Veridium Develops World-Class Biometric Federated Authenticator for WSO2 Identity Server
- WSO2 Team
- 13 Jan, 2019
Founded in 2016, Veridium is a provider of identity and access management software with a focus on biometrics. As a company, Veridium has essentially one goal: to protect organizations by reducing or eliminating identity as a major threat. It does this by replacing vulnerable passwords and tokens with biometric authentication. In other words, Veridium replaces what you know (passwords) and what you have (tokens) with what you are – your biometrics.
The Ascendency of Biometrics
Biometrics are fast replacing passwords and tokens as the go-to authentication method used by organizations looking to increase security and reduce fraud. This strategy is backed by research. According to a recent report by Verizon, 63 percent of data breaches could have been stopped if an alternative to passwords had been in place.
Veridium is at the forefront of the development of innovative biometrics-based platforms and has a global customer base representing a wide range of sectors including financial services, healthcare, government, and law enforcement all of whom have put their trust in Veridium’s password-free, single-step, frictionless biometric login.
Veridium offers its customers three flagship products: VeridiumID, VeridiumAD and 4 Fingers TouchlessID. VeridiumID is a server-side protocol for biometric authentication that works with a user’s smartphone. It is easily installed within a customer’s network and can provide authentication to enterprise applications, websites and even doors. VeridiumAD is an enterprise-ready solution that increases the security and convenience of Microsoft Active Directory access by replacing passwords with biometric authentication. Finally, Veridium’s trademarked 4 Fingers TouchlessID is an innovative new biometric that captures four prints simultaneously, providing unprecedented levels of security.
Effortless Integration of Veridium’s Biometrics with WSO2 Identity Server
Knowing that WSO2 Identity Server accommodated several different biometric configurations including primary authentication, 2FA, MFA or escalated transactions, Veridium first approached WSO2 to see how WSO2 Identity Server could enhance Veridium’s product offerings. John Callahan, Veridium’s Chief Technology Officer, was astounded by the ease by which his company was able to integrate with WSO2 Identity Server. Calling the integration, “one of the simplest things,” John said it took a single developer less than a month to create and execute the federated authenticator.
The result of the integration is the Veridium Authenticator (VA), a biometric authenticator developed to work with WSO2 Identity Server. The VA is IEEE 2410-2017 certified and provides biometric SSO capabilities for most iOS and Android devices using facial, voice and its proprietary 4Fingers™ recognition. VA comes with a vanilla app that is available for iOS and Android. It can also be embedded in customers’ existing apps via their software development kit. By securely linking users and their devices to their digital identities, Veridium’s innovative software-only MFA solution allows for improved and enhanced authentication.
Speaking about the collaboration between Veridium and WSO2 Identity Server, John says that “they just go well together.” Because the two companies share a common vision for the future where single sign-on (SSO) is either through SAML or Open ID Connect (OIDC) and there is movement towards API development, it is no surprise to him that the companies’ product offerings are in perfect alignment.
User-centric Biometric Authentication
The VA offers two types of single sign-on: QR-code and push notification. Both sign-on methods are part of the Biometric Open Protocol Standard (BOPS), the only protocol that specifies the use of an end-to-end system for authentication. In QR mode, a time-sensitive QR code is generated which the user scans and is then prompted for one or more biometric authenticators on their mobile phone. In push mode, the service provider (SP) redirection includes identity information for sending a push notification to the user's mobile phone where they are then asked for biometric authentication. Successful authentication (for both sign-on methods), results in authorization via SAML or OIDC redirection back to the SP.
Identity and access management (IAM) is an evolving space. Callahan predicts an ascendency in biometrics as, in his words, “devices get scarily good at knowing it is you, and your device and [that] you are the one authenticating.” As the volume and intensity of cyber attacks increases, developers have to be more innovative and agile in their approach to authentication in order to provide their customers with the best protection. The collaboration between Veridium and WSO2 Identity Server in the form of the Veridium Authenticator is a perfect example of the type of forward-thinking, adaptive authentication that will characterize the identity landscape of the future.
Watch John's presentation to learn more about how Veridium and WSO2 worked together.
Everything you need to know about WSO2 Identity Server is here.