Next-generation authentication technology that evolves…
Essential requirements for next-generation authentication through biometric authentication [LEE JAE HYUNG OF TECHNOLOGICAL STRATEGY (CTSO)]
[Edited by Choi Hyung-joo]
In the future, authentication means will be developed into various services such as simple payment and biometric recognition. In particular, the revision of the Electronic Signature Act, which is scheduled to take effect in November 2020, in addition to the Data 3 Act, will remove the regulations related to the “public certificate” and allow the convenient use of various means of authentication only through agreements between parties to electronic signatures in the future. Through this project, we will learn what next-generation authentication technology should look like, which will be developed around biometric authentication.
From user authentication to personal authentication technology
Most of the authentication tools we use today, such as passwords, public certificates, smartphone OTP, OTP tokens, and credit cards, are all user authentication technologies, not “personal authentication.” To explain this more easily, let’s take a look at the thefts that occurred in customs a few years ago.
At that time, a customs official received a customs system password from his boss and stole it and illegally processed imports. At this time, customs officials used the superior’s password to authenticate the superior’s user credentials. However, this is a theft of the account, not a certification of the person who uses it.
Although current passwords, OTP, and security keys each have their own security, they are not technologies that accurately certify users themselves, or “individuals.” And technologies that do not certify individuals have constantly caused damage as the start of various cyber-infringement incidents, such as password theft, misuse, forgery of absenteeism and tardiness management, proxy electronic signatures, illegal payments and massive hacking.
Therefore, next-generation authentication technology must be able to accurately distinguish and recognize individuals, not users, as well as outstanding security. A representative security technology for this purpose is biometric authentication, and now the scope of use of biometric authentication is expanding with fingerprint recognition, which is used as a basic option for smartphones.
the pros and cons of biometric authentication
So what are the pros and cons of biometric authentication for each technology? First of all, the most common fingerprint recognition is convenient and has an advantage over other technologies in many ways, including price competitiveness.
However, since the acceptance rate of other people’s fingerprints is about 1/50,000, there is a possibility of various problems such as the possibility of forgery, fingerprint damage, and preference for non-contact methods.
Once the iris is completed in infancy, it does not change after suffering from diseases such as glaucoma. The pattern is complicated, so it is less likely to falsify, and the acceptance rate of others is 1/1 million, making it the most reliable among biometric recognition. However, the fact that the focal distance needed for the iris pattern should be constant because it is necessary to read it is the biggest obstacle to popularization. In addition, production unit price is also high, so it is not common yet.
Facial recognition is one of the most suitable biometric technologies for the non-face-to-face era along with iris recognition for its advantage that it does not require contact with equipment. Face recognition captures a person’s face through CCTVs or cameras and analyzes each part of the face to extract data that can be a characteristic of an individual. However, its performance drops sharply on the side except the front or in the dark. Also, the acceptance rate of others is higher than that of fingerprints or iris recognition.
Vein recognition, which recognizes blood vessels, is also hygienic because skin and equipment are not in contact. Also, as infrared rays are used, the condition of the skin, which is considered to be the limit of fingerprint recognition such as abrasion of the skin, does not affect accuracy, and the acceptance rate of others is much lower, showing strong security. However, it is having difficulty becoming common due to high cost of construction and complicated hardware configuration.
Chain Certificate Application Case
Currently, biometric authentication is used not only in smartphones that we use every day, but also in various areas such as company access control, financial services, and immigration services.
First of all, Bank of America, a bank representing the U.S., provides a service that allows users to log in using fingerprint recognition and Apple’s Face ID on mobile apps. Such a method is now common in domestic commercial banks.
Next, Barclays Bank, Britain’s representative, introduced finger venous authentication services to replace pin codes and passwords. For security reasons, the service only stores intravenous information on SIM cards of customers’ mobile phones that are difficult to hack. The intravenous recognition device is applied with Hitachi’s solution.
Likewise, British bank Lloyd’s Bank has launched a service that allows voice authentication when using phone banking. If a customer who is 18 years old or older and owns a bank account says “My voice is password,” the self-certification process will be carried out by analyzing more than 100 characteristics, including intonation, speed, vocal cords, and volume. The technology was built in conjunction with a solution from U.S. voice recognition solution provider Nuance Communications.
Royal Bank of Scotland has partnered with MasterCard to carry out a card payment pilot program with fingerprint recognition technology. The program, which will cover about 200 people, will require them to use fingerprint recognition instead of pin numbers for payment transactions exceeding 30 pounds (44,000 won).
Australia’s Interior Ministry has introduced biometric recognition for border security. The system, called Enterprise Biometric Identification Services (EBIS), supports visa and border entry procedures for travelers and civil rights applicants through facial recognition. IT company Unisys Steelth identity, a multidisciplinary identification management and authentication solution from Unisys, and Idemia’s facial and fingerprint recognition algorithms were used.
the virtues of next-generation certification
So what are some of the essentials for the next generation of authentication technologies that will be responsible for our future security in the era of the Fourth Industrial Revolution? There are two main factors to this.
The first is that individuals should be given the option to choose the method of certification. One of the major technologies that has expanded the choice of authentication methods for individuals is the online authentication technology FIDO (Fast Identity Online), which the Korean government is also paying attention to recently.
FIDO has three characteristics, including the ability to use hardware equipped with ▲public key encryption technology as an authentication device and the application of personal authentication technology such as ▲biometric recognition technology, and provides a safe authentication structure that does not share users’ personal information with service providers.
The strength of FIDO is that certification service providers introduce international standard authentication technology, allowing individuals to choose various authentication options such as smartphone fingerprints, face, iris, PC fingerprints, and stand-alone bio-secure key. In addition, it is convenient for individuals to change their fingerprint recognition to face recognition and iris recognition.
Next, the next generation certification should utilize international standard technology. As the password is not designed as a safe means of authentication, it has caused enormous damage to its structural weaknesses over the past few decades. Therefore, in order to become a more secure digital society, we need to utilize internationally verified and secure technologies.
In particular, if different authentication technologies are applied to changing work environments such as smartphones, PCs, tablets, and various computing environments such as self-driving cars, IoT, and smart homes, additional financial consumption may follow to compensate for such complexity and inconvenience in the future. In addition, each country has different systems and protocols for personal information protection, so it may be necessary to establish a plan to respond to them individually.
Ultimately, through international standard certification technologies such as FIDO, various forms of authentication services can be provided at low cost. In addition, using international standards will make it easier for companies to develop their services into global services and even promote user convenience.
In the information society, safe authentication technology can prevent damage from cyber attacks such as large-scale phishing attacks, ultimately increasing the cost and utility of society as a whole. And biometric authentication methods have distinct advantages and disadvantages, so there are different industries that can be applied to each.
However, biometric recognition is becoming more common with smartphones such as fingerprint recognition and facial recognition, and international standards are actively being studied. Since biometric authentication is a potential technology that can be used in situations where various certifications are needed, such as finance, government complaints, immigration, access control, and login, won’t it be closer to our lives by overcoming shortcomings such as future costs and acceptance of others?