Making Mobile Payments
As we continue to break away from the traditional brick and mortar ways of shopping, and continue with the trend of online shopping most notably from our Smartphone, the fears of making sure our payments and private/confidential information are secure and are accurately received by the vendor or retailer with whom are making the purchase from becomes even greater. Heck, for as long as I have been in IT, I even have that fear myself at times also.
I mean, it is perfectly warranted, with Identity Theft proliferating, and the hackers at the front end of the cat and mouse game, we can never be too sure. So every day, you see Security vendors coming out on almost on a daily basis with newer solutions just to keep up. And today, it is no different.
The Security vendor mentioned is known as “Universal Secure Registry LLC”, and here are the details: “Universal Secure Registry LLC (USR), an enabling mobile payment security technology and identity authentication company, today announced that the United States Patent and Trademark office issued the company patent US 8,001,055 B2 on Tuesday, August 16, 2011, covering key aspects of USR's proprietary technology for secure financial transactions. Reliable identity authentication is critical to mobile transactions. This new patent covers authenticating an individual's identity using three canonical identification factors (token, secret, biometric,) plus an additional biometric, a digital photo of the purchaser, sent from a remote secure server to a vendor. This 3+ FACTOR SECURITY system authenticates identity in a fast, convenient, and secure way. This technology also extends to multiple transaction types, including peer-to-peer, individual-to-vendor and multiple traditional credit cards. The original patent application was filed in February 2006 by Kenneth Weiss, a renowned identity authentication and computer security expert.” (SOURCE: http://www.findbiometrics.com/industry-news/i/9196/).
My Take
In the world of Security, especially in Cryptography, there are three cardinal rules as to how you can confirm the identity of an individual:
*Something you have (such as a PKI token);
*Something you know (such as a password);
*Something you are (such as a Biometric Template)
For the longest time, businesses and organizations have used at least one of these (hopefully all three) in some respect or another in order to fully verify an individual. But, with this patent just awarded, these three factors are now expanded into four factors: An extra Biometric, namely the photograph of the person making the online purchase. From what I can gather, this Security solution is unique in the sense that it can take into account the many kinds and types of purchases an individual makes, and can support a whole host of credit cards (I am assuming the big four of Visa, Discover, MasterCard, and American Express).
Also, verification and identification can take place across a number of different network topologies, which include the traditional peer to peer and client server networks. Also worth mentioning is that this new patent allows for the Security vulnerabilities of cloud based computing to be addressed also, in that “ . . . a unique undefeatable handshake [is required] from a secure remote server to vendors, requiring that the server also be positively authenticated before any transaction occurs.” (SOURCE: http://www.findbiometrics.com/industry-news/i/9196/).
An extra layer of Security is also provided, in that after the picture of the individual is captured, a random number of 16 digits is also created (the mathematical principles of Cryptography rely heavily upon random number generators). But probably what I like most is that this solution is available (or will become available) to just about every merchant who utilizes mobile credit card payments. In my view, this is a great step forward. But unfortunately, despite all of the hard work and years that went into getting this ground breaking patent, it is still just a drop in the bucket in the whole cat and mouse I game I eluded to before. We just don’t need Security up to 4 factors, we need to infinite in order to just keep up with it all.
Comments