A lot of talk has been stirring about ramping up the use of biometrics for authentication and authorization methods in various different venues. Examples are in automated teller machines or other device based access to different facilities or services.
One area that is standing out, is the rise of biometric capabilities in smartphones. From accessing the phone itself to being used as a secondary authentication method for applications or to access some more secured areas of the phone.
We probably need to rethink some of these methods to make sure that they truly apply as a security method for biometrics in smartphones and just how much they should be trusted. Phones are getting packed with more features and functions than ever and smartphones have all of the capabilities to support visual, audible or finger print biometrics.
The maturity for these functions varies from phone to phone. Visual functions have grown in maturity over time the most. Most smartphones are offering the combination of both front and rear camera for ease of use. Megapixel photo quality levels that seem to increase with every model released. These factors make the use of smartphone cameras for doing facial recognition or other types of visual verification a good possibility. Advanced features that can handle low light or excessive light make these cameras exceedingly good for biometrics, document recognition and for optical character recognition.
Audible recording capabilities of phones have dramatically matured in being able to cancel out surrounding noise and gather a high quality digital representation of a user’s voice. Leveraging these features as a way to perform voiceprint style biometrics can easily be achieved.
A new function in smartphones lately has been the use of fingerprint scanning functions as an option for unlocking the phones. Do not rely on these devices for biometrics authentication. These devices are obviously not as mature as the other technologies within the phone and many have proven through various YouTube videos that most phones can be easily fooled with scotch tape or imprints of the fingerprints in glue or clay. Obviously these are not the border security grade components being put into smartphones. They are essentially the absolutely cheapest components that can provide the functionality that is available on the market, thus they can be easily fooled.
Biometrics can be an excellent primary or secondary authentication model and smartphones are rapidly growing as an enabler for these types of authentication. Another critical point to make here is that the validation of these biometric methods should be happening odd-device. With the ease of either tampering with the device or its content means that the factors being maintained for comparison and validation shouldn’t be stored within the device and the engines that are being used to perform the matching function should also not be living within the device. These functions should always be performed off device and in the cloud!
0 comments:
Post a Comment