Movement to authenticate with fingerprints, sounds, self-shooting etc. instead of easy password code or password is accelerating

Mechanisms that protect credit cards with conventional password codes that combine only numbers or credit cards that are slightly more complicated have been used, but recently the importance of security has been increasingly cried out More advanced authentication system technology is now being used. "Fingerprint authentication" is no longer a matter of course as a new authentication method, and the flow of identity verification by "self-taken photograph" or "spoken voice" is arriving.

Goodbye password, hello selfie? MasterCard launching new technology | Q13 FOX News

Master card announced that it adopts fingerprint authentication and self-photograph authentication technology using smartphone. This system will be introduced in the US, Canada, the UK and several EU countries over the next few months. Ajay Bhalla, director of the MasterCard enterprise security department, says, "Over the next five years people around the world will use this authentication technology on a daily basis."

In the case of performing self-shooting authentication, the user first installs a dedicated application on a smartphone and first registers his / her face, and at the time of actual payment, shoots a plurality of self-shot pictures according to the request of the application Make sure that authentication is performed correctly.

It is natural that there is a doubt "Can you hack with already taken pictures?", But it seems that a way to deal with this is also adopted. Measures have been taken to prevent hijacking by photographs by displaying a message such as "Please blink your eyes" at the time of shooting. It is a security system that I want to expect in the near future in Japan to be introduced.

Master cards are not the only ones showing such movements. The UK-based financial group HSBC is proceeding with the introduction of a biometric authentication system that verifies identity using voice.

HSBC offers voice and fingerprint ID system to customers - BBC News

HSBC banking app replacing passwords & amp; memorable questions with Touch ID and voice-recognition | 9to5Mac

HSBC plans to offer a voice authentication system to customers using banking transactions and mobile banking by telephone in the future. Francesca McDonagh, retail banking and asset management leader at HSBC UK, said that the scale of offering is a maximum of 15 million customers and said "We are working on the biometric security system using the largest voices in the UK It is an appearance. "

In the article above, Ben Thompson reporter of BBC contains a scene which is trying a voice authentication system.

"Oh, Hello, I'm Ben Thompson, I hope this voice is suitable for testing voice certification ... but when I start talking like saying ..."

"♪ Picon" sounds in about 10 seconds, and "Match (matched)" is displayed on the screen. It was confirmed that Mr. Thompson himself.

This time a little noisy test in town. In the case of a business fighting on time, it is necessary to perform authentication properly from any place.

"Well, it is Ben, I'm trying to access my bank account ... but I finished the certification. The accuracy seems to be high.

On the contrary, it checks whether it is not damaged by the impersonation of others. Give Simon-san to the left a smartphone and ask Ben to come over.

"Ah, Hello, I am Ben Thompson, I have begun to say something outrageous that you want me to send all the deposits in my account to Simon's account." However, if you succeed in authentication in this state, it will be one big thing ... ...

I have failed failing. "Mismatch (not matched)" was displayed together with the X mark on the screen, and the malicious intention was prevented safely.

Simon who feels like "It was useless." The reliability of voice authentication seems to be high.

Although it is a biometric authentication that shows the appearance of spreading, movement toward standardization of standards is progressing. W3C, a standardization organization for WWW technology, has announced that it has approved Web API specification of "FIDO 2.0" which was used for on-line authentication such as biometric authentication which had been submitted for a while since February 17, 2016.

FIDO 2.0: Web API for accessing FIDO 2.0 credentials

FIDO 2.0 standardizes the authentication process of a biometric authentication system such as a fingerprint authentication device and an iris authentication compliant smartphone, which integrates specifications created in FIDO 1.0 into one. Until now, smooth collaboration is expected even in cases where some obstacles are found in coordination between devices, and it is expected that further evolution towards a "passwordless society" will progress further.

in Note,   Mobile,   Security, Posted by darkhorse_log