Host card emulation enables NFC without a secure element
Many agree that NFC technology is yet to realize its full potential in the consumer marketplace, but a new piece of Android software could turn the tide and make way for a renewed NFC landscape. The forthcoming Android 4.4 operating system, more commonly referred to as KitKat, will push to Android devices everywhere complete with a technology known as host-card emulation. Host-card emulation is an alternative to standard NFC card emulation – a technology that already exists within a number of NFC-enabled Android devices. NFC emulation leverages a separate chip in the device itself called the secure element. Commonly, these secure elements come in the form of SIM cards provided by wireless carriers, or telcos. When NFC card emulation is conducted, the emulated card is provisioned into the secure element on the device via an Android application. When the user holds their device over an NFC terminal, the NFC controller in the device then routes all data from the reader directly to the secure element. With host-card emulation, however, this premise is taken a step further using a new method that does not involve a secure element at all. Instead, it enables an Android app to emulate a card and talk directly to the NFC reader, circumventing the traditional secure element altogether. “It is a technology built into a device’s operating system that enables a mobile device to emulate a payment or other card, allowing users to make NFC mobile payments and other proximity transactions,” explains Martin Cox, global head of Sales at Bell ID. – Source secureidnews – 2014
Identity and access management policy for the 21st century
Gone are the days when securing sensitive business information meant locking up documents in the company filing cabinet. Modern organizations are rapidly recognizing that even user names and passwords aren’t enough to limit access to networks and applications. Businesses and government agencies are struggling to figure out the best way to adapt to these changes and redefine their Identity and Access Management (IAM) policies. As mobile devices and cloud-based access gain momentum, organizations have to rethink these policies for employees who need to access business networks and apps. Additionally they need policies for consumer and vendor access as well. – Source secureidnews- 2014
Heartbleed bug creates confusion on internet
The Heartbleed bug exploits a vulnerability in a version of the OpenSSL security software code that is installed on two-thirds of the active servers connected to the internet
This week it has emerged that a major security flaw at the heart of the internet may have been exposing users’ personal information and passwords to hackers for the past two years.
It is not known how widely the bug has been exploited, if at all, but what is clear is that it is one of the biggest security issues to have faced the internet to date.
Security experts warn there is little Internet users can do to protect themselves from the recently uncovered “Heartbleed” bug that exposes data to hackers, at least not until exploitable websites upgrade their software.
Researchers have observed sophisticated hacking groups conducting automated scans of the Internet in search of Web servers running a widely used web encryption program known as OpenSSL that makes them vulnerable to the theft of data, including passwords, confidential communications and credit card numbers.
OpenSSL is used on about two-thirds of all web servers, but the issue has gone undetected for about two years.