Biometric Authentication
- Today, mobile terminals are integrated in several authentication processes (geolocation of the cardholder for instance) and biometry is now envisaged to identify the purchaser in mobile transaction contexts. Few mobile devices are equipped with adapted solutions (hardware) yet, embedded cameras might contribute to developing mobile biometric authentication.
- Winkpass Creations has launched an iris recognition application, eyeD for iPhone 4. The user scans his iris three times with the back camera of his smartphone and creates a template. He then authenticates through comparing his iris with the data stored during the previous scans. This authentication enables him to access his eyeD application as well as the set of encrypted sensitive information he stored on his cell phone (banking credentials, etc.).
- This solution cannot yet be used to access m-banking applications.
- Winkpass is currently working on a face recognition application which will be using the front camera of the iPhone 4 as well as on a new version of eyeD designed for Android, also to be launched this year.
- This type of application could become popular as users are generally attracted to these technologies. Nevertheless, in addition to expensive production and implementation costs, iris recognition encompasses a set of constraints. The size of the iris varies (pupils’ dilation), it is darkened by the eyelashes, eyelids and when wearing contacts. In the present case, the user scans his iris with the back camera of his iPhone which can make it difficult for him to capture this image right the first time: he must respect a given distance (from 30 to 60cm). The environment in which the authentication process is performed plays an important part too: reflections on the eye can in fact limit the performance of these solutions. Finally, as the flash is enabled, the user can be disturbed by retinal impressions once the scan performed.
- In France, the CNIL does not authorise storage of biometric data on centralised databases, this sensitive information must then be contained on the authentication medium itself.
See September and December 2010 Watches - Several biometric authentication solutions are now adapted to several kinds of payment contexts. For instance, SmartMetric biometric card launched in 2007 relies on an embedded fingerprint reader to secure the transactions and enable storage of banking data. In France, Natural Security announced end 2010 the launch of a new strong authentication solutions gathering biometry and contactless technologies (802.15.4, Zigbee communication protocol). Their medium (smartcard, mobile phone, etc.) also enables storage of the required authentication data. In this case, the information contained on the media is compared with the one transmitted from the adapted payment terminal in convenience stores.