Amazon files mobile face recognition patent for payments

Amazon will soon accept mobile payments using selfies instead of passwords (Silicon Republic)

Amazon has filed a patent application for technology that will allow users to authenticate a payment using a photo or video in a seamless way that doesn’t necessarily require passwords.

“The user is identified using image information which is processed utilising facial recognition. The device verifies that the image information corresponds to a living human using one or more human-verification processes,” the patent reads.

Iris mobile NFC barcode ATM app

Citi tests ATMs that replace plastic cards with mobile phones, QR codes, NFC and iris scans (NFC World)

Customers using one of the new Irving ATMs download a mobile app and set up the transactions they wish to make when they reach the ATM on their mobile phone. They can then chose to have a QR code scanned by the ATM, tap their NFC phone against the ATM or have their iris scanned to authenticate themselves in order to complete the transaction they previously logged inside the mobile app.

This “grab bag” ID regime is interesting. Throw in Bluetooth, fingerprints, RFID and chip-on-card technology and the number of permutations of possible ID deployments goes up even higher. This is good news both for consumers and for business with ID management challenges.

Payment biometrics growing rapidly

Biometrics to Secure over $5.6 Trillion of Payments by 2020 (Investorideas)

“Biometric vendors are experiencing tremendous growth on the back of the escalation of consumer-led adoption of biometric security. The adoption for payment purposes is a major contributor to this growth and Goode Intelligence forecasts that by 2020 it will contribute US$5.6 billion in revenue from $5.6 trillion worth of payments for companies involved in delivering biometric systems to the payments industry.”

The full report from Goode Intelligence is available here.

Fujitsu: Iris biometrics for mobile devices

Iris Scanner Unlocks Smartphones Using Infrared LEDs (Electronic Design)

The growing number of smartphone thefts, both in the United States and abroad, has prompted manufacturers to incorporate more resilient security methods into their designs. Fujitsu Ltd., for instance, recently unveiled the Arrows NX F-04G smartphone, which uses infrared light-emitting diodes (IREDs) to support iris scanning authentication.

A suitable illumination source had been a major hurdle for iris biometrics on mobile devices. Fujitsu demonstrated a prototype mobile device using iris technology in March, 2015.

A Millennial’s vision for biometric banking

A Millennial’s Mindset: Money and Biometrics (Finextra)

The best thing for me would be a fast, easy and secure process, designed around me. Why can’t I use my biometric data to have a joined up experience? Without removing body parts, it is hard to steal from you. Biometrics would enable me to identify myself immediately.

We agree; and we’re working on it.

If it seems like things are moving slowly, it’s only because there’s a lot that had to be done on the infrastructure side first. A whole lot.

Younger consumers lead biometrics demand

How mobile identity can unlock the DNA of trust for the financial sector (Information Age)

More than two-thirds of UK consumers think that using biometrics – such as voice, fingerprint, iris and facial recognition – would be more secure and help reduce the risks of fraud. These findings were consistent with consumers across Australia, Singapore, Indonesia, Malaysia, the United Kingdom and United States.

UC Davis develops mobile ultrasound fingerprint reader

Ultrasonic fingerprint sensor may take smartphone security to new level (Science Daily)

The basic concepts behind the researchers’ technology are akin to those of medical ultrasound imaging. They created a tiny ultrasound imager, designed to observe only a shallow layer of tissue near the finger’s surface. “Ultrasound images are collected in the same way that medical ultrasound is conducted,” said Horsley. “Transducers on the chip’s surface emit a pulse of ultrasound, and these same transducers receive echoes returning from the ridges and valleys of your fingerprint’s surface.”

Amazon envisions another way to unlock a phone: Ear photos

Forget Fingerprint Scanners, Amazon is Interested in Using Your Ears to Unlock the Phone — Here’s Why it’s Better (Technology Personalized)

The world’s largest e-commerce company was granted a patent last week that reveals company’s intention to ease up the unlocking mechanism in a phone when a user receives a call without any security tradeoff.

No need to forget fingerprint scanners just yet, though.

Peru: Prepaid mobile sales will require fingerprint verification against national ID database

…with an assist from Microsoft Translator

From now prepaid mobile lines will be sold with fingerprint identification of users (Osiptel)

The operators will be required to verify the identity of users wishing to hire mobile public services in their offices, in the form of prepaid. This identification will be held from today through biometric fingerprint verification systems, which will be connected with the RENIEC database.

Full implementation is to be accomplished by January 1, 2017.

USAA mobile biometric authentication opt-in data

Biometrics Find Support from an Unlikely Demographic: Seniors (American Banker)

More than 400,000 USAA customers, five of whom are over 90 years old, have opted in to use biometrics (face, voice or touch) to authenticate themselves to the company’s mobile banking application.

The median age for customers opting for biometrics is 3.5

About 7.5% are over the age of 65.

Four are in their nineties.

Fujitsu and NTT DoCoMo team up for mobile iris biometrics

NTT DoCoMo launches smartphone with iris unlock feature (PC World)

The Fujitsu prototype incorporated a high-speed, high-accuracy iris recognition algorithm developed by California-based Delta ID. Fujitsu said the error rate for the prototype is about one in 100,000.

Available in green, black and white, the Arrows NX F-04G is slated to be released at the end of this month in Japan for around ¥55,000 (US$460). There are no plans to sell it outside Japan.

I somehow missed the first mention of this collaboration in early March.

Older Andriod versions had more vulnerabilities

Is Samsung’s Galaxy S5 ‘leaking’ YOUR fingerprints? Flaw means hackers can intercept and steal biometric data (Daily Mail); Forbes piece, here.

The pair told Thomas Fox-Brewster from Forbes that the flaw lies in older versions of the Android operating system, up to and including Android 4.4.

Subsequently, anyone running Android 5.0 or above are not at risk and the security experts are advising people on older models to update as soon as possible.

The semi-technical press seizes upon biometrics as a proxy for personal data. This is old news, but here’s a great example.

A close reading of the article reveals that earlier releases of Google’s version of the Android mobile OS weren’t as secure as they are now. This will come as news to few. The article points out that, “Once inside they can monitor all data sent to and from the phone, as well as data recorded by the handset’s built-in sensors, including the fingerprint scanner.”

Get it? Exploiting the security flaw means that the whole device is compromised: Email apps, microphone, location information, and possibly even the contents of phone calls themselves, but according to the author and editor(s), the news value is in the possibility of capturing a fingerprint image. Of course, it’s their outfit; it’s their call.

For readers here, instead of “OMG fingerprinst[!],” I’d emphasize that:

Not all mobile operating systems are created equal.
Different mobile applications offer a different mix of privacy costs and benefits.
Installing OS updates and patches is very important.
If the OS is compromised, the applications it runs are vulnerable.

Left out of the information readily available online about this hack is how the people at FireEye got their malware onto the hardware in the first place. Past “hacks” of biometric systems have been executed on a playing field that is far more favorable than the real world to the the hackers, where all the other layers of the security regime are stripped away from the one security link they want to test. Here’s a particularly striking example. If FireEye rooted the phone, side-loaded their malware onto the device, and went from there, this isn’t a hack in any real sense — it’s a malware test.

That hypothetical scenario would mimic a real world example where a user lost their phone and bad guys got it, loaded software on it and then returned the mobile device to the user who continued as if nothing had happened. In the security world, if you lose control of the hardware, all bets are off for anything that isn’t encrypted (with a strong key).

So, without more information, it’s hard to say how big a deal this is, or in many (most?) cases, was. In the bigger picture, this is a Google Android OS story. The subtext is that users who care about mobile device security should be thoughtful about what device/OS/app combinations they adopt, keep their device’s software up to date, and be careful about malware.

As automated and convenient security including biometrics becomes better and more common, the highway robbers of the 21st Century are increasingly forced to turn to social engineering techniques rather than frontal assaults on security technology.

See: The Con is Mightier than the Hack

USAA and customers both embrace biometrics

Biometric Innovation Boosts USAA Fiscal Results, Customer Satisfaction (Mobile ID World)

In a synopsis, the company credited its strong performance – which saw its net worth increasing by ten percent, reaching $27 billion – at least in part to “innovations such as secure facial and voice recognition on mobile devices”.

Tying in to the post below, the article mentions that the USAA customers who use it really love Apple Pay.

Apple granted patent for mobile device face unlock

Apple wants you to be able to unlock your iPhone with a selfie (Business Insider)

There’s no guarantee Apple will implement the technology – the Cupertino company obtains numerous patents that it never uses. These can be precautionary, or intended to trip up or block competitors. But as the industry increasingly looks to kill traditional passwords, selfie-secured iPhones sounds surprisingly plausible.

Mobiles as access control tokens

Mobile Access Control: Exploiting the BYOD Trend (IFSEC Global)

With today’s mobile access technologies, smart devices can be used as universal credentials for accessing multiple buildings, IT systems and other applications using NFC and bluetooth. These devices provide users with extremely convenient vehicles for opening doors and performing other tasks that require the presentation of a secure credential.

There’s a lot of good information in the linked article and it’s written by the director of Strategic Business Development and Innovation at HID, and you’d expect that they’ve been putting a lot of thought toward what access control is going to look like after prox cards.