Blog Archives

The future of retail payments and biometrics…

“That will be two bits, sir.”  Remember the old movies where the newspaper salesman would say that to a customer fishing in his pockets for a quarter?  As for me, I’ve never liked the way loose coins jingle in my pocket as I walk.  It just seems so silly to carry quarters, nickels, dimes and pennies, given the value they represent is so nominal.  But the annoyance pays off when I happen upon a bell-ringing Santa and his donation bucket.  It feels …

Does Apple or FIDO care about a Trusted Source?

How does Apple or FIDO know you are the person that is authorized to access that phone? Or, how does the 3rd party applications (apps) that are accessed through the phone know you are the person authorized to have access? The fingerprint sensor? Well, what if that mobile fingerprint authentication capability isn’t very accurate? What if it’s spoofable because the technology doesn’t use enough data to authenticate the user with a high degree of assurance?  Given both Apple and Samsung’s …

Apple’s Announcement Validates BIO-key’s Mobile Strategy, but Disappoints in Terms of Leadership

With a little time to contemplate Tuesday’s announcement of Apple’s iPhone 5S, featuring a fingerprint scanner as the central new innovation in their flagship device, it is clear that Apple has given BIO-key two wonderful gifts: 1) validation of our patient belief that mobile devices are, in and of themselves, the “killer app” for fingerprint biometrics, and 2) always on, cloud-connected end user touch-points with integrated fingerprint scanners – lots and lots of them! Finally, the world will understand “first hand” fingerprint authentication’s value proposition, thanks to …

The Evolution of Fingerprints from the Device to The Cloud

Central to any Privilege Entitlement Access Control negotiation is the concept of “risk”.  The level of potential risk to the asset or service determines the required level of security, including strong user authentication, before access is granted.  Further, the binary decision to deploy strong authentication, including biometrics, is also risk based and, specifically economic risk-based, which can also be viewed as economic feasibility.  Stakeholders won’t deploy it if they lose money at it. The reason industry stakeholders and technology leaders …

Secure Mobile Credentialing & Identification

The evolution of Privilege Entitlement & Access Control Systems toward a single user profile for multiple services across multiple devices “Our passwords are failing us.” said Michael Barrett, PayPal’s Chief Security Officer.  He’s not alone.  According to the Verizon 2013 Data Breach Investigation Report, roughly 76% of all data breaches were enabled by weak credentialing and user authentication.  Thus, we might safely say that most, if not all of our traditional security measures do little to close credentialing vulnerabilities.  If that’s …