Showing results for: iPhone

John Fontana

When Will NEO Work with iPhone 6 NFC?

Yubico has heard this question a lot over the past days since the iPhone 6 was released with NFC support.

The answer would be “now” if Apple had an open ecosystem, but that likely won’t be the case for another 12-16 months. But put a pushpin on your roadmap, the YubiKey NEO will be a multi-factor authentication option, based on its current NFC support, for iPhone users once Apple opens it to developers.

And if Apple decides to join the FIDO Alliance, the Yubico promise of one authentication key for many services could get support from another heavyweight in the FIDO standardization effort.

It’s not far-fetched to envision Apple as part of FIDO given that Apple’s Touch ID is built from technology acquired when it bought AuthenTec – which applied for the original trademark on the FIDO name. (The company left FIDO the day it was acquired by Apple).

Apple showed its new willingness to work in international standards settings two weeks ago when it joined the GlobalPlatform, which creates specifications that address standardized infrastructure for securing multiple apps on smart chip technology.

The group has three areas of focus: secure elements, trusted execution environments and messaging that holds it all together. And it adds in security, interoperability, responsibilities, provisioning and a common language to exchange information.

Or as Global Platforms puts it, we’re “a cross industry, non-profit association that identifies, develops and publishes specifications that promote the secure and interoperable deployment and management of multiple applications on secure chip technology. “

Now that’s a mouthful, but what’s important is in a world where standards are the only way to reach Internet scale, it appears Apple is coming out to play.

Bravo Apple!

You can read more about the Apple/GlobalPlatform alliance on my Identity Matters blog on ZDNet.

John Fontana

Welcome to the Future, It’s about to Get Really Interesting…

This week ushered in my start with Yubico and I couldn’t be happier to be a part of what is going on here. The challenge in any new job is that while your colleagues are at a full-on run, you’re still learning how to walk. But after five days, I do know I better catch up to them soon because the advancements and opportunities related to authentication technology are poised to come forward fast and furious.

Apple’s iPhone event next week is a hint at security and usability improvements that will spread across the industry. While Apple is initially focused on electronic payment transactions, you could easily swap in the word “authentication” for “payment” and get a picture of where things are going.

The new iPhone 6 by all accounts will show up with NFC support, which is sweet music to the electronic payment system folks. Why, because they can insert new levels of security and fraud protection leveraging the chip technology infrastructure without upsetting the familiar end-user experience of using the card. And they can do it without passing through software susceptible to malware.

They can provision shared secrets, thus protecting real credit card numbers throughout the transaction process and thwarting hackers via a scheme known as issuer tokenization.

“Now if someone steals transaction records from Home Depot, they get one-time numbers that are useless, it totally kills all these breaches,” said Steve Sidner, an independent security and payments consultant based in Omaha, Neb.

Chip-and-pin cards, well known in Europe and coming by mandate to the U.S. next year, are proof that the system works. (The devil in the details is the cost for swapping out current technology in POS systems and issuing new cards).

But the real sweet music to security wonks; there is virtually zero convenience/security trade off, which has always been the barrier to end-user entry.

That is a win for customers and vendors.

Take that same scenario, but think about an authentication transaction rather than a financial transaction. It works in a similar way but with a different flow. Think of a simple yet elegant hardware-based way to exchange public keys and private secrets, think of no software installs, think of a contactless device that wakes up your phone and announces it is there for a private conversation around strong user authentication.

Think of that same scenario with other contactless technologies.  Think of form factors from earrings to watches to clothing.

Major companies with a significant stake in online services and applications are certainly thinking about all that.  And they are poised to roll out first phases, not next year, but by the end of this one.

The FIDO Alliance is thinking about it and how to run it over a standard set of protocols — and, of course, the Alliance contains some of the same card issuers salivating over Apple joining the NFC device party with rival Android.

And I have been thinking about all this. That is one reason I am at Yubico trying to help get the message out about the potential for a major shift and a run at finally gaining a significant share of end-user acceptance for stronger security.

I wrote about this yesterday on my blog Identity Matters that runs on the technology web site ZDNet.

Pay attention to what happens next week within Apple’s initial limited NFC scope, but keep in mind the bulk of the benefits are more wide-spread and still to come.

I think the YubiKey is poised to fuel this market with its one-touch strong authentication.

The one thing that jumped out at me is when you insert the key into a USB port it looks like an external keyboard to your computer. So in essence strong authentication is added to your computer by including just one additional key to the 78 or so that are already on a typical computer keyboard.

Strong authentication delivered with a keystroke, likely one of the oldest and most understood end-user experience in computing. As just one example, the strong authentication experience is already familiar to scores of engineering teams, who securely log-in hundreds or thousands of times a day just by touching the one extra key.

That is cool. I’m really interested to see where all this can go.