Biometric sensors: The future of security in NFC enabled Smart Phones?Feature Rumor
Posted by Seth PlanckMay 24th, 2011 at 2:44 PM Filed Under Featured, Rumor, Videos
Biometric sensors could be the answer to securing our NFC enabled smartphones.
We will get to biometric sensors in a bit, but first some background. The NFC mobile wallet is gaining traction. Everyday another large financial institution announces its plans and systems to allow us to pay with a wave of our phones. Google is putting the full mobile wallet suite of applications together while Amazon and PayPal are said to have things in the works. Apple has applied for patents to dominate our travel plans utilizing NFC tech with its [Codename] iTravel app, and retailers are signing up in scores to be part of this digital payment revolution. So far, here in the U.S., we have the Nexus S which thus far is the only smart phone to support NFC, but scores of others are rumored to be released this year. The U.K. has the aging Samsung Tocco which has been decked out with NFC and is being supported for payments by Visa through BarclayCard with Lloyds TSB hot on its heels supporting the 2012 Olympics with help from Visa and Samsung.
NXP, who is currently the main manufacturer of NFC chips, is expecting to ship 100 Million units within the next year alone. So yes, this is a massive shift and is set to be as pervasive as smart phones, and eventually as ubiquitous as plastic bank and credit cards. NFC is big business and companies are investing billions into its infrastructure & marketing to ensure we use it.
The business world is all aflutter about NFC technology but consumers may need a little more persuasion to dump the physical wallet, biometric security could help.
This last week, MasterCard released a study that revealed that younger consumers would give up the wallet for the opportunity to use mobile payment solutions with people over 34 years old showing more skepticism. The study went on further to show that in fact 75% of all those surveyed stated that they would need systems and reassure that their personal data was safe before using any contactless mobile wallet solutions. This is with good reason because NFC basically broadcasts a small radio frequency that, when met with the appropriate response, hands over your banking details and as your phone is a web connected mini-computer, it is at risk from unauthorized access especially when standing in line at a store when your phone is out ready to make a purchase.
What is being done to secure your data? Google’s Nexus S doesn’t have biometric security!
Nick Pelly & Jeff Hamilton of Google, at the annual IO conference for developers conveyed that NFC capabilities remain dormant when the screen was powered down, which they concluded would avoid “butt sniffing”, the process also known as skimming, where a thief may stand behind you with a receiver to collect your data while your phone is in your back pocket. The industry group, NFC Forum, has also standardized the frequency to meet the needs of a short range communications protocol. This effectively means at 13.56 MHz your signal should only travel about 4cm to theoretical 8cm from your device requiring a very close proximity to any receiver, and if you are like the rest of us and like a little personal space this should be enough. Financial institutions are also recognizing a potential threat to your and their data. BarclayCard is limiting its PayWave NFC solution to £15 purchases and requiring a pin is added for any amount above that threshold.
Okay, so security is something the purveyors of mobile payments solutions are aware of. They realize the security concerns and they are all taking precautions to avoid data being swiped while you are out and about, but are you always out? Of course not. Do you leave your phone on your desk or in your purse at work ? Is your phone charging at home or at a friend’s? Have you ever lost or misplaced your phone? We all have times when our phones are unattended but in the near future we may be losing our wallet, car keys and potentially home access in the process if NFC takes off as projected. Even if we find our phones again there is nothing to say our phones have not been skimmed in the meantime and all of our NFC data could be in use somewhere else on another gadget by a hacker with a stolen phone. NFC is yet to show a compelling case for security and that is why 75% of respondents to the MasterCard survey said they needed more assurances before they would use the technology. However it doesn’t need to be that way… Enter biometric sensors.
Are biometric sensors the future of security in NFC enabled Smart Phones?
California-based Kyocera thought biometric sensors fit the bill and so did 87% of its trial base back in 2007 when the earth was still warm and Jesus horses roamed the savanna. In fact, the survey, conducted by Insights Research Group, also revealed that more than 75% of testers were satisfied with their WirelessWallet transactions and the security aspects were handled by biometric sensors embedded in its phone. Put quite simply, the phone scanned a user’s biometric fingerprint and if that print was authenticated as the owner of the phone, gave access to the NFC portion of the phone to allow the user to complete a transaction. More impressively, it did that biometric scan in just a couple of seconds. See the video below to see how seamlessly they had biometric sensors in a phone working way back in 2007.
This was achieved using Authentec, Inc. proprietary biometric sensors and code and they have developed the technology further ever since. Authentec will also be speaking at COMPUTEX TAIPEI 2011 this June and will be demonstrating their full line of biometric solutions to boot. This is one way the industry could secure our data using our own very specific biometric information. It is not new technology and could ensure unwanted guests could not access your information without your knowledge no matter where your smart phone ends up. But biometric fingerprint scanners are not the only option.
Another company, VoiceVault, recently announced its “Voice to Biometric Smartphone Developer Program” which it describes as:
VoiceSign is part of the VoiceVault Enterprise product suite. It provides the capability to implement transaction authorisation applications where your voice is used to perform the biometric signature operation – it is a ‘speak on the dotted line’ capability.
In other words, if you are not the person who speaks into the phone, your personal data remains locked out and thus secure. Their software meets many security standards such as The E-Sign Act, HIPAA / CMS, DOI and FDA 21CFR Part 11 and has developed and offers a full SDK for developers to embed biometric capabilities technology straight into mobile operating systems such as Android or IOS.
The technology is already available to the likes of Google, Apple and Microsoft and also for smartphone manufacturers to secure your data properly. The question that remains is when we will see biometric sensors in real world products and we are perhaps seeing signs of biometric sensor development now.
Speculative signs that may mean Apple is working on developing biometric sensor technology into its products.
Way back on February 1oth of this year, patentlyapple.com posted an Apple patent that demonstrated how it could effectively turn a portion of an IOS device’s screen into a scanner among other things. The patent highlighted how “hovering sensory technologies” could be used in a multitude of ways, including scanning documents and bar codes. It is not beyond reason to think that Apple would also use this type of technology for fingerprint scanning with authentication for NFC technologies.
A second option could revolve around Siri, a company Apple purchased back in April 2010 that specialized in voice recognition and combined it with search capabilities on the IOS platform. Siri’s attributes by now are well rumored to appear in the next iteration of Apple’s iPhone and could be used in combination with a system like VoiceVault’s biometric system to authenticate access to NFC capabilities on future iPhones. This again can be seen in a separate patentlyapple.com post from way back in October of 2008.
To add further to the dizzying options available to Apple for biometric security: Apple reportedly purchased the Swedish company Polar Rose in 2010 who specialized in face recognition, which is also expected to be implemented into IOS at some time in the near future. See the demonstration video below:
And lastly, although we have seen no evidence to suggest any of the big players are researching it, we wouldn’t be doing our job properly if we didn’t mention iris recognition. Again a technology that’s not new and has companies like Neuro Technology’s VeriEye. It is available with an SDK and in the company’s own words: “VeriEye Standard and Extended SDK. The Standard SDK is intended for PC-based biometric application development and the Extended SDK is suitable for developing Web-based biometric systems.” Their system could be built around any current flavor of mobile OS. If that is not enough, security Neuro Technology also offers the MegaMatcher SDK which is intended for development of multi-biometric iris, fingerprint and face identification products.
Apple has had the time and has the resources to include technologies that are already established and that, in the case of Authentec’s biometric solutions, have been around for years. Google and other manufacturers of smartphones also have access to these biometric technologies and at the end of the day it is up to us whether we use NFC phones with or without Biometric security.
The dichotomy of using biometric processes though is nothing less than ironic. We have to hand over our private biometric data to large corporations to allow them to protect our personal data. The irony doesn’t end there though because we would also have to give up our credit cards and buy new phones to be able to give our personal data to these monolithic organizations. It’s a funny old world sometimes.
We want to know your concerns about NFC payment solutions or other biometric technologies you know of, to protect personal data from being intervened or stolen from our smartphones.