Amazon’s cloud computing subsidiary AWS (Amazon Web Services) has lift the lid to a new palm-scan ID service that allows companies to verify people’s identity when they enter physical spaces.
The announcement comes as part of AWS’s annual re:Invent conference, which is being held in Las Vegas this week.
Amazon One Enterprise, as the new service is called, builds on the company’s existing Amazon One offering, which debuted in 2020 to enable biometric payments at Amazon’s cashier-operated, monitored stores. Visitors to Amazon Go stores can associate their payment card with their palm print, allowing them to enter the store and complete their transaction by placing their hand over a scanner.
While the technology has raised concerns about how Amazon manages and processes biometric data, in the intervening years the company has doubled down on the technology, offering cash incentives to entice customers to enroll their palm prints, expanding the service in all of its Whole Foods stores in the US and establishing partnerships with third-party retailers.
Amazon One Enterprise seems a natural extension for this technology given Amazon’s role in the enterprise software stack and cloud infrastructure market dominance. Despite the remote work revolution, companies they still want their workers in the office, at least some of the time. And with Amazon One Enterprise, they can deploy contactless authentication devices wherever people flow, whether it’s office lobbies, universities or airports—and everywhere in between.
In addition, Amazon says the technology can also be used to control access to certain restricted software, perhaps where financial or HR data resides. This essentially positions Amazon One Enterprise as a potential replacement for multiple forms of identification, such as badges and fobs commonly used to access buildings and passwords and PINs used to access software.
Companies looking to install Amazon One Enterprise have a choice of two scanning devices—a stand-alone device they can embed where they need it, such as a door or barrier, and one that sits on a pedestal that can be placed anywhere. From there, employees will need to sign in to Amazon One Enterprise using their physical badge before associating their palm print with their profile. Or, if the normal authentication method is a password or PIN, as is more likely the case with software, they can also associate their palm print with such credentials during the registration phase.
Discreet
While Amazon’s new enterprise palm-scanning service is clearly based on the same technology and infrastructure as its consumer offering, the company is keen to emphasize that it differs from the system people use to authenticate themselves in retail stores. Enterprise-grade data privacy and all that.
“You won’t be able to use your palm to pay at a Whole Foods Market or other Amazon One-enabled locations, even if you sign up for a business,” the company notes in a FAQ. “That’s because, with Amazon One Enterprise, we offer a private collection of palm signatures for each enterprise resulting in strong data isolation and security.”
The company says it stores users’ palmprint and badge ID in the AWS Cloud, though they can delete their biometric data through an Amazon One enrollment device similar to the one they originally used to sign up. Amazon also says it will automatically delete users’ data if they don’t interact with an Amazon One Enterprise device for two years.
Amazon One Enterprise is now available in preview for US customers.