This Small Business Innovation Research (SBIR) Phase I project explores the feasibility of utilizing the variability found in physical properties of hardware devices, e.g., camera, flash memory, broadband interface etc., to create secure "fingerprints" of smart-phones. Since, the variations on these devices are based on the subtleties of the manufacturing process, they are not controllable. Thus it is difficult (if not impossible) to clone the devices and create a replica of the smart-phone that has the same fingerprint. Once the smart-phone fingerprint is reliably extracted, the goal is to combine it with the biometric information obtained from a user. By integrating biometric schemes with physical fingerprints this technology can uniquely tie persons to devices along with the services they carry in a cryptographically strong manner. The technology proposed here allows one to authenticate the identity of both the platform and the user of any smart-phone through a software only approach and without any modification to the underlying hardware architecture.
If fully integrated into smart-phones, the proposed technology has the potential to transform mobile devices into truly trusted proxies thus enabling wide scale deployment of new services. In particular, strong identification of the smart-phone and its user becomes possible. This is crucial for applications that require cryptographically strong authentication, e.g., mobile payment systems, mobile access to bank ATM's, and mobile identity checks for governmental agencies. Moreover, license management for high value applications would be enabled. Even further, the proposed technology would also enable a number of pay-per-view or pay-per use services on smart-phones and mobile platforms. These applications highlight the commercial potential of this project. Once the proposed chain of trust is built, it could play a pivotal role in the adoption of numerous services on smart-phones.
Project Outcome Summary During this project Intryca developed a technology for extracting unique fingerprints from smart phones, applications utilizing this technology in order to provide a ubiquitous method of authentication for users with smart phones and client computers (laptops, desktops, etc). The extracted fingerprints capture the small manufacturing differences found in the hardware of a smart phone. These manufacturing differences guarantee that no two phones are the same. Therefore, the fingerprints that our developed technology extracts will uniquely identify each smart phone. The developed technology is realized as a software program which runs directly on the smart phone and can be utilized by applications that need to identity the phone. To utilize the extracted fingerprints, Intryca has developed a centralized system which allows a user to tie his smart phone to other digital devices such as a laptop or a handheld device. By associating personal computers with smart phones, users can authorize various operations taking place on their computers or on the Internet directly from their smart phone. Due to the unique identifiers extracted from the smart phone, users can be certain that no other device can be used to authorize their transactions or operations. To further motivate the use of smart phones in the authorization of computer and Internet transactions, Intryca has designed several security applications. Our flagship application, which we call Claveo, is currently being tested by a small cadre of advanced users, and will be released for public use before the end of January 2011. Claveo is a computer program which can be used to securely lock and store personal files and documents. Whenever a user decides to lock a file or folder all they have to do is right click that file and choose "lock" Instead of using a password to do the locking the user will receive a request on his smart phone to confirm the locking operation. Once the user confirms the request on his smart phone the file will be locked using the highest security standards without needing to remember any passwords. To unlock, the user double clicks the locked file and confirms the request to authorize the un-locking, which will be sent to his smart phone. The locked files can be opened (unlocked) on other users’ computers while the authorization requests (to authorize the unlocking) will still be sent to the smart phone user who locked the files. In addition to the file locking software we have used this grant to design two other products. A program for controlling who can access the pictures and files users uploads to online services. The second product is a program for storing all personal passwords (email, bank account, etc.) in a centralized server so that users can access their passwords from any computer using their smart phone for password access authorization. Broader Impacts The technology developed in this proposal has the ability to make security ubiquitous. Much has recently been said about securing sensitive private and public documents. And although the technology for securing files exists today, very few people are willing to use more passwords to start securing documents. With the proposed technology, document privacy becomesuser friendly especially when the entire infrastructure for maintaining passwords is automated. With our products, users can lock all their documents, online images and personal passwords without ever worrying about their privacy. In summary this project helps make security useable and accessible to the masses.
