This post is also available in: heעברית (Hebrew)

Biometrics and IoT (Internet of Things) technologies represent a symbiotic match that together will drive further IoT adoption, according to evaluation.

The IoT market proliferates, connecting more and more homes, cars and various devices, while the potential security risks and attack vectors are also on the grow.

At the same time, biometric technology is being adopted at a fast rate, with analysts estimating the biometrics market will reach $30 billion by 2021. Analysts also predict a revenue shift alongside this growth, with biometrics to veer away from the governmental sector and migrate to the consumer and financial services sectors. To name just a few examples, Apple’s newly-introduced Macbook Pro includes Touch ID, and Mastercard recently launched selfie-pay.

Deploying IoT security requires a solution that relies on the strongest authentication. While passwords and PINs are easily forgotten or guessed, or can easily be stolen and misused, biometric authentication seems like a good alternative.

However, biometric authentication also brings in another major concern for companies: protecting that biometric data from hackers. Cavalier use of biometric data is even riskier than the way passwords or credit card numbers already occurs. You can replace those numbers, have your bank cancel compromised accounts and open new ones, but you can’t get a new fingerprint or change your retinal scan.

According to, a central repository of the biometric data can be target for malicious activity. Alternatively, in a decentralized system, no two persons’ biometric data is stored in the same place. Users can authorize transactions and permissions via mobile, on-device, across the IoT without exposing sensitive data to the Internet.

With biometric tokenization, the actual fingerprint or other biometric data is translated into a meaningless rendering that can be safely stored on a user’s mobile device. When needed, a cryptographic challenge-response function allows a verifier to be drawn from the biometric and sent via cloud or Bluetooth to activate the log-in, vehicle start, or any other function the mobile app is designed to perform.

While biometric tokenization may not solve all IoT security problems, it can complement the IoT especially since, absent passwords, it offers the seamless user experience that IoT adoption requires, when implemented properly and with the aforementioned redundant safeguards in place.

Various security solutions for the Internet of Things network will be presented at the forthcoming iHLS conference on IoT on November 23, 2016, along side the applications within the framework of the Safe City.

For further details