Search This Blog

Thursday, September 5, 2013

Smartphone Location Data Increasingly Used to Stop Fraud and Cyber Crooks

As reported by Inside GNSS: Establishing someone’s immediate whereabouts is emerging as a key element in preventing credit fraud and improving cyber security.

The technique uses location data, derived from GPS and other sources, to estimate the likelihood that the person making a request to enter a building, access a computer network, or use a credit card is actually who they say they are.
“Let's say that I'm in a mall, I just swiped my credit card — am I the person who is really carrying out that transaction or is it somebody else who's got hold of my card,” said Bhavin Shah, vice president of marketing and business development for cell-tracking firm Polaris Wireless. “The simple way to correlate it is the location of my cell phone. There is a very high likelihood —  nine times out of ten — that wherever I am, so is my credit card and so is my cell phone.”
Security companies, however, are going beyond just looking at location data. They are combining information on where you are with other elements in risk-assessing algorithms to estimate the risk of fraud. Finsphere, of Bellevue Wash., uses a 207-element fraud model to authenticate the ID of users when they make a credit purchase or access their online accounts.
“The way it works is that cardholders — with their permission, of course — provide us location," said Mary Reeder, Finsphere's chief technology officer. "They can provide us location one of two ways — it depends on the bank on how they want to offer the service. The location function can be embedded in a banking mobile app or can be handled through a network query — which does not require an app, making it usable even if the customer does not have a smart phone.
“So, say we've got a card-present transaction where I have traveled overseas and I've swiped my card at a merchant,” she continued. “The proximity of my mobile phone to that merchant is used to authenticate the transaction.”
This type of service helps banks in two ways, said Breeder,  
“All banks are interested in reducing their fraud. . . . That pain seems to be more acute in countries where fraud management is not as mature, say in South Africa,” Breeder explained. “But if you take the U.S., the UK, and the like, almost more important is managing the customer experience — which is basically reducing false positives. Those occasions where you, for instance, travel overseas, swipe your card and it is declined — even though it's a legitimate transaction.”
Though the location data can be from GPS signals, unaided GPS and even assisted-GPS is often too slow for credit card transactions, said Reeder. To speed things up Finsphere often relies on cell tower location for positioning.
“We are leveraging APIs [application program interfaces] that are embedded in underlying operating systems — whether that be Android, iOS, or Blackberry's,” she added. “It’s a public subscription model; so, our app would subscribe to this underlying service that says when there is a significant location change, ‘Take me out of a suspended state, report that information to me,’ and then our app sends it along.”
A significant location change typically equates to a cell site change, Reeder said.
The firm also provides authentication information for access to banking functions and to the computer networks of companies.
Their online banking service can be used at login, but the banks are more interested in using it where you have already logged on and been authenticated — usually through a username or password.
At that point, she said, you can view your balances with read-only access. If you want to do something more risky, such as add a new payee, or transfer funds, then they bank would tap Finsphere’s service.
“In this case,” she said, “[Finsphere] would be pairing the mobile phone location to the location of the GEO IP address of the end user’s browser.”
The exchange is similar in situations where you want to sign into a company’s computer network. “In that case we'd be embedded into the VPN solution, and we would be comparing remote location to your mobile phone location.”
GPS expert Logan Scott points out that location can be used to limit not just who is allowed access a computer system, but where files are sent. "Is a command file for printing a jet engine turbofan using selective laser sintering relevant at a specific location? Is it an authorized manufacture location? If not, don’t release the command file!” he wrote in "Proving Location Using GPS Location Signatures: Why it is Needed and a Way to Do It," a paper to be presented at ION GNSS 2013.
These sort of techniques may soon enter broader usage in cyber security through a program sponsored by the federal government. The National Strategy for Trusted Identities in Cyberspace (NSTIC) is weighing a number of proposals from firms including Finsphere for pilot projects to create a secure, easy-to-use, interoperable identity credentials for accessing online services.
Proposals were submitted in May, and the agency is expected to make its first awards as early as next month. Funding for the pilot projects is expected to range from $1.25 million to $2 million per year for up to two years.

Driving Tips on how to Reduce Fuel Expenses

Agressive driving can be a significant factor in fuel efficiency.
Here are some quick tips on how to increase your fuel economy, and lower the overall cost of operating your individual or fleet of vehicles:

Drive Sensibly 

Aggressive driving (speeding, rapid acceleration and braking) wastes gas. It can lower your gas mileage by 33 percent at highway speeds and by 5 percent around town. Sensible driving is also safer for you and others, so you may save more than gas money.

(Fuel Economy Benefit 5-33%  Equivalent Gas Savings $0.18-$1.19/gallon)


Observe the Speed Limit

While each vehicle reaches its optimal fuel economy at a different speed (or range of speeds), gas mileage usually decreases rapidly at speeds above 50 mph.
You can assume that each 5 mph you drive over 50 mph is like paying an additional $0.25 per gallon for gas.
Observing the speed limit is also safer.
(Fuel Economy Benefit 7-14%  Equivalent Gas Savings $0.25-$0.51/gallon)
Remove Excess Weight 
Avoid keeping unnecessary items in your vehicle, especially heavy ones. An extra 100 pounds in your vehicle could reduce your MPG by up to 2 percent. The reduction is based on the percentage of extra weight relative to the vehicle's weight and affects smaller vehicles more than larger ones.
(Fuel Economy Benefit 1-2%  Equivalent Gas Savings $0.04-$0.07/gallon)
Avoid Excessive Idling 
Idling can use a quarter to a half gallon of fuel per hour, depending on engine size and air conditioner (AC) use. Turn off your engine when your vehicle is parked. It only takes a few seconds worth of fuel to restart your vehicle. Turning your engine on and off excessively, however, may increase starter wear.
(Fuel Cost Savings $0.01-$0.03/min. [AC off] Fuel Cost Savings $0.02-$0.04/min. [AC on])

Use Cruise Control
Using cruise control on the highway helps you maintain a constant speed and, in most cases, will save gas.
User Overdrive Gears
When you use overdrive gearing, your car's engine speed goes down. This saves gas and reduces engine wear.
Note: Cost savings are based on an assumed fuel price of $3.61/gallon.

European Union countries in test of home-grown GPS system

Current Galileo GPS system with four satellites deployed.
As reported by UPITesting has begun on Europe's Galileo navigation satellites intended to offer highly accurate services to authorized users, officials said.

Transmitted on two frequency bands with enhanced protection, the Public Regulated Service (PRS) offers a highly accurate positioning and timing service to mostly governmental users, a release from the Paris headquarters of the European Space Agency reported Tuesday.

PRS access was initially planned for Galileo's Full Operational Capability phase by the end of the decade but was brought forward response to the strong interest of EU member states in the service, the ESA said.

The ESA has overseen the provision of several tools, including test receivers and other qualification equipment, for governments wishing to test the PRS system.

The ESA's technical center in the Netherlands provided training, demonstrations and sample data, the agency said.

"As a result, Belgium, France, Italy and the United Kingdom have now performed independent PRS acquisition and positioning tests," Miguel Manteiga Bautista, head of ESA's Galileo Security Office, said. "In parallel, ESA, through collaboration with Dutch and Italian authorities, is also conducting PRS fixed and mobile validation in several locations in the Netherlands and Italy."

The PRS tests have demonstrated a current autonomous positioning accuracy below 30 feet (9.1 meters), an impressive result considering the small number of Galileo satellites in orbit -- just four so far -- and the limited ground infrastructure so far deployed, the ESA said.

The ESA plans to have 30 in-orbit spacecraft (including 3 spares) in operation before the end of the decade.  The Galileo system operates on a different set of frequencies from the US GPS satellite system so that if one system is being jammed, the other would still potentially be available.

Galileo is intended to be an EU civilian GNSS that allows all users access to it. GPS is a US military GNSS that provides location signals that have high precision to US military users, while also providing less precise location signals to others. The GPS had the capability to block the "civilian" signals while still being able to use the "military" signal (M-band). A primary motivation for the Galileo project was European concern that the US could deny others access to GPS during political disagreements.

Wednesday, September 4, 2013

How the "Internet of Things" May Change the World

A woman shows off the Alien Squiggle Tag - a RFID technology tag that
uses a small chip to provide the object ID for tracking. By geotagging
the location of the RFID reader, the device's location can be recorded as it
is moved from location to location.  Wireless connectivity and tracking
of billions of objects offer many benefits - and risks.
As reported by National GeographicThis week, the Oxford English Dictionary added the phrase "Internet of things" to its hallowed pages, along with such neologisms as Bitcoin (a virtual currency), selfie (a self-portrait photo), twerk (a new dance move), and fauxhawk (a mohawk hairstyle achieved with gel and a comb).
But what exactly is the Internet of things, and how might the emerging technology change our lives?

The Internet of Things (IoT) is a concept that aims to extend the benefits of the regular Internet—constant connectivity, remote control ability, data sharing, and so on—to goods in the physical world. Foodstuffs, electronics, appliances, collectibles: All would be tied to local and global networks through embedded sensors that are "always on."

Sometimes called the "Internet of everything," the term Internet of things was coined in 1999 by Kevin Ashton, a British technology pioneer who helped develop the concept. Proponents say the benefits to consumers are substantial, although critics raise concerns about privacy and security.

In order for objects to interface with the existing Internet, they must have some means to connect. This is being done largely via radio-frequency identification (RFID) chips, although other means are also being used, including old-fashioned barcodes, QR (quick response) codes, and wireless connection systems like Bluetooth and Wi-Fi.

Ashton co-founded the Auto-ID Center at the Massachusetts Institute of Technology in 1999, which developed a global standard for RFID. That technology grew out of earlier iterations invented in the 1970s and early 1980s.

In the mid-1990s, Ashton worked for Procter & Gamble, where he saw that RFID chips could help the company keep track of its massive array of products. Today, RFID chips are used by many companies to manage their inventories. They also make passports scannable by Homeland Security, and enable farecards to be read at subway terminals. Farmers use the chips to keep track of livestock.

In 2011, the world spent an estimated $6.37 billion on RFID chips, but that market is expected to balloon to more than $20 billion by 2014, according to RFID World Canada, a website that follows the industry.

ABI Research, a market research firm, says that more than 30 billion devices will form an Internet of Things by 2020. But what does that mean?

Advantages of a Wired World
Proponents like Helen Duce, director of the RFID Technology Auto-ID European Centre at the University of Cambridge, argue that the technology will provide great efficiencies across many industries. Stores won't have to worry about running out of products, because an automated inventory-control system will know how many packs of gum or boxes of diapers are on hand at any given moment.

Consumers will be able to set their fridge to order new groceries for delivery when the eggs run out or the milk expires. Forget to turn off the oven? No problem, turn a dial on your smartphone from anywhere in the world. No need to turn off the lights: Your rooms will know when you enter or leave, setting all systems just the way you like them, since they will be able to detect when the phone in your pocket is near.

Already, consumers can save money, and carbon emissions, during peak energy periods by agreeing to let their utility turn down their air conditioner a few degrees remotely.

Duce recently wrote, "We have a clear vision—to create a world where every object—from jumbo jets to sewing needles—is linked to the Internet."

In a push toward adoption of this technology, Songdo in South Korea aims to become the first totally wired "smart city," where almost every item interfaces with an Internet of things. Planners hope to collect a vast wealth of data on everyday objects, and use that to increase efficiencies.

Security Concerns?
It's obvious that military agencies will need to make sure that missiles and other systems of war aren't hijacked by hackers. But what is the risk of your neighbor turning your toaster against you?

The U.S. National Intelligence Council produced a report in 2008 that warned it would be hard to deny "access to networks of sensors and remotely controlled objects by enemies of the United States, criminals, and mischief makers."

The report also noted that it's unclear how much of the data from the Internet of things could or should be used by law enforcement, versus how much should be considered private information.

Writing in ITBusinessEdge, Loraine Lawson warned that an Internet of things will provide challenges for computer programmers, who will soon have the networking of billions of devices to contend with. Updates and patches are going to be tricky, she wrote, as will finding signals in all the noise.

Lawson suggested that the solutions will have to come through smart, stable software that doesn't require too much processing power.

"In short, the IoT may cause a lot of headaches, but it could also prove to be very transformative for organizations," she wrote.

ZigBee wants to be the Bluetooth of the internet of things.

ZigBee is fighting for its place in the Internet of things
against Wi-Fi, Bluetooth Low Energy, and Z-wave.  It has
to overcome fragmentation, sneak into user's homes and
keep Bluetooth at bay.  Can it do all three?
As reported by Gigaom: Poor ZigBee. As a wireless standard, it has long faced an identity crisis that pitted it against Wi-Fi in the home and proprietary standards or Bluetooth for low-data rates. But as companies such as Comcast embrace the connected home and thanks to an acquisition last year, the standard could get its day in the sun and a place in the home.

Meet ZigBee, a confused standard
ZigBee is designed to carry small amounts of data over a mid-range distance and consume very little power. It’s also a mesh networking standard so the sensors can carry other data along to the hub. Its closest analog is the proprietary Z-wave standard that comes on chips made by Sigma Designs.

If you own a Nest thermostat, Comcast’s recent router or a Hue lightbulb you have ZigBee chips inside your home already.

But as those devices illustrate, ZigBee has been plagued by interoperability problems. The standard isn’t just the wireless transport mechanism, but a layer of software on top that can create profiles that interfere with different versions of ZigBee profiles. That means that unlike Wi-Fi, two devices that have ZigBee chips might not interoperate.

The ZigBee Alliance is working on this. In an interview last month with Alliance Chairman Tobin Richardson he said that ZigBee is getting more aggressive about policing those who use the ZigBee certification without actually interoperating. That’s going to be amazing, but the next step will be getting those that use ZigBee to want to go through certification.

ZigBee versus Z-wave
And that may require device-maker and consumer demand. But still, things are changing. Cees Links, the CEO of a Holland-based company called Greenpeak Technologies, which supplies ZigBee chips is optimistic. One would expect that, of course, but Links is also the man credited with convincing Steve Jobs to put Wi-Fi inside the Mac, which was a huge step forward for that technology’s adoption.
A Zigbee outlet.

He’s betting he can do it again with ZigBee. So, while I’ve heard that roughly nine out of ten sensors are using the proprietary Z-wave standard over ZigBee, and more startups are coming out with Bluetooth Low Energy devices that will communicate with handsets, Links is confident that ZigBee still has a place in the developing internet of things. First, off ZigBee is an open standard with multiple vendors, while Z-wave is dominated by one.

Second, the Alliance is really safe-guarding that openness now. He points to the acquisition of Ember by Silicon Labs last year as a big turning point for the standard. Not only did it bring a large chipmaker into the mix, something that will assuage the fears of device-makers who might be skittish about trusting a startup for all of their chip needs, but it freed up the ZigBee Alliance to become a true standards organization.

Links says that Ember had really dominated the direction of the Alliance and wasn’t interested in creating a broader ecosystem where other vendor’s chips would interoperate with theirs, but now that Silicon Labs has taken over, the Alliance is focused on broadening adoption of all ZigBee chips, not just Ember’s. So with Greenpeak, Silicon Labs and Texas Instruments all producing silicon, Links hopes device-makers will go with ZigBee as opposed to Z-wave.

Sneaking ZigBee into the home
The Nest thermostat
As for the contention that all you need it Bluetooth and Wi-Fi, Links is skeptical that Bluetooth Low Energy can really handle the distance to become an in-home network, as opposed to a personal area network. And Wi-Fi consumes too much energy. So while, executives at Broadcom and Qualcomm are skeptical that you need more than Bluetooth or Wi-Fi, so far service providers and companies deploying in-home sensors are pretty sure ZigBee or maybe Z-wave has a place.

The next step after getting the chips widely used inside homes (the Comcast deployment should help here in the U.S.) will be getting a ZigBee chip inside the smartphone. Since the mobile handset or tablet is the homeowner’s primary method of communicating with sensors in the home, getting such a chip integrated inside would be huge for ZigBee.

Right now, a ZigBee radio must sneak into the home through a hub, router or set top box — making its adoption by homeowners dependent on the service providers and a few early adopters who buy things like the Almond Router, the SmartThings hub or the Revolv hub. That’s why Comcast’s decision to integrate ZigBee in its Xfinity Home gear is so big.

Of course, we’ll know if ZigBee is getting closer to the defacto standard for sensor networks once Qualcomm or Broadcom picks up Greenpeak — or they change their tune on the standard. And then, maybe we’ll see ZigBee make it into the handset or tablet. Of course, given the existing popularity of Z-Wave and the damage of fragmentation in the ZigBee market so far, none of this might happen, but if it’s going to, now’s the time.

Mercedes Is Testing Google Glass Integration, and It Actually Works

Mercedes-Benz's Google Glass app streams directions straight
to you eyes.
As reported by WiredI put the car in park, unplug the phone, and put Google Glass on my face. Within seconds, I’ve got step-by-step directions to a coffee shop down the street beamed directly to my eyeballs. This is what Mercedes-Benz has planned for the future, and not only do they have a functioning prototype, they’re working with Google to make it a reality.
It’s called “Door-to-Door Navigation,” and it’s just the latest in a string of high-tech pushes the automaker has made in the past few years. It started with Mercedes doubling its resources and employees at its Silicon Valley research center, which allowed the automaker to work on a thoroughly revised infotainment platform and develop one of the first comprehensive integrations of Apple’s iPhone into its entry level and youth-focused CLA.
Now, it’s Google’s turn.
“We definitely see wearable devices as another trend in the industry that is important to us,” says Johann Jungwirth, Mercedes’ North American R&D President & CEO. “We have been working with Glass for roughly six months and meeting with the Google Glass team regularly.” And it’s helpful that Google HQ is just a 10-minute drive from the automaker’s Palo Alto research facility.
We’ve already established that cars are the killer app for Google Glass. And Mercedes agrees. The German automaker’s R&D center snagged two pairs of Google’s goggles as soon as they became available — recognizing the potential — and started hacking away.
The first application is a navigation program that allows you to enter an address through Google Glass, get in your car, plug in your phone, and then the destination is transferred to the in-dash navigation system. Once you’ve arrived near the restaurant/bar/nightclub/BBQ joint and unplug your phone, the system re-transfers the data back to Glass to complete the journey. And based on hands-on time, it works. But the way it works is … a little rough.
Google doesn’t offer Glass support for the iPhone. Yet. And the Mercedes “Digital DriveStyle App” doesn’t work with Android. Yet. (Jungwirth tells WIRED that iOS is the dominant platform for Mercedes owners). So in order for the destination information to be sent from the car to Glass, Mercedes connects to its own cloud server between the iPhone and the embedded infotainment system. Google Glass handles the communication between the two, and the trigger to communicate is the disconnection of the iPhone from the car. When that happens, it contacts the server, connects to Glass, and downloads the destination information.
Jungwirth is quick to point out that this elaborate dance of connections is just a proof of concept.
“This is, perhaps, not how we will accomplish it when we launch it as a product,” Jungwirth told WIRED. “As we are in talks with Google about making a direct connection to Glass work, but it is how our prototype works today.”
Jungwirth makes it clear that Mercedes has every intention of integrating some form of Google Glass functionality into its future products. And by the time Glass goes into production in the next year, Mercedes may have something to offer its customers. In the meantime, Jungwirth says that Android integration for Mercedes vehicles is coming in 2014.

California Abruptly Drops Plan to Implant RFID Chips in Driver’s Licenses


As reported by Wired: Following complaints from privacy groups, California lawmakers on Friday suspended legislation to embed radio-frequency identification chips, or RFIDs, in its driver’s licenses and state identification cards.

The legislation, S.B. 397,  was put on hold by the state Assembly Appropriations Committee, despite it having been approved by the California Senate, where it likely will be re-introduced in the coming months. Had the measure passed, it would have transformed the Sunshine State’s standard form of ID into one of the most sophisticated identification documents in the country, mirroring the four other states that have embraced the spy-friendly technology.

Radio-frequency identification devices already are a daily part of the electronic age — found in passports, library and payment cards, school identification cards and eventually are expected to replace bar-code labels on consumer goods.

Michigan, New York, Vermont and Washington have already begun embedding drivers licenses with the tiny transceivers, and linking them to a national database — complete with head shots — controlled by the Department of Homeland Security. The enhanced cards can be used to re-enter the U.S. at a land border without a passport.

Privacy advocates worry that, if more states begin embracing RFID, the licenses could become mandatory nationwide and evolve into a government-run surveillance tool to track the public’s movements.

The IDs are the offspring of the 2009 Western Hemisphere Travel Initiative requiring travelers to show passports when they cross the U.S. border of Canada and Mexico. Those carrying the EDL “Enhanced Drivers License” or an “enhanced” state ID, do not have to display a passport when traveling across the country’s government-run land borders.

The RFID-enabled card would have been optional under the California measure. It was aimed in particular at Californians who make frequent visits to Mexico, and want to ease their return back into the U.S.

“It’s not difficult to imagine a time when the EDL programs cease to be optional—and when EDLs contain information well beyond a picture, a signature, and citizenship status. The government also tends to expand programs far beyond their original purpose,” writes Jim Harper, the Cato Institute’s director of information policy studies. “Californians should not walk — they should run away from ‘enhanced’ drivers licenses.”
According to DHS, about 95 percent of land-border crossings are equipped with RFID-reading technology, making it easy for Customs Border Patrol officials to know who you are. The RFID chip “will signal a secure system to pull up your biographic and biometrics data for the CBP officer as you approach the border inspection booth,” the DHS says.

“An individual that does not understand the privacy and security risks of an Enhanced Driver’s License (EDL) might think, ‘Why not get an one so that I can use it to drive and also cross the border?’ It seems like common sense,” said Nicole Ozer, an American Civil Liberties Union lawyer. “But the cost to privacy and security far outweighs any benefits. If you carry one of these licenses in your wallet or purse, you can be tracked and stalked without your knowledge or consent.”

Sen. Ben Hueso, a Democrat whose district touches the Mexican border, maintains the legislation he sponsored makes both financial and security sense.

“Enhanced Driver’s Licenses can provide a significant economic benefit to the state of California, while strengthening border security,” he wrote in a press release last May. “They will greatly reduce wait times at the border thereby incentivizing economic development in our border region.”
The California measure’s shortcomings, among other things, was that it did not prevent state law enforcement officials from eventually tapping into the chips.

Law enforcement already monitors drivers’ whereabouts via the mass deployment of license-plate readers. But the ability to scan for identification cards in public areas could evolve into another surveillance tool.

As the “Identity Project” sees it:
Logs of citizens’ border crossings and movements through non-border checkpoints are obviously of interest to the Feds and their state and local law enforcement partners, especially in conjunction with logs of vehicle movements obtained from automated license-plate readers. Cops don’t need to ask, ‘Can I see some ID?’ when, from outside your vehicle, they can obtain the EDL chip number and corresponding lifetime DHS travel history of every occupant of the vehicle. And as more people carry EDLs, how soon will not broadcasting your ID number be deemed sufficiently suspicious to justify detention, search, or interrogation?
To be sure, the Orwellian nature of these new IDs is — to an extent — speculation.

For the moment, the DHS says that “No personally identifiable information is stored on the card’s RFID chip.” The DHS said “The card uses a unique identification number that links to information contained in a secure Department of Homeland Security database.”

But things could easily change. Government-issued cards routinely evolve away from their original purpose.
Consider the Social Security card. It was created to track your government retirement benefits. Now you need it to purchase health insurance and even obtain employment.