Natural Security Alliance Workshop in Marseille will be the opportunity to delve into very hot topics:
- How will biometrics affect our very notion of security?
- How can we trust that biometric implementations will be secure?
- Is there a role for evaluation and certification in the new rollout of biometrics-based services?
- Local vs. global: Is there a place for local regulations?
Biometrics on mobile devices: The need for open interfaces
The scope of application of mainstream biometrics is expanding:
- New uses, including in the service industry (e.g. access to online banking services).
- Different implementations (e.g. all sorts of connected objects, not just mobile phones).
- All possible transactions (e.g. transfers, wallets, digital IDs).
- New acquisition methods (e.g. using a biometric reader connected to a payment or access control terminal).
But deployments depend on proprietary technologies, whose performance can be hard to evaluate and which cannot be accessed outside the manufacturer’s ecosystem.
A study recently published by Mobey Forum clearly shows strong user demand for open interfaces. To the question “Handset manufacturers have been integrating fingerprint sensor in mobile devices. Some of the fingerprint sensors have an open interface, where the authentication data can be controlled by the bank or a provider chosen by the bank. How do you see this development?”, 83% of companies surveyed responded, “A fingerprint sensor with an open interface is an opportunity for us.”
An open interface paves the way for:
- Laying the groundwork for an interoperability scheme: personal objects can be used both as acquisition terminals and for processing biometric data; existing biometric standards can be combined with secure exchanges between acquisition and data processing terminals to create an open ecosystem of technologies suited to different use cases.
- Implementing an evaluation and certification scheme.
- Evaluating performance and security level using a white box approach (rather than a black box approach).
Smartphones vs. connected objects
An open interface makes it possible to implement strong authentication technology in different form factors, giving users the freedom to choose their device, brand and features. Such openness expands the market to include all users, not just consumers with smartphones or objects made by a certain company. It also enables users who so choose to have a specific object dedicated to transactions, in addition to their cards and phone.
Use cases that require strong authentication
The standard defined by Natural Security now addresses all use cases requiring strong authentication based on a quick and simple user experience that does not compromise data protection.
In the beginning the standard focused on payment transactions and was designed to be an open specification for all types of electronic payment (e.g. EMV, wallet, direct debit). Cash withdrawals extended these use cases by requiring the development of an object that covered all payment methods.
Physical access control allows users to be authenticated via a biometric reader without having to handle a device and without relying on a database. This offers enhanced security through the use of at least two factors and portability to different locations.
Online authentication is both a natural extension and a combination of the above use cases. Natural Security’s standard makes it possible to design a universal authenticator that can connect to all personal screens (e.g. TVs, tablets, mobile phones, computers, cars) and be used in stores, in bank branches and at kiosks.
Implementation: The foundation of security and interoperability
Biometrics is not in and of itself a security factor. It is how it is used with an object that gives it the strength and characteristics for which it is known (portability, resistance to attack, revocability).
Under the Natural Security standard, different implementations can therefore be categorized according to form factor, use case and user experience. This workshop will provide the opportunity to examine these different implementations using actual cases.
Regulations: Local vs. global
Biometric data protection regulations vary considerably around the world, ranging from nonexistent to strict directives on how data can be used.
This workshop will also provide the opportunity to take stock of the European directive and to look at how Natural Security’s standard resolves data protection challenges using Privacy by Design and Privacy by Default.
How to attend ?
Free for attendees of the Identity and Protection Services for Government, Mobility and Enterprise – Sept. 15-17, 2015 – Marseille Provence, France.
Natural Security Alliance members are eligible for a discounted registration rate. €800 excl.vat instead of €1050 excl.vat, through WSWHK12SQS1 registration code.
The event takes place at the prestigious “Palais du Pharo” (Pharo Palace), a central venue which offers impressive views both on the Mediterranean Sea and Marseille’s Old Port.
 Mobey Forum’s Biometrics Survey Results, July 2015