July 25, 2016 -
The same improvements made in chip and battery technology over the past few years that have driven the mobile explosion have also enabled BluStor’s solution to the security problems created by the connected, mobile world. By focussing on the individual, the CyberGate secures the most vulnerable point in any transaction with biometric identification, device control, and data storage on a familiar form factor that fits in your wallet.
BluStor is the latest project from Seagate and Conner Peripherals founder Finis Conner. Conner found that early in the development of huge growth areas like mobile, wearables, and IoT, functionality and convenience for consumers were prioritized over security, he said in an interview with Biometric Update in 2013, when the company was in its early days. A major security vulnerability – the individual – was largely ignored.
Network and system security have reached points of diminished return for many companies, BluStor chief operating officer Mark Bennett told Biometric Update in an interview.
“The weakest link in the security chain is actually the individual, whether it’s the employer or end user performing that transaction, and very little had been invested in terms of solving that particular problem,” Bennett says. “A classic example is the typical employee ID badge, which is nothing but a piece of plastic with a picture on it, and you may have an RFID chip that you can use to scan in and out of a turnstile or a door. But it does very little other than that and of course if somebody drops it or loses it, particularly if they don’t report it, then anybody who picks it up can use it. We spent billions of dollars trying to secure all the devices and back-end systems, but we spend a nickel trying to secure the individual.”
Securing the individual means confirming that they are who they say they are, and that they are allowed to do what they are trying to. It also means moving the identification system off of mobile devices. The millions of lines of source code in the operating systems of devices make them inherently vulnerable, Bennett says, which is a major factor in the 640 percent increase in Android malware, and Apple finding it necessary to constantly update iOS to patch the security holes used to jailbreak devices.
“We firmly believe that separating the keys to your digital identity from those kinds of devices is absolutely essential to protecting your digital identity and keeping that information safe and secure,” Bennett says. “That’s the fundamental purpose of our product.”
Improvements in technology led to BluStor’s development of its first prototypes last summer while working with the army on ways to carry secure personal medical records into the field.
CyberGate provides mobile biometric authentication with a device that looks and feels like a thick credit card. The device features three key applications, which combine to secure the identity and data of the person who carries it. BuStor calls these applications GateKeeper, AutoLogN, and File Vault.
GateKeeper is an API that sits in the cards’ firmware, which positively identifies the user with multi-factor biometric authentication, and drives the Bluetooth, NFC, and USB interfaces. GateKeeper handles all secure transactions between the card and whatever application it is used with.
AutoLogN uses a low-energy BlueTooth signal to transmit an attenuated, low power signal to the user’s laptop, desktop, or tablet. By automatically locking and unlocking devices without the user having to enter a password or touch the keyboard, AutoLogN allows organizations to limit access to times when the authorized user is physically present, with the Cybergate card in their wallet or hanging from a lanyard around their neck.
The application has particularly high potential for uses involving multiple users and multiple sensitive devices. Bennett gives the example of hospitals, in which teams of nurses need to constantly access equipment which literally keeps people alive. Nurses typically access hospital computers upwards of 100 times each shift, and if they must rely on passwords to do so, they will naturally tend towards ones that are quick, easy-to-remember, and therefore weak.
By associating the authorized user’s identity with their biometric profile on the Cybergate card, AutoLogN addresses this risk, and generally mitigates the need for enterprises to enforce good password practices.
File Vault stores sensitive data directly to the card on up to 8GB of flash storage. Data is transmitted by encrypted standard-strength BlueTooth which provides high speed and avoids potentially risky WiFi use. BluStor sees the onboard File Vault as a place to store any sensitive data, like product information or trade secrets for business users or copies of travel documents and medical information for consumers.
The combination makes CyberGate a holistic ID and authorization control that can deliver a major return in security for a relatively modest investment of cost and time. Capturing the biometrics for each card takes less time than typing out a password, while matching takes milliseconds. The same backup access and authentication systems used by administrators can be applied, though they may be used less.
“An enterprise can bring that into their infrastructure with little to no change in their existing tools and environment,” Bennet says. Each card is meant to last for years, with over the air firmware updates incorporating whatever biometric technology is best at the time.
Because credentials are worth nearly 100 times as much as credit card numbers on the dark web, identity will be increasingly targeted by cybercriminals, making identity protection all the more important. BluStor is working with the US Army on providing veterans with a way to securely store medical records on their person, and is receiving major interest from the insurance and health care industries.
Cybergate cards begin shipping this month, and BluStor is offering them for $99.99, one-third off the regular price, for a limited time.