Security News

The identity credential in an ever-connected future

SecureIDNews - Mon, 02/25/2013 - 10:20am

By Neville Pattinson, Senior Vice President of Government Programs at Gemalto

The Internet, technology and innovation move quickly and can change directions just as fast. The forecast is showing more – more devices, more connectivity, more data – and with that, the need for better, trusted security. Everyone wants the ability to use and benefit from the Internet, devices and new technologies without sacrificing personal identities, privacy and security.

In today’s Digital USA, 62% of Americans bank online, an estimated 54.8 million have tablets, with more than 1.1 million smart phone users and 234 million cell phone subscribers. This connected world of convenience and functionality also comes with dangers. The National Cyber Security Alliance reported 90% of Americans do not feel safe from viruses, malware and hackers.

As technology advances, so must the identity credential. Steps have already been taken in this direction with the Government Printing Office producing more than 80 million electronic passports since its inception in 2005. Similar upgrades – to protect an individual’s identity by storing personal information in an embedded chip on the ID card – are in discussion with the electronic driver’s license and Medicare Common Access Card Act.

Read the full article at SecureIDNews…

Categories: Security News

U.S. demand for security product, systems to reach $20 billion

SecureIDNews - Mon, 02/25/2013 - 9:55am

A new report from the Freedonia Group suggests that the U.S. market for security-related products and systems is expected to increase 6.3% year-over-year, reaching $19.9 billion in 2016.

The report posits that a resurgence in construction and capital investment spending will likely be the catalyst for movement. Part and parcel to the expected financial rebound is speculation of high crime — in which security technology will certainly play a role.

Read the full article at SecureIDNews…

Categories: Security News

The evolution of credentials and data management

SecureIDNews - Thu, 02/21/2013 - 10:30am

Christoph Wiesinger, principal business architect for Border and Immigration Solutions Center of Excellence, CSC

“We are Federales … you know, the mounted police.”

“If you’re the police, where are your badges?”

“Badges? We ain’t got no badges. We don’t need no badges! I don’t have to show you any stinkin’ badges!”

The next number of years will see the continued evolution of our thinking about identity. We will shift from twentieth century understandings and physical manifestations towards something more subtle and pervasive: a new experience of identification and how identification and identity intermediates between the individual and the myriad of physical and logical assets to which they have been granted access.

This shift is being driven by serious business concerns arising from the emergence of cyberspace as a domain of human activity and the intensification of globalization. The weaknesses of classical identification methods and memes create areas of vulnerability ranging from internet safety for children, to supply chain and financial transaction integrity, to national security. At the same time, issues around cost, convenience and privacy make traditional, stove piped identification systems clearly unsustainable.

Read the full article at SecureIDNews…

Categories: Security News

Canadians to get mobile authentication

SecureIDNews - Thu, 02/21/2013 - 10:17am

SecureKey Technologies has signed an agreement with EnStream to put SecureKey authentication technology on Canadian mobile phones.

EnStream is a joint venture of Bell Mobility, Rogers Communications and TELUS Corporation.

The agreement will increase the number of devices that will support SecureKey’s authentication products, which also include identity verification and online payment services. SecureKey credentials will be able to be deployed on SIM-based secure elements.

Read the full article at SecureIDNews…

Categories: Security News

Do OAuth tokens sustain hacking attacks?

SecureIDNews - Wed, 02/20/2013 - 9:18am

In the recent attack on Twitter in which information for about 250,000 users was compromised, Twitter’s forced password reset may not have been enough to fix the problem, writes the blog Talking Identity. The problems may continue through the use of OAuth tokens.

The blog notes that use of OAuth tokens enables third-party apps to access Twitter, even when the passwords were reset. Twitter’s forced password reset didn’t fully shut down the apps’ access to the site. This means that hackers could get into the system and enable an OAuth token that would still allow them access after the attack had been shut down.

This scenario has implications for businesses that use BYOD policies and have employees who consistently authorize apps without monitoring them on a regular basis.

Read the full article at SecureIDNews…

Categories: Security News

Mexican Government signs deal with Oberthur Technologies for identity document solutions

SecureIDNews - Wed, 02/20/2013 - 9:14am

The Mexican Ministry of Foreign Relations (Secretaria de Relaciones Exteriories) has inked a deal with Oberthur Technologies to supply its high-tech security and identity solutions for a new Mexican passport.

Oberthur Technologies is supporting the Mexican government in the implementation of the secure passport for all citizens, through a complete solution for state-of-the-art personalization, combining a high-level secure component and dedicated technical equipment.

Read the full article at SecureIDNews…

Categories: Security News

Identive Group addresses demand, ships 9.5 million SmartCore card cores

SecureIDNews - Wed, 02/20/2013 - 9:07am

Identive Group, a provider of solutions and services for the identification, security and RFID industries, is scheduling shipment of 9.5 million SmartCore card cores to address more than 25 design wins with contactless smart card manufacturers worldwide, new customer orders and partner demand.

Identive’s SmartCore card cores serve as the heart of contactless smart cards, which are used for numerous ID applications such as building access, payment, transportation and event ticketing.

The combined shipments are valued at nearly $2.5 million and include a significant order for 8 million card cores to be delivered in the second quarter of 2013, which will be used to manufacture multi-function door key and payment cards for the consumer travel and leisure industry.

Read the full article at SecureIDNews…

Categories: Security News

Thursby Software, Silanis, Juniper Networks use smart cards on iOS devices

SecureIDNews - Mon, 02/18/2013 - 9:50am

Many Federal agencies are using credentials like the PIV or Common Access Cards to access secure portals using mobile devices. At Smart Card Alliance’s Government Conference, representatives from Silanis and Juniper Networks demonstrated solutions for the use of smart cards on Apple iOS devices.

In response to federal pilots using mobile devices, Silanis has developed an extension to its enterprise signing solution. “We are enabling those pilots to extend productivity applications like signing your document, picking up documents via email, signing them, and automatically triggering an email to the next person in the queue,” explains Anthony Moncada, Federal and DoD Client executive with Silanis.

Watch the video

Categories: Security News

ABI: Dual-interface cards on the rise

SecureIDNews - Fri, 02/15/2013 - 1:06pm

ABI Research forecasts 8.6 billion smart cards will ship in 2013, spanning all smart card markets. Of the total shipments, 16% are forecasted to use a contactless interface but that will rise to 30% by 2018.

Government ID, transportation and ticketing, and payment cards continue strong double-digit growth in contactless adoption. Single-wire protocol SIM card volumes continue to strengthen, and are expected to break the 500 million mark in 2018.

“The increase in contactless adoption is not limited to a selection of markets, although it’s the banking and government verticals which are adopting contactless technology at a quicker rate, with the SIM market close behind,” comments Phil Sealy, research analyst at ABI.

Read the full article at SecureIDNews…

Categories: Security News

Tech 101: What is SAML?

SecureIDNews - Thu, 02/14/2013 - 1:57pm

Spec could be the backbone to interoperable online IDs

Jeff Wurfel, contributing editor, Avisian Publications

As businesses move data and applications to the Internet and the cloud, they need a way to authenticate users across a variety of domains and devices. But leaving the relative security of an organization’s internal servers brings with it vulnerabilities as services and access controls move outside of the protected domain.

Typically, user authentication involves the selection of a different user name and password combination for each application. The ever-growing list of log-ins hurts productivity and can become a nuisance to staff and clients. But it has an even more dangerous side.

According to Pam Dingle, senior technical architect with Ping Identity, roughly 75% of Internet users use the same password for multiple login situations. Hackers target small businesses and easy to hack websites in search of email and password information. After obtaining the login information from the easier to hack locations, they try all the combinations until they are granted access to more secure systems. This technique allows them to get around the larger, more advanced security systems.

Read the full article at SecureIDNews…

Categories: Security News

GSA taps XTec for card issuance support

SecureIDNews - Thu, 02/14/2013 - 1:49pm

XTec Inc. was awarded a blanket purchase agreement by the General Services Administration for HSPD-12 card issuance support of the Federal Acquisition Service’s Managed Service Office. The agreement includes Personal Identity Verification cards and personalization services.

The GSA managed service office is responsible for delivering credentials to more than 90 agencies.

Read the full article at SecureIDNews…

Categories: Security News

Safelayer grew in 2012

SecureIDNews - Thu, 02/14/2013 - 1:47pm

Safelayer Secure Communications, a provider of digital ID management, e-signature and data protection, increased its market presence in Latin America and Europe in 2012. Already in the Spanish market and present in 12 countries through its network of 17 partners, the software developer increased its international turnover by winning new projects for implementing PKI and electronic signature infrastructures.

In collaboration with its local partners in Latin America, Safelayer deployed government PKIs in Paraguay and Uruguay. It also won new contracts in Panama and Colombia for developing digital ID infrastructures to be implemented in 2013.

Read the full article at SecureIDNews…

Categories: Security News

Next phase of ePassport interoperability tests operated by SDW 2013

SecureIDNews - Thu, 02/14/2013 - 12:30pm

Science Media Partners, organizer of the security document conference and exhibition Security Document World (SDW) 2013, is putting together the next phase of global e-passport interoperability testing at a special event to be held alongside the SDW show on May 21 - 23 in London.

Sponsored by NXP, the interoperability tests - SDW InterOp 2013 - will be focused on the new Supplemental Access Control (SAC) mechanism, which is scheduled to be implemented on travel documents after December 2014 in order to safeguard e-passport security. To perform the technical aspects of the tests, Science Media Partners has engaged the independent services of secunet Security Networks AG, a German supplier of IT security.

Read the full article at SecureIDNews…

Categories: Security News

BadgePass rolls out Web-based printing

SecureIDNews - Wed, 02/13/2013 - 12:23pm

BadgePass Inc. has introduced Web Print, a solution designed to simplify the card production process.

The system integrates card production and door access without an on-site printer. Web Print serves as a solution for customers looking to produce customized photo IDs without having to purchase some of the equipment.

Read the full article at SecureIDNews…

Categories: Security News

Apple may scrap passcodes on mobile devices

SecureIDNews - Wed, 02/13/2013 - 8:56am

Apple has filed a patent title “Image-Based Authentication” that suggests it may be contemplating a move from authenticating with passcodes.

As reported by Wired UK, the patent depicts a new security system around object and people recognition in images. The system’s approach wouldn’t use the same image over and over again; rather, it would consider the images that have been recently used and displayed and vary the one used for security purposes.

Read the full article at SecureIDNews…

Categories: Security News

UL lab completes EAL4+ Common Criteria evaluation

SecureIDNews - Wed, 02/13/2013 - 8:48am

UL’s security laboratory in the UK has completed its first EAL4+ security evaluation under the supervision of UK CESG Certification Body. This is part of its goal to becoming a formal Information Technology Security Evaluation Facility.

The lab has been working with CESG over the last year to finalize its accreditation and has partnered with Oberthur Technologies to conduct the evaluation of its ID-One Tachograph 1.0 against Common Criteria EAL4 augmented assurance level. The lab tested the product and found it met compliance standards in early December.

Read the full article at SecureIDNews…

Categories: Security News

Nok Nok looking to open up online authentication technology

SecureIDNews - Tue, 02/12/2013 - 1:53pm

Forms group to create Web ID standards

Nok Nok Labs has launched a system that will enable end users to take advantage of authentication and security technology they may already have but don’t use.

The company’s Unified Authentication Infrastructure will leverage existing technologies such as fingerprint sensors, webcams, Trusted Platform Module chips or voice biometrics to enable stronger and easier login with laptops, mobile devices and PCs. The system will be live on PayPal enabling customers to use different authentication technologies.

“By creating an authentication infrastructure that leverages existing technologies such as fingerprint scanning and webcams, Nok Nok Labs is giving businesses the opportunity to authenticate anyone, anywhere and on any device,” said Michael Barrett, chief information security officer at PayPal. “Given the billions of connected Internet devices and future growth of online commerce, PayPal sees a critical need to implement strong yet flexible authentication solutions.

Read the full article at SecureIDNews…

Categories: Security News

Entrust receives FIPS 201, 140 certifications

SecureIDNews - Tue, 02/12/2013 - 1:25pm

Entrust Inc. finalized a pair of government approvals with FIPS 201 and FIPS 140 certifications for the company’s PIV smart card credential technology, which was reviewed, tested and certified by the National Institute of Standards and Technology.

These certifications demonstrate interoperability with established NIST standards. To ensure a seamless deployment, many organizations will only purchase solutions that carry certain certifications.

Read the full article at SecureIDNews…

Categories: Security News

e-ID Goes Mobile: The future of identity verification

SecureIDNews - Tue, 02/12/2013 - 9:35am

By Nigel Reavley, Sales Director, EMEA, FIME

There are currently more than 60 countries issuing e-passports globally, with Mongolia and Israel the most recent to announce deployment plans. The majority of e-passports however, along with other travel documents such as airport boarding cards, still operate on plastic or paper-based documents.

E-passport authentication is mainly conducted by scanning machine-readable zone, while boarding cards utilize traditional bar or quick response codes. In the Schengen zone however, rules have been relaxed so that airlines no longer need to control identity with a physical human check. This has opened the door for electronic ID verification. Teamed with the increased use of near field communication-enabled mobile handsets, we are starting to witness a growing trend towards using smart phones as identity credentials, a trend which is expected to gain traction over the coming two years.

The key appeal of a mobile-based solution is its ability to become a multi-factor verification platform by harnessing the attributes of a secure chip, whether that is an embedded secure element, UICC or smart microSD card. The device can then authenticate a person’s ID with one-time passwords, biometrics and digital certificates, dependent upon the security requirement of a specific application.

Read the full article at SecureIDNews…

Categories: Security News

Anatomy of a password hack

SecureIDNews - Tue, 02/12/2013 - 9:30am

Educating users and security managers to withstand modern threats

Chris Corum, Executive Editor, Avisian Publications

Most people assume the myriad of passwords they use to log into applications, sites and service providers are relatively safe. They feel relatively safe, rather than extremely safe, because they have read of ongoing breaches and witnessed first hand the advances in computing and subsequently hacking power. Most people are realistic about the complexity of their password selections. Few are among the “14-plus characters, upper and lower case, symbol laden, not-to-be-found-in-the-dictionary” group. The average person’s passwords may seem fairly unique, but they are memorable … and therefore they are vulnerable.

Read the full article at SecureIDNews…

Categories: Security News