The Use of Biometrics in the Mobile Space

Finjan TeamBlog, Cybersecurity

Finjan The Use of Biometrics in the Mobile Space

With data breaches, fraud, and identity theft so often in the news, network and Internet users at all levels are anxious for ways to safeguard their information and protect themselves from malicious intrusions and criminal acts.

But passwords, PINs, security codes and encryption keys are notoriously difficult to remember and use – especially when so many people transact their affairs on mobile devices with low form factors and tiny screens.

So a “no fuss”, largely error resistant and secure means of personal identification and authentication is what the current climate demands. And increasingly, this is being provided through biometric technology.

Biometrics – Beyond Fingerprints

When the Apple iPhone 5S hit the market in 2013 with its Touch ID system, the concept of the fingerprint sensor having applications at consumer level went mainstream. With Samsung following up with fingerprint technology in its Galaxy 5S handset, and with endorsement from the likes of PayPal for user authentication to guarantee payments, this particular strand of biometric science has gained much ground in the years since. Original equipment manufacturers (OEMs) have jumped on the bandwagon, and on-board fingerprint sensors now ship as standard on the latest mobile phone models.

But evolutions in security technology tend to breed parallel developments in the science of cyber-crime, and circumvention measures making it possible to “spoof” a person’s fingerprints and fool a scanner have long since emerged.

Attention has turned to other biometrics as keys to alternative methods of authentication, and technologies are emerging based on techniques such as face recognition, voice recognition, the mapping of vein patterns, and the unique patterns in the iris of the human eye. Mobile phone technology, with its native provision of microphones, front-facing cameras and touch-sensitive screens is ideally placed for the implementation of these techniques, in so-called “multi-modal” biometric deployments.

Biometrics – A Growing Global Business

It’s an expanding market, with the likes of Google Intelligence predicting that 3.4 billion people will have a mobile phone incorporating biometric sensors, by 2018.

In March, the city of Barcelona in Spain hosted the Mobile World Congress 2016, an event which showcases the latest trends and technologies in the industry. Biometrics figured large, with notable contributions from French vendor Safran Morpho, which has partnered with credit card giant Visa to foster innovations in biometric finance. Long-time rival MasterCard responded with a demonstration of its new mobile app for multi-part online payment verification. And manufacturer Sony displayed proof of concept models for a proposed range of biometric wearables.

Payments on the Move

With the loss of over $1 billion in the past 18 months to fraudulent and untraceable wire transfers, financial institutions and finance technology (FinTech) are amongst the major drivers in the push toward biometric authentication. Figures from The World Bank suggest that the global market in wire transfer remittances will reach reach $610 billion by the end of 2016, and finance houses are keen to introduce additional layers of security such as voice-printing into the funds transfer process.

Another driver has been the emergence of the mobile wallet. With a tap on their mobile phone’s fingerprint sensor, subscribers to the Apple Pay or Samsung Pay services can authorise instant payments for services and consumer goods. Banks and other institutions are welcoming the technology as a comparatively low-risk payment option, and are looking to roll out services and offerings to improve the mobile device experience of their customers.

On a wide range of handsets, the technology is already in place. And existing mobile apps for banking can tap into it via updates supporting a certain biometric mode, or combination of modalities.

Enterprise, Health, and Beyond

On the corporate front, Mobile Device Management or MDM solutions look to be the key to incorporating biometric authentication strategies into user access and identification under Bring Your Own Device (BYOD) policies. And biometric databases may be instrumental in authorising remote care solutions in the health industry, and beefing up the security of electronic health records (EHR).

Aside from employee management, customer and patient care, there are obvious and existing applications in the travel and security sectors, with emergency response teams, law enforcement and border control agencies tapping into biometric databases and mobile authentication solutions to increase their operational efficiency.

Beyond the Hand-held

Mobile phones are only one example of the potential of hand-held devices for biometric authentication. In the aftermath of the discovery of crashed AirAsia Flight QZ8501 in late 2014 / early 2015, recovery teams equipped with the Mobile Automatic Multi-Biometric Identification System (MAMBIS) deployed on Trident hand-held readers from Credence ID were able to record 100% matches on victims whose fingerprints hadn’t been damaged in the crash, with 60% success in other cases. A grim success, but indicative of the pace of evolving technologies.

As devices become smaller, smarter, and more connected, and the Internet of Things (IoT) continues to grow, security analysts are looking to biometric technologies to help add extra layers of security to an expanding range of appliances and consumer goods which at present are largely vulnerable.

The Natural Voice

As suggested earlier, it’s all too possible for an infiltrator to construct a workable set of fingerprints with latent prints lifted from a victim’s home or workplace, using a gel-like substance and a 3D printer – results good enough to fool a fingerprint sensor. So a single line of authentication may not be enough.

Voice biometrics draws on over 100 characteristics unique to the vocal pattern of each individual, to provide a highly secure alternative. And it’s an alternative with a potentially huge scope of applications. Microphones are already integral to smartphone technology, and are increasingly part of the input system for wearable devices. Coupled with speech recognition and natural-language assistants, there’s potential for user authentication and command and control functionality over a range of systems.

Going Live

The need to stay one step ahead of the fraudsters who look to use gelatin fingers and high-definition audio recordings to bypass strict biometric controls is fuelling a drive toward “live” biometric solutions. Here, for example, fingerprint scanners will come equipped with additional sensors capable of matching the impression on their screens with the body temperature and blood characteristics of a specific individual, as contained in their databases. And voice commands may be matched with images captured of the person as they speak.

The technology is already in its first stages, with software development kits (SDKs) and software-based systems from the likes of NexID.

Authentication using Biometrics and related technologies is set to play an important role in the security applications of an increasingly mobile world.

Share this Post

Article Name
A Closer Look at the Use of Biometrics in the Mobile Space
Authentication using Biometrics and related technologies is set to play an important role in the security applications of an increasingly mobile world.