The use of mobile devices has become widespread in recent years as a substitute for the laptop when performing multiple daily activities.
Viewing our social networks, sending a WhatsApp or reading the news are activities that we regularly perform from our smartphone. Sometimes we use a native APP. On other occasions, when the use is occasional, we access the web from the cell phone to carry out the corresponding management.
This way of relating to the digital world through our mobile device also extends to cases in which we perform operations that require a higher level of security. For example, since 2017 it has been possible to open a bank account remotely in Spain. It is also possible to rent a car or book a hotel room.
More and more processes require incorporating an identity verification process, with which we can guarantee that the person behind the screen is who they say they are. These processes usually incorporate multiple Artificial Intelligence algorithms to verify the authenticity of the person’s identity document, as well as to carry out a biometric comparison to ensure that the person executing the process is the same person who appears on the document. Not to mention the proof-of-life technologies used to ensure that the identity is not impersonated.
Security in the backend or front end?
Veridas, as a manufacturer of biometric identity solutions, must decide where these algorithms are implemented: should they be run on the user’s own mobile device (front end), or is it more appropriate to run them on a server (back end)?
This question has a high impact on the security of the processes and even on the end-user experience.
Although there are different types of implementations among manufacturers of biometric technologies, at Veridas we bet on the processing of security algorithms in the backend. And we do so for these 5 reasons:
The 5 keys to betting on the backend.
- Unbiased security
At Veridas we understand that the execution of any security process must be carried out in an environment (i.e., on a machine) that is controlled (i.e., secured) by us. This is only possible when the execution of algorithms is performed on the backend.
The execution of algorithms on the front end is much more exposed to attacks, such as rooting the mobile device, which allow the attacker to make changes to some predefined settings of the device. Through this control, an attacker can modify the result of a processing run on the front end, thus enabling spoofing.
While it is true that the implementation of algorithms on the front end allows taking advantage of the resources of each mobile device, the deployment of algorithms on the backend allows achieving omnichannel in a very efficient way.
When we talk about omnichannel we mean that the deployment of the same algorithm in the backend can serve processes executed in different channels. The 3 main channels are the web channel, native iOS APPs and native Android APPs.In other words, deploying algorithms in the backend allows the same technology to be used for all channels.
Veridas develops identity technologies and solutions where security is the fundamental motivation. Biometric technologies, based on Artificial Intelligence, evolve continuously and at high speed.
For this reason, it is essential that customers and end users always use the latest versions of the technology. In short, it is essential that they are up to date.
By deploying security algorithms on the backend, customers and users have to do absolutely nothing to enjoy the benefits of these updates. This is not the case where identity solutions are processed on the front end, as they usually require an update of the mobile APPs, both by the company that owns the APP and by the user.
Ultimately, processing algorithms on the backend allows for reduced time to market for security-enhancing algorithms and technologies.
4. Unbiased security
Implementing security algorithms on the front end makes security dependent on the mobile device itself. The processing of an algorithm depends on the device’s CPU and available memory, among other things. The better the performance of the device, the better the algorithm processing speed. Or even, the greater the capacity to process an algorithm with higher computational requirements on the front end.
At Veridas, we believe that security in the digital world is a universal right, which cannot depend on the user having a high-end mobile device. Any person, anywhere in the world, and with any mobile device, should be able to verify their identity with the same level of security as those who have the latest generation of smartphones.
For that reason, and to avoid bias, backend algorithm processing allows security to be the same for everyone, regardless of the mobile device used.
Finally, it is important to note that running algorithms on the backend makes the process easier to audit if necessary. If the security decision (is or is not the claimed identity) is executed on the backend, there can be a record that this operation was performed. This is not the case when security processes are performed on the front end, especially when they are performed without an Internet connection.
The importance of the Front end
The points made above do not imply that all processing related to identity and biometrics must be performed on the back end. There are some types of processing, not related to security, whose execution on the front end is highly recommended.
We refer to those algorithms that have to do with improving the user experience in the capture process. For example, automatically detecting an identity document, classifying the type of document, detecting a face, guiding the user so that the positioning of the document and the face are appropriate, etc.
The processing of such algorithms at the front end does not pose a risk from a security point of view, as they do not have a direct impact on the decision making about the identity of the person.
In short, it is essential to establish a clear policy on where to run biometric algorithms, especially those that have to do with security. At Veridas we are clearly committed to the execution of security processes in the back end, as we understand that it is a more secure and less vulnerable environment than the front end.