IBM taps into NFC with new dual-factor authentication tool for mobile

For the security conscious, dual-factor authentication with a smartphone is a popular way to keep online bank accounts and other services secure, providing an extra identification stage in the log-in process. The snag catches, however, when users wish to log on to a secure service via the phone itself, as the extra layer of security is taken out of the equation.

The solution, says IBM, is an updated approach for the modern mobile era. Near-Field Communications (NFC) establishes a wireless link that can then be used to allow people to easily exchange information by physical proximity of a smartphone to a reader – for example a pay terminal that processes a transaction when a phone is waved in front of the sensor.

This technology is now being touted by IBM as the future of dual-factor authentication. Dual-factor authentication offers more security to the user as it means that even if their password is compromised by a potential thief, the password itself isn’t enough to break into the person’s account. The password must be supplemented by another physical factor which until now has often been a smartphone working with a computer device.

To create the second factor for mobile users, IBM has created an NFC enabled, credit card-sized device that can be carried round wherever a user goes to provide extra security on the move.

For instance, using a banking app as an example, the mobile secure process can be accomplished in four simple steps: Loading up the app which sends a special challenge number to your phone; entering your password when the app requests it; tapping your phone against the NFC-enabled card that your bank gave you; and finally, the phone transfers the challenge number from step one to the card using NFC, which the card then transforms through a calculation based on its own key and sends it back to the phone. The phone then sends the key back to the bank who authorises the transaction.

“If something is cumbersome to use with 20,000 steps to get yourself authenticated with your bank, it could have the coolest Math behind it but nobody’s going to use it.” said IBM security and encryption researcher, Diego Ortiz-Yepes, to a selection of the press including Cnet in Zurich.

IBM’s solution is designed to balance security and usability, with a simple tap allowing transfer of information rather than the often complicated passcode generated by a key fob which many financial institutions favour.

Apple users, however, will have to wait before they have access to NFC. Many Android phones support it, but Apple has not yet imbued its devices with the technology meaning that IBM is being denied access to a key segment of the market.

Image Credit: Geinvestigations