HID Global Seeks to Improve RFID Security Via Hand Gestures

By Beth Bacheldor

The company is developing software that will allow a user to perform a series of hand-motion sequences to authorize operation of an RFID card or a smartphone's RFID functionality.

HID Global is developing new products that add an additional layer of security to RFID-based secure identity, access control and other applications using smartphones, tablets and other devices such as smart cards. The technology—for which HID Global has received several patents from the U.S. Patent and Trademark Office—consists of gesture-based software designed to recognize sequences of three-dimensional hand motions and that works in conjunction with RFID cards or RFID-enabled handheld devices.

The HID Global U.S. Patent and Trademark Office issued the patents ( US8,427,320 and US8,232,879) for "directional sensing mechanism and communications authentication" to HID Global within the past year, and the company has now included in the technology in its product roadmap, with plans to commercially develop the software-only solution, likely within two years. The software will allow a user to define a series of hand-motion sequences or gestures that can be used to control operation of an RFID card or handheld device, including those based on Near Field Communication (NFC) standards.

HID Global's Tam Hulusi

The technology creates an additional authentication factor; with the gesture-based software incorporated into an NFC-enabled smartphone, for example, that phone will have to be moved in a particular, predefined way in order for the NFC RFID chip to unlock its unique ID. As the phone's owner rotates the handset in a sequence of movements (any variation of forward, backward, up, down, left and right and including rotations and sliding motions), the smartphone's accelerometer (the technology that determines a smartphone has been turned on its side and then adjusts the screen view accordingly) senses the motion sequence and shares that with the gesture-based software. If the sequence is legitimate, the NFC chip will unlock its unique ID and other sensitive data, so the interrogator can read it.

The software can also be incorporated into an RFID-enabled smart card. In this case, the smart card would include a battery-powered mechanism such as a micro-electro-mechanical system (MEMS) or accelerometer that is capable of sensing movement of the RFID device.

The gesture-based software could be used to lock or unlock a door and also to unlock computers, applications and more. For example, it could be used to control mobile phone functions, such as initiating a payment transaction. It could also be used by someone to secretly signal that he is using his card or phone to gain access but is under duress. "The potential is endless," says Tam Hulusi, HID Global's senior VP of strategic innovation and intellectual property.

Some examples of three-movement sequences that could be used to unlock an RFID tag.

"This is ideal for anybody who wants convenience, and that convenience is defined by the ease of natural body movements," Hulusi says. "This really addresses where we are going, as a society, with electronics that are so smart and go wherever we go. It also addresses how the way we interact with technology is changing, whether we are talking to it, as in Apple's Siri (the human-like "intelligent personal assistant" voice-recognition application available on newer iPhones and iPads), or simply moving our hands."

As a side note, Hulusi said that HID Global announced its patents on the same week that Douglas C. Engelbart, who invented the computer mouse, died. "Engelbart invented the two-dimensional mouse, which changed the way we all interacted with computers. I think 3D gesture technology is going to change not just how we interact with computers and screens, but lots of other things."

HID Global says its gesture-based software could be installed on an RFID card or handheld device regardless of the radio frequency and RFID used by that card or device. The software, however, is designed to boost the security and privacy of RFID-enabled transactions, including minimizing the possibility of a rogue device surreptitiously stealing the user's RFID credential in a "bump and clone" attack. If a user's NFC-enabled smartphone or smart card is lost or compromised, it will be unusable by another user who does not know the motion-based password. However, when that card or device is unlocked by the correct motion-based password, it can be read by any standard RFID interrogator designed to read that type of card or device. The software could also be used in conjunction with another factor of authentication, such as the use of a PIN.

The new patents granted to HID Global for this invention are US 8,427,320 and US 8,232,879, and the company said it has received notification that the European Patent Office has indicated their intention to grant a patent.