Monday, October 9, 2006

Coming Soon...Secure Web Transactions

Online biometric authentication service unveiled

by Liam Lehey - Canadian Bureau

A San Francisco, Calif.-based integrated biometric authentication solutions provider, Pay By Touch Inc., has introduced TrueMe, a biometric authentication service delivered over the Internet.

The solution aims to solve the issue of password protection and management, not to mention credit card fraud and identity theft, in a world where RSA Security said password security and management is considered problematic at 88 percent of organizations it surveyed in recent months.

The Pay By Touch online authentication service is powered by technology from biometric fingerprint security solutions provider UPEK, vis-à-vis the latter's secure fingerprint reader, embedded in notebooks or deployed as part of a Pay By Touch solution at participating retail outlets in the U.S.

Moreover, the two companies teamed up to produce a TrueMe-branded and certified USB finger sensor for users that do not have sensors built-in to their PCs.

"We're continuing to see an explosion of interest and adoption of our technology whether on notebooks or other PC peripherals," said Greg Goelz, vice president of marketing for UPEK. "Now we're seeing that proliferate into trusted services as a means of providing a securely linked, end-point system in a hosted application environment.

"This effectively eliminates the need for consumers to use a credit card, they can use their fingerprints at the point of sale."

TrueMe is designed to provide PC users with an easy and secure means to identify oneself, interact and transact on the Web, via the use of fingerprints. By sliding a finger on a TrueMe-certified finger sensor, users can securely access a Web-based bank account or credit card account, thereby eliminating the need to remember IDs, passwords and account numbers.

"TrueMe brings the security and protection of our industry-leading biometric services to the Internet for the first time, providing a new layer of privacy and convenience to PC users everywhere," said Jon Siegal, executive vice president, Pay By Touch. "A recent Visa survey says consumers are more concerned about the loss of personal and financial data than they are over terrorism.

"Clearly this is an issue of concern to consumers and businesses alike. Our solution provides greater security and benefits to both the user and businesses than other solutions out there, and it does so without expecting the user to jump hoops all to get perhaps minimally better security than what is presently offered."

Pay By Touch said more than three million Americans have enrolled in it's biometric payment network through 2,400 retail locations across 44 states to date, Seigal said. These customers can use their finger to make private, secure purchases wherever they see the Pay By Touch logo and the plan is for the company to continue to sign on new merchants while forging a market presence in Canada and the U.K. in the coming weeks.

TrueMe could also enable businesses to provide customers, partners, and employees with secure, authenticated access to their computers, desktop applications and password-protected Web sites and services such as banking and Internet service providers (ISPs). The solution's protection also extends to enterprise applications like's no-demand business services, officials said.

To that end,, PC maker Lenovo, and biometric security solutions provider UPEK are among the first providers supported by TrueMe. TrueMe has certified the integrated finger sensors on the Lenovo ThinkPad T60 and X60.

Pay By Touch also announced that it has teamed with UPEK to offer a TrueMe-branded and certified USB finger sensor for users that do not have sensors built-in to their PCs. The company is also certifying millions of UPEK sensors that are already embedded in laptops and USB devices. TrueMe uses secure hardware to provide finger-to-server security, greatly reducing identity theft threats, such as phishing and Trojan horse attacks.

When signing on to a TrueMe enabled system, a user touches a finger sensor built into a computer or attached as a USB device. Information about the user's finger is encrypted inside the finger sensor and combined with the unique device ID before it is sent to the TrueMe authentication servers. The user's information is never exposed to the computer operating system or the public Internet.

"What we provide is a very personal and secure service, it is not a public experience," UPEK's Goelz said. "It's a faster transaction, consumers are finding it very convenient, and for people concerned about identity theft, this technique thwarts that threat."

The TrueMe authentication servers then decrypt and process the information, authenticate the user, and ensure he or she is authorized to use the specified device. The user's authenticated identity is sent through a secure connection to the website or service that the customer is trying to access. If the person is identified as an authorized user, he or she is immediately granted access.

With the TrueMe service, the data on the computer can be protected with the same finger sensor used for online authentication. In addition, multiple users can share the same computer by registering their individual fingers on the TrueMe sensor without compromising security, the company said.

TrueMe would be available in late October, with pricing based on a per-user, per year basis.