Back in mid-March, Joe Belfiore (VP of the OS Group at MS) posted about a new biometric authentication technology to Blogging Windows. It’s called “Windows Hello” and although it has yet to make its debut in a Technical Preview build, it’s promised for inclusion in Windows 10 at some point in the as-yet indistinct future. You can read his description of this technology in the 3/17/15 post entitled “Making Windows 10 More Personal and More Secure with Windows Hello,” which also includes this intriguing screencap that apparently reports a successful “hello” experience.
When Hello works in Windows 10, you see the greeting message complete with smileyface on the splash screen.
When Windows 8 came along, part of its new feature set included built-in support for fingerprint readers. And indeed, on most of the laptops and tablets I tried that included fingerprint readers (most were of the AuthenTec variety), fingerprint support (enrollment and subsequent recognition or rejection) worked immediately following installation, and integrated with Windows login so that I could scan a fingerprint instead of typing in a password. As I understand what Windows Hello will do in Windows 10 is to add support for the Intel RealSense 3D camera, and also incorporate facial and iris recognition into its bag of biometric identification/authentication tricks. Thus, in much the same way that it will continue support for fingerprint readers, it will also add enrollment and recognition/rejection features for the aforementioned camera into its built-in capabilities, and integrate them into the Windows 10 login process as well. In addition, MS will also integrate with the Microsoft Passport environment, so that successful Hello recognition will also tie users into any of the various remote sites and/or services that currently require a Microsoft Account login today.
In fact, Microsoft Passport depends on asymmetric key cryptography for authentication. Also known as public key encryption, it endows uses with a private secret key and a related public key as a split form of authentication and proof of identity. Messages encrypted with the public key can only be decrypted using the private key, so successful decryption of a message or inquiry so encrypted constitutes a powerful proof of identity and can even be considered a form of “self-authenticating data” in that the ability to decrypt proves that the recipient possessed the key necessary to access message contents. This means that Passport bypasses any need to store secret keys or passwords online for authentication, and can use your public key to obtain necessary proofs of identity (one simple mechanism might encrypt a randomly-generated URL, for example, that a user would then click to continue a secured interaction with a system or service). The private key is tied to the system where biometric recognition occurs, and can be related to or based around unique markers association with such recognition.
For a different and more detailed take on Microsoft Hello, check out Greg Shultz’s take on that technology at TechRepublic, in his 4/10/2015 story entitled “Windows Hello brings biometric security to Windows 10” or Mark Hachman’s “Microsoft’s Windows Hello will let you log into Windows 10 with your face, finger, or eye.” I’ll be curious to see how it plays out following a public release, and how much incremental cost the Intel RealSense 3D camera is likely to add to a typical tablet or notebook PC.