The Internet of Things (IoT) is growing rapidly – too rapidly, some would say. The proliferation of connected devices on the market can make securing each one a challenge. Even where security is sufficient, connected consumers have many devices, and the more they have, the more difficult it is to get all of them playing nicely together.
Michael Orlando, COO, FitPay, says security across devices is one of the greatest obstacles the IoT will need to solve, and it’s something the tech startup has been working toward. Today, Orlando said, there’s no fluid way to authenticate against the single individual who owns multiple devices. Instead, the user must authenticate on each device that has authentication features, or simply not authenticate at all on ones that don’t.
Orlando said enabling devices to collaborate or share authentication credentials across an individual’s IoT network could simplify access for devices that require authentication, while adding security to the ones that don’t, allowing them to “borrow” security from other devices in the circuit. Devices would be linked through common attributes, such as sharing a Wi-Fi network or similar login credentials, or purely based on location proximity details. Behavioral attributes could also factor in, tying device behavior to the user’s typical movements and habits.
To give a non-payment use case example, Orlando described an individual who owns a Garmin watch, a Nest thermostat, and an Amazon Echo. If that user has already authenticated on the watch, Orlando said, all they have to do is enter their home for the other devices to pick up on the watch’s proximity and leverage the authentication the user has already completed. Once the IoT network recognizes the user, Nest can kick on the heat or AC to the user’s preferred temperature, while Alexa can start playing their favorite “unwind” playlist.
In payments, Orlando said this method of shared authentication could be used to allow instant and unattended payments, driving an experience similar to Amazon Go — except, instead of being watched by computer vision, the consumer holds the device and, therefore, controls when and where it’s used.
This invisible payments experience would work by having common devices in the store recognize the customer’s connected device as they enter. Authentication would be passed through beacons and other types of connected devices the store has set up. As the shopper picks up different items, their tags would connect to them, and their virtual shopping cart would fill up as they add items to their physical cart. Then, they could pay by just walking out the door.