For Authentication’s Next Act: Tapping Into Your Digital Fingerprint

Thanks to fingerprint-scanning smartphones, consumers have grown accustomed to using physical biometrics to authenticate their identity. But, in the hot-off-the-presses PYMNTS Digital Identity Tracker™, powered by Socure, Paul Miller, CEO of security technology company mSIGNIA, says that there’s a way to take data from those same devices to create a digital biometric that could authenticate consumers — more reliably. Find that, plus headlines and rankings of 126 digital identity players, inside the new Digital Identity Tracker™.

How does one iPhone differ from another? It’s the information stored inside of it — the user’s contacts, playlists, videos, favorite apps and a million other bits and bytes of information that truly distinguish his or her digital fingerprint.

The digital fingerprint, as it turns out, may be just as useful as a physical one when it comes to identifying and authenticating individual consumers. That’s the idea behind a series of recent patents from biometrics security firm mSIGNIA, which is applying machine learning to digital biometrics for authentication and security.

Much like traditional biometric indicators such as fingerprints, iris scans and others, mobile devices contain troves of information on consumers, ranging from the places they frequent to their favorite mobile apps. It’s all data that could help authenticate users and transactions, says mSIGNIA CEO Paul Miller.

“All the data that separates one person’s digital fingerprint from another’s allows us to identify those users,” Miller explained. “The user doesn’t need to submit a fingerprint or anything like that. Their data and the way their data changes, that’s what allows mSIGNIA to authenticate that user individually from any other user on the planet.”

PYMNTS recently caught up with Miller to discuss the patents, how the company plans to apply them and how it intends to keep all that data safe.

Using data inside devices to ID users

Mobile devices have become omnipresent, and consumers are spending more time on them than ever. In 2016, an average American spent nearly three hours every day on his or her mobile phone, according to a recent comScore report.

And, as using mobile devices has become second nature to consumers, devices have become clever at tracking and understanding how their owners communicate, as well as their taste in music, TV and movies and where they live and work, among other things.

But while devices have become smarter at storing and tracking data, it’s not really about the device itself, Miller said. That means the digital biometric information can be used for years, even after a user changes devices.

“All that data really represents the user, not the device, because obviously, it’s the user that puts all that data on there,” Miller said. “It’s not a device fingerprint, because when you get a new mobile device, all that data goes onto the new device. So this data can be used and added to over a longer period of time, for a consumer’s entire digital lifetime.”

To utilize the troves of information collected on mobile devices, mSIGNIA is building out a new software that employs machine learning to mine user data and authenticate their identities, Miller said. The machine learning capabilities of the software, he added, will allow it to recognize and learn changing human behavior and understand users’ interactions with devices.

“A person isn’t static — they aren’t a piece of hardware that’s going to act the same way all the time without ever changing,” he explained. “That’s where our machine learning and AI algorithms come in.”

Keeping data safe  

Storing and processing private data comes with its own set of risks, of course. The data is, after all, a gold mine for hackers and other bad actors.

To combat them, the mSIGNIA software anonymizes user data — after seeking permission from a device owner — to ensure it cannot be associated with any one person, Miller explained. He added the company’s software doesn’t collect particularly private information such as the content of emails, text messages and contact lists. Additionally, the software is PCI compliant for added security.

The software instead collects data on the number of calls, messages and contacts stored inside a mobile device’s memory. This gives the software a window into user habits, such as how often they typically make a call or send messages, without giving fraudsters an opportunity to eavesdrop on the conversations inside them.

“We want to get more of a general idea of where you are or how many contacts you have, because just that can tell us a lot about you, and without the risk of exposing the data that people most want to keep secret,” Miller said.

From a patent to the real world

According to Miller, the company has been working to bring the technology from theoretical to real-world use cases since securing the latest patent for its digital biometric technology earlier this summer.

For now, some of the most apparent real-world applications for the digital biometric technology involve frequent and faster access to data for financial service and healthcare providers.

Miller, however, foresees its application expanding to a host of other industries.

“Really, authentication is such a horizontal plane, it can have a lot of varied use cases,” he said. “Anyone that needs to be authenticated as part of their day-to-day operations can get a lot of use out of this kind of technology.”

To download the August edition of the Digital Identity Tracker™, powered by Socure, please fill out the form below.

    First Name*

    Last Name*

    Title*

    Company*

    Work Email*

    The PYMNTS.com Digital Identity Tracker™, powered by Socure, is a forum for framing and addressing key issues and trends facing the entities charged with efficiently and securely identifying and granting permission to individuals to access, purchase, transact or otherwise confirm their identity.