Bluenet is one of the many Italian companies that will have a presence at the Neapolis Innovation Technology Day 2019 on November 20, 2019. We thus sat down with Nicola Fedele, CEO of Bluenet, to learn more about one of their most impressive solutions, BLUeCODE, and how it uses ST31 secure microcontrollers to generate a 2D cryptographic matrix code that facilitates authentication operations at live events or location with access restrictions, among many others. The company is an ST Authorized Partner and we share a long history since one of their first projects was an operating system in Assembly for our ST19RF08 MCU. Nicola and the other two Bluenet cofounders, Paolo Pepori and Steven Chu, previously worked on secure paper documents solutions, such as ePassport for Italy. With BlueCode, they are combining their expertise in cryptography and their knowledge of the ST31 to build a powerful and cost-effective solution.
Government administrations use cryptographic images to process applications or more quickly identify their constituents. Concert halls, gyms, and many other businesses use QR codes to identify customers, and some immigration services even use them on their visas to prevent fraud. The beauty of BLUeCODE is that it takes the inherent robustness of these solutions, thus offering a definite security advantage, but makes it highly affordable and easy-to-use. The best example of that is the fact that the 30th Summer Universiade 2019, an international Olympiad-like event for university athletes that took place in Naples, Italy, last July, used BLUeCODE to generate 150,000 accreditations in just ten days, which bolstered security and protected the various access points against illegitimate intrusions. Let’s, therefore, look at how BLUeCODE works and why it was so successful at such a large scale.
BLUeCODE: Using the ST31 to Create a Quick Solution
BLUeCODE can rapidly and cost-effectively generate a cryptographic image because Bluenet uses a Secure Hardware Module in the form of a smart card that contains an ST31 MCU. The company developed a secure operating system, Gemina, that uses the ST31 as a coprocessor to encrypt data with a private key and output the graphic. To hasten development operations, the solution relies on ST guidelines and used our code samples as well as recommendations to ensure a quicker certification process. Gemina also uses some of ST’s Hardware Abstraction Layers to call primitive methods, which helped Bluenet developer create modules that manage the EEPROM or the application layer, among others. BLUeCODE is cost-effective because Bluenet uses the ST31 on many other applications, allowing a higher return on investment. Finally, Nicola explained:
“We heavily relied on the Proof-of-Concept Center in Naples, Italy to prepare for the Universiade 2019. This incubator space allowed us to have a lot of meetings with ST experts, run numerous tests, and improve our product daily. It’s truly a strong incentive to participate in the ST Partner Program.”
BLUeCODE: Using the ST31 to Create a Powerful Solution
The 2D matrix generated is impressive because it contains enough information to store a fingerprint or a photo. Comparatively to other similar solutions, BLUeCODE shines because it can potentially use facial-recognition software to match the photo on the credential to the person using it, thus adding another layer of protection. Nicola Fedele also explained that it was possible to store a fingerprint to increase security. Additionally, the use of a private key to generate the image means hackers would have to steal the smart card and break all the protections on the ST31 to compromise the system, which is highly unlikely. The solution is so robust it received a certification from the Digital Italy Agency (AgID), thus testifying to its compliance with the most stringent European standards.
BLUeCODE: Shortening Queues and Fighting the Black Market
BLUeCODE was effective during the Summer Universiade because it not only generated crypto images faster but also helped accelerate the authentication step, thus shortening the amount of time people had to wait in line. Authenticating a cryptographic image from the system demands a mobile application that can run on a wide variety of smartphones. And since the public key required to decrypt the image is on the phone itself, there’s no need for a connection to the Internet, and there are no adverse effects if the local networks were to crash. Since phones do not connect to a particular infrastructure, misplacing them doesn’t constitute a security threat since they are merely decrypting tools and won’t enable hackers to access sensitive servers, for instance.
New laws around the world require a photo or biometric identification for reasonably large events. It’s no longer just a matter of security, but a way to reduce fraud and fight ticket scalping. A research paper out of Portland State University1 shows that CAPTCHAs do very little to stop robots from snapping a large number of tickets online, forcing consumers to purchase them back on the black market. Additionally, a scholarly paper in the Sport Management Review2 showed the ineffectiveness of the US laws trying to tackle this problem. By requiring a photo, a fingerprint, or associating a ticket to a piece of ID, BLUeCODE establishes itself as one of the best solutions to prevent scalping and limit the negative impact of dark markets on this industry, while ensuring a smooth experience, as they demonstrated during the Summer Universiade.
- E. Kaiser and W. Feng, “Helping TicketMaster: Changing the Economics of Ticket Robots with Geographic Proof-of-Work,” 2010 INFOCOM IEEE Conference on Computer Communications Workshops, San Diego, CA, 2010, pp. 1-6.doi: 10.1109/INFCOMW.2010.5466663 ↩
- Joris Drayer, “Examining the effectiveness of anti-scalping laws in a United States market”, Sport Management Review, Volume 14, Issue 3, 2011, Pages 226-236, ISSN 1441-3523,https://doi.org/10.1016/j.smr.2011.04.002. ↩