To protect the transaction security and privacy of our customers’ users, Lumidigm currently offers two secure communications approaches: trusted device and replay attack prevention.
Trusted device is the preferred solution when a very high level of authentication security is required. With a trusted device, the host application can authenticate the sensor, verify it has not been tampered with, and perform secure transactions with it. While this method requires host programming, it offers the best overall protection against man-in-the-middle and replay attacks. Our solution was initially developed and deployed by Lumidigm to support the authentication security requirements of ATMs. Lumidigm devices with this feature have secure storage with tamper detection and tamper response. If a tamper event is detected, any keys contained in the device are destroyed.
Lumidigm provides the tools to provision each sensor with customer- and application-specific information. In addition, Lumidigm provides a secure API for developing secure authentication transactions with the sensor. The device supports challenge-response mechanisms, per-transaction-derived keys, and key management features. All data transmitted to/from the sensor is encrypted. Lumidigm also provides consulting services to assist customers with application design and development.
An Application-Transparent Alternative
When the primary concern is privacy or replay attacks, Lumidigm offers an application-transparent method of securing authentication transactions. Some V-Series devices secure driver-to-sensor communications in a way that is transparent to the application. A rotating key approach makes this mechanism robust against replay attacks and protects the data stream between the host and the sensor.
Combining either of these secure communications approaches with the multispectral imaging benefits of liveness detection, secure optical credentials (barcodes), and real world biometric performance delivers both security and convenience. With Lumidigm you don’t have to choose.