Amazon One Enterprise palm-based identity service improves security of physical spaces, digital assets
AWS announced Amazon One Enterprise, a palm-based identity service for comprehensive and easy-to-use authentication that improves organizational security and helps prevent costly security breaches.
The new service enables organizations to provide a fast, convenient, and contactless experience for employees and other authorized users to gain access to physical locations (e.g., data centers, office and residential buildings, airports, hotels and resorts, and educational institutions), as well as digital assets such as restricted software resources (e.g., financial data and HR records).
Amazon One Enterprise eliminates the operational overhead associated with managing traditional enterprise authentication methods, like badges and PINs. IT and security administrators can easily install Amazon One devices and manage users, devices, and software updates in the AWS Management Console.
Issues with traditional authentication methods
Today, organizations authenticate employees and other authorized individuals to access buildings and software resources through physical means like badges and fobs, or digital methods like PINs and passwords. However, these traditional methods share common security vulnerabilities. Badges and fobs can be lost, shared, cloned, or stolen, while PINs and passwords are easily forgotten, guessable, or shared.
Many traditional forms of authentication also require manual verification and time-intensive credential management, along with the cost of producing physical IDs. For employees, forgetting or replacing badges, PINs, and passwords can lead to frustration, wasted time, and lower productivity.
Organizations have tried to solve these challenges through biometric-based solutions like iris scanning and fingerprint recognition, but these solutions are not always accurate. Customers also want solutions that help break silos in the implementation and management of user authentication.
For example, an organization might use badges to access buildings, but passwords to access software resources and digital assets. This requires administrators to manage multiple authentication methods without full visibility into all authorized access across the organization. IT and security administrators want an easy and centralized view of authentications (e.g., who accesses a location or software resource at what time), and to easily monitor device usage and manage software updates.
Amazon One Enterprise: Secure enterprise access control
Amazon One Enterprise is a new, fully managed service that provides highly accurate and secure enterprise access control through an easy-to-use biometric identification device. Security is built into every stage of the service, from multi-layered security controls in the Amazon One device to protection of data in transit and in the cloud.
Amazon One Enterprise combines palm and vein imagery for biometric matching and delivers an accuracy rate of 99.9999%, which exceeds the accuracy of other biometric alternatives—even more accurate than scanning two irises. The new service’s palm-recognition technology uses advanced artificial intelligence and machine learning to create a palm signature that is associated with identification credentials like a badge, employee ID, or PIN.
The palm signature is a unique numerical vector created from the user’s palm image that cannot be replicated or used for impersonation. To implement Amazon One Enterprise, IT and security administrators can easily install Amazon One devices on-site and activate them in the AWS Management Console.
Administrators can also manage all aspects of user authentications in the console, including monitoring the status of installed devices, managing software updates, and getting analytics on user enrollment and usage, while reducing the amount of time and overhead involved in the manual verification of credentials.
Additionally, with employees using their palms for authentication, customers eliminate much of the cost associated with buying fobs, and printing, issuing, and managing badges and other IDs. Amazon One Enterprise supports industry standard access-control protocols such as Open Supervised Device Protocol (OSDP) and Wiegand.
“Amazon One Enterprise’s palm recognition technology is designed to deliver a highly accurate identification service that increases an organization’s overall security, while offering seamless authentication management with lower operational overhead,” said Dilip Kumar, vice president of AWS Applications. “With Amazon One Enterprise, security administrators also have a centralized view of all user authentications across the organization, taking the stress out of managing multiple access control solutions. Businesses appreciate the privacy and convenience for their users, who can access physical locations and software assets with just a hover of their palm.”
New levels of convenience for employees
Amazon One Enterprise delivers new levels of convenience for employees. It replaces the need for multiple authentication methods, and employees can use their palm to access physical spaces and digital assets.
To begin, a user can enroll by hovering their palm over an Amazon One enrollment device and associating their palm with their organization’s preferred ID—such as badges, PINs, and passwords—and this can be done in less than a minute. After enrollment, users access physical locations simply by hovering their palm over an Amazon One device attached to common physical access control systems for uses such as unlocking doors, entry gates, and other barriers. When connected to computers or other enterprise systems, Amazon One Enterprise authenticates users for access to web applications and software.
Protecting the privacy of these users is one of the foundational elements of Amazon One Enterprise. The new service is designed to ensure palm images, user credentials, and other metadata are immediately encrypted, using industry leading encryption technology, and sent to a dedicated Amazon One Enterprise service account in the AWS Cloud, with all of the security and isolation features of AWS.
To further enhance privacy, each user’s palm data is encrypted using a unique key. When employees leave the organization or decide to unenroll, they can conveniently delete their palm data by choosing the Unenroll option on the Amazon One device, or an IT administrator can unenroll them through the AWS Management Console.