AI-Powered Continuous Authentication (EP 891)

Hello, friends, Uncle Marv here with another episode of the IT Business Podcast, the show for IT professionals and managed service providers, where we try to help you run your business better, smarter, and faster. We are getting close to the end. Many of you know that we are covering all of the Pitch It contestants for 2025.

We are on the road to Orlando, where three will be selected as stage finalists to try to get their monies and win $70,000 or $30,000 for a set of steak knives. That's not what people want to hear, but we're down to, I believe, the final three. Today, I have with me Dexter Caffey from Smart Eye Technology. 

Dexter, welcome to the show. Thank you, Uncle Marv. Pleasure to be on your show. 

Pleasure to be on your show, definitely. All right. I like to start off with interesting questions, but in this case, I'm going to start off with a question just for me, because I read in your bio that you got your business finance degree from Youngstown State University. 

It caught my attention because that's an Ohio school, and it's not far from where my wife grew up and stuff. I needed to ask the question, did you grow up in Ohio or did you go to Ohio for that degree? That's a great question. I actually grew up in Ohio. 

I was born in Youngstown, Ohio, and majored in finance at Youngstown State University. I was actually their commencement speaker a year ago at Youngstown State University. Yes, I was really honored to be the commencement speaker for the business area there, so really excited about that.

Very nice. Okay. Glad I asked that question. 

Nice little things to know. I'm assuming there are people there that if I were to ask if they knew you, would that still happen today? Absolutely. It's a small town, so if they don't know me, they'll know somebody in my family, that's pretty much for sure. 

All right. Let's shift here to the competition. You guys are involved here. 

You are getting close to the end of your bootcamp, but for people that don't know smart eye technology, you guys are doing biometric-driven cybersecurity. It sounds simple, but when I dug into what you guys are doing, it sounds absolutely complicated. It talks about facial tracking, biometric security, continuous authentication, secure file sharing.

You use facial, iris, fingerprint, and voice biometrics. Sounds like a lot for an MSP. No, it's actually really simple. 

Very simple. I'm glad you asked that question. Again, I'm the founder of smart eye technology. 

What smart eye technology is, very simple, it's AI security. At the end of the day, in order to access a desktop, in order to access certain files or access a particular web-based application, depending on which product you use of ours, your face must be continuously authenticated as you look at that information. If you turn your head and walk away, smart eye technology can no longer continuously authenticate your face, so we block the entire screen. 

Therefore, no hacker can come in remotely and gain access to your data. Okay. Sounds fantastic. 

Sounds like something that I know banks might use because I saw you guys were a part of the, what was it, the Arkansas Banking Association, talking about your product there. Very secure thing, but for MSPs, our end users are not that attentive. So I can see, I'm thinking of my law firms where secretaries, they get up, walk away and stuff. 

I'm assuming that there's a period of time where somebody can look away and then look back, and they'll still be authenticated, or does it just automatically open back up? As soon as that person had walked away from that computer at that law firm and sat down and looked at their screen again, it automatically recognized their face and immediately it pops right back open. The screen pops right back open to that person's face. So we are continuously authenticating that individual. 

And one of the things too, you mentioned in the MSP world, a lot of times, a lot of MSP customers are getting hit with remote desktop attacks. That's what we guard against. So if a remote hacker came in and they wanted to access that bank account, I'll give you a prime example. 

It was a law firm, since you mentioned law firm, there's a law firm that I'm talking to here in Arkansas that recently lost $100,000 because a remote hacker came in remotely, and they gained access to a bank account, a web-based banking platform, and they were able to move money, transfer money outside of that law firm's account into their own account. So that's why all companies, no matter who they are, need to have Smart Eye on their customers' web-based platforms as a Chrome extension. So we have a Chrome extension, very simple.

This Chrome extension works on any Chromium or Edge-based platform, and you decide which website that you want Smart Eye to come on for. So we don't come on for all websites. You have to choose which websites that you want Smart Eye to kick on for to protect those particular websites.

And in addition to that, Uncle Marvin, the thing is, we also have what's called URL-specific, so we don't have to protect the whole website. We can specifically protect a certain URL on that website. So that's how granular we get. 

Okay, so that makes a lot more sense. And since the authentication is in the browser, we're not talking about somebody having to carry around a fob or a key or a card all the time in order to get that access, right? As long as you got a face and a camera, it works. Okay. 

So continuous, multi-factor, biometric, security, screen privacy platform. Now, you talked about websites, but I understand your product also works for secure file sharing. Absolutely. 

We have a secure file sharing. So in other words, sometimes people send secure documents through email, and it's highly confidential information. Well, once that email goes out, anybody can get their access, their hands on that information, and can share it with whoever they want to share it with. 

With Smart Eye, in our file sharing platform, when I send you a file through our platform, your face is the only face that can open up that file. So if I didn't send it to you, or let's say somebody else walked up behind while you had that file open, somebody else walked behind you, say, hey, Uncle Marvin, what are you looking at? It will recognize that face and block the entire document so nobody can see it, but just your face. So that person will have to leave and get out, and then it'll recognize your face again, and that document pops right back open to your face. 

So here's my question. I'm sending a document to somebody. I've probably never seen that person. 

How do I get them to authenticate to Smart Eye before I send that document? They would simply go on the GetSmartEye, actually it's called SmartEyeApp.com slash registration. They would register themselves in and take a picture of themselves, and so they would then have to ask your company to collaborate with you. So it's not just free for everybody to just send you documents or messages. 

So you have to accept that company or deny them. Then you have the ability to collaborate with them once you accept that company, say, yes, you can collaborate with me. If you deny them, let's say it's a hacker, and they say, hey, I want to get in and send Marvin information. 

You say, I don't know who this company is. So you hit deny, they can't send you anything through the platform or chat with you through our platform. Okay. 

Interesting. Now, let me take a step back and kind of do what we should have done in the beginning. What was it that led you to start this? What was the aha moment to start Smart Eye technology? Well, like you mentioned, my background was finance, and I had actually owned my own, what's called commodity futures and options hedging firm that I did for over 20 years in Atlanta when I lived in Atlanta. 

And I did that for over 20 years, handled major enterprise customers who were my customers. And so, but what happened about seven years ago, I was on a trip over to Israel, and I really went to go network with folks from major enterprises from Atlanta. And so when I was on that trip, I was sitting next to a cybersecurity expert as we were in a cybersecurity event that we were at. 

And I noticed when I looked at his laptop screen, I could see his entire screen. And a thought just ran through my mind and said, why should I be able to see any data that's on this guy's screen? It's none of my business. So if a hacker came in remotely, they've got the same access as this guy. 

And I said, that's not right. I said, what if we could create what's called continuous facial recognition to continuously monitor your face every second, knowing that it's only Uncle Marv who's looking at the screen? That's how that whole idea started. Okay. 

Now, from our perspective as an MSP, what are the options for me? Because I, part of me thinks, okay, this is something I would get for my MSP, for my employee, singular. Also, as possibly a reseller opportunity for my customers, what are the options for us? That's a great question. So what we have for MSPs is that we typically priced it very affordable.

So you guys could actually do what you do, but we charge a very low price so that you guys could do whatever you do and deal with your customers in that way. So we're actually integrating into ConnectWise's platform right now and Acronis. So over the next 90 plus days, we'll be on the ConnectWise platform and Acronis. 

So they'll be able to go in and start to select how many licenses you want to buy for each customer and start letting them test it out and things like that as well. So it's a very simple process. So we'll have the Chrome extension over the next 90 days and the desktop. 

We actually have a desktop as well. That'll be out in probably close to early November, the desktop version. Now, is this something we would manage for them or once we give them their licenses, they're on their own? No, you would manage this for them. 

We actually have a control panel that allows you to access all of... Since we're going to be integrating to those platforms, you'll see each one of your customers that you allow to go on the platform that basically that you connect it to the platform and you can go in there and you can actually manage it 100% for the customer. So the customer just uses it, but you push it on the desktops of those customers, whether it's the Chrome extension or the desktop, what's called steady mode desktop application that we have that works on your entire computer. So just like I mentioned about the Chrome extension, if you turned your head away, the Chrome web browser would be blocked. 

But on the desktop, I don't care what you're looking at. You could be looking at Word, you could be looking at your email, it doesn't matter or nothing. And as soon as you walk away from your desktop as a whole, will block your entire desktop because a lot of the biggest problems that people have is this. 

I don't know about you, but I'm sure you probably at nighttime, do you just shut the lid of your computer, your laptop, or do you turn it up completely off? So I have one laptop that I usually just close the lid on. My desktop now, I've got mine set to where it auto locks after five minutes. I'm not sure enough, but... So when you just shut the laptop lid, only thing you've done was just turn off your display.

Your operating system is still live and active. So when a hacker comes in remotely, not on you, of course, but if a hacker came in remotely on the average person, they'll be able to access everything just like you're looking at your desktop right now. It'll be alive and open just like it is right now to them. 

So they go in and do whatever they want to do. Not if I lock the desktop on lid closing, you can... Yeah. If you shut the lid, that operating system is still open and not live and active. 

That's why when you open it back up to turn your... Only thing you did was just turn your display off. Well, I have to log back in when I open mine. Yeah, you'd log back in to just actually... I don't know how you're set up, but most people, when they actually get back in, they have to... And it's still up and running.

Exactly, because it never shut off. That's why your battery goes down lower and lower and lower overnight if you don't have it plugged up, because the operating system is still running and live and active. So even though you turned your display off, your actual operating system is just like you're looking at it right now as we speak. 

So what Smart Eye does is that we block the whole entire operating system. So regardless, if you shut the lid, just shut the lid for the night and a hacker comes in remotely, only thing they're going to see is a big white screen that says, Uncle Marv is away from his computer, so what the heck do you want? Okay. So that answers the question I was going to ask, because we talked about this from a financial perspective, secure files, but any user, we could basically protect an entire organization by doing it for everyone. 

So if somebody walks away from their computer, nobody else can get in. So now here's the question. What if I, as an IT provider, need to do some work on that user's computer, and I need to remotely get to them? What can I do? You'll have the ability to pause their security so you can get inside of it and do your remote work like you normally do. 

So you'll have the ability to pause that security on your end, and that's there. And even if they want to pause it for three minutes or five minutes, and then it'll automatically kick back on and say, Okay, now the time is up. So Smart Eye is running back on that desktop again. 

Now, is there a way to granularly do those permissions? I'm thinking of a larger IT firm that has a help desk and stuff. You may only want a level three tech to be able to do that, but not your level one. Can you do that in terms of permissions? You'll have it inside the control panel, and really whoever has access to that control panel would be able to turn off the security temporarily. 

Because remember, and you as an MSP would really need our desktop, because if a remote hacker came on you, then they've got access to all of your customer's information remotely. So this is why it's important for you to have it running on your system first and foremost, so that any event that somebody did try to come in remotely on you, they wouldn't be able to because the entire operating system will not be shown unless your face is physically sitting in front of your computer. All right. 

So I imagine that this would satisfy a compliance requirement somewhere. Do you have a list that you would tell MSP that, Hey, look, this will check the boxes for these things here? Think about HIPAA. Think about HIPAA. 

When people are using web-based platforms, a lot of times doctors and nurses will walk away from their system real quick to go get some coffee. That information is up, live, and active. SmartOut will block the entire screen, so no human being would be able to see that information, but the registered human beings who actually have access to that system. 

If they were to, let's say they were to go into the system, let's say another nurse comes up behind it. So it'll say, Hey, listen, do you want to change personas? And they would put their information in, then it opens and works for them as well. Oh, perfect. 

I was just going to ask that. Yes. Medical office, because I had a skin center type place where they would just go to whatever computer was closest. 

Very nice. Okay. So we'll know, we'll ask you, do you want to change users? And then they can, and as long as their face is recognized from this information that they put in, like their first name and their email address, then that email address is connected to their biometric authentication. 

So we know it was that, we know it was Marvin who came in because Marvin put that email address and the face matched up with that email address. Very nice. Okay. 

Where do you see this fitting in the overall landscape of cybersecurity? You already talked about remote hackers. You talked about locking out, you know, people that shouldn't be looking at it, especially if you're on a laptop, you know, at an airport or anything like that. But is this something that you see other companies adopting over the long term? Absolutely. 

And we're working with several MSPs right now in some of their customers in the medical space, as well as the airports that we're dealing with as well with them. So it's, you know, MSPs have so many different types of customers. So it really depends on the use case. 

Some, some customers would prefer to have the desktop. Some customers would just prefer to have the Chrome extension because it allows them to just protect those particular web-based applications that they use that are vital, and they don't want anybody else to get access to. So it really depends on what the MSP is, is, is looking to accomplish. 

All right. So this is the part of the show where I try to land this plane gracefully and give you an opportunity to, to practice your pitch. It sounds like you've already said everything that you would put into your pitch, but I'm still going to let you go ahead and do this as if you're getting ready to, you know, pitch to Sean Lardo and the IT Nation folks. 

Give us your pitch to get you on stage in Orlando. One of the, a few months ago, Uncle Marv, I had a, a bank here in Arkansas come up to me and one of the CEOs say, Hey Dexter, you know, we had a big problem in our bank. I said, what? He said, one of our employees went to lunch and when they went to lunch, all of a sudden, a hundred thousand dollars went out of that customer's account. 

And I said, what happened? They said, well, we didn't know. So we, she came back from lunch and we said, “Hey, what the heck happened? And she said, what are you talking about? I didn't do anything. I was out to lunch.

And they said they went back and did a forensic analysis on it. And it showed that a hacker came in remotely and actually moved that money from that particular platform outside of the account. So smart technology guards against those types of threats. 

And so when a, when an MSP is talking to a customer there's a high probability they're going to be attacked remotely because that's one of the fastest and easiest frauds for hackers to do was remote attacks because you've already done everything to get into the system the right way, such as the correct MFA and other things like that. So you did everything that logged in correctly. So the hackers just say, okay, uncle Mark, I'm glad you did everything correctly. 

We'll come in remotely and take over from here. So that's what smart technology guards against. So unless that particular MSP's customers is physically in front of that computer using that computer's camera to monitor that employee's face, no data will be moved. 

All right. There you have it folks. Dexter Caffey, Smart Eye Technology and the links will be in the show notes. 

The website getsmarteye.com is where you want to go and look at all the protections that you can do, blocking your screens, protecting software and especially protecting that money. That's huge, especially for all the employees that do their personal banking at your office to be protected. Now you, you know what I just thought of it, you talked about URL blocking. 

Is there like a list of banks, money sites that are just automatically, you know, categorized in that sense, or do we need to kind of, you know, start from the desktop and work backwards to add in URLs that we want or open up URLs? Yeah, that's an, and the URL protection is really for internal employees. So if an internal employee does, let's say a wire transfers, then when that particular URL is hit, when they go to that wire transfer page, Smart Eye kicks on and they say, okay, in order to access this page, your face must be continuously authenticated. We have to make sure it's you because if a remote hacker comes in, this page is vital. 

Gotcha. All right. That makes sense. 

So personal people, you might be on your own unless you do Smart Eye the right way. All right. Well, Dexter, thank you very much for coming on and sharing your story here and wish you good luck in the pitch competition there. 

You guys are coming, you guys were what, in the last two weeks of bootcamp? Yes. Yes. Well, we just finished our last session. 

So next week we actually go in front of the teams and start doing our, starting our pitches. There you go. Next week. 

Well, glad you got your pitch in this week. Get you a little bit of feedback and good luck. Thank you so much, Uncle Marv. 

All right, folks, that's going to do it. We'll be back with, I believe, just two more of the pitcher contestants for this year. That'll do it for this episode. 

We'll see you soon. Holla.