A Smart Mobile Identity for our smart mobile lifestyle

I must admit that I didn’t come up with the term Smart Mobile Identity. For that I have to thank Joey Pritikin at AOptix who I was lucky enough to meet at the recent Biometrics exhibition and conference in London during the last week of October 2012. I first came across the term in a presentation that Joey gave at last year’s Biometrics conference where he discussed how standard smart phones can be leveraged for biometric purposes, including user authentication and  identity verification [Presentation: Smart Mobile Identity – Beyond Single Purpose Handheld Biometric Devices].

In my opinion, the term Smart Mobile Identity really sums up the next generation of mobile-based authentication and identity verification solutions – something that I have been involved in for the best part of ten years through various roles including my current one as Managing Director of Goode Intelligence.

To me, Smart Mobile Identity is about leveraging the capabilities of a modern smart mobile device (SMD) to ensure that our identities are proven or verified when identity proof (authentication if you like) is required. Not only for proving identity when accessing digital services through a desktop computer but also for mobile initiated access and even when we present ourselves in the physical world; at a country border or when accessing health or social security services. I also include proving our identity when accessing digital services using other connected devices, such as gaming consoles, automobiles, smart TVs etc; adaptive and agile authentication and identity verification to support the Internet of things. As someone who owns an Xbox 360 Kinect device, the idea of using a voiceprint or a facial scan to access Xbox LIVE is a realistic possibility.

For mobile device-based authentication and identity verification solutions, the simplest scenario is being sent a one-time-password (OTP) via SMS when authenticating ourselves into a network-based service, e.g. Google’s Authenticator or 2-step verification process. However, this is changing rapidly and we are in the midst of an evolution in mobile-based authentication and identity verification solutions; moving away from porting existing, non-mobile centric, services to the mobile to designing solutions specifically for mobile. Using the microphone for voice biometrics, a GPS sensor for Geo-location, a combination of the accelerometer and touchscreen for continuous behavioural assessment, securely storing digital certificates in the SIM or Secure Element (SE) and the camera for facial and eye vein biometrics (take a look at start-up EyeVerify for this). All these examples work with standard SMDs now; no need for any specialist equipment.

In addition to these examples, new opportunities are being presented with the next generation of SMDs that contain new types of embedded sensors, including NFC, embedded fingerprint and voice recognition sensors. You can also adapt existing SMDs with add-on sleeves that enable fingerprint recognition (Precise Biometrics Tactivo sleeve) and can support smart cards and NFC. The need for single-purpose devices to capture and verify biometrics in the field may become obsolete as a result of these developments.

Smart mobile devices offer so many opportunities for authentication and identity verification and this blog can only scratch at the surface of what can and will be offered – some of the solutions even encroach into the realms of science fiction. I was fascinated to come across the iTravel patent from Apple detailing what the Cupertino tech giant believes to be the possibility of using a mobile wallet for travel purposes. Managing the end-to-end travel process from reservation, to ticket receipt/validation, check-in and baggage claim through to identification at border control. I think all but the last scenario achievable now but I believe that we are far off from using our mobile devices as virtual passports.

That said, perhaps we are seeing pieces of the jigsaw that tell us how Apple will integrate the recently acquired fingerprint sensor technology from AuthenTec – an agile, and very personal, way to protect our wallets or in Apple’s case our Passbook. Swiping a finger to lock and unlock our digital wallets.

Every discussion that I have with technology companies involved in this space, and this includes many of the major authentication and biometric vendors, involves how best to utilise the smart mobile device for authentication and identity verification purposes. My recent attendance at the RSA Europe conference and Biometrics Conference, both held in London, was largely occupied with meetings with clients and tech vendors that were investing serious R&D resources into this area of technology.

A number of forward looking organisations and technology vendors are already leveraging the capabilities of the smart mobile device for authentication and identity verification purposes. Through my work at Goode Intelligence I have been exploring the capabilities of mobile devices for authentication and identity verification and this includes the recent publication of two free-to-download white papers; Two-Factor Authentication Goes Mobile and The Case for Mobile MFV.

Goode Intelligence will continue to track this market and you can expect some new publications covering smart mobile identity in the coming months.

Please get in touch if you want to discuss this further or are a technology innovator working in this exciting field. 

Back from MWC#1: The time is right for mobile biometric security

My feet have just about recovered from the many miles walked during the recent Mobile World Congress in Barcelona – I even had to dodge the barricades put up to contain the student protesters (I counted twenty protestors and a couple of hundred Police) to congratulate Alan Giles and the team at Fiberlink after picking up a GSMA 2012 Mobile Award for “Best Enterprise Mobile Solution” for their MaaS360 MDM solution. A very worthy winner.

As a GSMA 2012 judge myself, I was honoured to be chosen to judge the "Best Technology Product or Solution for Safeguarding and Empowering Customers". This was won by Cloudmark for their Mobile Messaging Security Suite. 

Global Bilgi for Turkcell Voice Verification

I was very impressed by all of the nominees in this category and was delighted that one of the nominees that made it to the shortlist was from a mobile network operator that had deployed a biometric security solution that supported mobile devices; Turkcell’s Global Bilgi for Turkcell Voice Verification voice biometric service, powered by PerSay’s VocalPassword technology provided by Nuance Communications. The solution uses a biometric speaker verification system that verifies a speaker’s identity using acquired voice samples. Samples of the caller’s voice are converted into voiceprints, or unique algorithms based on the specific characteristics of the voice that are used to authenticate and prove identity of Turkcell customers calling into their call centre. The solution replaces a 4-digit PIN-based authentication solution and has proved to be very successful with a reported four million enrolled voiceprints.[1]

My research at Goode Intelligence into the market for mobile biometric security products and services concluded that voice recognition services would be one of the biometric modalities that would be successful in what are, the pioneering stages of biometric security adoption on smart mobile devices (SMD).

VoiceVault

Another technology vendor that has developed a very interesting voice recognition product is the UK-based technology vendor VoiceVault. I was speaking with their Director of Product Marketing recently, Nik Stanbridge, who was starting to see a change in the market with “significant opportunities being turned into contracts”. Both Nik and I agree that we are seeing positive signs of growth in the mobile biometric security market, largely driven by SMDs becoming the “key entry points” for much of our personal and business lives. This trend is being accelerated by mobile voice-based solutions including Apple’s SIRI that according to Stanbridge, makes “people less reluctant / embarrassed at the thought of speaking into a mobile device”.

VoiceVault’s solutions are focussed on identity verification and transaction authorisation for two main use-cases:

1. On the device itself (phone lock / unlock)
2. As part of a device-based app’s mechanism for logging onto a website - a high-security replacement for a password

Mobbeel

Another vendor that was showcasing their mobile biometric security solutions during MWC was Spanish-based vendor Mobbeel. I have been following their progress for some time now and was pleased to catch up with Rodrigo Sanchez Gonzalez, CTO, and Abraham Holgado Garcia, Research and Development Director, on their stand in the Spanish area of La Fira Courtyard.

Mobbeel are a relatively young company that have become pioneers in the world of mobile biometric security. Their strength is to use the standard features of a modern mobile device; touchscreen, camera and speaker, fast processor, to support a variety of biometric modalities including signature, iris, facial, hand and voice recognition.  Unlike one of the other, much talked about, mobile technologies, Near Field Communication (NFC), their solutions are not reliant on an OEM to embed specific hardware, such as a fingerprint sensor.

I really like this company as they are not just developing ground-breaking technology but developing use-cases and stories to educate the market. Market education is sometimes extremely useful in emerging technologies such as this. Take a look at their video channel to see what I mean.

Fujitsu

Just across the courtyard area where Mobbeel were showcasing their technology was the Japanese based OEM, Fujitsu that used MWC to launch a new range of SMDs to the European market. As well as being able to take these devices into the shower or swimming with you (their waterproof capabilities were ably demonstrated by an army of suitable wet-weather attired exhibitors) these quad-core powered mobiles include embedded fingerprint sensors.

Using the same AuthenTec supplied fingerprint sensors that have been powering NFC-based physical payments in Japan through mobile network operator NTT DoCoMO, Fujitsu aims to differentiate its devices from the crowd.

As someone who regularly uses a fingerprint sensor on his Motorola Atrix 4G (another example of an AuthenTec supplied fingerprint sensor) to protect a device from unauthorised access I can definitely see the advantages of such a technology. However, Fujitsu, needs to release APIs and SDKs into the developer community to enable these devices to support other authentication and identification features. This will ensure that this technology becomes a must-have and not a maybe technology.

The time is right for mobile biometric security

One of my roles as MD of Goode Intelligence is to track emerging technologies in mobile security and to predict whether these technologies will succeed and enter the mainstream.

My research into this sector started over one year ago and resulted in the publication of an analyst report in June 2011, “mobile phone security – analysis and forecasts 2011-2015”. In the report I predicted that a biometric groundswell is building for Smart Mobile Devices. The market is currently slow; but pressure is growing.

My subsequent tracking of this market and the buzz that was surrounding this technology at this year’s MWC in Barcelona reconfirms my view that that conditions are ripe for rapid change; for biometrics to move from an ‘interesting concept’ to a 'must have' for all SMDs. 

---

[1] case study: Turkcell Global Bilgi Nuance VocalPassword™ Deployment Achieves Industry-Leading Adoption Rates (December 2011)