Biowatch – Secure Your Assets With Vein Recognition
Biowatch is a startup company that's all about securing your personal assets without compromising your convenience. Using a tiny device that attaches to your watch strip and recognizes your vein pattern, you could exempt yourself from ever having to enter a password again, and that's only the beginning. With the rapid emerging of IoT into our lives, Biowatch could be protecting your car, computer, bank account and even your entire home. We spoke with CEO Matthias Vanoni to learn how it works. Share
What is the background behind Biowatch?
It all started in 1985 when my co-founder Joseph Rice invented vein recognition technology. It was a new biometric recognition method, which, similar to fingerprint bio-metrics, could recognize people by the unique shape of their veins.
Rice was patenting this new biometric and within this patent, he described the concept of a biometric watch, which validates biometric activation upon recognition of a unique wrist vein pattern. As soon as the watch is taken off the user’s wrist, all its functions are immediately deactivated.
A year after I started studying vein biometrics for my PhD in Switzerland, I came across Rice’s patent. When I discovered the concept of a biometric watch (aka Biowatch ), I decided to call Joe, who told me he was looking for a young person who could turn this concept into a viable product. Eventually I decided to quit my PhD and launch a company with Joe as a co-founder.
So what is Biowatch exactly?
We are talking about a biometric watch that is only active when worn by the user. It has a miniature camera that is so small it fits within the watch strap. We had some challenges taking images of the veins when the watch is on the wrist. Eventually we developed a solution whereby the image is taken just before the watch is placed on the skin, allowing the full array of veins to be recognized. From there onwards the watch is kept activated by the proximity of the wearer’s wrist, and will only deactivate when taken off.
Given this concept, you can further use this trusted device to authenticate anywhere. You don’t have to actively authenticate by entering passwords or showing your fingerprint; the watch is trusted and can authenticate on your behalf, and only you can activate it.
Public or private keys can be stored inside the watch but also make a full encryption-decryption solution. The passwords can be stronger because you don’t have to remember them, and they are changed regularly so you get more security and more convenience.
Biowatch can also be used as a second factor authentication- just having your watch on. You will not be asked to receive an SMS, enter the code and all that hassle; It’s a real solution for password-free life.
The Biowatch buckle has been redesigned to host a modular vein reader that is so small you won’t even see it after closing the buckle. This vein reader can be attached to a Swiss watch, apple watch or whatever other watch you’re using.
How do you connect Biowatch to other components, like a car, a file system or a payment card?
We are currently developing the hardware part of the product but will very soon expose an open API to 3rd parties so they can develop compatible use-cases. Quite like TouchID for iPhone. This said, we are also developing use-cases by ourselves or in partnership with clients so the device or service you will want to pair with your Biowatch will be natively Biowatch ready.
What happens if a Biowatch is lost, stolen or hacked?
Firstly, if your Biowatch is stolen physically, you can be quite sure that it will stay safe because it is based on your vein pattern. It’s not something that is easy to access. There is no database with your vein patterns that can be leveraged for attacking the device with, and making a fake wrist is very difficult due to the pulsating/living aspect of the biometrics.
Independently from the biometrics layer, hacking the hardware means hacking a Secure Element with military grade protection. This is where all user credentials like passwords, cryptographic keys, or credit cards are stored.
Who is your typical client?
Our primary target audience is corporate clients, as they can benefit greatly from the convenience and security of our device by fusing both badges and passwords. There’s a rising demand for cyber security solutions which are easy to access and deploy. Also, it’s a nice opportunity for us to make them love the product so much that they will want their end-users to benefit from such a device too, building compatibility with their own use-cases, like e-banking access, payments, or car keys.
Much criticism has been laid on Biometric ID’s being a government’s way of “spying” on their citizens. What are you views on that?
There’s a huge problem with biometrics mainly due to the way it is done nowadays. It is all about given up your biometric data this and there, from governments’ database, to your employer, retailers and even the world with your face, iris and voice spread on the internet. It raises concerns about privacy, and it comes with more and more constraints to corporates when dealing with biometric data of employees or end-users.
Biowatch is different because we do not store or ask to store a database of biometric templates. The biometric data are stored locally in the wearable and never exchanged to the exterior. It is all about standard authentication protocols when it comes to interact with card readers, laptop, websites and connected objects.
Anything else you would like vpnMentor readers to know about?
Yes! Biowatch isn’t currently on the market, but we are ready and looking for investors to industrialize our prototypes. We’re also open for IT experts to give Biowatch a try and get familiarized with the concept.