Is there hope for online security?

In my job as a communications director for NXP, I talk a lot about security. I attend conferences on cyber issues, discuss the importance of protecting data and improving authentication algorithms, and highlight the ways NXP's technologies can make it safer to go online.

But online security recently became very personal. A few weeks ago, I got a letter from health-insurance provider, Anthem, telling me there's a chance my account was compromised. I may have been one of the 80 million people affected by the attack on the company's computers at the end of last year through the beginning of this year. The Anthem breach was the nation's largest health-care breach to date, and gave hackers access to all the information needed to steal identities and establish lines of credit. My name, birthday, Social Security number, and employment data - including income - could be in criminal hands.

The experience has made me even more alert to security issues, and the many ways companies are working to make us safer. The RSA Conference, happening this week in San Francisco, brings many of these issues to the forefront.

Making access more secure

In the run-up to the show, one announcement in particular caught my attention, regarding Samsung's data-exchange platform, known as SAMI, and how it interacts with their new wearable device, called Simband. The Simband wristband uses multiple sensors to monitor vital signs, and supports remote access to the user's data.

To protect the Simband device and the user data it collects, Samsung has developed the SAMI (SAMsung Infrastructure) Secure Device Registration feature. Based on a proven approach to public/private key cryptography, the feature uses a secure device registration and user on-boarding, with an NXP secure element, to pair the device with its owner.

During the registration process, the SAMI servers challenge the remote device after extracting certificates from the secure element. The authentication process leverages the unique features provided by the specific cryptographic curves that are supported by the NXP chip before a token is distributed to the wearable device and further used to enable every communication with SAMI cloud services.

The secure element is arguably one of the most important parts of the Samsung process, since it's what ensures the client's private key, used in the SSL handshake, remains private. The secure element enables a level of protection simply not possible with a software-only solution.

The right foundation

Acting as vaults for private data, secure elements are, in many ways, the foundation for strong authentication, and they're being designed into a wide range of security-related applications. At the RSA Conference, my NXP colleagues will be demoing the secure element used in the Simband device and elsewhere. They'll also be showing how FIDO authentication, with secure elements, supports mobile security and logical/physical access to cloud-based applications, and demonstrating designs that make the Internet of Things (IoT) a safer place.

With the recent Anthem breach still very much on my mind, it's encouraging, and to a certain degree comforting, to see the ways that Samsung and other companies are using NXP's secure elements to increase the security of online access.

Related links

Samsung blog on SAMI and Simband
https://blog.samsungsami.io/development/security/simband/2015/04/02/keeping-devices-and-data-secure-in-sami.html

distributed by