Amazon’s cloud computing arm, AWS (Amazon Web Services), has unveiled a novel palm-scanning identity verification service designed for companies to authenticate individuals accessing physical premises. The introduction was made during AWS’s annual re:Invent conference held in Las Vegas this week.
Amazon One Enterprise, this new service builds upon the existing Amazon One, initially introduced in 2020 to facilitate biometric payments in Amazon’s cashierless stores. At Amazon Go outlets, customers could link their payment card to their palm print, granting access and enabling transactions by hovering their hand over a scanner.
While the technology has sparked concerns about Amazon’s handling and processing of biometric data, the company has strengthened its focus on this technology over the years. This effort includes offering incentives for customers to register their palm prints, extending the service to all Whole Foods stores in the U.S., and establishing partnerships with external retailers.
Amazon One Enterprise appears to be a natural expansion of this technology, leveraging Amazon’s position in enterprise software and dominance in cloud infrastructure. Despite the rise of remote work, companies still seek to have their employees present in physical offices occasionally. With Amazon One Enterprise, businesses can implement contactless authentication devices in various locations, such as office entrances, educational institutions, and airports.
Additionally, Amazon claims that the technology could manage access to restricted software, potentially replacing various identification methods like badges, fobs for building entry, and passwords or PINs for software access.
For organizations opting for Amazon One Enterprise, two scanning device options are available: a standalone unit that can be integrated into doorways or barriers, and a pedestal-mounted device suitable for flexible placement. To enroll in Amazon One Enterprise, employees need to use their physical badge for authentication and associate their palm print with their profile. Alternatively, if passwords or PINs are the standard authentication method for software access, individuals can link their palm print with these credentials during enrollment.
While Amazon’s new enterprise palm-scanning service is clearly based on the same technology and infrastructure as its consumer offering, the company is keen to stress that it’s distinct from the system that people use to authenticate themselves at retail stores. Enterprise-grade data privacy, and all that.
“You will not be able to use your palm to pay at a Whole Foods Market or other Amazon One-enabled locations even if you enroll at an enterprise,” the company notes in a FAQ. “This is because, with Amazon One Enterprise, we offer a private collection of palm signatures for each enterprise resulting in strong data isolation and security.”
The company says that it stores users’ palm-print and badge ID on AWS Cloud, though they can delete their biometric data through an Amazon One enrollment device similar to the one they originally used to sign up. Amazon also says that it will automatically delete users’ data if they don’t interact with an Amazon One Enterprise device for two years.
Amazon One Enterprise is available in preview for U.S. customers now.