LONDON – Inside Secure SA, a supplier of contactless smartcard chips, has announced the availability of biometric matching capabilities for its SecuRead NFC component.
Inside (Aix-en-Provence) said that the system-in-package device enables manufacturers of NFC-enabled devices to provide two-factor security and greater privacy for a variety of mobile applications.
The component uses fingerprint identification software from Neurotechnology (Vilnius, Lithuania) running on the SecuRead secure element and debuts on the TazCard, the NFC electronic wallet from TazTag SA (Bruz, France).
A demonstration at Mobile World Congress employs a personal computer with a small fingerprint scanner attached to it representing a point-of-sale (POS) terminal and a TazCard NFC wallet running a payment application.
The PC will first be used to capture the TazCard user's fingerprint as part of the enrollment process. The fingerprint minutiae points will be extracted by the Neurotechnology software on the PC and transmitted to the TazCard, where it will be securely stored in the SecuRead. When a purchase is attempted the SecuRead will use its onboard Neurotechnology software to compare new fingerprint data with the trusted data previously stored during enrollment and which never leaves the secure element. If the two match the payment transaction will be allowed to proceed. The same process can be used for other types of applications such as secured access control or ID.
Th TazCard incorporates both the SecuRead module and the VaultIC security module to protect access to the personal data and applications. VaultIC provides secure storage of keys, certificates and user data while dramatically reducing or eliminating the need for custom development.
"Privacy is ensured because once the user's fingerprint is stored in the secure element of the SecuRead device, all subsequent fingerprint matching operations are processed there, too, and the original fingerprint data is never exposed again," said Bastien Latge, senior product manager, secure element and mobile applications at Inside Secure, in a statement.
"By teaming with Inside Secure and Neurotechnology, TazTag is able to deliver the first commercial NFC device with this capability, and is already working with a customer to help them develop a banking application," said Eric Fouchard, CEO of TazTag.
There are steps you can take that ensure security and authorize valid / legal transaction (like storing authenticating signatures on the cloud) but this raises a whole lot of can of worms on privacy. I am sure there are ways to store one's biometric data in their handhelds and encode it during NFC for authentication. Standardization is clearly needed in this area.
I abhor the idea of storing one's biometric signatures on the cloud including POS systems (a good majority of them are already in the cloud, albeit private). We have already heard of many examples where people's personal data including social security information have been hacked. The purpose of biometrics was precisely to avoid such break-in's so I would hate to see an alternate system evolve with the same weaknesses.
Dr. MP Divakar
This approach is severely flawed and will almost certainly cause you biometric identity to be compromised. Currently identity thieves hacking into or snooping POS systems only capture credit card numbers and your name and address. The damage is usually limited and fraudulent charges are generally canceled without too much trouble. However this system will now allow hackers capture your biometric identity (one you can't change). Every time you use your card your fingerprint is scanned and sent "in the clear" over a network and is stored at least temporary on a PC that has little or no security.
The only secure biometrics approach is to do both capture and matching on card. Otherwise you might as well publish your fingerprints on-line.
Security is no doubt the main concern of eWallet. Fingerprint recognition seemingly is the choice of secured eWallet. More security may also mean a difficulty for the owner to deliver cash to the retailer. What if my finger was cut and had a bandaid on it?
What I don't get from the article is what the fingerprint technology has to do with nanotechnology and bio-metrics. Any further information may help.
If a person need to check the finger print at the time of purchase, he is supposed to touch the fingerprint scanner, then how come the technology is named contactless? I would also say that there is still not standard for person identification which can be commonly adapted.
t.alex has it the problem squarely on the head. Several attempts have been made using different approaches. Each party is trying to figure out how they can get the most out of the transaction fees, so there is a disparity in communication protocols, transaction terminals, and NFC methods.
The problem is compounded by trying to prevent potential hacking by identity thieves...even though most credit card and payment fraud usually involves an inside connection (no pun or offense intended to Inside Secure).
NFC seems to be the perfect choice for payment. However, I wonder if the solution is standardized? (i.e. it is not vendor-dependent)? Just imagine your NFC-enabled phone can only pay at a few stores and not many others.
One more vendor for NFC solutions.
Each tag can be unique from fabrication. But involving the fingerprint does add more security.
Seems that NFC is being used mainly for paying purchases and ticketing but... how about other applications? Anyone?