{"id":87892,"date":"2017-03-06T12:00:19","date_gmt":"2017-03-06T12:00:19","guid":{"rendered":"https:\/\/www.transcend.org\/tms\/?p=87892"},"modified":"2017-03-01T16:58:44","modified_gmt":"2017-03-01T16:58:44","slug":"smartphones-have-you-pegged-and-for-better-or-worse-theyll-soon-id-you","status":"publish","type":"post","link":"https:\/\/www.transcend.org\/tms\/2017\/03\/smartphones-have-you-pegged-and-for-better-or-worse-theyll-soon-id-you\/","title":{"rendered":"Smartphones Have You Pegged, and for Better or Worse They\u2019ll Soon ID You"},"content":{"rendered":"

<\/a><\/p>\n

27 Feb 2017 – <\/em>The things that make human beings unique \u2013 fingerprints, irises, facial features \u2013 have become the preferred way to sign onto banking accounts online or other sensitive websites, the newest solution to the problem of hackable and forgettable passwords.<\/p>\n

But your fingerprints can be stolen, your photo replicated. Now cyber experts are looking at the next security step: cellphones and computers that actually recognize you from a variety of factors.<\/p>\n

Your smartphone now gathers more information about you than you probably realize.<\/p>\n

\u201cIt\u2019s amazing how many sensors there are on a modern-day smartphone. You have motion sensors, like an accelerometer, a gyroscope and magnetometer,\u201d said John Whaley, chief executive of UnifyID<\/a>, a start-up that offers what it calls revolutionary authentication.<\/p>\n

Then you have other sensors, such as GPS, Bluetooth and Wi-Fi. All told, an average smartphone has 10 or so sensors measuring precise details about location and user habits.<\/p>\n

\u201cWe can tell what floor of a building you\u2019re on. We can tell if you are inside or outside of a building,\u201d Whaley said. \u201cJust with a few seconds of your walking data, from your phone sitting in your pocket, we can actually identify you based on that.\u201d<\/p>\n

\u201cJust with a few seconds of your walking data, from your phone sitting in your pocket, we can actually identify you based on that.\u201d<\/em><\/strong>
\n— John Whaley, chief executive of UnifyID<\/em><\/strong><\/p>\n

All told, smartphones can measure the angle that your cradle your devices, the pressure you put on the screen, how much of your finger touches the pad, the speed at which you type, how you swipe, your physical rhythms, the times you normally stir in the morning, some 100 or more indicators that in combination can give near total accuracy in identifying you.<\/p>\n

\u201cOnce you combine a large number of these factors together, we can actually get to 99.999 percent accuracy about it being you versus not you,\u201d Whaley said. \u201cAt that threshold, you can actually use this for authentication and you don\u2019t have to use passwords anymore.\u201d<\/p>\n

If passwords become a thing of the past, it is likely due to what computer scientists describe as machine learning \u2013 which allows computers to find hidden insights without being explicitly programmed where to look \u2013 as well as improvements in sensors that measure our lives and actions with precision. What Whaley calls \u201cimplicit authentication\u201d may change the way humans interact not only with phones and websites, but maybe the world at large. ATMs may recognize us as we approach. Clerks or cash registers at stores may greet us by name as their computers recognize our smartphones.<\/p>\n

Whaley, who has a master\u2019s degree in computer science from MIT and a doctorate in the field from Stanford, is catching attention. His company competed with scores of others as the most innovative start-up in the field of cybersecurity at the RSA conference in San Francisco last week, which drew 43,000 attendees, and won in a unanimous decision of the judges.<\/p>\n

Technology to ensure authentication of users would have repercussions in banking and finance, e-commerce, cybersecurity, transportation security and in fraud detection, sectors with a value that nearly reaches $2 trillion.<\/p>\n

\u201cThe need for extended authentication technology is going to be great,\u201d said Robert Capps, vice president of business development at NuData Security<\/a>, a Vancouver firm that uses behavioral analytics to help clients identify good users from bad ones.<\/p>\n

The downside to using biometrics, such as fingerprints, in computer security is not widely understood.<\/p>\n

\u201cThere definitely is a gap in the perceived value of biometrics and the true value.\u201d<\/em><\/strong>
\n— Daniel Ingevaldson, chief technology officer of Easy Solutions<\/em><\/strong><\/p>\n

\u201cThere definitely is a gap in the perceived value of biometrics and the true value,\u201d said Daniel Ingevaldson, chief technology officer at Easy Solutions<\/a>, a Doral, Florida, company that helps banks fight electronic fraud.<\/p>\n

Ingevaldson noted that a billion smartphones are now equipped with fingerprint sensors, and consumers clamor for banks to accept biometric proof.<\/p>\n

But fingerprints are not secure. In the hack of the federal Office of Personnel Management in 2015,<\/a> the fingerprints of 5.6 million people were stolen. And prints can be lifted off surfaces such as glass doors. High-resolution photos can also fool facial recognition software.<\/p>\n

\u201cOnce your biometric credentials are stolen, they are stolen forever. There\u2019s no way to easily change your face.\u201d<\/em><\/strong>
\n— Ricardo Villadiego, chief executive of Easy Solutions<\/em><\/strong><\/p>\n

\u201cOnce your biometric credentials are stolen, they are stolen forever. There\u2019s no way to easily change your face. There\u2019s no easy way you can change your voice. And definitely not an easy way to change your fingerprints,\u201d said Ricardo Villadiego, Easy Solutions\u2019 chief executive.<\/p>\n

Traditionally, the areas of authentication for users are something you know (such as a password), something you have (say, a cellphone or an electronic key) or something you are (a biometric indicator).<\/p>\n

As the need for passwords has proliferated, users have grown fatigued. Many users choose ever simpler passwords. They repeat the same password on multiple sites, or make minor modifications.<\/p>\n

The advantage of what UnifyID calls implicit authentication is that a user doesn\u2019t take conscious action to verify his or her identity. The smartphone, using a data bank of patterns of a given user, is continuously testing against those patterns.<\/p>\n

\u201cSecurity, instead of being up front, like, \u2018what\u2019s your password?\u2019 is going to be passive, in the background and happening all the time,\u201d Whaley said.<\/p>\n

\u201cYour devices will recognize you. Your car will recognize you.\u201d <\/em><\/strong>
\n— John Whaley, founder of UnifyID<\/em><\/strong><\/p>\n

\u201cYour devices will recognize you. Your car will recognize you. Your house will recognize you, and so security will become much more seamless,\u201d Whaley said. \u201cIt wasn\u2019t possible just a few years ago. It\u2019s because of a proliferation of sensors, the fact that they are all connected, and machine-learning technology.\u201d<\/p>\n

Just how such data are stored, and who has access to it, may play out differently in different parts of the world.<\/p>\n

\u201cThe perception in the U.S. is that consumer data (are) fine in the hands of private industry but not fine in the hands of government,\u201d Capps said. In Europe, the opposite is true.<\/p>\n

Authentication can occur either on a smartphone itself or in the cloud, and there are tradeoffs. If data is stored on a phone, then the phone itself recognizes a fingerprint and only sends a simple message on to institutions like banks, which cannot conduct further analysis. But if companies collect a large repository of sensitive user data, it becomes a honey pot for hackers.<\/p>\n

\u201cMuch of the data is actually sensitive,\u201d Whaley said, \u201cthings about even where you are at a certain time of day. These are examples of data you may not even want your spouse to know.\u201d<\/p>\n

Kurt Somerville, chief operating office at UnifyID, said companies compiling the vast data that can be extracted from smartphones must be \u201ctotally transparent\u201d with users about what they are collecting and what it will be used for, opting in or out for each data point.<\/p>\n

\u201cIf they are not comfortable with us using their GPS, where they physically move, they can turn that off and all the other factors will essentially re-weigh themselves,\u201d he said.<\/p>\n

Whaley said the passive biometric data would be kept on the smartphones themselves, not by the company.<\/p>\n

\u201cWe always want to be in the position that even if somebody hacked into our servers or we got a subpoena from a government or otherwise were compelled to give up data, we can legitimately say there\u2019s no way for us to give that data because we don\u2019t have it,\u201d Whaley said.<\/p>\n

Go to Original \u2013 mcclatchydc.com<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Your smartphone now gathers more information about you than you probably realize. \u201cWe can tell what floor of a building you\u2019re on. We can tell if you are inside or outside of a building,\u201d Whaley said. \u201cJust with a few seconds of your walking data, from your phone sitting in your pocket, we can actually identify you based on that.\u201d <\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[216],"tags":[],"class_list":["post-87892","post","type-post","status-publish","format-standard","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/posts\/87892","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/comments?post=87892"}],"version-history":[{"count":0,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/posts\/87892\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/media?parent=87892"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/categories?post=87892"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/tags?post=87892"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}