Policy, technology, and business cases remain hypothetical
16 April, 2012
Smart phones and tablets have not been able to achieve necessary levels of security but Good Technology and ActivIdentity are working to mobilize smart cards and the underlying secure element technology. This solution enables email and document encryption, cryptographic signing of emails and forms, and extends public key infrastructure authentication tools to custom applications previously not enabled on smart phones and tablets.
As the handsets gets more functionality the use will go beyond basic access to information, Becquart says. With NFC embedded physical access control can be added to the handset as well.
These converged physical and logical access systems will enable organizations to greatly increase security. Employees would have to wave their phone to gain access to the front door of a building, and if they didn’t authenticate at the door they won’t be able to access their computer.
The handset would also be the key for entry into the computer and instead of having to enter a long, complex password an individual might just have to remember a PIN, says Jon Callas, CTO at Entrust. Also, if an individual walks away with their handset the desktop would lock.
The GPS feature on smart phones could also play a part with security. If the network shows that someone is trying to remotely access email from an unusual location it could check the GPS on the employee’s smart phone to see if they are in that area. “Companies will be able to look at where you’ve been and determine if a transaction is too risky,” Becquart says.
Easy, yet secure, authentication on the mobile
Individuals want to do more and more with the mobile devices, but often the device itself is unprotected or using additional security is cumbersome.
A survey by Confident Technologies found that 65% of respondents reported using their personal mobile device to access work email or the company computer network, and more than half said they do not use a password or PIN to lock their smart phone or tablet. Some 44% of those who do not lock their mobile devices said that using a password is “too cumbersome.”
An additional 66% of respondents said they try to leave applications on their smart phones perpetually logged-in unless they are required by the application to log in every time.
Logging on to Web sites with mobile devices can be difficult. Even with handsets that have QWERTY keyboards it’s difficult to enter the complex user names and passwords required by some corporate sites. Confident Technologies is trying to make the mobile login process secure as well as easy, says Curtis Staker, president and CEO at the company.
With Confident’s image-based technology a user enrolls in the system by picking a category of photos, for example animals, and then chooses the specific images for their login. When returning to the site the individual is presented with a group of images in random order and taps the ones specific to their login.
The specific pictures and their location on the grid are different each time, forming a unique, one-time authentication code every time. All the user needs to do is remember a few categories and look for pictures that fit those categories. You get the usability without forsaking the usability,” Staker says.
GSMA: SIM-based NFC gains support of 45 mobile operators
The GSM Association announced that 45 of the world’s mobile operators have committed to supporting and implementing SIM-based NFC services.
Chief among these companies are China Mobile and China Unicom, which account for nearly 800 million subscribers throughout China. Other major operators include Deutsche Telekom, KT Corporation, Orange, SK Telecom, Telefónica, Telecom Italia, Turkcell, Verizon and Vodafone.
ISIS, the organization formed by AT&T, T-Mobile and Verizon to build a nationwide mobile commerce network in the U.S., has also announced its support for SIM-based NFC.
According to research firm Strategy Analytics, nearly 1.5 billion SIM-based handsets will be sold worldwide between 2010 and 2016, supporting transactions of more than $50 billion globally over the period.
SD Association, GlobalPlatform to include NFC in new SD standards
The SD Association has announced a new collaboration with GlobalPlatform to include smart chip technology in SD standards, enabling mobile phones and other portable devices to provide authentication services with SD memory cards.
Standardized authentication services on microSD and full-size SD memory cards could transform consumers’ mobile phones and devices into electronic wallets, enabling NFC-enabled cashless payments and paperless identification, plus a variety of value-added applications leveraging NFC.
According to the association, offering NFC on SD memory cards opens new business models for any authentication process, including:
- Mobile commerce: Consumers can use devices equipped with smart microSD cards to make contactless payments for anything from groceries to subway fare.
- Customized services: Content and service providers can customize features, offers and rewards automatically, eliminating manual entry of customer identifiers such as account or rewards card numbers. For example, airlines could automatically review customer accounts for upgrade and other frequent flier rewards.
- Secure access/Personal ID: Users could store digital identification cards and redeem access control credentials on their mobile device.
- Secure voice: Smart microSD cards can support hardware encrypted voice services, a security method used by governments, emergency services and corporations.
In each of these new business models, the microSD and full-size SD memory cards would provide the secure element, based on GlobalPlatform standards, for authorization purposes and would only be active in the authorized device.