Behavioural Biometry anyone? How your voice or signature could fend off a dangerous cyber attack

How many of you have anti-malware protection installed on your smartphones? I’ll bet it’s less than one in 10. I didn’t, until a year-and-a-half ago upon the prompting of a buddy who also happens to be a globally recognised cyber security pro. Don’t take my word for it – this MIT article (‘How Malware Can Track your Smartphone without Using Location Data’) will convince you of the reasons why you need it within the first three paragraphs! Add the fact that Android remains the world’s operating system of choice (85%+ market share), the bulk of Android players focus on the sub-US$200 space (IDC Research)and it’s open source… that’s a lot of exposure.

We are now – by and large – an eclectic population of digital natives, often typing away furiously on our multiple devices… connecting, learning, shopping, thriving online. In turn, the pervasive nature of digital technologies also means ‘online’ is also a mechanism and enabler, helping us navigate our far more important offline, day-to-day worlds.

And this, folks comes with a heady warning. Protect your online identity or you could be facing unpleasant repercussions in real life. Fraud, misrepresentation, exposure of personal conversations are just three of the distressing situations we could find ourselves in.

The majority of security breaches involve an attack on people’s identities, and pre-empting these is vital. Naturally, individuals that get targeted then run the risk of exposing their companies (be it their own businesses or an employer) to attacks, particularly as more of us use our personal devices for work email. Bring your own device could lead to you unwittingly bring your own downfall. Terribly jokes aside, here’s a snapshot from a PwC report that investigated average cost implications for UK organisations for 2014 stemming from this (the report is here).


We urgently need to boost digital confidence and tackle identity theft in a proactive versus reactive way. I mean, do you really want to sit up and take notice after you’ve been hacked rather than doing all you could to prevent your information from being compromised in the first place? My vote is for the latter.

And this is precisely why I started researching ‘behavioural biometry’. In palatable form, this means:

  • Using something you are such as your voice, fingerprint or signature
  • Something you have, such as your electronic-ID or your mobile phone And finally…
  • Something you know, such as your user name, password or PIN
  • virtual-identity-69996_640

I was scouring the market for a clever offering that combined these components, and surfaced with two nifty tools I wanted to explore further – SmartID and SealSign from security outfit ElevenPaths. Incidentally, I had featured one of their team in a Digital Futures episode last year, together with a cyber forensics genius and specialist author (the video is below if you want to hear from them first hand)

Rolled out earlier this month at the buzzy Mobile World Congress symposium in Barcelona today, I demoed both solutions in a little ‘tech test drive’.
The verdict? I came away thinking these were very credible tools that would do a robust job in protecting both your personal digital identity and wider business activities using advanced e-signature and biometric authentication technology.

The two products incorporate what is known as “strong authentication”, based on biometry, into the identity solution.

SmartID allows for more secure user authentication when accessing applications and physical equipment, by combining different elements such as smart cards, RFID/NFC devices and biometric fingerprint recognition.

SealSign is an electronic document-signing platform for companies, compatible with digital certificates, biometric systems, One-time Password (OTP) systems and the long-term storage of signed documents. The solution is based on behavioural biometry, such as a user’s voice or signature. Last year, I tried out Latch, ElevenPaths’ fantastic “digital padlock” service which cleverly minimises the exposure time of personal data. Turns out SealSign is compatible with it – very helpful!

Biometric recognition coupled with electronic signatures allows user payments, among other things, to be protected, permits access to sensitive information to be safeguarded, and also enables electronic document signing to be secure.

Given our identity and privacy are exposed to continual threats every second, we’ve got to create a secure digital ecosystem which allows you, the user, to retain control of your personal data and safeguard your privacy in a time-critical way.



Identity theft in the authentication process could be dramatically minimised in scenarios like accessing an e-commerce website, logging into your personal or work email account or even when passing through security control at an airport. Keep mobile security top of mind folks.

Images from | Flickr , Jisc


The Future is invisible

It is 2015, and flying cars are nowhere. Self-adjustable jackets and shoes, hover boards, jetpacks, spaceships, etc. There is nothing of these things around,...