Truuth awarded Australian Government Grant
Truuth is pleased to announce that we’ve been awarded $992k from the Australian Government’s Accelerating Commercialisation Grant program. The project will focus on the commercialisation of truuth biopass, our multi-biometric authentication service. One of the key objectives of the project is to build greater cyber maturity and resilience in industry and communities and develop a robust security culture through the removal of insecure passwords.
Truuth biopass is a multi-biometric authentication platform that enables organizations to remove dependence on insecure passwords. Users can employ any combination of biometrics (face, voice, fingerprint) to authenticate themselves for any online interaction, rather than relying on a myriad of passwords. The security issues with passwords are well document with more than 80% of data breaches resulting from weak or stolen passwords. And the user experience issues are felt by all of us on a daily basis.
Biopass has several novel features that deliver a step-change in authentication security and user experience:
- Integration with FIDO – global technology companies have adopted the FIDO standard to enable use of biometrics to replace passwords. Biopass delivers a FIDO compliant solution but also enables enterprises to adopt a cloud-based biometric solution which delivers higher levels of confidence for high-risk scenarios as the biometrics have a strong linkage to the identity proofing of the user;
- Strong linkage to identity proofing – a potential issue with device-based biometrics is that multiple users can enrol their biometrics on a single device. As a result, these solutions cannot guarantee the identity of the human behind the device. Biopass solves this potential weakness by creating a ’singleton’ that uniquely identifies each user during the authentication process based on biometrics that are linked to a rigorous identity proofing process, rather than simply authenticating a device;
- Adaptive authentication – a potential issue with device-based biometrics is that they are a single factor and they’re based on a ‘point in time’ enrolment. Biopass addresses this potential weakness by dynamically updating biometric characteristics through time as the features of user’s face and voice change. Adaptive authentication improves accuracy each time a user authenticates by learning more about the user’s biometrics and dynamically updating the user biometric vectors for future authentication;
- ‘Step up’ authentication for high-risk scenarios – to build a robust and resilient security culture, enterprises recognise that different authentication use cases have different risk profiles and they need different treatments. Existing authentication solutions are limited when it comes to offering different treatments – typically, a user authenticates with a 4-6 digit one-time PIN (OTP) for high risk scenarios. However, OTP authentication is not as secure as the other options like authenticator apps. Authenticator apps provide a greater level of security since they are linked to the device and not the SIM. This approach eliminates the SIM-jacking and SIM-swapping vulnerability but it’s still only proof of device possession. Biopass adds multiple biometrics to the authenticator app to enable ‘step up’ to a higher level of authentication confidence by proving the identity of the user behind the device;
- Seamless account recovery – in addition to FIDO-based authentication, biopass also has the option of employing cloud-based biometrics to enable a device-agnostic authentication service. One of the great benefits of this solution is that users are not stranded if they lose an authentication device. For example, if a user loses their mobile phone, they can use their face and/or voice to authenticate on any registered device rather than go through a costly and time-consuming process of account recovery. If all registered devices are lost the user can prove their identity and reset their biometric authentication credentials by completing a fully digital KYC process in less than 3 minutes.
Biopass has a wide range of commercial applications. Through the project we will be collaborating with enterprises in finance, retail, and recruitment to demonstrate the commercial value of improved authentication security and ease of use. Our enterprise collaborators have identified the following high priority use cases:
- Onboarding employees and customers with 99.999% VOI confidence
- Access to high security buildings (e.g. network operations centre)
- Securing sensitive personal data in an encrypted vault (eg. medical information)
- Passwordless access to bank accounts’
- Dynamic authentication of financial payments > $1000 to comply with AML/CTF obligations
- Signing legal documents that require proof of ‘chain of custody’
- Access to sensitive enterprise repositories (e.g. PII data, classified data)
- Authentication for user account changes
- Seamless account recovery (eg. Lost device, forgotten password)
- Securing remote admin accounts to mitigate risk of ransomware
The biopass commercialisation project will run for the next 12 months and we’re keen to collaborate with any organisation that needs improved authentication security and ease of use. We’re passionate about helping organisations embrace a passwordless future. So sign up for a free trial of truuth biopass and experience the future of authentication.