I must admit that I didn’t come up with the term Smart Mobile Identity. For that I have
to thank Joey Pritikin at AOptix who I was
lucky enough to meet at the recent Biometrics
exhibition and conference in London during the last week of October 2012. I
first came across the term in a presentation that Joey gave at last year’s Biometrics
conference where he discussed how standard smart phones can be leveraged
for biometric purposes, including user authentication and identity verification [Presentation: Smart Mobile Identity – Beyond Single Purpose Handheld
Biometric Devices].
In my opinion, the term Smart
Mobile Identity really sums up the next generation of mobile-based
authentication and identity verification solutions – something that I have been
involved in for the best part of ten years through various roles including my
current one as Managing Director of Goode
Intelligence.
To me, Smart Mobile
Identity is about leveraging the capabilities of a modern smart mobile
device (SMD) to ensure that our identities are proven or verified when identity
proof (authentication if you like) is required. Not only for proving identity when
accessing digital services through a desktop computer but also for mobile
initiated access and even when we present ourselves in the physical world; at a
country border or when accessing health or social security services. I also
include proving our identity when accessing digital services using other
connected devices, such as gaming consoles, automobiles, smart TVs etc;
adaptive and agile authentication and identity verification to support the
Internet of things. As someone who owns an Xbox 360 Kinect device, the idea of
using a voiceprint or a facial scan to access Xbox LIVE is a realistic possibility.
For mobile device-based authentication and identity
verification solutions, the simplest scenario is being sent a one-time-password
(OTP) via SMS when authenticating ourselves into a network-based service, e.g.
Google’s Authenticator or 2-step verification process. However, this is
changing rapidly and we are in the midst of an evolution in mobile-based
authentication and identity verification solutions; moving away from porting
existing, non-mobile centric, services to the mobile to designing solutions specifically
for mobile. Using the microphone for voice biometrics, a GPS sensor for
Geo-location, a combination of the accelerometer and touchscreen for continuous
behavioural assessment, securely storing digital certificates in the SIM or Secure
Element (SE) and the camera for facial and eye vein biometrics (take a look at
start-up EyeVerify for this). All these
examples work with standard SMDs now; no need for any specialist equipment.
In addition to these examples, new opportunities are being
presented with the next generation of SMDs that contain new types of embedded
sensors, including NFC, embedded fingerprint and voice recognition sensors. You
can also adapt existing SMDs with add-on sleeves that enable fingerprint recognition
(Precise Biometrics Tactivo
sleeve) and can support smart cards and NFC. The need for single-purpose
devices to capture and verify biometrics in the field may become obsolete as a result
of these developments.
Smart mobile devices offer so many opportunities for authentication
and identity verification and this blog can only scratch at the surface of what
can and will be offered – some of the solutions even encroach into the realms
of science fiction. I was fascinated to come across the iTravel
patent from Apple detailing what the Cupertino tech giant believes to be
the possibility of using a mobile wallet for travel purposes. Managing the end-to-end
travel process from reservation, to ticket receipt/validation, check-in and baggage
claim through to identification at border control. I think all but the last
scenario achievable now but I believe that we are far off from using our mobile
devices as virtual passports.
That said, perhaps we are seeing pieces of the jigsaw that tell
us how Apple will integrate the recently acquired fingerprint sensor technology
from AuthenTec – an agile, and very personal, way to protect our wallets or in
Apple’s case our Passbook. Swiping a
finger to lock and unlock our digital wallets.
Every discussion that I have with technology companies
involved in this space, and this includes many of the major authentication and
biometric vendors, involves how best to utilise the smart mobile device for
authentication and identity verification purposes. My recent attendance at the RSA
Europe conference and Biometrics Conference, both held in London, was largely
occupied with meetings with clients and tech vendors that were investing
serious R&D resources into this area of technology.
A number of forward looking organisations and technology
vendors are already leveraging the capabilities of the smart mobile device for
authentication and identity verification purposes. Through my work at Goode
Intelligence I have been exploring the capabilities of mobile devices for
authentication and identity verification and this includes the recent publication
of two free-to-download white papers; Two-Factor
Authentication Goes Mobile and The
Case for Mobile MFV.
Goode Intelligence will continue to track this market and you
can expect some new publications covering smart mobile identity in the coming
months.
Please get in touch if you want to discuss this further or
are a technology innovator working in this exciting field.
No comments:
Post a Comment