Person/Thing Authentication App/Service

Making an app for authentication as a 2-Way Authentication system like “RSA SecurID token“.

 

The two step verification system is being used by banks, eMail providers and important or corporate sites, to make sure that who is longing to the site, is the real owner.

The problem lies in the SMS as a medium, its slow, not 100% reliable in all countries, very easy to capture it with cheap devices, and SMS is expensive for huge volume usage.

What might be a better approach, or at least a second option, is an app that works in all smart phones, that uses corporate offices to verify the phone its on, and that the number is in the phone, and its the one being used, and then all other sites can be used to verify the user, by sending to the app, encrypted messages and the app replying back.

Or by having the site create a2D bar-code, that has an encrypted message, and a link to send the verification to, like whatsApp web.

This will make the login verification much faster, no need to enter anything from the user, he just needs to capture the 2D barcode, and the rest is on the app.

also the site can ask the app for several security checks, like:

* a fresh picture of his fingerprint for fingerprint detection,

* a fresh picture of his face, for face-detection,

* several words to be spoken, for sound-detection,

* retina capture, for retina -detection,

* any new bio-metric measures that the mobiles will have, like motion sensors to make sure he is alive, or vein capture.

and all of this, are done by the app, with less money sent to the app site, than to the SMS providers, and this will mean one App, with multiple verification types as options.

plus, security measures and options can be changed every now and then, but SMS security/encryption, is non-existence.

and the analysis can be done on the mobile, or through the cloud AI services.

While there are large number of people having old non-smart phones, but its an option to be given for the users, if they have a smart-phone then they can go to a more secure option.

The encryption will be done in app data/the app code/the servers/the sent/received data.

International: As this app is in smartphone markets, it is global to be use every where in the world, not like country local solutions, that can work in only the country it was developed in.

 

Things

This can be used to globally authenticate objects/things like IoT machines, when they communicate with each other or with their main update servers/link servers, in a way to have encryption of information/identity at rest and on the move.

 

Less expenses

Currently the bio-metric sensor has blended into the smartphone arena, like fingerprint/retina, so having an app that use them, will decrease the expenses a lot, and a lot of people have smart phones.

Also, an electronic authentication, is less cheaper than SMS sending.

 

 

 

Who might benefit from this:

While its clear that thousands of services can benefit from this, but we can begin with the first services that will hugely decrease its expenses, and make their judgment more accurate:

  • Medical Insurance Companies: this will give them a way to ensure that the beneficiary is the real person, not someone else, medical equipment, can have IoT connection, to make sure that they have been used on the patient, so a mobile/android device is sufficient to have checks of patients in the hospitals.
  • HR Systems: this will benefit the HR people to authenticate their staff entrance to their buildings/online services.
  • Banks: this will benefit the banks to authenticate their clients entrance to their online services.
  • Telecommunication offices: like mobile companies.
  • Government Services.
  • Oil Rigs/Security Buildings: This can be used as a way to insure, that the real personal are the ones that can enter a security area/building.

 

SMS is dangerous for authentication

https://www.wired.com/2016/06/hey-stop-using-texts-two-factor-authentication/

https://www.wired.com/2017/05/fix-ss7-two-factor-authentication-bank-accounts/

 

Futher reading

http://www.ideaincite.com/Samsung/Idea/twostep-verification-cheaper-approach

https://www-secure.symantec.com/connect/ideas/two-step-verification-cheaper-approach

https://success.salesforce.com/ideaView?id=0873A000000lDy1QAE

Official Sponsors

Who wants to be included in the Official Sponsors, for making this mobile app + website, to help these people, contact us.