh, year or so really highlighted the need for remote identification, whether it was work, you know, workforce operating from home, whether it was, uh, the explosion of e-commerce and, you know, transacting, um, and all of the fraud that you know, came about because of weak authentication, I think, uh, you know, everything up together, uh, really highlighted, uh, and pushed, uh, biometrics, uh, for, to the forefront. Once again, One thing that has always intrigued me, uh, for that matter is the permanence of biometrics.
So two biometric features remain constant over time. Um, you know, as I get older, I might get more wrinkly and the orientation of my face might actually change just a bit.
Um, so I was just wondering if biometric systems can actually recognize me from, Yeah. So first of all, Raj, forever young, don't worry about sprinkles.
Um, so one of the, one of the main benefits of biometrics is their permanence. Um, you know, is there a repeatability?
Um, and, and the fact that it's really the only link between a person, um, and their, and their physical, you know, being, um, especially as, as we have more and more, uh, remote interactions, self-service interactions, uh fast-track uh, and whatnot. Um, some, uh, technologies are physically more permanent than others. Some are naturally inclined to, to change, um, obviously your facial appearance or behavioral attributes.
Uh, but these technologies have improved over the years, both in terms of accommodating these changes. And, uh, second in terms of recognizing, um, the differences and, um, improving algorithms to detect, to detect those changes and still, uh, ensure that a person is, you know, who they are, even if they're wearing glasses or they change their hair. You know, th these are, these are problems.
Uh, actually there were solved, uh, quite some time ago. Um, and now, interestingly, COVID presented another challenge, which was not about the wrinkles, but it was about, you know, face masks.
Um, and even that, you know, the industry has worked extremely, uh, uh, hard to overcome, and you do see algorithms and technologies, even facial, uh, technologies that can properly identify and to touch people. Um, even if, even if they're wearing a mask, which was obviously very important, um, as we enter a reopening phase, right, to allow people to enter facilities, travel, and airports, where they are going to be, um, expected. So the answer is we have made a lot of strides and the systems are able to recognize those changes, Fingers crossed Francis.
I hope your words actually come true, um, in this case. Um, so I think that's a great segue to actually explore the intersection of identity and biometrics, particularly in the times we're living in today.
Um, identity, as you might know, is an innately physical concept. Um, do biometrics effectively anchor digital mechanisms to physical identity. So it's actually a great question, especially for people that are thinking about zero trust and, you know, how do you really identify people and how do you, um, how do you ensure that somebody really is, uh, who they are?
Um, a lot of identity frameworks today have been based on, uh, up until now have been based on pointers or derivatives or, um, uh, risk, uh, association, uh, like location, like device, um, and other, other, uh, kinds of, um, you know, indicators, uh, usage, usage patterns, um, uh, behavioral analytics, uh, which is a type of usage, uh, analytics, um, you know, how long, how often, uh, the activities that people do.
So based on all of these pointers, I would say, you know, if you, if you're not using a biometric, these are all, um, risk type of indicators on whether a person is who they claim to be, but at the end of the day, none of those are the actual person. And so if you want to, or if you to Billy, uh, connect a transaction to, to a person actually doing it, the only way really is with biometrics because everything else essentially can be and has been circumvented by fraudsters.
They can take over a device, they can take over a session, they can steal your password, which we know they do every day. They can use your identity that stolen in breaches.
Um, by the way, there, uh, I think at my last count, there were 72 billion personal records stolen, um, in the last five years. Um, so use these records to impersonate people, um, and, uh, you know, as a consumer, as a citizen, um, I want to make sure that nobody's impersonating me and all of these other things are just, you know, um, peop bits of information that other people can use to pretend that they're me, We are currently living in unprecedented times where the explosion of personal information is transforming tech business and society.
Um, and as a result, the notion of identity as such is changing, uh, what was once considered to be a singular concept has now converted to plurality. Um, so my question to you is can biometrics actually play a role in unifying multiplied entities? So I think, uh, by much checks in a lot of ways is central to, to that, um, unification.
Um, there are, again, there are different ways, um, to, to, uh, confer, um, uh, an identity credential or an identity framework. But, um, as, as the India example, um, shows, and, and you see this, uh, in other national, uh, I do schemes, um, it's really one record one identity. And then from there, you can spin off whatever, you know, other applications use cases, credentials, um, ultimately, you know, that you need.
Um, there is also a peer, which we saw in us, driver's licenses here, um, where, you know, people will apply. Um, if you're not using a biometric, people will apply for a driver's license or multiple identities.
Um, then you have the problem of, uh, I mean, I use apple pay all the time, but, uh, I'm very well aware that I could take your credit card, uh, or that you could take my credit card and put it on your phone with your biometrics, and nobody would know. Um, so at the end of the day is, you know, there's no way to really bind that identity to the biometric, to, to the person, then it's not a strong identity. Right.
Um, and just to add to that, um, the current industry paradigm, as you might know, is to basically store sensitive data in centralized honeypots. And the implications of this are unfortunately irreversible data breaches.
Uh, the biggest example of being the Facebook, Cambridge Analytica scandal, uh, on a state level, the, the hack of the office of personnel management, where literally the personal identifiable information of millions of people were actually compromised. Um, so my question to you is what is the significance of such a data breach? Why should people actually care and what actually, when a biometric is compromised? So it actually has happened, um, it's, this is not a theoretical question.
And, you know, governments today, governments, agencies, entities, um, have databases, not just a biometrics, but a lot of other, you know, personal information because it's their responsibility to, you know, back to what we were saying in the beginning to transact and manage, um, uh, to ensure the integrity of, of the other systems that, that derived from that. So it's not that they don't have a need for personal information.
Um, the question is how do you manage it in a way that is secure and that doesn't lead to downstream identity, other identity problem. So, um, so I think, I think, uh, I think that's important, you know, to, to understand we're not, I, I, I think that there is a need for governments to, for example, issue passports, we need passports for travel.
Um, and that means that somebody is creating a password system and is distributing passwords. Now we see verifiable credentials, you know, picking up steam. There's a need for that because people need to show these credentials, uh, in different places. So then the question becomes, how do you manage all of this information to minimize the chances of these irreversible breaches and the chances of people's personal information, which, uh, you know, in my mind, biometrics is the most sensitive of all.
Um, and, uh, and that really, really becomes the question. So around the central honeypot, it's primarily because up until now, um, technologies were based on biometrics and even personal data frameworks were, were based on, um, on the notion that, you know, everything had to be in one place.
Um, and from a biometrics perspective, we can talk about why, um, but as we've seen with different, uh, uh, did, and, um, other verifiable credential frameworks now, you know, with blockchain and others, that it is not necessarily always required to have essential Pani, um, with biometrics in particular, um, that limitation, um, well, we could take a step back, but with biometrics, there were always two choices. You either store the biometric on, uh, in a database, in a central honeypot, as you say, you know, to protect it, or you put the template locally.
Um, we see credit cards that have biometric templates stored on the carp. There were technologies, you know, these are match on car technology, and then it became the biometrics that were stored on devices, uh, on the phones.
Um, and, um, and the reason for that is that the template, the biometric, the mathematical representation, um, of that, of that, uh, biometric always had to reside in a holistic form, uh, in one place for magic. And the reason is that the way the template is established is that you extract the features, and then you measure the distances between the features in order to come up with that mathematical representation. And if you actually try to decentralize that template, you could do it.
You could definitely decentralize that template, but the problem becomes when you act to do the magic, because, um, you needed everything back together, again, in order to do, do that computation. And that's why you see the choices of either central honeypot or these localized, our storage mechanism of these individual templates. So as long as everything was there, uh, you know, you, you could actually do a match.
Um, and then with the central honeypots, you're at the risk of a breach with the device based approach, you're at a risk of up hacker or fraudster, uh, just, you know, circumventing the entire process because it's not bound to any rooted, you know, identity.
So those, you know, when you, when you asked about the state of biometric, the state of biometrics essentially has become a choice between, you know, trading, trading off the security, uh, apparatus, if you will, of a centralized Mecca, uh, system where you don't really necessarily have privacy or the privacy framework of a device approach, but you miss out on the security framework, uh, within the whole system. So that that's been, you know, the state of play. And so what's the end game here.
Is there an alternative means to ensure someone is whom they claim to be without relying on centralized honeypots or device-based biometrics? So, So the, uh, you know, what, what we've seen today are, uh, breakthroughs and, um, and multi-party computing and environment that, that leverage of biometrics where, where you actually don't have those limitations. You don't need to choose between essential honeypot or a device based approach in order to provide both privacy and security.
Um, and this is actually my, my new, uh, venture, uh, my new, uh, exercise, uh, baby, um, to really, you know, bring, uh, this, uh, framework, uh, out there and to solve this problem once a broad basically, you know, we, we can, we can enjoy the benefits, um, the convenience, the security, um, and everything that comes with the promise of biometrics without having to deal with the risk of, um, uh, identity theft and, uh, you know, breaches and hacks, and really reducing and eliminating that, um, liability.
And I've, um, you know, ultimately I think the spirit of GDPR and all of the other data protection, uh, laws, right? They were always saying like privacy by design, minimize what you have, you know, try not to store anything. How do you know, just do the minimum, but that always would cause a conundrum with the agencies that had to do KYC that had to do strong authentication. How do you deliver those services?
And so with these new frameworks, with what we're doing at Anon a bit, I think we're really, for the first time able to, to answer the call privacy and security for biometrics and identity, I think now is a good time to welcome your baby into this world and to actually explore your work in this space. Um, could you perhaps, um, tell us what exactly is a non a bit, and what's the fundamental problem that you're trying to solve?
Uh, um, a bit is a privacy first, uh, platform, uh, for managing and securing, uh, biometrics and, uh, personal data. Um, we are essentially, instead of relying on the features and the distance is between features in order to create a template and then do an authentication. We S you know, our question was, what if you didn't have a tough plate, uh, but you could still do biometric authentication.
Um, what if there was no centralized system? What if there was no place for a fraud store hacker to get into, but you could still make sure that somebody is who they claim to be and whatever interaction they have.
Um, and that is, you know, that that is what we've done. So the decentralized framework, um, instead of relying on templates, um, and, and, and dealing with the problems associated with template on management, um, our approach essentially breaks down the biometric information into, into anonymized bits. That's why the name of the company is anonymous, and we use these bits. I was sorry.
We, we, we store these bits, uh, throughout a multi-party computing system of nodes, where they are kept, and they're never, they're never retrieved. We never bring anything back together.
Again, we never reconstruct anything. So there is no single point of failure, and there was nothing for a hacker to find and nothing to steal. So then the next question is, okay, so then how are you doing the magic, right? If there's no template, you know, it's like, wait a minute. I don't get it. Cause it's like a totally different, um, and a totally different approach to handling and managing and doing biometrics.
So, um, so what we're doing is, uh, th we have different types of nodes. We have, um, storage nodes, we have mapping nodes and we have computation nodes. So when we break down the biometric information into these anonymized bits, they go, they go to, they go to the storage nodes where they're kept and, uh, and these nodes can be anywhere there that, uh, I on a big service is being run. And these are not in my fits are tiny, meaningless pieces of information. If somebody somehow picks that up, it doesn't, it doesn't mean anything. It's not connected.
It's so it's not connected actually to any of the other features. It's like an independent meeting list, piece of information, um, like a crumb.
Um, and, uh, and so when, when you actually want to do a match, um, the, the system breaks down the, the biometric into, uh, these anonymized bits, again, maps it out in the same way. And then, um, the, these computation nodes kick into gear and they, they handle the measurement of each bit, uh, in comparison individually, and then, uh, reconciles all of the mathematical computations in order to determine the authentication. And so this is the breakthrough, what we're able to do, both the storage and the matching, um, in a distributed manner.
And you can't do this on the blockchain with biometrics, um, or other, uh, types of, um, and there has been attempts. I mean, that this is not, it's not a new problem to solve. There's been many, many, many attempts, and this is the first time that, uh, we've actually been able to overcome the challenges, Right. You earlier alluded to the fact that traditional biometric modeling almost always requires a biometric template.
Could you perhaps elaborate on what a biometric template actually is and does Anon a bit bypass this requirement, you know, is an, on a bit compatible with every biometric algorithm out there? Yeah. So as I mentioned, um, there in the anonymous system, there is no template. There's nothing for fraud, sort of fine, and there's nothing for a hacker to steal.
And, um, the system, uh, completely anonymizes the biometric information, um, and distills it into these, um, anonymized bits. And, um, and that's essentially how the system has overcome the challenges, uh, by, by distributing the matching at a bit level, if you will, um, as opposed to having to, um, have the template, um, in a full, you know, in a full form.
Um, and I should have mentioned that, um, the attempts to do this in the past failed because w um, not because of the distribution of the information, but when the time came to reconstruct a lot of the, or even at the encryption level, a lot of the information would be lost features would not necessarily line up properly. Uh, and, and ultimately the, the mathematics of, of manage of measuring, uh, failed.
Um, um, and if it did work, um, you know, to, to reconcile everything, it took way too long. So, you know, the world of authentication, you're talking like under a second, um, and if it's not seamless, it doesn't, you know, when I say it doesn't work, I mean, both in terms of, um, you know, time and in terms of, of accuracy. So it needs to be, you know, practical. And this is actually a problem that I've known about since 2007, when some governments, you know, recognized that having their citizen database, a citizen information in a national database was not necessarily a good idea.
Um, and there have been numerous attempts numerous than I'm personally aware of to try to do, to try to decentralize. And I think we're only, like I said, um, w w this is a breakthrough that will, that will address that.
Um, So in our last episode, Dr. Hardy barons had an interesting comment where he mentioned that identity is a means, but not an end.
Um, I'm curious to know, can your technology be applied beyond biometrics? So what are the potential use cases that are made possible by and on a bit? So not a bit essentially supports, uh, all the use cases across the digit where we call the digital identity life cycle, um, when it comes to, uh, doing KYC, which is exploding right now, um, we, the, the storage of all of that personal data that's being collected through all of these KYC processes, um, you know, where is that going? Where are all those, where is that information being held?
Um, so not a bit, uh, essentially can act as a, um, as a secure identity, um, you know, for managing from, yeah, managing that information, um, and then secure authentication, um, authentication for digital, uh, transactions, um, which there are numerous where we usually think about, uh, banking or, um, or, uh, or healthcare. But, uh, we put you're logging in to every, uh, application that we use today, even, you know, social media and gate. So that means that all of those companies are essentially, um, you know, holding personal information and they too are, um, you know, at risk for a breach.
So any entity, whether it's, uh, something serious as, uh, you know, gaming, I, sorry, I was, uh, as, uh, as banking or as fun as tech talk, um, you know, all of these entities, essentially, you're still managing some kind of personal information and they're trying to authenticate their users so securely authenticating and making sure that people are who they claim to be in a way that doesn't compromise their security, sorry, their, their privacy or their security. Um, so any application for secure authentication, um, uh, it's, it's, it's for sure.
Um, uh, a use case for, for non a bit, interestingly enough, can also be used to store non-blacks or metric, uh, information, um, yeah. Can use the framework to store crypto keys, uh, secrets, private keys for blockchain application, um, master passwords, um, tons of information that is sensitive, that is private, that should be stored in, in, uh, in a vault, so to speak. But the, but the catch here is that we're using the biometric, uh, to allow the person to retrieve it.
So for all those crypto, uh, holders and the audience, you know, that 25% of them that don't remember the password, so their crypto accounts, um, imagine that, you know, your, your information, your, your password could be stored in a, you know, in a decentralized vault, just like your cryptocurrency is. And then you use your biometric, you know, to retrieve that, um, you know, I think that would make those people very, very, very happy that, that they're not letting, although that money, you know, sit and sit in language.
Um, so, so that would be, you know, the third one, and then there are tons of other, um, applications leveraging the platform to send a one-time passwords, to resolve tokens for payments. There are tons and tons of other business services, ongoing KYC or AML, uh, checks, uh, merchant, um, merchant ID applications. So tons and tons of business services that where, where, you know, the blockchain, um, is not applicable for whatever, for whatever reason.
Um, a non a bit provides that, uh, alternative, uh, secure, uh, and privacy first framework for, uh, storing and managing all kinds of personal data. And, you know, finally, I, we, we can't, um, you w we can't leave out what's going on with vaccine passports and healthcare today, which, um, you know, has been, this is an area that, um, you know, has been, um, quite behind.
Um, if I might say in terms of the use of biometrics, uh, we see a lot more in the financial world for obvious reasons. I mean, government and travel applications, uh, but the, the, the state of play with COVID and where we are with issuing vaccine passports and health passports, uh, or, you know, uh, uh, um, I think they're called bio passports that say, like, you know, that you had a negative test really adds an important layer of, uh, of identity management and identity protection in there that that really can't be ignored.
So I think the time is now, uh, you know, for the healthcare industry to apply some of these concepts, um, and, and, and lessons learned from other industries and put them into two, these frameworks for securing, you know, these new credentials and these new digital applications that they have to support. Um, so it's a great opportunity, Right? You earlier mentioned about the privacy by design framework, and I would like you to perhaps double click on this concept.
So to say, could you perhaps explain what exactly do you mean by privacy by design and why is it the need of the hour today? So We see a lot of companies, um, you know, not just IBM, there's many, many companies that are in government, um, you know, that are thinking about how to issue vaccine passports.
Um, and there was a lot of concern, um, on the integrity of the issuing authority. This is a global thing, um, not necessarily what, uh, IBM is doing here, uh, but you know, globally, there's a lot of concerns, both on the integrity, because there's so many different players, private, you know, industry as well as, uh, public.
Uh, so the integrity of the, of the actual, uh, passports and documents that, that are being, um, issued, uh, part much of it is because the, these, uh, at least in the United States, I'll give you the U S perspective, then we can do the global perspective, but, you know, the U S does not have, uh, an identification framework.
A lot of people don't even have ideas, um, not because they don't have access to them, but because they don't want them, or because, uh, it's not a priority for, um, the, we also obviously have a lot of, um, undocumented people in this country that are afraid to step forward to get ideas, but are still, you know, entitled to get, um, a vaccine. So the, in this country, we have a big problem because these are vaccine cards and even the vaccine, uh, applications and passports are not bound to a rooted identity.
We actually don't know when somebody presents these apps or these cards that they're issued to, to that person. Um, and then, and if they are issued to the person who, uh, is claiming, uh, their, their, uh, identity, um, when you go and use them, there was no biometric on them or connect it to them. So we actually don't know if the person is, you know, the bonafide holder.
And to me, this is really just a recipe for a public health and public safety disaster. If we are going to be relying on these documents to reopen society, because I could give you my Excelsior past and, you know, you're, you're going to just flash it and nobody will know, um, you know, I could give you my information to get one, um, and you know, this could be amongst friends, but it could also have, you know, um, real, um, uh, uh, nefarious consequences. So I think we need to really understand just, just like, you know, the, the system of passport, you know, have standards.
And have, we know that if somebody presents a passport, uh, that they've gone through some kind of a, uh, a vetting process per the IKO standard and the PR and the product and the document itself, um, has, uh, is, is secure. And, um, when it comes to, uh, this is just one example, there are other standards that are being, that are being proliferated around vaccine passports. IKO is one, uh, but there are others I'm not picking on.
I'm not here to say one is better than the other, but I think that, you know, th th the one thing that they have in common is that at least outside the U S is that, uh, they could be bound to a rooted identity and you could manage a biometric authentication process, um, if you wanted to. And then, so then, and you can then ask the other question, okay, well, where is all of that information ultimately residing, even if I'm showing a health passport, that means that somebody somewhere still has a registry still has all of this information.
And then we're back to, you know, the privacy by design and decentralizing that, that honeypot of information. So that's what I'm saying, that I, in the healthcare arena, there's a real opportunity, uh, just, you know, to, to really leap frog, uh, a lot of these privacy and usage concerns by decentralizing the registries.
Um, so that there's nothing for anybody. So th th that, you know, won't be stolen or hacked. And obviously we know that, you know, just like biometrics is very, very, very sensitive data, health information. It's also extremely, extremely sensitive, uh, for, for other, you know, for other reasons.
And so decentralizing all of that infant, and we, we have a real opportunity here, um, you know, to decentralize those registers and to ensure the integrity of the system and the credentials, uh, that are being issued as well as to use, uh, use these credentials with secure biometrics in order to ensure that they're used properly.
Um, and if I come across, you know, extra passionate about this, it's because I do feel like, uh, there wasn't a lot of, because we were in the middle of an emergency, um, you know, a lot of things just kind of like, uh, were, were put out there without full thought, uh, as to, as to the implications. But I do believe that there is still time to do this properly, um, and not just, you know, put it out there. There are in the United States.
Um, there are, um, uh, pharmacies, um, there are government agencies, there are nonprofit organizations that are all now in the business of issuing vaccines and vaccine passports. They should be given, you know, standards to follow to ensure that, you know, people really are who they are, who they claim to be, and that these things are not just going to be handed out like hotcakes. So coming back to Anon a bit, um, you know, you mentioned the term decentralized quite a few times, and, um, more often than not the term decentralized is almost always associated with blockchain technology.
Um, so when it comes to decentralized biometrics and anonymous technology, I'm just curious to know, um, did you ever consider a blockchain, uh, during the development often on a bit? So The reason that we developed, um, the reason that we developed a non-event with the structure that we did is that you cannot do, uh, the biometric matching, um, on the blockchain. You will not hear, uh, you know, much about, um, biometric, uh, uh, matching and processes.
Um, on the blockchain, you will hear a lot about, uh, storing credentials, um, on the blockchain or using blockchain pointers to, to the, uh, credential that, you know, that may be somewhere else in the blockchain is, is really like releasing the key to provide the, the access to the credential that is stored in a central honeypot somewhere. Um, but, um, but you will not hear about the actual processing happening, um, on the blockchain, which is what you need, uh, for biometric authentication.
So for us, I wasn't really an option. Um, and there are certainly, you know, other th this is where the multi-party computing and machine learning, and, you know, other other, uh, um, concepts went into, uh, what we, what we, uh, developed zero knowledge proof was, was another one. So we actually took to create our, our, uh, infrastructure. We actually borrowed from multiple frameworks in order to, to make it work for biometrics. Right. And I'm curious to know, um, when is anonymous actually going to be coming in.
So we're, We're actually starting to, to deploy. Um, and it's very interesting. The deployment are in very broad range of, uh, use cases and applications, which supports, you know, what I was saying around, you know, the need for, uh, everywhere for, um, you know, PR protecting privacy and ensuring the integrity of, of interactions.
Um, we are seeing, um, applications for securing passwords, uh, uh, sorry, storing on master passwords, um, in the anonymous infrastructure and using the biometric to invoke it and to, to, to retrieve it. Uh, we see, uh, blockchain applications actually, where, uh, they want to store the private key, um, on our system.
And again, uh, ensure that only the bonafide person is releasing that, that private key crypto application, where they want to, uh, ensure that the, uh, KYC mechanism is bound to the authentication mechanism, because today those processes, uh, are broken, um, access control, uh, applications, where the entities don't want to build huge repositories of visitor database. They just, you know, it's like a hot potato, nobody wants to hold information anymore.
Um, gaming, um, you know, everybody is subject to GDPR and they were afraid of, you know, breaches, um, government agencies that have already experienced their own breach. The gut in the U S you know, we, we were 5 million people are still suffering today from, uh, a breach that happened, you know, five years ago were fingerprints, you know, were stolen.
Um, the fallout is real, and we're seeing a lot of the securing bolts, uh, um, and a lot of these other bolts that, that are being created, you know, people are realizing that you can't a password or even two factor authentication to secure, you know, other like loan documents or things like that. So the applications are, are wide, uh, and we're seeing that as, as we roll out, Right? So in this podcast, we do things differently. Frontier Talk, not just explores the intersection of identity and technology, but also people, the frontier. So actually driving this ecosystem.
Our next segment is called frontier file, where I pose a series of rapid fire questions to our guests on the show. Um, so Francis you roughly have around 30 seconds to expand on any answer you might give today. So I ready for the challenge. I'm ready. Perfect. Let's get started.
Um, what's your mantra in life? So I have a plaque sitting on my desk, uh, and it says life is not about waiting for the storm to pass. It's about dancing in the rain.
And, uh, and this is, uh, essentially what's carried me through, um, and the sun always comes out shining the next day. Great.
Um, what's the best piece of career advice that you ever received? One door opens another, so, you know, but it's up to you to walk through the doorway super Inspiring.
Um, I now want to shift the focus on diversity in tech. Um, in recent times, the tech industry has put some effort in promoting and increasing diversity in the space.
However, such initiatives don't seem to work at least not yet. Um, in your view, should the focus be on equality of outcome or equality of opportunity, equality Of opportunity.
Um, I've done tons of work in the developing world. Um, and I see it actually in my own backyard.
There's, there's a big, um, you know, a lot of debates, um, around, around diversity and opportunity. And ultimately it's not fair to anyone if, uh, you know, if, if you put people that are not set up for success in, in a system that, you know, it is, is going in a different direction.
So, uh, in my mind, we have to set people up for success and that we have to do the foundation and then they will walk through those doors. And finally, what's your advice to anyone listening to this podcast? So my advice, uh, so this is a podcast around, you know, people are interested in, in, uh, AI and blockchain and decentralized identity.
Um, you know, my advice is essentially to look beyond the, the status quo, um, because there there's a lot of things happening in the world of AI and decentralized identity, um, that don't decide to take the trade-offs between privacy and security that we had until now. Um, and so we need to step out of our comfort zone with biometric templates and think about, you know, new frameworks and how to solve problems that, you know, really, really protect our society Francis. It was an absolute pleasure speaking to you today.
This was a fascinating primer on biometrics and on behalf of our audience, I personally would like to thank you for making all of us smarter. Um, I wish you and another bed, the best of luck, and I hope to hear a lot more from you in the coming years. Thank you so much. Thank you, Raj, take care. Hope to talk to you soon. That was Francis. The last name Francis will be speaking at the European identity and cloud conference EIC, and you can get your tickets via the link in the description box below.
Um, I'm also excited to announce that Frontier Talk is now live on Spotify and apple podcasts. So go on and stream it from your favorite platform.
Um, I hope you enjoyed this conversation on all things biometrics. And if you did, please go on and share this with anyone who might find this information useful.
Um, and until next time, this is me, Raj Hegde day, hoping to see you all again on this journey to redefine the eye in identity, stay safe, stay happy. Cheers.
