This article explores the recently released Samsung fingerprint scanning API also termed as “Pass API” in light of security for mobile wallets. Pass API is released as part of the Samsung Mobile SDK 1.5 beta1 during the launch of Samsung Galaxy S5 mobile phone. One of the key feature of Samsung galaxy S5 is fingerprint reader. The application could use fingerprint reader to scan user fingerprints and verify against the users’ stored fingerprints on the device. This article presents an overview on the PASS API and, then, talks about how it could be used for mobile wallets’ security.
As mentioned on Samsung Developers Page for Pass API, Pass API allows the developers to use fingerprint recognition features in your application. The fingerprint recognition feature could be used to provide additional security to the security-critical application such as Mobile Wallets which is supposed to be used (in most cases) by just the owner of the phone. Following is a diagram that represents the fingerprint scanning by the mobile phone:
Following API features could be used by applications to take advantage of fingerprint scanning:
The fact that Pass APIs could probably be used for wallet security was derived & comprehended from the fact that Samsung and Paypal agreed on a strategic alliance in which Samsung Galaxy S5 users would be able to login and shop at any merchant that accepts PayPal on mobile and in-stores with only their fingerprint. The new secure, biometric feature means Galaxy S5 users will no longer need to remember passwords or login details across millions of PayPal merchants. Do read further at the press release on strategic alliance between Samsung and Paypal.
The above mentions the fact that biometric feature may no longer need users to remember passwords. However, I would rather see integration with Pass API as a sort of 2-factor authentication thereby strengthening the security of security-critical applications such as mobile wallets. Lets briefly take a look at what is called as 2-factor authentication.
What is called as 2-factor authentication?
As defined on wikipedia, two-step verification is a process involving two stages to verify the identity of an entity trying to access services in a computer or in a network. This is a special case of a multi-factor authentication which might involve only one of the three authentication factors (a knowledge factor, a possession factor, and an inherence factor) for both steps. If each step involves a different authentication factor then the two-step authentication is additionally two-factor authentication. Simply speaking, following could be used to authenticate users:
Recommended Security Model with Pass API Integration
With above mentioned, fingerprint scanning with Pass API (satisfying possession factor criteria) and a password (satisfying knowledge factor criteria) could be used for two factors authentication as part of new/recommended security model.
Thus, new password would be combination of following:
New password = Fingerprint + User password
As part of security policy, application could enforce users to change their password (knowledge factor) at the regular interval which would lead to change of overall password.
Following is how the security is strengthened with usage of Pass API and Password:
In recent years, artificial intelligence (AI) has evolved to include more sophisticated and capable agents,…
Adaptive learning helps in tailoring learning experiences to fit the unique needs of each student.…
With the increasing demand for more powerful machine learning (ML) systems that can handle diverse…
Anxiety is a common mental health condition that affects millions of people around the world.…
In machine learning, confounder features or variables can significantly affect the accuracy and validity of…
Last updated: 26 Sept, 2024 Credit card fraud detection is a major concern for credit…