Blog Archives
Cell Phone Authenticating our Identity
I was chatting with one of our professors and our conversation ventured into the importance of mobile devices. The topic related to why it was so important for Microsoft to gain a foothold in the mobile phone market and I explained to him the intricate connection between the consumer’s phone and their computing platform of choice. But I also told him that the mobile phone would someday be the most important component for authenticating identity which is critical for financial transactions. I’m not sure I knew exactly how that was going to play out but it is always fun to stimulate non-techies into imagining what the future might hold. I did tell him about how important cell phones were in Africa for providing a means of transferring money. So it was a natural assumption to connect the cell phone to the online or digital economy as a means of providing more secure form of authentication. And when you talk more secure you typically relate that to a dual form of authentication based on something you have and what something is better than cell phones. Anyways, this conversation led to being asked to give a talk on this topic for the local Rotary.
I relate this conversation as a lead in for the story today about how Apple might offer a means for how we pay for stuff. Apple is hinting that it may explore this territory of payment services and that the fingerprint authentication on the new iPhones was implemented with this in mind. But the real impetus may be that Apple has amassed the most impressive number of personal accounts, about 800 million, that are connected to a credit card. This number is huge especially when compared to the next closest, Amazon’s 237 million. And what was the trick to getting this many purchase ready accounts? Music Downloads through iTunes. Yes, the convenience of impulse buying for a song that I hear justified my synchronizing my credit card with my iTunes account. And I have been very pleased with the results; quick, efficient, receipt email, and trust. Yes trust, there has not been a significant security breach of Apple’s accounts.
So is Apple going to expand their payment services to include any online or even checkout counter transactions? Lot’s of issues that have to be worked out before that financial model is justified, but I would bet on it. I was originally thinking the mobile phone could provide an identity solution for verifying who you are using the 2 step authentication model. Apple has successfully expanded that to include biometrics which I think will inevitably be required in our insecure identity compromised world. Makes a whole lot more sense then offering a credit card and signing a receipt. Needless to say, control of the mobile phone market continues to grow in importance. The next authentication phase will probably involve scanning that chip they want to insert into our body, but I think for now we work from something that everyone wants to have on their body.
Could our Mobile Device be the Key to our Privacy?
I was contemplating the possibilities for how our mobile computing devices could serve as forms of identity. It is an electronic device that we control, that could offer personal validation; it could provide proximity authorization via various transmission modes; it is a repository that can be used to provide any type of information about us, etc, etc. So what are some possibilities for managing our identity information on our mobile device? There are some personal health record apps for the iPhone and of course numerous personal financial apps. What about our ultimate personal identity?
What if our personal mobile computing device served as an access control key to our genetic map, our personal genome? I bring this up because back in 2003 when I was finishing up my MS in Bioinformatics I designed the schema for a National Health Database. The concept worked from a National ID as a starting point for accessing or referencing all data that would be important for a personal health record. The ultimate challenge that I did not have a real answer for was the access control needed for the highest security, our personal genetic map, our DNA code. The design was based on this data being encrypted from inception with access based on a personal digital key that could be used to activate de-encryption when used in conjunction with an authorized medical professional’s digital key. At the time I could only imagine some sort of smartcard or embedded chip, but I was hung up on communication. I kind of saw it as 2 people with keys needed to launch a nuclear missile. But now I think it may be possible to design a scheme that works from a mobile computing device that might allow us to build this National Health Database. The mobile device is key for its ability to allow the patient to authorize access to their medical information with remote flexibility. Biometrics will probably be involved, but could a mobile device provide a privacy solution?
By the way, my thesis was titled “Security of Our Personal Genome”.
The Adventure Continues 