Mobile biometrics

Mobile Biometrics: The Next Phase of Enterprise Authentication? (Network Computing)

Smartphones and tablets have the potential to become powerful platforms for enterprise authentication. By combining biometric capabilities such as a fingerprint reader or voice recognition software with mobile devices that users carry with them all the time, enterprises may be able to roll out two-factor authentication as part of an identity and access management (IAM) infrastructure.

See also: Mobile Devices and Biometric Modalities

Eye biometrics with a mobile phone camera

Mobile technology is crying out for better user authentication. Fingerprints would seem like a good match, but there’s a hardware chicken-and-egg problem: no fingerprint sensor hardware means no apps and no apps means no manufacturer has decided (long-term) to drive up the cost of their handset to provide a feature few may use.

That means biometric app developers interested in verification using mobile devices have concentrated on modalities that can use the sensors that are already ubiquitous in mobile hardware.

A phone without a microphone isn’t a phone anymore so the developers of voice biometrics are in pretty good shape. And though a camera isn’t a strictly necessary feature on a mobile device, they all seem to have them. That invites facial recognition, and eye-based biometrics developers into the mobile world.

All three (face, eye, voice) face challenges.

Scan Eyes to unlock spartphones (PSFK)
If I’m reading this article correctly, or more accurately making the correct inference from the picture that accompanies it*, EyeVerify seems to be side-stepping the challenges associated with iris biometrics and camera resolution by switching to an analysis of sclera vasculation — the veins on the white part — for mobile verification.

That’s pretty cool.

See also:
Mobile Devices and Biometric Modalities

* According to the EyeVerify site, that was the correct inference.

Is voice the killer app for mobile ID?

The Rise of Voice Biometrics for Mobile Phones (MIT Technology Review) 

Analysis of voice verification technology from a security angleThe question of course is which biometric system to use. Face, fingerpint and iris recognition are all topics of intense research. But the most obvious choice for a mobile phone is surely voice identification. However, this approach has been plagued with problems.

For example, people’s voices can change dramatically when they are ill or in a hurry. What’s more, it’s relatively easy to record somebody’s voice during authentication and use that to break the system. So many groups have steered away from voice biometrics.

That could be set to change.

Mobile devices already contain the hardware required to deliver two biometric modalities: a camera for facial recognition and a microphone for voice. These modalities present challenges not usually associated with fingerprint biometrics — in the case of facial recognition challenges include lighting and the well-publicized photograph hack; for voice, background noise (etc.) can be a problem — but they offer the advantage that the hardware is “free” and never going to be yanked out of mobile devices. That’s quite an advantage, and it points to why face and voice biometrics are the front-runners for handset biometrics.

This post has a longer discussion of mobile ID management and hardware.

Getting Banking Security Right in a Mobile World

Security as a Service (Michael Nuciforo at Finextra)

One of my pet hates with most mobile banking projects is how security is treated as an adjunct rather than a key scope item. Any product or marketing manager worth their salt knows the number one reason consumers don’t adopt mobile banking services is security concerns. The reason security is treated as a ‘black sheep’ is that it isn’t doesn’t deliver tangible customer satisfaction improvements. And even though customers expect it, they don’t often get excited about it. A change in mind-set is required. Security should be treated as a service. If you get it right, and promote it appropriately, it could be the key factor in your bank achieving above normal user adoption.

Good advice to banks follows.

Microsoft Acquires Mobile Hardware Security Firm

Microsoft Boosts Mobile Security with PhoneFactor Acquisition (CMS Wire)

Microsoft will be able to tout these features as built-in or an option once the acquisition and integration is complete. PhoneFactor currently offers services for enterprise, government, banking healthcare and other verticals, while also supporting Citrix, IBM Tivoli and VMWare.

It claims that the PhoneFactor Agent service reduces the risk of compromise and increases security with benefits including; instant fraud alerts, biometric voice authentication and transaction verification, with the advantage of no extra dongles or training needed.

Mobile fingerprint biometrics: Show me the sensor

Meet the Australian biometrics company working with Apple on ID technology (Smart Company Australia)

The head of an Australian biometrics company which scored a key contract with Apple says the future of mobile technology will be closely linked with fingerprint scanning and other ID tech, especially as phones and payment systems become entwined.

See yesterday’s post. Here’s a snippet.

Perhaps the greatest hurdle to mobile biometrics has been a mobile hardware chicken-and-egg problem.

So far, speculation about Apple’s future plans notwithstanding, and the short-lived Motorola Atrix, mobile handset manufacturers haven’t been willing to drive up handset costs by adding biometric sensor hardware to a device when there aren’t any applications that use it. Application developers won’t develop applications that can’t be deployed.

Barring a reversal where handset manufacturers add hardware to the devices, the only way out for biometric application developers is to use hardware that is already standard issue on mobile platforms. Besides using the touch-screen for some sort of behavioral biometric application, that means using the phone’s microphone for voice and camera for face, and now, perhaps, palm-based biometrics.

A lot of very smart people are talking like mobile device + fingerprint + NFC + payments is going to happen. Fingerprint sensors have to start showing up on mobile devices first, though.

Mobile Handset Camera for Palm ID?

KDDI palm authentication app (Ubergizmo)

Well, KDDI might be on to something here with their palm authentication app which runs on smartphones, which is an alternative to facial recognition software and most probably more secure than a fingerprint reader. What makes it even better is this – since it comes with a flash built in, you need not worry about using it in the dark, which is a different case for the face unlock.

Most palm biometrics (for ID management as opposed to forensic applications) use the vascular network of the hand.

This is the first time I’ve seen a palm biometric that uses a photo of a hand as the input.

Though the claims advanced in this very short article aren’t completely coherent (i.e. why can you use the flash for taking a picture of a hand but not a face?), the approach is interesting, especially within the context of mobile ID. Perhaps the greatest hurdle to mobile biometrics has been a mobile hardware chicken-and-egg problem.

So far, speculation about Apple’s future plans notwithstanding, and the short-lived Motorola Atrix, mobile handset manufacturers haven’t been willing to drive up handset costs by adding biometric sensor hardware to a device when there aren’t any applications that use it. Application developers won’t develop applications that can’t be deployed.

Barring a reversal where handset manufacturers add hardware to the devices, the only way out for biometric application developers is to use hardware that is already standard issue on mobile platforms. Besides using the touch-screen for some sort of behavioral biometric application, that means using the phone’s microphone for voice and camera for face, and now, perhaps, palm-based biometrics.

I don’t have an opinion about the viability of palm pattern recognition using cell phone cameras either from the algorithm side or the sensor side, but it is definitely interesting that people are trying to stretch mobile cameras into new applications.

UPDATE:
When I mentioned “using the touch-screen for some sort of behavioral biometric application,” this is what I meant: Your finger swipe could become your password.

To log into the new iPad app she made, computer science student Napa Sae-Bae held her hand open, touched her fingertips to the tablet’s surface, then drew her fingers together until they met in the center. Her app analyzed the way she performed the gesture — the speed of her swipe, the angles between each fingertip — to decide whether to let her in.

UPDATE II: A more detailed article on the palm camera app is out today from phones review, video by engadget.

Seeing the app in action, it’s very impressive.

Making voice biometrics more secure

Carnegie Mellon Voice Verification Technology Prevents Impersonators From Obtaining Voiceprints (India Education Diary)

Computer users have learned to preserve their privacy by safeguarding passwords, but with the rise of voice authentication systems, they also need to protect unique voice characteristics. Researchers at Carnegie Mellon University’s Language Technologies Institute (LTI) say that is possible with a system they developed that converts a user’s voiceprint into something akin to passwords.

The system would enable people to register or check in on a voice authentication system, without their actual voice ever leaving their smartphone. This reduces the risk that a fraudster will obtain the person’s voice biometric data, which could subsequently be used to access bank, health care or other personal accounts.

No biometrics in iPhone 5

Critics take bite out of Apple over missing features (The China Post – Taiwan)

Other widely expected features that were missing included wireless charging and biometric unlocking, which uses facial recognition or fingerprints as found on many phones running the latest version of Google’s Android operating system. Two other popular features included on the latest Android and Windows Phone 8 devices but absent on the iPhone are enhanced widgets and notification tiles that let the user see information such as emails, weather, stock prices, tweets and Facebook updates right on the phone’s home screen.

More biometrics for privacy protection

How to protect your digital life from hackers and viruses (Broadband Genie)
At the end of list of things you should be doing to increase your digital privacy comes this tidbit…

If you want extra security pick up a neat biometric USB stick with fingerprint scanner.

Why locking your mobile device with a fingerprint is a great idea (CSO)

Smartphones and tablets store gigabytes of data. They have banking apps, and apps that access credit card or investment accounts. They connect to email, and social networks. If a mobile device falls into the wrong hands, it’s possible that sensitive information and data could be compromised. That’s why your smartphones and tablets need to be locked down and protected.

One of the rumors floating around about the iPhone 5 is that it might come with fingerprint scanning technology. If it’s true, it would be a game changer for smartphone security.

Biometric technologies can protect individuals against privacy violations.

Biometrics and the future of money

Bulletproof Money Will Be a Thief’s Worst Nightmare—and Help Drive the Mobile Wave (Money Morning)

In the future, you’ll have all sorts of biometric security features that will protect your assets and your identity. All of them can both protect corporate assets and empower the individual.

Finally, these same features could also exist inside your PC or even in different rooms within your home to give you a total security package.

We’re not far from the day when ordinary folks will be able to defeat even the smartest hacker around, just by touching or looking into their phone’s screen.

And it’s all because the world is going mobile.

Surveillance, transparency, accountability & technology

TrapWire: Anonymous gives handy tips on how to avoid surveillance

This video has a heavy dose of dead pan humor, which is actually quite endearing.

As far as biometrics countermeasures go, I, like Anonymous, am still a fan of CV Dazzle because there’s something stylish and fun about what how they go about the challenge of defeating facial recognition.

The infra-red LED trick is really cool, too. Fans of the show White Collar will have seen that hack come into play in last week’s episode. That’s the first place I saw it.

All of this, while fun, socially interesting and even romantic, ignores the fact that the smartphone is the holy grail of surveillance technologies. Someone can wear a mask and a crazy hair do, head cocked 20 degrees to the side under a LED hat all they want. It won’t do any good if internet companies and cell providers (whether knowingly or unwittingly) cough up everything they know about individuals. The other virtue of the mobile computing surveillance model is that it requires no taxes, maintenance, or budget. The watched pay their own freight. That makes this type of surveillance available to individuals and organizations that might not have a lot of money or labor.

The answer isn’t regulating private use of technologies such as cell phones or biometrics. With technology, blanket moratoriums and bans are almost never the answer and even more rarely succeed. It may not be romantic or fashionable but the only answer is transparency and accountability.

Technology is all about people. It always will be.

Background on TrapWire

Recent SEC Filings Reveal More on AuthenTecApple

Apple may put fingerprint scanners in future products (V3.co.uk)

Among the technologies Apple now owns is a type of fingerprint scanner designed for mobile products with Near Field Communication (NFC) built in. AuthenTec’s AES2750 product is a fingerprint scanner that can interact with NFC applications to offer a secure way to log in to various systems.

AuthenTec says the technology can lock and unlock a phone, authorise mobile banking transactions and replace website user names and passwords, all with a fingerprint scan.

SEC filing fans rumors of mobile wallet for iPhone 5 (COMPUTERWORLD)

But how quickly these elements are introduced depends on Apple’s long-range plans for iPhone, and iPad, as well as the maturing of the mobile payments industry infrastructure, a big jump in consumer acceptance and — most of all — trust in the new technology, and how quickly Apple can phase these particular technologies into its supply chain and manufacturing processes.

The fingerprint sensor, many speculate, will be a key part of a full-fledged mobile “digital wallet” using a near-field communication (NFC) radio link to trigger purchases by simply waving the handset over an NFC reader. AuthenTec, an established vendor of a range of smart sensors, identity management (including PC/laptop fingerprint sensors), and embedded security products, announced the deal on July 27. At $365 million, it’s Apple’s biggest buy.

It’s worth pointing out that Josh Franklin at Seeking Alpha predicted the broad outlines of this whole thing a couple of months ago.

NFC + Fingerprint Biometrics = Cha-ching?

Apple wanted AuthenTec’s “new technology” ASAP for future products (Ars Technica)

There’s a hint that, whatever the tech involved, we won’t have long to wait. According to AuthenTec’s account, Apple wanted to hurry the buyout deal due to its own plans. “Representatives of Apple also noted Apple’s desire to proceed quickly due to its product plans and ongoing engineering efforts,” reads the SEC filing. “As a result of its focus on timing, Apple’s representatives also informed the Company that Apple would not participate in an auction process and would rescind its proposal if the board decided to solicit alternative acquisition proposals for the Company.”

Google, Apple, Mobile, Money (& Biometrics)

The article isn’t even mostly about biometrics, but as we readily acknowledge here all the time, biometrics are only ever a means to an end. What the article does provide is a coherent view of where future profits will come from for Apple and Google well supported with charts, graphs and other visual aids, which I love.

The key biometrics bit is here but the rest is very interesting as well.

How Android gets Google to $2000 by 2020 (Marketwatch)

The most exciting thing I see on the horizon isn’t the ad sales that will almost certainly materialize, but the network effects of a billion Android users and the ways Google can leverage that scale. If one billion people are on the same mobile OS and you know where they are precisely and they have a biometric scanner on their phone, do you really need Mastercard and Visa to take their 3% to verify the funds and identity? That’s why Google is working on Google Wallet. If one billion people are constantly sharing their location by virtue of having their phone switched on, could you sell them stuff based on where they are? That’s why Google is working on Google Offers. And if one billion people care more about the device than the network and will pick the service based on who has the cool new Android phone, couldn’t you launch your own data service? That’s Google Fiber.

This also seems to be of a piece with growing recognition among financial types that biometrics are going to have a role in how authentication works and add significant value to the process.

Another Tablet with a Fingerprint Reader

Lenovo confirms full Windows 8 ThinkPad tablet (electronista)

The display is a 1366×768 IPS display, with a front-facing 2MP camera, and a rear-facing 8MP camera. Video output is provided by a micro-HDMI port. Wireless connectivity is provided by integrated 802.11n and optional 3G or 4G. A near-field communication (NFC) radio is installed, with biometric security provided by a fingerprint reader.

I think we’ll be seeing more of this. Password technology is already a bit of a nuisance even when a fully functioning keyboard is attached to the hardware. Tablets don’t have keyboards and the virtual keyboards they use are a big step down from their hardware cousins in terms of usability.

I think manufacturers are coming around to the idea that, for tablets, fingerprint readers are more convenient than passwords. Another fact of the mobile computing device market seems to be that convenience trumps security every time.

Dragon vs. Siri?

Nuance’s Nina Platform Adds Speech Interface to Corporate Mobile Apps (AllThingsD)

AllThingsD got a demo of the [Dragon Naturally Speaking] technology last week. It basically brings together what Nuance does well: Speech recognition, text-to-speech, natural-language understanding and voice-ID biometric technology. It has rolled all of these into a hosted, cloud-based service that can be used by banks, insurance companies and other business who make customer service and account-access applications, which can now add all these features into their applications.

Voice Recognition is a behavioral biometric modality that is used to distinguish among individuals for identity management purposes.

Speech Recognition is a software set designed to allow users to interact with IT hardware and systems by speaking.

An app that can do both well at a reasonable price should do quite well in the market. USAA is an early adopter