8+ Biometrics APIs At Your Fingertips Art Anthony April 16, 2019 Looking for a web API to handle fingerprint identification? Let us identify the best ones for you… Until recent years, fingerprints were something that most of us didn’t think about that often. Now, however, they’re something that most smartphone owners use to unlock their devices, complete online banking transactions, and so on. Despite this, with the exception of a few laptop models, fingerprint recognition remains synonymous with mobile devices; it hasn’t yet become a platform-agnostic piece of technology. As we’ll see below, there are changes incoming that will open fingerprint analysis for more use cases, among which are several web-based biometrics APIs that aim to make fingerprint tech even more ubiquitous than it is today. Where Are Biometrics At Now? With the introduction of support for web-based fingerprint and facial recognition by major web browsers, we’ve reached a point where it’s no longer necessary to employ additional software or browser plugins to use biometric authentication. For now, the issue remains one of hardware. Most of the general public don’t currently have access to a laptop or desktop with fingerprint scanners or infrared cameras, hence impeding mass adoption of biometrics. What could change that is the Web Authentication (WebAuthn) standard’s support for the Fast Identity Online (FIDO) Alliance’s Client to Authenticator Protocol (CTAP). That’s a lot of acronyms to digest, but it means, in a nutshell, that service providers can now use smartphones or other external devices in partnership with their computer for biometric authentication. As a result, we’re probably headed down one of two paths: Wider adoption of biometric-based hardware built into laptops and desktops (as we’ve mentioned above, this is already happening with some newer products) Dedicated handheld devices, along the same lines of Amazon Dash Buttons, being used solely for biometric authentication Since we’ve already seen progress toward option 1, it’s tempting to think this is a safer bet. Let’s look at some biometrics APIs on the market today and see if they have anything to offer that proves or disprove that theory. 1. CloudABIS A cloud-based and scalable biometric system, CloudABIS supports fingerprint, finger vein, face, and iris recognition. Customers access the system using either an API or a piece of software called CloudApper, with another piece of software called CloudScanr being used to support readers and allow device activation across any web browser. M2SYS, the creators of CloudABIS, also sell a range of their own fingerprint scanners. Main websiteDocumentation: N/A 2. AimBrain Billing themselves as a BIDaaS (Biometric Identity as a Service) product, AimBrain places their emphasis on security and fraud prevention rather than convenience. It features a suite of authentication modules like AimFace and AimVoice… no prizes for guessing what types of recognition these services enable. They also offer a biometric integration sandbox, with free tools to trial integration/deployment and 1,000 API calls a month. Main websiteDocumentation 3. BioID BioID’s area of expertise is “liveness detection,” which involves differentiation between images and real faces. With a focus on privacy, BioID places significant emphasis on anonymization and staying GDPR compliant. The company keeps biometric data pseudonymized and avoids storing personal information to prevent reverse or re-engineering. BioID’s approach highlights one of the broader issues in this space: by default, biometrics seems to make it more challenging to separate online and offline identity. For example, it “feels” like it would be much easier to identify a secret online persona (represented only by avatars) that uses fingerprint recognition than one protected by passwords. We see from how BioID that this isn’t, or doesn’t have to be, the case. Main websiteDocumentation 4. Biostar Suprema’s Biostar software is billed as a next-generation access control system, with biometric devices installed at each door, that combines IP connectivity with biometric security. It’s a particular use case, but Biostar could also demonstrate an exciting paradigm shift from doors locked with physical keys and terminals locked with passwords to ubiquitous biometrics usage. Main websiteDocumentation: N/A 5. Google Chrome: We’ve already mentioned WebAuthn, and how it works alongside biometrics, above but we wanted to highlight here that big players are already embedding this into their guidelines and authentication processes. Google, for example, added fingerprint support to Chrome at the end of last year. Main websiteDocumentation 6. SecuGen SecuGen’s web API allows its customers to access SecuGen fingerprint readers using JavaScript, so it can be used across most different browsers and doesn’t require any browser plug-ins for end users. Let’s unpack the first portion of that last sentence: we can see that, like M2SYS and CloudABIs, this is an API that’s been developed (at least in part) by a hardware provider to allow for broader use of their products. Main websiteDocumentation 7. W3C Web Authentication WebAuth may be a standard rather than an API or SaaS product, but we raise it here because it now explicitly references biometrics in its guidelines in the following way: 6.2.3. Authentication Factor Capability There are three broad classes of authentication factors that can be used to prove an identity during an authentication ceremony: something you have, something you know and something you are. Examples include a physical key, a password, and a fingerprint, respectively. 8. Nexa|Fingerprint by Aware Similarly to what we saw above with Aimbrain, Nexa|Fingerprint is part of a suite of modalities created by Aware. Others available include Nexa|Face, Nexa|Iris, and Nexa|Voice. Offering both APIs and SDKs, Nexa|Fingerprint provides “high-performance biometric algorithms for multistage fingerprint recognition and identification or rapid, high-volume fingerprint authentication.” Main websiteDocumentation Honorable Mentions Are we missing any web-based biometric APIs? Let us know about your experiences with them in the comments, and we’ll add them here. What’s Next For Biometrics APIs? We’ve outlined some of the uses of biometrics APIs above, but others are lying beneath the surface. When we hear the term “smart home,” most of us probably think of someone asking Alexa to set a timer, put the kettle on or turn the heating down. For some, however, that isn’t an option. People affected by disabilities like mutism and deafness that result in limited speech, whether due to physical inability or active choice because they fear not being understood, would likely struggle with most home automation tools on the market now. Using biometrics instead of speech, such as facial recognition or different fingerprints for different triggers, could make a big difference to those with disabilities. With more than a quarter of a million people suffering from mutism in the US alone, the importance of this shouldn’t be underestimated. It’s early days, but we expect accessibility to be a key factor in the future of biometrics. Final Thoughts Two common threads emerge from our examination of the biometrics products above: Many API providers also create and sell accompanying hardware, i.e., fingerprint readers, in addition to building software Most of the above companies don’t focus just on fingerprints but have a more holistic approach to biometrics We’ll likely see several key acquisitions in the biometrics space as mainstream hardware providers rush to embrace the technology, with others trying to build their proprietary products. Biometrics companies that already have APIs will inevitably be in demand since it means that much of their existing technology is “plug and play” with new products. We’d also expect to see a multi-faceted approach to biometrics being adopted, with multiple types of authentication running concurrently. For example, a laptop might “wake up” from sleep mode with a fingerprint and unlock for use with an iris scan. Once again, it’s plain to see how biometrics APIs, capable of working in harmony with other services, will be extremely important. The biggest takeaway from our research into biometrics APIs is that, though most of us are already getting used to fingerprinting, complex multi-stage biometric authentication is no longer the stuff of science fiction (or Mr. Burns’s security system) anymore. It’s already here. The latest API insights straight to your inbox