Real Time Communications Featured Article

WebRTC-based Identify Authentication May Be Easier than Remembering Your Second Grade Teacher's Name

March 14, 2016

Think about the last time you stood in line for something official: at a bank, to open an account or to get something notarized. At the DMV to renew your driver’s license. Perhaps you waited while sitting, at the doctor’s office, for example, or to get your taxes done. Why were you there? For the pleasure of waiting in line?

Nobody likes waiting in line, but often it’s necessary simply so you can be present to demonstrate that you are who you say you are. Face-to-face meeting is still the most fundamental way to engage in real-time communications. But is it really the most convenient and cost-effective? Can’t we let technology take over from here?

There’s a reason why real-time communications (RTC) standards like WebRTC are so compelling: they offer the same “in present” confirmation of a person’s identity without the expensive and time-consuming travel element, according to a recent blog post by Chris Kranky (Chris Koehncke), who writes about emerging communications technology. It can also help with the second part of two-factor authentication, a security measure that requires two means of identifying that a person is who he says he is.

“Image a WebRTC video photo taken when you want to authenticate yourself on a Web site,” blogged Kranky. “The WebRTC piece is important, but it’s child’s play. Capture the photo and securely send it back home. The real work is back is in the data center. How to process the image and assign a confidence factor that it is in Chris Kranky despite the dim lighting in some far off hotel room.”

The latter can be accomplished with the multitude of facial verification technologies players like Google and Microsoft are already working on, coupled (perhaps) with geo-tagging to confirm that the person in the photo is where they’re supposed to be.

“Identification, though, is about having a gold master image to start with as a reference,” wrote Kranky. “Here again, WebRTC patrols in. Take a WebRTC shot of your driver’s license or passport and start-up will tell you how valid it is via a simple REST API call. Security is never absolute, it about assigning a confidence factor.”

Kranky suggests that WebRTC-based authentication might be more palatable to consumers than biometrics such as retinal or fingerprint scanning. (We live in a society where many people believe that the government is out to capture and store our biological information for some nefarious plan.) It also might solve the problem of having to remember increasingly (and ludicrously) complex passwords that contain letters and numbers, capital letters, Greek letters, symbols and hieroglyphics.

“In short – the back office computing power is here to enable us to authenticate ourselves to appease the most stringent of legal and financial industry concerns,” wrote Kranky. “All without a need for passwords, hunting on my mobile for some Morse code SMS or trying to remember the name of my first dog. BTW I never had a dog so I always use Fluffy.”

Perhaps coupled with voice authentication, WebRTC has real potential to help us solve one of the most pressing problems of modern life: proving that we are who we say we are.

Edited by Stefania Viscusi

Article comments powered by Disqus

  Subscribe here for RTCW eNews