Putting smartphones at the centre of online security
An EU-funded project has launched a smartphone-centric authentication platform securely connecting all online accounts with a user's identity, putting an end to having to remember myriad PINs and passwords. This could help protect against hacking and boost confidence in online commerce amid privacy concerns.
© Golden Sikorka #76809251, source: stock.adobe.com 2019
In todays world, more and more of our daily lives from socialising to shopping, banking or booking vacations takes place online. This is increasingly putting peoples sensitive personal details at risk and requires stepped-up security.
The unique integration of state-of-the-art technologies by the EU-funded RECRED project has tackled this challenge and is spurring commercial solutions. These are aimed at online identity management and age verification with capabilities exceeding existing systems, marking a paradigm shift in online security, data privacy and digital authentication.
RECRED shifts the burden of privacy and security from users to their now ubiquitous mobile devices. It does so by making combined use of the latest authentication technologies including biometrics such as fingerprint scans and facial recognition, behavioural recognition such as typing styles, and location-based security features.
Additional locking and recovery capabilities ensure that a users smartphone does not go from being a single point of security and authentication to being a single point of failure in the event of theft, loss or damage.
RECRED enables robust and efficient user authentication based on biometrics and behavioural characteristics in a user-friendly, secure and privacy-preserving manner, addressing all the main problems that traditionally plague password-based access control, which is now effectively obsolete, says project coordinator Christos Xenakis of the University of Piraeus in Greece.
The principal beneficiaries are end users as it significantly enhances their experience by not having to remember dozens of passwords and at the same time maintaining their anonymity and providing an increased level of security.
RECRED is designed in a way that facilitates commercialisation and deployment, increasing its chances of having an impact on peoples lives.
By integrating technologies and standards such as OpenID Connect, the FIDO Universal Authentication Framework and a processor-based Trusted Execution Environment service, providers can adopt RECRED without having to heavily modify their existing software and systems. It also complies with authentication and data protection rules such as the EUs GDPR regime.
Protecting children, targeting fake news
Two offshoot products now being deployed commercially underscore the benefits and scalability of the approach:
AGEify an extensively-tested solution designed to protect children from age-restricted content, products and services provides fast and simple age verification across a number of widely used web platforms while protecting sensitive personal data. Planning is underway to expand the solution towards age verification in the physical world, implementing it in Internet of Things devices and on publicly unattended machines, such as dispensers of alcohol and tobacco products or slot machines.
IDifier establishes a secure and privacy-protecting connection between a users online and real-world identity, meeting the demand for trust-boosting applications targeting the sharing economy and preventing online identity fraud. This includes proving the authenticity of online content a key element in efforts to combat fake news and the spread of false information.