AWS is making its palm-scanning technology available to enterprise users as part of a new package that will allow businesses to use the biometric system to control access to offices and factories. Amazon One Enterprise can also be used as an authentication system for accessing restricted digital assets such as financial or HR data, the company said.
The technology is already in use in the US, where customers at grocery stores can use it to make payments. Now AWS, Amazon’s cloud platform, wants to roll it out across other verticals and is pitching the system as a way for businesses to cut costs and offer increased security levels. Amazon One Enterprise was unveiled at the company’s AWS re:Invent 2023 conference in Las Vegas.
Biometric data is increasingly being used across both the private and public sectors for identity detection and management. Critics say the technology underpinning such systems needs strict guidelines in order to protect privacy.
Amazon One Enterprise brings biometrics to the office
The Amazon One Enterprise scanning technology combines palm and vein imagery for biometric matching. The company says it has an accuracy rate of 99.9999%, the highest on the market. It “uses advanced artificial intelligence and machine learning to create a palm signature that is associated with identification credentials like a badge, employee ID, or PIN”, an AWS statement explained. “The palm signature is a unique numerical vector created from the user’s palm image that cannot be replicated or used for impersonation.”
To use the system, tech teams must install Amazon One devices on-site and activate them in the AWS Management Console. Administrators can “also manage all aspects of user authentications in the console, including monitoring the status of installed devices, managing software updates, and getting analytics on user enrolment and usage, while reducing the amount of time and overhead involved in the manual verification of credentials,” AWS said.
Dilip Kumar, vice-president of AWS Applications, said: “Amazon One Enterprise’s palm recognition technology is designed to deliver a highly accurate identification service that increases an organization’s overall security while offering seamless authentication management with lower operational overhead.”
He added that the system gives security administrators “a centralised view of all user authentications across the organization, taking the stress out of managing multiple access control solutions.”
Kumar said: “Businesses appreciate the privacy and convenience for their users, who can access physical locations and software assets with just a hover of their palm.”
Businesses using the system already include the manufacturer Boom Edam and the IHG Hotel chain. It is now available in preview in the US, but AWS has not disclosed if or when it will be rolled out to other regions. Tech Monitor has contacted the company for more information.
Is using biometric data a privacy risk?
AWS says the system will make life easier for employees, too, by eliminating the need for multiple identification methods such as keyfobs, access cards and passwords. It says data registered in Amazon One Enterprise, such as palm images, user credentials, and other metadata is “immediately encrypted, using industry-leading encryption technology” before being sent to a dedicated server in the cloud. Each user’s palm data is encrypted using a unique key, and AWS claims it can be easily deleted when a staff member leaves their job.
However, privacy campaigners argue that storing and using such information is a security risk, and could be targeted by hackers. An independent review of the biometric data landscape in the UK, carried out last year by the Ada Lovelace AI research institute, found there was a need for comprehensive new laws and an enforcement body to protect the public against the misuse of biometrics
The report’s author, Matthew Ryder KC, said at the time that “the current legal regime is fragmented, confused and failing to keep pace with technological advances.”
He added: “We urgently need an ambitious new legislative framework specific to biometrics. We must not allow the use of biometric data to proliferate under inadequate laws and insufficient regulation.”