The popularity of technologies like the self-driving car and Amazon Echo are rising; it’s not hard to imagine a world where your coffee maker knows when to summon your morning Uber to work, and it arrives with groceries and laundry detergent, ordered directly by your refrigerator and washing machine, as they have recognized that they were low on supplies.
This future will be powered by a set of inanimate objects connected through an emerging network known as the Internet of Things. However, just as the security around the transfer of data between humans and companies is required to safeguard humans from identity theft, the same will be required for objects within the Internet of Things.
Identity protection is an emerging area for the The Internet of Things. Millions of inexpensive consumer devices ship with a default username and password, but some of them end up in your house. Last winter a piece of software called Mirai herded hundreds of thousands of home routers and cameras into the most potent botnet ever, which then generated the first terabit scale distributed denial of service ever seen.
What if there were a solution that permitted companies to reliably identify their customer’s devices without putting them in the position of holding customer data? What if there were a way to ensure IoT devices only accepted configuration from their legitimate owners? I talked to HYPR CEO George Avetisov about their biometrics and UniquID CEO Stefano Pepe about their device identity work to get a better feel for how blockchains will be used to solve these problems.
The service HYPR provides is a framework for passwordless authentication via biometric encryption. They don’t develop biometric devices, the focus of their innovation is creating a distributed, secured system based on existing, tested technology.
We’ve covered the concept of cryptographic fingerprints here previously. Any digital item can be subject to some sort of cryptographic hash, then the hash can be used to check the validity of a digital item without the validator needing to have a copy. As an example, your phone’s fingerprint reader does something involving a scan and a company that has access to a hash of your fingerprint’s digital representation can validate you, but they don’t have the ability to impersonate you.