Blogs

With the recent release of the iPhone 5s and its introduction of Touch ID, the first truly mobile fingerprinting integration on a smartphone, a lot is being said around the web about its security but also its potential for existing applications. Fingerprint scanning is nothing new, and has even existed on laptop computers for quite some time now, but the integration of such a technology on a smartphone by a major manufacturer is indeed a novelty, and will potentially drive the adoption of the technology by other handset builders. So in effect we could be looking at a new ecosystem of authentication technologies in the near future. In this post we look at what it could mean for content producers and consumers, as well as review the current drawbacks of such fingerprinting systems.

First and foremost, there is the question of fingerprint scanning security. While some may have already found some ways to hack it, it is also clear that as it becomes more widely available - on everyday devices - it will continue to improve and possibly become a major way to authenticate, replacing passwords. In many ways, it is already more secure than most passwords out there that may be easily guessed or retrieved through “retrieve my password” loopholes. If a fingerprint is used to unlock a secure keychain, one could foresee a close future where the keychain would no longer contain text passwords but long public random keys that would be difficult to guess. So in effect, apart from the physical security issues, one could say that fingerprint scanning could help build a better secure key ring, and a much easier to use one too. Apple has widely presented the fact that they never send the fingerprints outside of a secure area of their A7 chip, and that is a really good thing that I hope other devices manufacturers will also implement.

Assuming that fingerprint scanning can evolve to provide secure key rings to many applications on mobile devices, what could this imply for content systems such as CMSs or other content-based technologies? Well it could potentially simplify the use of digital signatures for example, making it much easier to store and access them in secure key rings and then attach them to document to make sure that they cannot be tempered with. Currently this type of technology is not in mainstream use and that is a shame because apart from user interface issues there is really no reason not to use it when it makes sense (and it usually does in a business environment).

The same is also true of secure email, which is still lacking adoption, and possibly this could also help beat spammers if it were widespread since you could for example refuse to accept any email that is not signed, assuming of course that most people are then signing emails.

Content management systems and other enterprise systems could also benefit by making single sign-on more transparent, and therefore making it easier for users to gain access to multiple systems without having to manage different digital identities or passwords. For administrators it would also be possible to have more control on access control and possibly even have users renew certificates on a regular basis (nobody wants to change their password, but if it’s a digital signature that is automatically, randomly generated and associated with your fingerprint that would become less of a hassle).

Of course, the more centralized a system becomes, and the more vulnerable to attacks it will become, and digital key stores will certainly become a target of many hack attempts. I think that there will be some initial learning curve into the proper way of implementing such secure environments but if it can be successfully implemented the benefits will be great.

Possibly, digital tampering could become less trivial, content could be more secure, and content vaults could fully benefit from digital signatures that could give some level of guarantee to authenticity and proper archiving.

So it may not look like much, but if properly developed and improved, mobile fingerprinting could go a long way to improving content users lives and security.