Samsung leads the way in mobile biometrics with the Samsung Galaxy S5

In an announcement to a packed auditorium at Mobile World Congress 2014 on the evening of the 24 February 2014, Samsung launched their latest flagship Galaxy smartphone, the S5, containing an integrated fingerprint sensor.

We still need more information on the specifics of how the sensor will operate and interact with the associated services but this is what we know.

The S5 fingerprint sensor is a swipe located on the front of the device underneath the physical home button.

In a promising move from Samsung, they have initially linked the sensor to four consumer and enterprise services that include:

• Phone unlock
• Private Mode protection. To protect important documents contained in a secure vault
• Mobile payments via the pre-installed PayPal app
• As part of a multifactor authentication (MFA) solution (Fingerprint + Password) for Knox 2.0 authentication

According to reports, the fingerprint service cab register three separate fingerprints and takes up to eight swipes to initially register a user's fingerprint as part of the enrolment process.

The mobile payments app is provided by PayPal who have been working on the development of the supporting ecosystem for a number of years. By leveraging a combination of hardware and software services that include:

• Integrated fingerprint sensor
• Hardware security environment provided by TrustZone (Secure Element, SE and Trusted Execution Zone, TEE)
• Secure authentication protocol and infrastructure (mobile client and server) as part of FIDO Alliance OSTP and commercialised by Nok Nok Labs
• Merchant service infrastructure to support PayPal mobile payments

Hill Ferguson, chief product officer, PayPal, commented on the development; "By working with Samsung to leverage fingerprint authentication technology on their new Galaxy S5, we are able to demonstrate that consumers don't need to face a tradeoff between security and convenience."

By leveraging the FIDO-ready software, PayPal says that customers can use their finger to pay on the device securely without revealing their fingerprint templates. The FIDO-aware software, created by Nok Nok Labs, communicates between the fingerprint sensor on their phone and its service in the cloud. The only information the device shares with PayPal is a unique encrypted key that is used for identifying the customer without having to store any biometric information on PayPal’s servers.

The fingerprint template is securely stored within the SE and is protected by ARM’s TrustZone environment. This makes it difficult to access or tamper with the biometric template and also allays privacy concerns of having to store a fingerprint in a networked database.

This is extremely positive news for the whole industry.

This is an extract from an analysis of the Samsung S5 found in a Goode Intelligence Market Intelligence report (Fingerprint Biometrics Market Intelligence third edition)

The Changing Face of IT – The Twin Challenges of Mobile and Service Oriented IT

More and more frequently, users are accessing corporate information from a variety of devices – not just corporate-issued PCs, but from mobile devices and tablets that may have a dual purpose as personal devices.  

In a recent white paper I wrote, published by Goode Intelligence, I explored the key questions IT needs to consider as they search for more convenient methods to secure and protect access to sensitive information; sometimes on infrastructure that they do not own or control.

I invite you to listen to a short video discussion that I had with Ian Williams, Head of Market Intelligence, RSA that is now available on YouTube.

What are the new IT challenges brought on by mobile and cloud adoption? The Changing Face of IT – The Twin Challenges of Mobile and Service Oriented IT

For additional details, the full white paper is available for download; “Next Generation Authentication for the Mobile Ready Enterprise”