Updated on: August 12, 2024
In a world where cyber threats are evolving at breakneck speed, securing our personal and sensitive data has never been more urgent. Traditional methods like usernames and passwords are becoming relics of the past, leaving our digital lives increasingly vulnerable. Enter Dr. Jose Bolanos—a physician with a passion for technology and a mission to transform the way we protect our identities online.
Dr. Bolanos’ journey is anything but ordinary. From his roots in biomedical engineering to pioneering electronic medical record systems, he’s seen firsthand the challenges of safeguarding sensitive information in healthcare. It was these very challenges that drove him to switch gears and dive into the world of cybersecurity, founding Nimbus-T Global.
At the heart of Nimbus-T is Nimbus-Key ID, a groundbreaking solution designed to eliminate the need for passwords altogether. Instead, Nimbus-Key ID uses a powerful combination of dynamically encrypted multi-factor authentication (DE-MFA) through QR codes and PINs, setting a new standard in digital security.
In his SafetyDetectives interview, Dr. Bolanos shares the story behind Nimbus-Key ID, discusses the pressing issues in today’s cybersecurity landscape, and reveals his vision for a passwordless future. His insights offer a rare glimpse into the technologies reshaping enterprise login security and point towards a future where digital identities are more secure than ever before.
Can you tell us about your background and what led you to establish Nimbus-T Global?
Hello! I’m Dr. Jose Bolanos, a Stanford-trained OBGYN with a background in biomedical engineering from USC, UC Irvine, UC Davis, and Stanford. My journey into tech began in private practice when I faced the inefficiencies of paper-based medical records. To improve patient care, I developed an electronic medical record (EMR) system that centralized medical histories, billing, and lab information.
Recognizing the ongoing issue of fragmented medical data, I focused on identity verification to prevent errors like mixing up patient records with common names. This led me to work with LifeMed ID on smart card verification, but the limitations of multiple cards across clinics drove me to seek a better solution.
In 2018, I patented the Nimbus-Key ID System, which encrypts ID numbers within a QR code, providing a more secure and tamper-proof method of identity verification. Our system offers next-generation security, moving beyond vulnerable usernames and passwords to a dynamic, encrypted approach. You can learn more at www.nimbus-t.com.
How does Nimbus-Key ID stand out from traditional password-based authentication systems?
The biggest issue with today’s security is the reliance on usernames and passwords, which are alarmingly vulnerable. With 24 billion passwords floating around on the dark web, the threat is real. Traditional systems, even those using static keys, are no match for the rapidly evolving AI tools used by cybercriminals. These outdated methods don’t offer true user verification—a criminal can easily create an account in your name, link it to their mobile phone, and pass off a facial scan as yours.
Nimbus-Key ID takes a bold step away from these insecure practices. We’ve eliminated the need for static keys like passwords entirely. Instead, our system uses dynamically encrypted identities embedded in QR codes, coupled with a robust mobile app for true user verification.
Here’s how it works: When you log in, our app doesn’t just rely on a single image. It uses facial recognition to compare your face with multiple images—your profile picture, a smiling picture, and the photo on your driver’s license. This multi-layered approach ensures that the person logging in is really you, not someone else using your credentials.
Once verified, our system connects to your employer’s enterprise systems, issuing dynamically encrypted IDs in a QR code and PIN. These keys refresh every five minutes, making any criminal attempts immediately invalid. With Nimbus-Key ID, there are no passwords to steal, no phishing to worry about—just true, advanced security designed to keep you safe.
What role do AI and biometric verification play in your KYC process, and why are they critical for security?
In the Nimbus-Key ID system, AI and biometric verification are at the core of our True User Verification process, enhancing security from the moment of registration to future logins. When a user registers on our mobile app, they upload a profile picture, a smiling and non-smiling picture, and images of both sides of their driver’s license, along with a master PIN. Our AI then compares these images to confirm they all belong to the same person. Additionally, it verifies the phone’s UUID and ensures the name on the driver’s license matches the one provided during registration.
This multi-layered verification is crucial because it guarantees that the person registering is genuinely who they claim to be. Unlike traditional systems that depend on easily compromised static information like passwords or security questions, Nimbus-Key ID leverages KYC (Know Your Customer) principles, biometric data, and AI to verify the actual user—not just a face or fingerprint.
Once the account is activated, each login involves re-checking all the previously verified details, ensuring that only the legitimate user can access their account. This approach makes it extremely difficult for criminals to impersonate the real person, providing a more secure and reliable method of identity verification.
What measures are in place to protect user data and ensure privacy with Nimbus-Key ID?
At Nimbus-Key ID, protecting user data and ensuring privacy are fundamental to our system’s design. We adhere to GDPR and other international data protection standards, ensuring that users have full ownership of their accounts, including the ability to delete their information whenever they choose. Our system employs AES-256 encryption, and we are actively preparing to integrate quantum encryption as the technology advances.
A standout feature of Nimbus-Key ID is our dynamic encryption of QR codes and PINs, which refresh every five minutes. This means that even if a key is intercepted, it becomes useless within a short time frame, providing an extra layer of security during enterprise system logins.
We hold a 2018 patent for our method of encrypting data into a QR code, and we have registered trademarks for Nimbus-Key, Nimbus-T, and DE-MFA (Dynamically Encrypted Multi-Factor Authentication). Our unwavering commitment to privacy and security is embedded in every aspect of our system, ensuring that user data is protected at all times.
Could you explain the concept of Dynamic Encrypted Multi-Factor Authentication (DE-MFA) and how it enhances security?
Dynamic Encrypted Multi-Factor Authentication (DE-MFA) is a groundbreaking advancement in authentication technology. Unlike traditional two-factor (2FA) or multi-factor authentication (MFA) methods, which often rely on static processes that can be compromised, DE-MFA uses dynamic encryption to create an ever-changing authentication process. This approach significantly reduces the risk of login interception.
What sets DE-MFA apart is its ability to provide true user verification. It connects the real individual to their digital identity, rather than just verifying a device or password. This dynamic, constantly evolving process offers a level of security that static authentication methods simply cannot achieve, making it a substantial leap forward in protecting digital identities.
What are your thoughts on the future of passwordless authentication and its adoption across different industries?
The future of passwordless authentication is incredibly bright, and I believe we’re on the cusp of widespread adoption across various industries. Passwords have long been a weak point in security, and as cyber threats continue to advance, the demand for more secure, user-friendly authentication methods will only intensify.
Our Nimbus-Key ID system is leading this evolution, offering a solution that not only eliminates the need for passwords but also ensures true user verification through dynamic, encrypted authentication. It’s designed to be both highly secure and easy to use, making it an ideal choice for sectors ranging from healthcare to finance to government.
As organizations become more aware of the vulnerabilities inherent in traditional authentication methods, they will increasingly adopt passwordless solutions like ours. These systems provide a more secure, efficient, and user-friendly way to protect sensitive data and maintain trust in digital interactions. The shift to passwordless authentication isn’t just a trend—it’s an essential step forward in the fight against cybercrime.
You can find Dr. Bolanos on LinkedIn or reach out to him via email for more information about his important work