Friday, March 8, 2013
How Apple's iWatch could revolutionize mobile security
Expectations for Apple to release an iWatch reached a new pitch yesterday as Bloomberg reported that such a device could have much higher profit margins than the company's iPad line up and its rumored HDTV.
Apple has filed 79 patents that relate to wearable technology and are generally expected to be part of its iWatch effort. Reports also indicate that the company has a team of 100 people working on the iWatch project that includes engineers, design experts, and marketing professionals.
Reports about the iWatch indicate that it would be tethered to an iPhone or iPad that would provide a stream of content and alerts to the wearer, including email, caller ID, calendar info, and updates of pre-selected information like weather reports or stock quotes. All of these ideas are present in existing smartwatches coming to market, including the Pebble watch that can pair with an iPhone or Android phone. Many are also anticipated uses for Google Glass, which is expected to ship by the end of the year, just like the iWatch.
All of these capabilities, while not designed for the business market, have some direct business potential. The updates that can be displayed on an iWatch are often the updates that professionals across many industries check repeatedly throughout the day. Having that information update in an unobtrusive way on a wearable device would allow workers to check notifications in real time without disrupting a meeting—or even a casual conversation—by pulling out their phone and unlocking it.
While distraction-free meetings are a big business innovation for an iWatch, they're relatively small compared to what such a device could mean in terms of data security. In fact, an iWatch could be the perfect solution to many IT concerns about mobile devices.
The key to the iWatch as a security solution is that it would be designed to pair with a mobile device, most likely an iPhone. That pairing offers an easy way to set up advanced authentication. The iWatch could replace a passcode on an iPhone or iPad (or even a MacBook or PC notebook). If the iWatch is in range, the iOS device could unlock without a passcode, saving users a few seconds.
More dramatically, the iWatch could be used as a physical security token alongside a passcode to offer multifactor authentication. If the iWatch isn't detected by the device, then it would remain locked even after the user (or someone who has found or stolen it) enters the correct passcode.
More importantly, an iOS device could be configured not just to lock itself and prevent unlock attempts when it no longer detects an iWatch, but also to wipe all data (or all corporate data). It could even be designed to send an alert to Apple's Find My iPhone component of iCloud or to a company's Exchange or mobile management server. That could help ensure sensitive data is securely erased and/or aid in recovering the device.
The idea isn't all that different from many token-based access systems, including smartcards. Such tokens are often used to secure access to sensitive devices or computers as well as to encrypted data on a computer or access to a secure network. Similar systems are also used to control access to offices and secure buildings. They're also becoming common features of automobiles that rely on a keychain fob rather than a traditional car key. In fact, depending on the technology used in an iWatch, it could be used for all of these purposes as well as to unlock an iPhone or iPad.
Bluetooth would be the most obvious technology for this kind of security pairing because it is built into existing iOS devices and has a pretty long range. But RFID tags or NFC would also work. In fact, Apple has already looked into using NFC in similar ways including as a way to unlock a Mac and login a user based on the presence of a user's iPhone.
Apple could even ratchet up the security even further—almost to the level associated with spy thrillers—by adding a third level of authentication to the mix. If Apple includes biometric sensors in the iWatch, which is expected given the popularity of devices like the Nike FuelBand and FitBit, the company could ensure that the wearer of the iWatch is the legitimate owner of both the iWatch and a paired device. Much like James Bond's biometric gun in Skyfall, if anyone else tried to use the iWatch-secured device, they could be thwarted even if they have both the device and the iWatch.
There are a number of ways that Apple could add biometric authentication to an iWatch ecosystem. The most obvious way is a thumbprint scanner—quite possible, given Apple's purchase of AuthenTec last year. Other options might include an iris scan or facial recognition. All of these ideas would require specific hardware like a camera to be built into the iWatch, but there's another option that might be just as secure and much easier—listening to a user's heartbeat.
Given the popularity of exercise-oriented monitoring devices like the Nike Fuelband and Fitbit activity monitors, it seems logical for Apple to build such features into an iWatch. The company has had a long relationship with Nike for pairing devices with running shoes. That would mean sensors to detect movement, temperature, and heart rate. The heart-rate monitoring offers an easy biometric identification option.
Much like we all have unique fingerprints, we also each have a unique cardia rhythm that can be used to identify us. Cardiac biometric recognition systems are already on the market as standalone solutions or as part of an even more comprehensive biometric authentication system by companies like Bionym. Incorporating that into a iWatch already designed to measure cardia activity should be a relatively easy task that wouldn't require additional sensors or hardware.
Ultimately, this means that the iWatch could be a major security addition to the iPhone and iPad. It could even put iOS ahead of both Samsung's KNOX platform and BlackBerry 10 for enterprise data security.