On the occasion of the WinHEC conference held in China, Microsoft introduced a new biometric authentication feature called Windows Hello. The ambition of the publisher is to use fingerprint recognition, iris or face as an alternative to password, thanks to Windows 10.
The biometric authentication, this is not new, although because of its cost and complexity of its use is mostly remained confined to the company, even in areas requiring additional layer of security.
A “safer technology than traditional passwords”
But the manufacturers of mass-market devices such as Apple with TouchID, made these authentication systems more accessible. With Windows 10, Microsoft also intends to facilitate access to biometrics.
How? In “using your face, iris or fingerprint to unlock your terminals … through safer technology than traditional passwords. “And this technology has a name:. Windows Hello
At first glance, this solution might appear to be a response to Apple TouchID. But Ed Bott of ZDNet.com, Microsoft has indeed greater ambitions for its platform. It specifies that Hello is based on a new API whose code name is “Passport” (already used in the past, ancestor of Windows Live ID, Microsoft became Account).
principle of this authentication is apparently simple: building on a biometric element when local authentication phase, that is to say on the terminal. Hello Windows will use the biometric data and the associated apparatus as keys to unlock devices, applications, data and online services
The biometric signature is securely stored locally on the device (possibly in the Trusted Platform Module) and is never transmitted over the network. According to Microsoft, Windows Hello offer an “enterprise-level security” suitable for use by government agencies and actors in the defense sector, finance and health, and the regulated industries.
Compatible Azure Active Directory and FIDO
The editor states that the API “Passport” will be compatible with operator services directory Cloud Azure Active Directory and those meeting the specifications of the consortium FIDO (Fast Identification Online).
But if biometric authentication provides in theory a strong level of security, it can still sometimes be abused. However, Microsoft ensures that its solution will combine hardware and software to protect against spoofing techniques.
The sensors’ use infrared technology to identify your face or iris recognition and so you different lighting conditions, “says the editor, for example. Windows 10 will bring the software layer and rely on hardware solutions manufacturers such as RealSense 3D Camera System from Intel.
From October, Microsoft had introduced into the Code Windows 10 pre-release the “Next Generation Credentials” service. The idea is for a Windows user to “join” a terminal (PC, tablet, phone) so that it becomes a factor in two-factor authentication.
To connect (at a site, application, …), the user must have this physical device, combined with a PIN or a biometric such as a fingerprint. The link with Windows Hello occurs here.
No comments:
Post a Comment