Click here to close now.




















Welcome!

News Feed Item

New Strong Authentication Specifications Dedicated to Payment and Access to Services, across All Channels, Released by Natural Security Alliance

The Natural Security Alliance has released the newest specifications for its world first strong authentication standard.

The standard defines a strong authentication method, for payment and access to services, across all channels (e.g. home, store, branch), without compromising security or privacy. This authentication method combines local biometric verification, a personal device and wireless technology, and can be implemented into various form factors, including a smartcard, micro-SD Card, mobile phone, secure element and token.

The latest specifications are the result of a working group of key retailers, banks, vendors and payment specialists involved in Natural Security Alliance since 2008 and represent 180 man-years of development.

The newly released core specifications define the architecture and the different components required to enable a transaction based on a wireless acceptance device (WAD) used by an acceptance user (e.g. a retailer) and a wireless personal device (WPD) used by an individual user.

Previous specifications have been successfully tested in a 6-month consumer pilot carried out in France, which gave more than 900 customers the opportunity to test the first implementation of the Natural Security standard for proximity payments. The trial clearly showed that the public both accepted and adopted this biometric authentication method for proximity payments – with 94% of participants saying they were ready to use this means of payment for all purchases in superstores and smaller shops.

This standard is based on a unique combination of wireless technology, local biometric verification and personal device:

  • a personal device stores applications and data used to authenticate the user, resolving problems related to privacy and avoiding the use of biometric databases. The standard can be implemented into various form factors, including smartcard, micro-SD Card, Mobile Phone Secure Element and token.
  • wireless communication technology (current IEEE 802.15.4 and Bluetooth Low Energy planned) spares users the need to physically handle this device.
  • biometrics replaces or complements PINs so a transaction can only take place when both the user and the device are present.

This standard defines the architecture and the different components required to enable a transaction based on a wireless acceptance device (WAD) used by an acceptance user (e.g. a merchant) and a wireless personal device (WPD) used by an individual user. The Natural Security standard defines the following core specifications:

  • The Natural Security General Description [CORE1 / V 2.3] provides an introduction and a general overview of the Natural Security technology. It also describes services that can be provided by the Natural Security technology.
  • The Wireless Personal Device (WPD) [CORE2 / V 2.4] specification describes the device used by the Individual User (e.g. a customer) to execute a WPD session. This document also describes the Personal Access Provider architecture, which is the Natural Security core application residing in any WPD.
  • The Wireless Acceptance Device (WAD) [CORE3/ V 2.4] specification describes the device used by the Acceptance User (e.g. a merchant) to execute a WPD session. This document also describes the transaction flow of a WPD session.
  • The Wireless Personal Area Network (WPAN) [CORE4/ V 3.02] specification describes a mid-range wireless communication protocol used to connect the WPD with the WAD. This protocol based on WPAN is defined by Natural Security.
  • The Wireless Biometric Intelligent Reader (WBIR) Protocol [CORE5 / v2-43] specification provides the functional description of a device integrating the main Natural Security components, thus simplifying the integration of the Natural Security solution in existing systems. This document also describes the protocol messages to be used by a “Controlling-Device”, such as a POS or a PC, to control a WBIR.

About Natural Security Alliance

The Natural Security Alliance is a global community of preeminent companies dedicated to accelerating the adoption and ongoing development of Natural Security Technology based solutions. The Natural Security Alliance is comprised of some of the most influential companies in world from the retail, banking, payment provider, and IT Communities. All Alliance members share a strategic commitment to delivering mission-critical authentication and payment solutions based on secure element, wireless and biometric technology. Visit www.naturalsecurityalliance.org for more information.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
With SaaS use rampant across organizations, how can IT departments track company data and maintain security? More and more departments are commissioning their own solutions and bypassing IT. A cloud environment is amorphous and powerful, allowing you to set up solutions for all of your user needs: document sharing and collaboration, mobile access, e-mail, even industry-specific applications. In his session at 16th Cloud Expo, Shawn Mills, President and a founder of Green House Data, discussed h...
The Software Defined Data Center (SDDC), which enables organizations to seamlessly run in a hybrid cloud model (public + private cloud), is here to stay. IDC estimates that the software-defined networking market will be valued at $3.7 billion by 2016. Security is a key component and benefit of the SDDC, and offers an opportunity to build security 'from the ground up' and weave it into the environment from day one. In his session at 16th Cloud Expo, Reuven Harrison, CTO and Co-Founder of Tufin,...
SYS-CON Events announced today that MobiDev, a software development company, will exhibit at the 17th International Cloud Expo®, which will take place November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. MobiDev is a software development company with representative offices in Atlanta (US), Sheffield (UK) and Würzburg (Germany); and development centers in Ukraine. Since 2009 it has grown from a small group of passionate engineers and business managers to a full-scale mobi...
There are many considerations when moving applications from on-premise to cloud. It is critical to understand the benefits and also challenges of this migration. A successful migration will result in lower Total Cost of Ownership, yet offer the same or higher level of robustness. In his session at 15th Cloud Expo, Michael Meiner, an Engineering Director at Oracle, Corporation, analyzed a range of cloud offerings (IaaS, PaaS, SaaS) and discussed the benefits/challenges of migrating to each offe...
Chuck Piluso presented a study of cloud adoption trends and the power and flexibility of IBM Power and Pureflex cloud solutions. Prior to Secure Infrastructure and Services, Mr. Piluso founded North American Telecommunication Corporation, a facilities-based Competitive Local Exchange Carrier licensed by the Public Service Commission in 10 states, serving as the company's chairman and president from 1997 to 2000. Between 1990 and 1997, Mr. Piluso served as chairman & founder of International Te...
Mobile, social, Big Data, and cloud have fundamentally changed the way we live. “Anytime, anywhere” access to data and information is no longer a luxury; it’s a requirement, in both our personal and professional lives. For IT organizations, this means pressure has never been greater to deliver meaningful services to the business and customers.
In their session at 17th Cloud Expo, Hal Schwartz, CEO of Secure Infrastructure & Services (SIAS), and Chuck Paolillo, CTO of Secure Infrastructure & Services (SIAS), provide a study of cloud adoption trends and the power and flexibility of IBM Power and Pureflex cloud solutions. In his role as CEO of Secure Infrastructure & Services (SIAS), Hal Schwartz provides leadership and direction for the company.
In a recent research, analyst firm IDC found that the average cost of a critical application failure is $500,000 to $1 million per hour and the average total cost of unplanned application downtime is $1.25 billion to $2.5 billion per year for Fortune 1000 companies. In addition to the findings on the cost of the downtime, the research also highlighted best practices for development, testing, application support, infrastructure, and operations teams.
Puppet Labs has announced the next major update to its flagship product: Puppet Enterprise 2015.2. This release includes new features providing DevOps teams with clarity, simplicity and additional management capabilities, including an all-new user interface, an interactive graph for visualizing infrastructure code, a new unified agent and broader infrastructure support.
For IoT to grow as quickly as analyst firms’ project, a lot is going to fall on developers to quickly bring applications to market. But the lack of a standard development platform threatens to slow growth and make application development more time consuming and costly, much like we’ve seen in the mobile space. In his session at @ThingsExpo, Mike Weiner, Product Manager of the Omega DevCloud with KORE Telematics Inc., discussed the evolving requirements for developers as IoT matures and conducte...
Container technology is sending shock waves through the world of cloud computing. Heralded as the 'next big thing,' containers provide software owners a consistent way to package their software and dependencies while infrastructure operators benefit from a standard way to deploy and run them. Containers present new challenges for tracking usage due to their dynamic nature. They can also be deployed to bare metal, virtual machines and various cloud platforms. How do software owners track the usag...
Explosive growth in connected devices. Enormous amounts of data for collection and analysis. Critical use of data for split-second decision making and actionable information. All three are factors in making the Internet of Things a reality. Yet, any one factor would have an IT organization pondering its infrastructure strategy. How should your organization enhance its IT framework to enable an Internet of Things implementation? In his session at @ThingsExpo, James Kirkland, Red Hat's Chief Arch...
Providing the needed data for application development and testing is a huge headache for most organizations. The problems are often the same across companies - speed, quality, cost, and control. Provisioning data can take days or weeks, every time a refresh is required. Using dummy data leads to quality problems. Creating physical copies of large data sets and sending them to distributed teams of developers eats up expensive storage and bandwidth resources. And, all of these copies proliferating...
Malicious agents are moving faster than the speed of business. Even more worrisome, most companies are relying on legacy approaches to security that are no longer capable of meeting current threats. In the modern cloud, threat diversity is rapidly expanding, necessitating more sophisticated security protocols than those used in the past or in desktop environments. Yet companies are falling for cloud security myths that were truths at one time but have evolved out of existence.
Digital Transformation is the ultimate goal of cloud computing and related initiatives. The phrase is certainly not a precise one, and as subject to hand-waving and distortion as any high-falutin' terminology in the world of information technology. Yet it is an excellent choice of words to describe what enterprise IT—and by extension, organizations in general—should be working to achieve. Digital Transformation means: handling all the data types being found and created in the organizat...