March 7, 2014
New Technology May Allow For ATM Transactions Using Google Glass
Peter Suciu for redOrbit.com - Your Universe Online
Researchers at the Max Planck Institute for Informatics at Saarland University in Germany have developed a prototype system that utilizes Google Glass to access ATM machines.
Currently the wearable display technology from the search giant allows users to check a calendar with a glance, take a photo with a wink, or simply read text messages. Now German university researchers, who are one of the few in Europe that have been able to take the possibilities of what Google Glass can do to the next level, think it could help do some banking.
Google Glass, which is still in the prototype stage, is little more than a futuristic looking pair of glasses that has a camera and mini-computer installed. It is able to record what the wearer sees while also sending information to the user’s field of vision via a glass prism.
The technology has been in the news in recent months, notably in January when the first case of a driver being cited for using the technology was thrown out of court in California. In that particular case the judge threw out the case for lack of evidence as to the issue of speeding – not that the accused may have been wearing the glasses.
While the legality of using the technology is still being defined, the German researchers have created a method where Google Glass could be used at an ATM - possibly replacing an ATM card. Dominique Schröder, assistant professor of Cryptographic Algorithms at Saarland University, found that at the proper distance – from about two and a half meters – Google Glass could provide a key to encrypt the one-way personal identification number (PIN).
In addition it could provide a “digital signature,” a digital counterpart of the conventional signature.
In this case, the result shows up on the screen as a black-and-white pattern, a so-called QR code, where the PIN that is hidden below is only visible for the identified wearer of the glasses. Google Glass could be used to decrypt it and display it only in the wearer’s field of vision.
“Although the process occurs in public, nobody is able to spy on the PIN,” Schröder said in a statement.
Where this is different from other encryptions is that the PIN can only been seen by the Google Glass wearer, and Schröder added that this would not be the case were the PIN is sent to a smart phone, as someone could glance at the screen.
Moreover, this could become a one-time code. Anyone seeing it being entered could use it again, since the PIN can be re-generated each time the customer accesses the cash machine.
The researchers further argue that an attacker also wearing a Google Glass could not be able to spy on the process either. This they contend is because any digital signature guarantees that no assailant could be able to intrude between the customer and the cash machine as during the so-called ‘skimming.'
According to the researchers, only the authorized customer could be able to decrypt the encryption by the public key with his secret key.
“The nice thing about a head mounted display is no one other than you can see the display - assuming it isn’t hacked and someone is viewing it remotely,” Rob Enderle, principal analyst at the Enderle Group told redOrbit. “However if you use a single use PIN properly it is only good one time and it is tied to your device so the value of that little bit of extra security is negligible.
“In addition Google has been particularly bad with privacy, which speaks to challenge question for password resets, and Android represents what may be the biggest security exposure currently in market so any security advantage is likely more than offset with the platform's security exposures,” Enderle added. “So, in concept, using a product like Goggle Glass for multi-factor security would be an improvement in practice, given how poorly Google does security, it would be a foolish idea with Google Glass.”
“It’s another case of a solution looking for a problem,” added Roger Entner, principal analyst at Recon Analytics.
One particular issue is that, as noted, there is the issue of whether this just creates another system that could be hacked.
“Absolutely,” Entner told redOrbit. “What happens if you lose your Google Glasses? It’s just a self-perpetuating problem.”
It is of course important to note that Google Glass isn’t the primary security method in place.
“They are using it as a secondary security measure to receive a unique code that changes each time,” said Jim McGregor, founder and principal analyst at TIRIAS Research. “However, if someone has access to your card, pin, and Google Glass, then they should be able to get to your money. This does not eliminate the threat, but it does add another level of security to prying eyes. the best solution is still biometrics, but nothing is completely secure. The real question is would consumers accept the added security for with the added complexity or inconvenience of completing the transaction?”
Instead Google Glass could add an additional layer of security.
“This is exactly what they are proposing. If Google Glass was cheap and as common as a mobile handset, I would say that this has potential,” McGregor told redOrbit. “However, it does demonstrate the flexibility of these new computing form factors and platforms, and the innovation around them that we will eventually see. For example, suppose that a version of Google glass has a sensor just tracking the eye. then you could use Google Glass for real-time augmented reality as you look around or possibly even use the image of your retina as a biometric key.”
There is also the issue of whether Google Glass could in fact put wearers at risk.
Last week two women and a man reportedly attacked a tech writer who was wearing Google Glass. While she recovered the glasses, her purse with wallet and cell phone were reportedly not recovered. It wasn’t clear if her wearing of Google Glass had spawned the attack.
While the legality is still being determined, Google recently laid out a set of social guidelines that its Glass “Explorer” community should follow, asking them to not be “glassholes.”
“Respect others and if they have questions about Glass don’t get snappy. Be polite and explain what Glass does and remember, a quick demo can go a long way. In places where cell phone cameras aren’t allowed, the same rules will apply to Glass,” Google said in an official blog post. “If you’re asked to turn your phone off, turn Glass off as well. Breaking the rules or being rude will not get businesses excited about Glass and will ruin it for other Explorers. Glass is a piece of technology, so use common sense. Water skiing, bull riding or cage fighting with Glass are probably not good ideas.”
While that could all fall into the category of common sense, this technology could however have advantages for sharing of corporate data. Already a large electric company has requested the computer scientists in Saarbrücken to determine future uses for this technology.
“This could be interesting, for example, for large companies or agencies that are collecting information in one document, but do not want to show all parts to everybody,” added Mark Simkin, who was one of the developers of Ubic.
Google Glass is expected to enter the American market this year.