There is a tendency of new approaches in the IT-space appearing, aimed to protect users’ private data from hackers. As a security aspect must be balanced with usability and speed, it is a good move to choose biometry as an authentication method (we mentioned the benefits here). Technology, previously used in the institutions of government security level, is now adopted worldwide by manufacturers of mobile devices. Users are interested in such solutions, as they provide a secure and convenient way to access services (from a simple phone unlock to signing a transaction in a crypto wallet). Some people even implant NFC chips under their skin to avoid storing private keys and have access to their bitcoins “by their hand”. However, there are less radical ways to achieve the same goals.
But there is a problem with such data leaks. We have discussed the inability of IT-giants to store biometric data privately, as it’s a very sensitive subject. Let’s explore the Spatium vision — not to store biometrics at all.
As has been said, we create security solutions for safe and convenient funds management, based on SMPC technology and open-source approach. In our system, there are two types of devices:
- Wallet Device. Manages funds and initiates transactions with Secret A. The following solutions can act as Wallet device: desktop, phone, browser extension.
- Confirmation Device. Confirms transactions with Secret B (the number of parties storing a secret can be unlimited, but right now we will focus on two entities). Can be in next forms: personal device (Phone, Watches), Virtual Device (a professional security provider on your choice which guarantees the protection of institutional level), Biometric Wallet (generates secret from biometry with every use).
These devices have one in common — The secret is in You.
As we pointed out before, the wallet uses two secrets: one on the Wallet Device and the other on the Confirmation Device. Let’s explore how biometric backup for the Wallet Device works. Secret A is generated randomly on the Wallet Device of the user (all process takes place locally). Then Spatium Software Wallet App creates a neural network and sets its parameters so that it could convert face data to that secret. Parameters of the neural network are not sensitive data and are stored in bond to users’ email in a cloud. If the user for any reason loses access to his phone, he can install Spatium Wallet App on the new phone. All what he needs to access his account is to download the app, enter the email used for registration, and generate his secret again with the parameters of the neural network. Spatium uses advanced liveness technologies, which can define a real face from a photo, video or mask. During the secret restoring to pass the challenges, users must show specific emotions, look a specific direction, etc. All this happens locally. Now you will never lose your secret.
Important: for the one secret several neural networks can be configured, able to generate it from several faces. It can be useful in case of death of the funds owner/he is got in jail or lost, to provide his family with access to the funds after one year of the account inactivity.
Raising the bar
Users can use Biometric Wallet in the role of confirmation device for additional security with maximum convenience. Biometric Wallet is a hardware device in the shape of a debit card with the fingerprint sensor and the display. The display shows users’ portfolio and information about transactions signing. Wallet Device and Spatium Biometric Wallet can be connected via Bluetooth or another wireless standard. Biometric Wallet generates the confirmation secret from the fingerprint (or set of them) during each use.
No images of fingerprints are ever stored on such a device.
If the Biometric Wallet is lost, the user can buy a new one (or borrow it from a friend), generate his secret from the finger, and also get access.
Malicious actors potentially can make a copy of a user’s fingerprints left somewhere (elevator, cafe, car, etc.) but this won’t give them the ability to perform any action with funds, because they will need to compromise the rest of SMPC parties with secrets, and the customer can pre-program a sequence of 2 or more fingerprints for that case.
Be the key to your story
The biometric data not only can — it must be managed most securely, without sacrificing usability. We believe that the combination of SMPC technology with an open-source approach is a way to achieve that. And that’s why we delegate the full control over the funds to you.
In the next article, we will present to you our solution that solves one of the oldest problems of the crypto industry — the choice between high security level of funds and the access to big trading volumes. Keep an eye on our updates.
Spatium develops solutions to store and manage digital assets powered by SMPC and biometry. In our technology, the private key is replaced with the encrypted set of secrets, stored on behalf of funds owner’s devices, individuals and institutions, chosen by him. Even if some of the parties are compromised — funds will stay safe. Such an approach dramatically decreases the risk of theft and provides a previously unavailable level of flexibility and unique benefits for everyone on the market: no single point of failure, easy recovery, no need in backups, blockchain agnostic, access levels differentiation, instant crypto/crypto and crypto/fiat exchange, fully compliant solution, support of dApps and DeFi services, etc.