Illiri, Using Sound for Authentication

Illiri offers a novel method for authenticating mobile devices

You can't be too careful when it comes to digital transactions these days because hackers are out there by the thousands. Once a hacker gets a hook into your data the consequences can be profound and range from having your bank accounts cleaned out and your credit cards run up to having your reputation temporarily or even permanently ruined. As for corporate data, well, the potential downside of getting hacked could be financiallydisastrous. 

One of the biggest problems in securing digital transactions is that most of the commonly used techniques for authentication are inadequate given today's threat landscape. As a consequence over the last couple of years we've seen increasing use of multi-factor authentication  

Multi-factor authentication (MFA) has become increasingly important because it's a fact that exchanging data over the Internet using a weak authentication method (e.g. just name and password) is potentially risky so amongst major service and product vendors offering MFA as an option are now Amazon Web Services, Dropbox, Facebook, Google Accounts, Microsoft/Hotmail, Paypal/eBay and Twitter.

While server to client MFA is becoming well-served the same can't be said about mobile to mobile connections. If you want to ensure that a secure data transfer can be achieved between two smartphones or between a mobile device and an end point device such as a point of sale terminal there's not been a lot to choose from.

A new entrant in this market is Illiri which offers a novel solution that uses sound to establish a relationship between two data exchange endpoints. The software, which is available as libraries for iOS, Android, and JavaScript, allows you to exchange credentials, confirm connections, and transfer data. What's intriguing about this concept is that it can be used wherever an audio connection between end points can be made, for example, face to face, over a telephone call, or on a teleconference call.

The Illiri API called (somewhat confusingly for us old-timers) SAPI is "an asynchronous API and its methods merely initiate a transaction. All changes in its state are delivered via callbacks." To understand the flow of control Illiri offers the following diagram:

This "depicts the process of establishing a link between two devices. (1) A create session request is sent to the server, with optional data that might identify the sender. (2) The received unique session id is then transmitted using [an audio] modulated signal to a peer device. (3) The peer device then automatically sends an attach request to the server, with optional data that might identify it.

You can use Iliri's own servers or host a server host one or more servers in your own infrastructure (the latter provides more functionality including SSL/TLS and HTTPS connection support and greater session control and customization).

This technology could have some interesting applications in mobile commerce, gaming, advertising, and general purpose authentication in commercial and corporate settings. Licensing terms and pricing on request.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Must read: 10 new UI features coming to Windows 10