Fujitsu solution secures the IOT with biometric smartphones
16 February 2017 13:52 GMT

Japanese tech firm Fujitsu has announced the development of a technology that adds biometric security to through IoT devices using   biometrics on smartphones and near-field wireless.

The company says that the growth of the IoT means various devices are connected to cloud services – but this inherently opens up such services to fraud attacks.

Highlighting the example of services such as parcel delivery lockers in apartments or public facilities, or car sharing services, Fujitsu notes that user is needed.

The company’s solution, which uses the FIDO (Fast IDentity Online) protocol, establishes a secure network between a cloud service, an IoT device, and a smartphone, and then simultaneously verifies the identity of the user and that the user is in front of the IoT device

When a user uses an IoT device, he or she first physically moves the user's smartphone in close proximity to the IoT device, the smartphone's software and the IoT device's software can exchange confidential information with each other, creating a temporary secure communications pathway between the smartphone and the IoT device, without any effort on the user's part.

Next, users utilize the biometric authentication functionality of their smartphones to carry out authentication, and a certificate verifying the results of the biometric authentication and the fact that the person is in front of the device are sent using the FIDO protocol to the cloud service. The cloud service uses this information to verify both the person using it and the fact that the person is in front of the device, then the IoT device authenticates the user and the service is provided to the user through the IoT device.

“With this newly developed technology, users can safely and conveniently access cloud services through a variety of IoT devices without inputting an ID and password, using just their smartphone's biometric authentication. In addition, this technology enables the provision of a strong personal authentication service using biometrics without requiring service providers to manage an individual's biometric information for each device or service”.