jump to navigation

Another Mobile World Congress, but lets see Nokia and Microsoft first February 21, 2011

Posted by tcarlyle in Uncategorized.
add a comment

Wow, it has been a year since the last time I’ve posted. Maybe blogging is really not for me and I should throw the towel… It is not hat I have not had enough interesting things to post, as we just had our new keychain presented in the Mobile Congress this year. It is not also that I’ve been completely out of time, as time problems are in fact priority problems. The truth is that I have not given too much priority to the blog. I’m not sure if I will, but I want to write my stake on the Nokia + Microsoft deal (and probably write about the keychain after winter holidays).

But well, the most commented topic of last week has been the decision of Nokia to embrace Windows Phone as its operational system. There has been a few great analysis of the deal like one posted at visionmobile and the one of Tomi Ahonen. What all analysis have already said and which is clear to see is that Microsoft is the one who will get more from this alliance. No matter how much money they may have put in this agreement, now they will power the biggest handset manufacturer, and the one with the best relations towards the mobile operators.

But what about Nokia? The main reason why people have been negative towards Nokia’s future with this alliance is because it “got rid off” 2 operating systems and a great development toolkit. They are going to support Symbian during this migration phase and will launch a Meego device, but I do not think this will be enough to keep their current developer community (for the ones that have not migrated yet).  Whether this has been a good decision is a bit controversial…

Symbian and Ovi have been really lacking behind by far from iOS and Android, which contributed to the drastic drop of smartphone sales. Then, Meego is taking ages to mature and become the so promised alternative. On the other hand, Nokia positioned themselves and was investing hard on Meego, Symbian and Qt, and this was really true as I was receiving tons of job announcement from Nokia regarding R&D positions linked to Meego, Symbian and Qt (I’ve registered on their website about 2 years ago and I still keep receiving their emails). But, then, from one minute to the other, they completely change their mind… They may soon sack people that they have just hired.

Maemo was an amazing OS. I love my N810 and I really had hopes that Meego would be able to bring back that smartphone experience. Most analysts agreed that the best path for Nokia would have been a powerful Meego/Qt. This would require some serious investment and work on Meego/Qt, after all now they would be competing with Google, Apple and Microsoft on Operational Systems and Developing Platforms. Nokia seemed to was positioning into that, but apparently they have not been fast enough. They probably did not manage to convince investors of putting more money or time into it. Then, if they do not want to invest really hard on it, as it seems to be, the best alternative is really to drop it.

The reasons for going for Microsoft rather then Android have already been mentioned all around: fear of commoditization and becoming a hardware company, Stephen Elop, financial offer from Microsoft, lobby from operators and trying to get more power on american market. I do not think the first and last items are that relevant in this case because I do not believe that Nokia will be able to get much more software ownership with Microsoft (the only really valuable piece of software/service they will add is maps and navigation). Moreover, many analysts seem to agree that putting a “Windows inside” will not be a big differential in the US.  A “google inside” would probably make more impact.

So at the end, Nokia chose to take a risky path going with a new OS (Windows Phone), with limited developing community and with a company whose track in mobile has not been able to convince yet. I would think that they did that expecting to be backed by operators which are afraid from Android and IPhone. Besides that, there is some hope for Windows Phone. Their last OS has received a good number of positive reviews and they have the Xbox and Windows Live community which could make a difference (though it hasnt yet on the previous windows phones). By the fast peace of the mobile industry, soon we will find out how it turns.

barcelona mwc and wlan sim February 19, 2010

Posted by tcarlyle in SIM Cards.
Tags: , , , ,
add a comment

After a long time without posting due to a big wave of work, I finally found a bit of time and a special occasion to write. The special occasion is the Mobile World Congress which happened this week in Barcelona. I haven’t been there, but I’ve followed the news around it, with special attention to the ones related to sim cards. The main focus of the congress seemed to be targeted to the new trend of App stores (where a big revelation was the launching of the Wholesale Applications Community) and in new phone models (highlights on the Windows Mobile 7; the Nokia + Intel Meego announcement; and Samsung Wave, its first Bada device). However there were some big news on the sim world as well.

The first one was about a Android porting to a sim card! This was a prototype from SK telecom which uses a high end sim card whose specification I haven’t found but which doesn’t seem far from the gigabyte sim’s which have been already demonstrated by companies such as samsung or sandisk. The big news are in the porting itself and that apparently the performance over the high-speed usb went quite well. See video below:

The other big news was about the sim card with integrated wireless lan antena. There was a demonstration of it acting as an access point (with video in spanish) and being used to communicate with a nfc device and opening the possibility to do OTA management to the nfc device and dribbling the need of specific nfc phones. The repercussions have been amazing on the news and I feel specially happy since I  am between the several people who have been working on the side of the project from Telenor. It is definitely a great achievement, and I personally feel that those are just a small fraction of the possible use cases for a SIM with embedded wireless lan, specially when we consider the considerably growth of the internet-of-things and the pervasiveness of the 802.11 and wifi radio standards. Stay tuned on the wlan sim!

n97 fails (a lot!) + apps December 13, 2009

Posted by tcarlyle in Uncategorized.
Tags: , ,
add a comment

I am now an owner of a Nokia N97 for about four months and to be honest I’m quite disappointed, as many other N97 users. Since some weeks the touch screen is going from bad to unusable. A few weeks before the major firmware update (V20) the touch screen was already working poorly (sometimes Id touch and nothing would happen or other fewer times I was touching one point and it was selecting another).

Just after the firmware update it didn’t get much better, I was having the same problems besides the scrolling that would sometimes get into a loop or move the entries to out of the screen and make it impossible for me to select anything. I must admit that I have installed a bunch of applications and maybe thats one of the reasons for having a poor response from the phone.  But in the other hand, I never heard of any friend that owns an Iphone complaining about the phone after installing applications. I’ll soon try to make factory reset and install everything again, but I really do not want to do this every 3 months…

In what it comes to applications, I haven’t been amazed with the current options, but I guess it is because so far I’m not yet amazed with mobile apps in general (even the ones that some friends that have Iphone have shown me).  At the moment I have the following apps installed:

– Spotify for S60:  I’m a fan of spotify and I am very happy with their app (except when the N97 itself fails). It is very useful, nice gui. The guys really though about what the user would need of a spotify app.

– Nokia Maps: I wanted to use google maps instead, but I enjoy the compass functionality and the last version of Google Maps for S60 I’ve tried didnt integrate the compass. The nokia maps is quite decent, and it has been greatly improved after the last firmware upgrade. Now it can “correct” misspelled addresses which is extremely useful, moreover the walk to options now seem to be free for use (why did they want to charge for that). Still, the handshake for starting the compass is annoying and I’d prefer to synchronize my points of interest without needing an OVI account. Overall, a mapping application is extremely useful and it is between the top 3 I use most.

– Opera Mini: I have installed both opera mini, opera mobile and the regular nokia browser. Opera Mobile is indeed very powerful but I was often having problems of memory full (though it was the only app open) and I havent used it lately.  I have been mainly using Opera Mini which is very fast and very nice (thought selecting my emails in gmail can be quite challenging as the selection box is incredibly small and N97 touch screen is awful). Nokia’s browser doesnt seem bad, but Opera mini is faster, had a google search toolbar and has a nicer look and feel.

– Calendar and e-mail: As I use a lot google calendar and it is possible to synchronize google calendar with N97s calendar, it has been very useful for me. The e-mail with mail for exchange is not bad, but I noticed on moments I was online, that it was not synchronizing with e-mails I have received a few minutes before the synch. By the way, the whole process of installing the mail for exchange and configuring this synchronisms was not so straight forward, but this blog helped me quite a lot.

– Instant messaging: I have used installed and tried both Nimbuz and Fring, but to be honest I dont use that much instant messaging and I haven’t really seen if the applications are good enough.

– Facebook application: either I like or not, I’m a bit facebook addicted and hopefully N97 facebook application is really good. It provides a smart interface to check and reply incoming messages, friends request, wall and status updates.

– Twitter: I have the tweets60 tweeter client for the N97. I heard it is the best free twiter client for S60, but I dont like it that much (I guess thats the price you pay for not paying =D).  It is quite slow (even when my N97 was working ok) and I dont like so much the interface.

– Camera: The camera of the device itself is awesome. I’m really happy with the resolution and any effects the camera may apply or correct on the pictures. Moreover, it is quite nice that it allows you to geotag, directly upload to facebook, send by email, etc.

I havent had much interest in other applications I heard about but I’d like a rss feed reader that I can synchronize with google reader. It would be awesome if google could provide an app for that, as the one that the people from nokiapp.com website have done still needs a bunch of UI improvements for my personal taste.

Finally the thesis November 27, 2009

Posted by tcarlyle in identity management, Me, Sensors, SIM Cards, Thesis, trust, Uncategorized.
Tags: , , ,

After almost six months that I have delivered my thesis, I’m finally posting it here. It turned up to be a very extensive document (about 150 pages), but mainly because we first wanted to assess the capabilities of SIM cards, identities and finally trust frameworks. And as I was working together with the SIM Research Team at Telenor and I do have some experience with SIM from when I worked in Gemalto, we spent several pages on reviewing the SIM capabilities and trying to figure it out the future SIM.  We also touched an aspect that may start to become more present in the SIM cards which is the ability to sense context.

Other pages were spent in getting into the identity management world and this was one part of the thesis which in fact I wished I had more time to go through. I got very interested in going deeper in the field after finally understanding the identity frameworks such as Higgins, Cardspace and specially on the concepts in which they are based. At last we studied a bit about trust models and this was one of the most difficult parts of the thesis as none of us had much an idea of trust modeling and it is a topic that can get very complex if studied deeply.

After this long background, we finally chosen a new application that could be hosted in the state-of-art (or future) SIM cards, take advantage of the fact that the SIM represent one or more identities and that can be used to build trust. That application was what I have proposed in my paper mentioned in the previous post.

The idea is to use the future sim cards to sense each other (either through NFC,  location information and server interaction, wlan, etc), to sense the environment and based on that, attribute a situational trust value for that meeting between the 2 sim holders.  Then with a bunch of those situational trust value, you can infer the user relation. The more context information, the more you can infer.

Based on that idea, we made a small prototype using SunSpots representing those advanced SIM cards and with a simple trust inference model and a test scenario.  It  may sound a simple test and in fact it was, as the thesis focused a bit on bringing a new idea (which is extensively described) and the state-of-art research, having the prototype as a small proof-of-concept.

When I was reviweing the thesis for the paper presentation, I read in Bruce Schneier‘s blog about a paper from some researchers from the Santa Fe institute that used location information and phone calls information to infer the friendship closeness between the people involved in the experiment. The result was that they could predict the level of friendship with 95% accuracy! This pretty much confirm my thesis result =)

Closing Nordsec 09 November 3, 2009

Posted by tcarlyle in identity management, Me, Sensors, SIM Cards, Thesis.
Tags: , , ,
add a comment

I know it has been more less about half month since the ending of the Nordsec 09 and I was supposed to update about the last two days. However, after the conference (and some days off at the Belgium coast) I had a lot to catch up at work. Anyway, one good new is that the talks which does not correspond to paper presentation had their slides uploaded at the Nordsec Program Webiste.

The second day had some quite more technical (sometimes even more mathemathical) presentations. The ones I was most interested was the one about the usability of petname systems and the one about widget security.

Though due to the presentation on “A Parallelism-Based Approach to Network Anonymization” from Igor Margasinski, I got to know more about network anonymization which is a topic that I must admit not have heard before. It was nice to know that there are some options such as the tor project that tries to completly protect user privacy and enable users to bypass some content filters from some countries, therefore raising the freedom of communication.

However, the people that discussed about TOR said that in practice this anonimity routing, make the traffic flow pretty slow. Still, on the same day, Heiko Roßnagel discussed how the porn industry could in fact sponsor the development of TOR networks, as they correspond to users that would like the service and that are also willing to pay for it. On the other hand, this is a delicate topic as the porn industry can have some complex legality and ethic borders.

In the presentation of Karsten Peder Holth around widget security, the author points several of the security flaws that can be introduced when installing a widget. However, as he says, this is somehow a consequence of the simple development model of widgets and in fact it is this simple development model taht makes widgets so popular.

Audung Jøsang presented the paper his students have written about usability of petnames. He defended the need of making Identity Management more user centric with the usage of petnames and it makes a lot of sense. However, it looked like the Identity Selectors, as the ones part of identity schemas such as Geneva (“new name” of Microsoft Cardspace) and Higgins, already provide the user an alternative for the memorizing problem towards identities.

In the following day, we had another presentation around SIM cards and Identity. This one was given by Do Van Than, and although it also touched the aspects of the possible positioning of operatords towards IdM, it showed a bunch of cases on how this could be done and they have already tested. It is somehow sad to see that we could be already using the SIM as an IdM device with the EAP-SIM protocol and the federation standards (such as the ones from Liberty Alliance, which seem to have changed its name also, but I dont remember the new one), and unfortunatelly due to protective interests from several players in this heterogeneous market, we don’t.

Besides that we had more two SIM related presentations. One, where Heiko Roßnagel discuss the potential of the SIM as a the most suitable tool for delivering real-time information services. And my presentation covering the usage of high-end SIM cards enabling the possibility of sensing and chategorizing user relation. I’ll discuss my presentation a bit better in a next post (which hopefully wont take that long), but if you are interested in check it out the paper here is the springer link for it or you can see a 100% free preview at this googlebooks link. In fact, Ill verify if I can put it here in the blog as well.

It was really nice to present the paper and although I was a bit nervous before, the presentation went really well. I think I kind of have the knack for presentations.

Later (hope not much), I come back for talking a bit more about my paper, my master thesis and maybe also some frustrations and experiences with the N97 =)

First day of Nordsec 09 October 15, 2009

Posted by tcarlyle in Biometrics, identity management, SIM Cards, trust, Uncategorized.
Tags: , , , , , , ,
add a comment

I’m bloging directly from the Nordsec 09 conference here in Oslo. So far it has passed one day and a half and the programme has been quite interesting. There has been a more strong focus on identity and privacy, and, moreover more “high-level” presentations than the conference last year. As the conference programme has been quite extensive I must assume not having payed full attention to all presentations and specially the ones that didn’t have slides as supporting material. I’ll cover in this post just a bit of my impressions around the first day.

The first day was mainly about identity and privacy.  We started with a great presentation from Drummond Reed from the Information Card Foundation. He end up spending some of time explaining IdM as the concept was not familiar for the whole public, then he talked a bit on the challenges to using the open ID standards by the governments, in special in the USA. He also mentioned the issue of having a branding competition on the websites towards the several OpenID providers. It was pretty interesting to see that the US government is going for an exisiting open IdM standard and also to know that apparently a lot of the companies that seemed to be competing for IdM ownership seem to be cooperating more. At least, as far as I got there are several new players joining the OpenID (although it is not clear if they are just offering authentication tokens or if they are also accepting other OpenID tokens) and the Information card has become a common format shared between Cardspace, Higgins and other selectors.

There was a presentation about Identity Theft from the Ministry of Justice and the Police of Norway. The presentation was mainly on how biometrics could help to prevent Identity Theft. As the usage of biometrics in his speech was not characterized if it was for identification or authentication as I mentioned in a post in the blog, it generated a lot of questions around the dangers of impersonating someone using a copy of the biometric template which could be gathered through a fingerprint left in a glass for example. This generated some discussion around storage of the biometric template and issues around biometrics in unsupervisioned scenario which the speech could have maybe addressed and made itself even more interesting.

Later we had a presentation of Tor-Hjalmar Johannessen from Telenor presenting arguments towards having an e-ID centric model on the SIM with very logical arguments. He bases it in the massive presence of sim cards, its security, the fact that they already represent an excellent working case of IdM (roaming is single-sign-on), new enhacements to the SIM as a hardware and software platform and others. I had already seen other of this presentations on the topic and I’ve read a few of his papers for my Master Thesis. Therefore, it was not something completly new for me, but it already introduced the audience in the topic which will be good for my presentation on Friday =)

Other 2 presentation that specially called my attention were the one about “Privacy risks in Web 2.0” from Roar Thon from the Norwegian National Security Authority and the one about the future e-voting system in Norway. The first one was a bit more on the need of creating awareness around how much private information we are publishing and distributing. It was interesting to see tha the  Norwegian National Security Authority is interested in that and also on some numbers presented. In fact the presentation opened the point of the lack of attribution of social networks relations which is something Ill discuss in my presentation.

I think I’ve never stopped to think so much about the complexities around e-voting and the presentation from Christian Bull gave a great overview. There are issues on the fact that you are not over a supervisioned environment and this could lead to vote selling or coertion, or on making sure that every vote is counted but it is not possible to trace who voted in who, and there it goes. He presented a few neat features to counter some difficulties of the e-voting and the system sounds very promissing. It was also nice to see that they plan to make it open source so the system security can be assessed and they will submit it to common criteria evaluation (or a similar one, I dont quite remember).

I’m not sure if the presentations are going to be published in the conference website, but in case it will I write it here.

Back to the blog October 6, 2009

Posted by tcarlyle in identity management, ride sharing, SIM Cards.
Tags: , , ,
add a comment

After more then one month without posting, I’m finally writing. I guess the absence was a bit cause I’ve had a few days with abunch of work and during this period I alswo broke my hand, and it is extremelly annoying to type with just one hand. Anyway, now I’m back and hopefully I’ll be updating the blog quite often.

At work I’ve been mainly working in the wlansim project of telenor and I’ll be starting as well to help on writing a proposal to a SIM related EU project. Outside of work, I’ve been discussing with my friend Tommy about the possible creation of a ride sharing application. We are not so satisfied with the existing ones and we are brainstorming a bit what could be done better. As soon as we have a better concept we will start implementing it. It is a side project I’ve been wanting to work since some time as hitch hiking is an environmentally friendly win-win method for traveling and meeting people (two tings that I particulary enjoy). So far the best ones I know are the roadsharing (great user interface) and a german option which I have in fact used in Germany twice and it was fairly easy to find a ride (I guess it is probably one of the ride sharing with the biggest number of register rides in relation to its context – mainly Germany).  Recently, I’ve read also about a mobile ride sharing application in which the Fraunhofer institute is working and which looks quite promising. Unfortunately the website is only in german. Anyway, if you have seen any nice articles about ride sharing or some other interesting applications in the domain, please forward me.

Changing a bit the topic, next week I’m going to the NordSec 2009 Conference in Oslo. I’ll present a paper named:”Advanced SIM capabilities supporting Trust-based applications”. I’ve written it during my Master Thesis last semester (and by the way, I promise that after the conference, I’ll make it availablle here). In fact there seem to be a lot of presentations (and publications) around e-identities and another related to SIM cards in the program.It seems quite promissing and I hope I can manage to make some free time and  find out a bit more about some presentations before the conference. Anyway, if you have specific questions you would like to ask the speakers based on the theme of their presentations, you can forward me and I’ll try to ask them and publish the answers afterwards.

Augmented Reality Buzz August 27, 2009

Posted by tcarlyle in augemented reality.
add a comment

As someone back from vacations, you find yourself with tons of feeds, news and emails to read. Adding the fact that the previous months I was pretty focused on my thesis, there are a few things that I’m just getting into contact right now. One of them is this new buzz about Augmented Reality Applications. At my first sight I was pretty amazed and a bit pissed by the fact that most of the augmented reality mobile apps are being coded for Android and Iphone platforms and I have a S60 =(

Anyway, by checking it further and reading some more, I’m starting to notice that this buzz is being somehow similar to the one of LBS applications, where in the initial state the real usability is not always taken into consideration and most of the applications seem to be copying each other or providing extremely few realistic use cases. Most seem to only produce some applications practically unuseful but exciting as they deal with something “new”.

I am mainly questioning right now is if people will be willing to take their phone and start to scan the city or their friends pointing it to them. I know it is awesome to imagine that scanning of the T-1000 in the Terminator movie, but holding a phone in front of you is not the same thing. Maybe I’m from an old generation, but Im not sure if I will be used to that so soon. I wonder if a scene of someone scanning the surroundings wouldnt be a good input for a silly youtube video a la star wars kid. Moreover, it could possibly attract “pick pockets” as he would be showing a high-end mobile to everyone around for some period of time in a public place.

Still I must assume that those are small arguments in case someone makes a really useful app that may be worthy the “silly” look and in some places it may be safe to reveal the phone to the public in such a way. But so far, the impression I have is that people are more amazed about the technology itself and not with the practical benefits of the current applications. For example, I’d love to try the Arhrrr game, but I have my reserves if I’d really want to play it seriously. Several applications such as the one for finding the tube (subway) are focusing in navigation and adding the camera as an friendly UI, but for most of the cases I’d rather just have the phone in my hand as a kind of compass without the need of “filming” the environment.

However, I am in fact more reluctant with applications where the augmented reality aims filming people such as the Augmented ID. I think extremely invasive to have someone pointing a camera to you. I’d rather see this as an id card exchanged and possibly broadcast through bluetooth, wlan, wpan, rfid or other more pervasive technology. In fact most of the cases I’ve seen of this augmented reality apps for the current mobile phone platforms could be implemented without the camera without any substantial loss of UI friendliness.  At last, one thing hat will be probably have to be addressed is  how much all those filming affects the battery of the phone. But as we are having more and more sensors, gadgets and power in the phones, the batteries will have to evolve fast as well.

Despite my reserves towards the short-term future of those apps, I’d like to test them myself, so if you know one to S60, I’d be interested to try =)

Back from vacations but not fully back to blogging, yet =) August 19, 2009

Posted by tcarlyle in Me, Nokia Devices, Thesis.
add a comment

I’m back from well deserved vacations in Turkey and Brazil, but I’m still kind of adapting to be back, to be working again and to some new devices I got =)

I’ve finished my thesis and soon I’ll make it available here, but I’ll wait a bit because a paper I wrote based on the thesis has been accepted in the NordSec conference. Thus, I’d prefer to wait it be published there to make my thesis available (even though they are different documents) There is a lot of interesting presentation’s in this year’s agenda, with special attention to digital identity. But, I’ll blog about that when it gets closer to the date of the conference.

I  started to work here at the Telenor R&I department in Trondheim, Norway. I’m working with the SIM group, thus I should be posting some SIM related topics in the blog. In fact, just recently I’ve read 2 nice surveys on the Science Direct and I recommend their reading in case you are interested in smart cards and have access to Science Direct Publications. As a survey/overview papers maybe you already know some of the information described, but I thought they were specially well written and easy to follow. One of them is about Eletronic Passports (actually more into RFIDs) and the other about multi-application smart cards (with a nice overview of the smart card path from monoapplication to multiapplication environment).

As I just got into my hands a N810 tablet and a n97 phone I must already warn that I may eventually post something about them =) In fact, so far I haven’t got much time to play with them, which is actually good as the weather has been nice around here and that is not so common in August. Overall, the N97 seems nice although so far it seems too overloaded with junk applications. For the N810, I must say that the browsing capabilities are really awesome, there is a lot of nice open source and free applications and as mentioned in several places the GPS is quite bad to find satellites. I’d say that the biggest unconvenient in the N810 is that it’s design is not friendly for gaming. Although it is not on my top priorities it would be sweet to play some old NES games with the emulators if the buttons are kind of annoying to use as a joystick (specially the directionals).

I hope this post works as an initial attempt to ressurrect the blog =)

Biometrics and SIM May 24, 2009

Posted by tcarlyle in Biometrics, identity management, SIM Cards.
1 comment so far

I know I said I would not post so soon, but here it goes a small post on Biometrics (reusing the text from my thesis =D)


Biometrics corresponds to the recognition of an individual based on the measurement and analysis of his physical and behavioral aspects. Some biometric techniques include: fingerprint, iris scan, face recognition, DNA, hand geometry, voice recognition and hand-writing patterns. The biometric information can enhance identity, verification and authentication mechanisms as it consists into a unique feature that can identify a user. 


In fact biometrics is massively deployed in the several physical identity cards that carry a picture of the owner. This picture, a facial biometric, is aimed to present something that can be used for a visual verification on the side of the agent.


One of the biggest concerns about the usage of biometric information is the case where the biometric template, the synthesis of the biometric characteristics, is stolen. Since the biometric template can’t be revoked, a user can’t revoke his fingerprint or have his iris reissued, this is a very important topic to be taken into account. A solution for that is the storage of the fingerprint information in a secure environment, such as a smart card. It enables the possibility of employing match-on-card (MOC) identification without the need of transmitting the biometric information outside of the card. Inside the card, the biometric information can serve as one of the authentication factors complementing or replacing passwords. 


Despite MOC solutions on the regular smart cards, for example the Portuguese e-ID, there are already deployments on the SIM Card. As shown in the article”Beefing up security with biometrics” from Card Technology Today, May, 2008, the memory needed to store the biometric information is not so high, specially if you take into account the new high-density smart cards. A facial image can require 20KB while the iris image can require 30KB and a fingerprint 8KB. If instead of using the image, the biometric template is used, the size requirements are reduced by around 90% or less. 


What security experts such as Bruce Schneier and Steve Riley discuss is that biometrics should not be used as an authentication secret, but as identity information. By that, the identity, biometric data publicly known, identifies the user, but in order to obtain authorization in a system, a secret is used. This argument is based on the fact that biometrics can be tampered: they can be scanned, they are left when people touch objects, people can be filmed without their consent. Moreover, differently from the secret, the biometric can’t be revoked.


The MOC solution in the smart card mentioned before has the biometric in a context that is hard to characterize between identity or authorization secret. It is something in between, since the biometric information is actually the input to authenticate the person which has the card, but the biometric alone is powerless and the card can be revoked. I woud say that it is secure enough for most of the day-to-day purposes since it combines “what you are” with “what you have” and it can be revoked.  It seems harder once it is easier to steal (or guess) a password than a fingerprint(hopefully not your finger as in those sci-fi  action movies) . 

If you have any comments around the MOC security, please write. I’ll consider them when revising the thesis =)