Natural Security Alliance releases specs for strong authentication standard
Posted on 27 March 2014.
The Natural Security Alliance has released the newest specifications for its world first strong authentication standard.


The standard defines a strong authentication method, for payment and access to services, across all channels (e.g. home, store, branch), without compromising security or privacy. This authentication method combines local biometric verification, a personal device and wireless technology, and can be implemented into various form factors, including a smartcard, micro-SD Card, mobile phone, secure element and token.

The latest specifications are the result of a working group of key retailers, banks, vendors and payment specialists involved in Natural Security Alliance since 2008 and represent 180 man-years of development.

The newly released core specifications define the architecture and the different components required to enable a transaction based on a wireless acceptance device (WAD) used by an acceptance user (e.g. a retailer) and a wireless personal device (WPD) used by an individual user.

Previous specifications have been successfully tested in a 6-month consumer pilot carried out in France, which gave more than 900 customers the opportunity to test the first implementation of the Natural Security standard for proximity payments. The trial clearly showed that the public both accepted and adopted this biometric authentication method for proximity payments – with 94% of participants saying they were ready to use this means of payment for all purchases in superstores and smaller shops.

This standard is based on a unique combination of wireless technology, local biometric verification and personal device:
  • A personal device stores applications and data used to authenticate the user, resolving problems related to privacy and avoiding the use of biometric databases. The standard can be implemented into various form factors, including smartcard, micro-SD Card, Mobile Phone Secure Element and token.
  • Wireless communication technology (current IEEE 802.15.4 and Bluetooth Low Energy planned) spares users the need to physically handle this device.
  • Biometrics replaces or complements PINs so a transaction can only take place when both the user and the device are present.
  • This standard defines the architecture and the different components required to enable a transaction based on a wireless acceptance device (WAD) used by an acceptance user (e.g. a merchant) and a wireless personal device (WPD) used by an individual user. The Natural Security standard defines the following core specifications:
    • The Natural Security General Description [CORE1 / V 2.3] provides an introduction and a general overview of the Natural Security technology. It also describes services that can be provided by the Natural Security technology.
    • The Wireless Personal Device (WPD) [CORE2 / V 2.4] specification describes the device used by the Individual User (e.g. a customer) to execute a WPD session. This document also describes the Personal Access Provider architecture, which is the Natural Security core application residing in any WPD.
    • The Wireless Acceptance Device (WAD) [CORE3/ V 2.4] specification describes the device used by the Acceptance User (e.g. a merchant) to execute a WPD session. This document also describes the transaction flow of a WPD session.
    • The Wireless Personal Area Network (WPAN) [CORE4/ V 3.02] specification describes a mid-range wireless communication protocol used to connect the WPD with the WAD. This protocol based on WPAN is defined by Natural Security.
    • The Wireless Biometric Intelligent Reader (WBIR) Protocol [CORE5 / v2-43] specification provides the functional description of a device integrating the main Natural Security components, thus simplifying the integration of the Natural Security solution in existing systems. This document also describes the protocol messages to be used by a “Controlling-Device”, such as a POS or a PC, to control a WBIR.





Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Aug 29th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //