Introduction | Secure all the Way
Had the chief thief in Ali Baba and the Forty Thieves from the Arabian Nights tales known how to protect treasure in the snug hideout with a voice recognition feature, it would have been difficult for Ali Baba to gain access to the hideout by saying the secret phrase: Open Sesame.
This scenario is similar to the biometrics used in the famous science fiction series, Star Trek, to access files and locations, or diagnose disease. These science fictions are now becoming a reality for user authentication.
With a spectrum of devices and online applications in use, it is even more important to have a strong authentication mechanism to safeguard critical information. Much of an enterprise’s success is based on the ease with which consumers can access applications that are highly secured, and how well confidential data is safeguarded against malicious attempts. A unique mechanism is required to defend critical enterprise data, and that is where biometrics come to our rescue. Physical characteristics of a person are unique, making it hard to counterfeit retinal, fingerprint, facial, or voice patterns. As such, the application industry is betting on biometric authentication.
The FIDO® (Fast IDentity Online) Alliance was established to tackle the issues related to traditional usernames and passwords.** FIDO empowers secure authentication among devices and online services by using biometric information. FIDO is based on public key cryptography where biometric information about the user is saved only on the device, and not on the server. As the user credentials are not traversing over the network in FIDO, it is a safer protocol. Thus, FIDO prevents man-in-the-middle attacks. The most commonly used biometric modalities include fingerprint, face, iris, and voice scan. For more information about FIDO Alliance, see the FIDO Alliance site.
Consider you are in a busy grocery store shopping with your naughty little kid who is reading out the Personal Identification Number that you provide while transacting. OMG! Your Personal Identification Number is public! The same scenario with biometrics can make your shopping more secure by simply scanning your finger to complete a transaction. Such a relief!
What’s New | Mobile Biometric Authentication
The Biometric Authentication Integration enables integration with Samsung SDS Nexsign, which implements the FIDO standards to leverage a user’s unique identifying characteristics to secure applications. The integration of Samsung SDS Nexsign (FIDO Provider) with CA Mobile API Gateway (relying party), works synergistically to carry out user login at a fast pace, and securely prompts a message to confirm a crucial transaction. We are also integrating the mobile SDK of Samsung SDS Nexsign with that of CA Mobile API Gateway to help you build applications and access APIs protected by the CA Mobile API Gateway.
Architecture of the integration between CA Mobile API Gateway and Samsung SDS Nexsign