BOPS biometrics genesis identity authentication

What Is BOPS?

If you don’t know what BOPS is you should. Why? Well, do these headlines look familiar?

With cyber breaches almost a daily occurrence, it’s clear that the old ways of protecting data simply aren’t working. Usernames and passwords, tokens and PINs, aren’t enough to stop today’s attackers. These range from nation-state level hacking squads to thousand-strong hacking teams run by criminal cartels. They’re the ones breaking into corporations and government agencies; the ones getting into infosec companies trying to reverse engineer how they reverse engineer viruses.

For the industries most heavily affected by these types of hackers – finance, healthcare, government – there must be a better way to protect and control data access, without hindering productivity and usability.

And there is.

It’s called BOPS.

What Does BOPS Mean?

It stands for Biometric Open Protocol Standard, an IEEE standard that’s the framework for a software-based system for identity assertion. This means it can tell you not just when someone logs into a system, but from where and, most importantly, if that person is who they say they are.

BOPS is a secure data access solution that provides legal non-repudiation – the who, when, and where of every digital transaction, whether it’s a credit card transaction, email, data download, or even physical access to a building.

A BOPS-based authentication solution is the gateway that access requests pass through, guarding your servers without actually looking at them, like a bouncer in a bar. Don’t have the right credentials? You get tossed out before you’re even in.

This is a huge improvement over most identity assertion solutions which only authenticate a device, be it a token or a smartphone. What a BOPS-based system does is authenticate who you are, the human being holding the device. This is because BOPS is the only protocol that specifies the use of an end-to-end system for authentication.

How BOPS Works

What sets BOPS apart is how it handles securing biometric data and the way it establishes communication with the server. Unlike other biometric back-end solutions, a BOPS-based system does this in two ways: First, by ensuring data communication security through 571 ECC (military-grade) encryption and two-way SSL/TLS communication security. Second, by actually breaking up biometric vectors into pieces, so the full data set never resides in a single place.

Breaking Up Vectors

The IEEE 2410 standard was developed to protect the storage and matching of biometrics.  To this end, the BOPS protocol ensures no complete client information is stored in a single location. When enterprise deploys a BOPS-based solution for biometric authentication, a unique client certificate is created during each user’s initial registration. During enrollment, the biometric image is encrypted using visual cryptography, which breaks it into two separate pieces. One piece is sent to the server, while the other stays on the device. This drastically reduces the risk of a hacker getting a complete biometric vector.

To infiltrate a company’s BOPS-compliant server, a hacker would have to have access to a person’s smartphone as well. Then they would have to find the matching certificate on the server for that specific device. And even then, they would have to defeat the military-grade encryption used to figure out which certificate connects to which device. According to Will Lumpkins of L-3 and IEEE, it would take a dedicated team of expert hackers more than three months to break into a BOPS-based server, and even then they would need a supercomputer to do it.

BOPS Is So Much More

IEEE 2410 BOPS provides something unique in high-quality data access, something no other solution does: An end-to-end authentication infrastructure securing biometric systems through breaking up information – what’s referred to as distributed data. No other system provides this level of security and biometric vector obfuscation to eliminate the risk of hackers gaining access to a user’s biometrics while remaining convenient to use.


Share This Post

Share on facebook
Share on linkedin
Share on twitter
Share on email

The Largest Internet Company in Mexico Taps Tec360 and Veridium for Trusted Phishing Resistant Passwordless Authentication and to secure Okta SSO A top provider of


Veridium The True Passwordless Enterprise

Veridium The True Password-less Enterprise In February 2017 when I joined Veridium as CPO, I recognised and appreciated one of the biggest challenges for Enterprise