Microsoft to secure Windows 10 with FIDO two-factor authentication including biometrics

TECHNOLOGY

www.biometrics-today.com

ISSN 0969-4765 March 2015

banking

Contents

RBS and NatWest mobile customers log in with fingerprint biometrics

C

ustomers of UK banks RBS and NatWest can now use Apple’s Touch ID fingerprint sensor to log into their bank accounts on mobile devices. Customers must activate the feature with their security information within the RBS or NatWest mobile banking apps. Nearly 50% of the banks’ 15m customers use online banking, with over 3m customers using the mobile app every week. RBS and NatWest have 1.8m active iPhone users who use the app on average 40 times per month and over 167,000 of RBS and NatWest’s customers use it between 7am and 8am on their commute to work every day. RBS and NatWest introduced Touch ID following feedback from their customers, who took to the banks’ online community forum ‘Ideas Bank’ to ask for the latest technology in the mobile banking app. A report from Tractica indicates that finance and government will dominate activity in the mobile biometrics market. Tractica forecasts that from a base of $249m 2015, global mobile biometrics revenue will reach $3.5bn by 2024, with cumulative revenue for the 10-year period totalling $17.5bn. Apple’s Touch ID was introduced two years ago. The banks will make this feature available

to customers with the iPhone 5S, iPhone 6 and iPhone 6 Plus smartphones using apps. Failed log-in attempts will force customers to re-enter their passcodes. African retail bank Diamond Bank has also launched a fingerprint recognition feature on its Diamond Mobile App. The service is based on iOS Touch ID and allows users of the mobile app to log in to their accounts by recognising and identifying their fingerprints. AVG’s senior security evangelist Tony Anscombe, says consumers should not be worried about the security implications of biometric authentication: “The process of recreating someone’s fingerprint is both difficult and time consuming and therefore unlikely to be an issue for the mass consumer audience. If you look back a few years, only a few people used PIN numbers on their phones. If the introduction of swipe codes and biometric security increases the number of people with locked phones, isn’t that a good thing?” * Crealogix is to use Touch ID-based security for mobile banking. When customers log in to mobile banking using the CLX.PortalApp they can choose between a username and password combination or Touch ID. Apple and Samsung devices that come with fingerprint sensors are supported.

access control

Microsoft to secure Windows 10 with FIDO two-factor authentication including biometrics

M

icrosoft has announced plans to secure Windows 10 with FIDO standards-based two-factor authentication. In future a PIN may be combined with biometrics, such as a fingerprint, to allow the user

TODAY

biometric

to sign in to any supported mobile service. Scott Charney, corporate vice president of Trustworthy Computing, who is responsible for a range of corporate programmes that influence Continued on page 2...

News RBS and NatWest mobile customers log in with fingerprint biometrics 1 Microsoft to secure Windows 10 with FIDO two-factor authentication including biometrics 1 AGNITiO and Nok Nok Labs unveil FIDO-ready products with UAF 2 SEKUR Me integrates fingerprint recognition into mobile online payment app 2 NXT-ID files patent for voice recognition-based payment 2 Hoyos Labs unveils biometrics-based ATM linked with mobile banking app 3 FotoNation snaps up iris firm Smart Sensors Limited 3 ZTE Grand S3 to feature eye-based biometrics from EyeVerify 3 Pakistan Telecommunication Authority completes biometric mobile phone tracking process 3 AirWatch 8 aims to secure enterprise mobility with eye and fingerprint biometrics 11 Apple patent to enhance fingerprint recognition 11 EU revisits proposals to ask visitors for their biometrics 11 Russian credit agency tests facial recognition tech to address fraud 11 Investec deploys Nuance voice biometrics for South African private banking clients 11 Telefónica introduces biometrics backed SmartID and SealSign 12 Biometric sector to generate $13.8bn revenues in 2015 12 Deep Dense Face Detector spots faces from a wide range of angles 12 Ford files patent to unlock car with biometrics routed through smartphone 12

Features Assessing biometric authentication: a holistic approach to accuracy By Gordon Haupt and Todd Mozer, Sensory Biometrics and the future of enterprise ID management By Anthony Gioeli, KeyLemon.

5

8

Regulars Events Calendar

3

News in Brief

4

Product News

4

Company News

4

Comment

12

ISSN 0969-4765/15 © 2015 Elsevier Ltd. All rights reserved. This journal and the individual contributions contained in it are protected under copyright by Elsevier Ltd, and the following terms and conditions apply to their use: Photocopying Single photocopies of single articles may be made for personal use as allowed by national copyright laws. Permission of the publisher and payment of a fee is required for all other photocopying, including multiple or systematic copying, copying for advertising or promotional purposes, resale, and all forms of document delivery. Special rates are available for educational institutions that wish to make photocopies for non-profit educational classroom use.

NEWS

Editorial Office: Elsevier Ltd The Boulevard Langford Lane Kidlington Oxford OX5 1GB, UK Tel: +44 1865 843239 Email: [email protected] Website: www.biometrics-today.com Publishing Director: Deborah Logan Editor: Tracey Caldwell Email: [email protected] Production Support Manager: Lin Lucas Email: [email protected] Subscription Information An annual subscription to Biometric Technology Today includes 10 issues and online access for up to 5 users. Prices: 1274 for all European countries & Iran US$1378 for all countries except Europe and Japan ¥169 400 for Japan (Prices valid until 31 December 2015) Subscriptions run for 12 months, from the date payment is received. More information: http://store.elsevier.com/product.jsp?isbn=09694765 This newsletter and the individual contributions contained in it are protected under copyright by Elsevier Ltd, and the following terms and conditions apply to their use: Permissions may be sought directly from Elsevier Global Rights Department, PO Box 800, Oxford OX5 1DX, UK; phone: +44 1865 843830, fax: +44 1865 853333, email: [email protected]. You may also contact Global Rights directly through Elsevier’s home page (www.elsevier.com), selecting first ‘Support & contact’, then ‘Copyright & permission’. In the USA, users may clear permissions and make payments through the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, USA; phone: +1 978 750 8400, fax: +1 978 750 4744, and in the UK through the Copyright Licensing Agency Rapid Clearance Service (CLARCS), 90 Tottenham Court Road, London W1P 0LP, UK; phone: +44 (0)20 7631 5555; fax: +44 (0)20 7631 5500. Other countries may have a local reprographic rights agency for payments. Derivative Works Subscribers may reproduce tables of contents or prepare lists of articles including abstracts for internal circulation within their institutions. Permission of the Publisher is required for resale or distribution outside the institution. Permission of the Publisher is required for all other derivative works, including compilations and translations. Electronic Storage or Usage Permission of the Publisher is required to store or use electronically any material contained in this journal, including any article or part of an article. Except as outlined above, no part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without prior written permission of the Publisher. Address permissions requests to: Elsevier Science Global Rights Department, at the mail, fax and email addresses noted above. Notice No responsibility is assumed by the Publisher for any injury and/ or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions or ideas contained in the material herein. Because of rapid advances in the medical sciences, in particular, independent verification of diagnoses and drug dosages should be made. Although all advertising material is expected to conform to ethical (medical) standards, inclusion in this publication does not constitute a guarantee or endorsement of the quality or value of such product or of the claims made of it by its manufacturer.

12985 Digitally Produced by

Mayfield Press (Oxford) Ltd

2

Biometric Technology Today

...Continued from front page the security of Microsoft’s products, services, and internal networks, says, “We talked recently about new password alternative and credential technology in our Windows 10: Security and Identity Protection for the Modern World blog. I’m happy to announce Microsoft has contributed design inputs to the Fast IDentity Online (FIDO) Alliance, to be incorporated within FIDO 2.0 Technical Specifications. Transitioning away from passwords and to a stronger form of identity is one of the great challenges that we face in online computing, and we believe FIDO authentication . . . is the pathway to success.” Microsoft’s current Windows 10 Technical Preview enables a number of enterprise scenarios and it showcases integration with Windows 10 sign-in, Azure Active Directory, and access to major SaaS services like Office 365 Exchange Online, Salesforce, Citrix, Box, Concur. Charney notes, “With Windows 10, for the very first time Windows devices and Microsoft-owned and partner SaaS services supported by Azure Active Directory authentication can be accessed end-to-end using an enterprise-grade two-factor authentication solution – all without a password. Windows 10 will also include Active Directory integration for on-premise scenarios and Microsoft Account integration for our consumer Microsoft services such as Outlook.com, OneDrive, and more.”

AGNITiO and Nok Nok Labs unveil FIDO-ready products with UAF

V

oice biometrics firm AGNITiO, and fellow FIDO Alliance founding member Nok Nok Labs (NNL) have unveiled FIDO-ready products with the Universal Authentication Framework (UAF) protocol, where a user is able to use a form of biometric authentication on their local device, like voice, fingerprint or facial recognition to securely log in and perform a transaction. FIDO UAF also allows for multi-factor authentication, where multiple authentication methods, such as a voiceprint and finger swipe, are used together to increase security. AGNITiO Voice iD and the NNL™ S3 Authentication Suite are ready to be integrated into mobile applications to perform voiceprintbased strong authentication.

payments

SEKUR Me integrates Apple Touch ID and Samsung fingerprint recognition.

SEKUR Me integrates fingerprint recognition into mobile online payment app

S

EKUR Me has integrated Apple Touch ID and Samsung fingerprint recognition features into its SEKUR.me mobile online payment app. Instead of filling out checkout forms for purchasing items on e-commerce and m-commerce sites, shoppers can purchase items securely with their fingerprint. According to Harris Interactive consumer research, 66% of web transactions are abandoned, with ‘payment friction’ responsible for a 12% abandonment rate. The SEKUR.me app reduces the number of keystrokes to a single click. Users select a product or scan a QR code and use their fingerprint to make the payment in as little as five seconds. Sekur me can also be integrated into other IOS and Android apps for frictionless secure login.

NXT-ID files patent for voice recognitionbased payments

B

iometric authentication company NXT-ID has filed a provisional patent for a voice recognition-based payment method. Payment accounts may be selected via voice recognition and the payment account may only be accessed if both the speech (the word associated with the payment account) and the speaker are recognised. Once recognised, payment is directed to an appropriate interface, such as Magnetic Stripe

March 2015