[Special Topic] A Revolution in Authentication

Read it in Japanese

In view of increased attention on information security and demands on strong authentication, ISR is creating a news column on strong authentication. We will select a number of relevant topics and aggregate news about what is happening in the industry. The digests are meant to be informative yet we hope to present the opinion and insights.

The proliferation of smartphones is having a major impact on the ease with which we use services throughout the day as we leave our home, ride trains, enter our workplace, have a meal at a restaurant, etc.

The typical way to gain access to the train system or to our workplace is to be authenticated at the entrance by using an electronic card or a key. These tokens allow our authentication by offering a proof of identity but the accuracy of the authentication (the security of the system) can be greatly enhanced by adding one extra layer to the authentication based on our fingerprint using smartphone.

The expanded system is not only more secure. It presents to the user a ‘one touch’ easy experience. The new authentication, having a better user experience and being more secure, has the potential to revolutionize the authentication in consumer services.

Present Authentication Systems
Today’s authentication systems to enter transit system or to enter workplace are proxy systems. Proxy systems authenticate us by authenticating keys or cards (tokens) that we present to gain access to these systems. A typical door/lock system is not smart enough to recognize our face but they can verify (authenticate) our key or smart card easily. Recently this verification can be done using NFC technology with just one tap of the key or card to the door or turnstile. The tap offers and improved user experience to, say, having to insert a key into the lock.

Adding one extra layer of authentication
Since smartphone adoption is nearly universal we can improve on the above token-based authentication systems through our smartphones. In the last few years, emulation of key or smart card tokens by apps on smartphones, allowing one touch (NFC-based) interaction with doors or turnstiles, have greatly improved the authentication user experience.

More recently, the adoption of fingerprint scanners by major smartphone vendors will mostly likely result in more accurate (secure) authentication systems. This will be accomplished by adding an extra user authentication step to the token (smartphone app) authentication. In the new step, the smartphone authenticates the user by verifying fingerprint. This step verifies the user directly by using something the user is as compared with previous token step when user was authenticated using something the user has.

The combined two step authentication method, consisting of fingerprint user authentication followed by device authentication, is much more secure that present methods without sacrificing the user experience.