Feeds

AuthenTec sells out to Apple to the sound of 1,000 lawsuits

Directors hounded for not hawking the business to Samsung

Seven Steps to Software Security

The $356m purchase of AuthenTec by Apple has not been universally welcomed. Not only are analysts and potential rivals trying to piece together the logic of the deal, but investors and, more importantly, class actions lawyers, are trying to work out if the 60 per cent trading premium that the deal is set at, was sufficiently high.

There is a thought out there that since AuthenTec had just concluded a deal with Samsung, its directors had the fiduciary duty when approached by Apple to at least ask Samsung if it wanted to counter-bid. We cannot go along with that thinking. When a board is approached with an outstanding offer compared with its current share value, it has every right to take the money and commit the company to a merger. However what these complaints might make possible is the extension of the time period over which the deal will move to completion, and that MAY give AuthenTec time to at least talk to Samsung.

Of course the whole point of agreeing cancellation fees (there are two way cancellation fees in here valued at $20m from Apple and $10.95m the other way) is so that the target company cannot go and talk to someone else and ramp the price, and so that the buyer cannot walk away, having shown an acceptable bid valuation to the world.

Since AuthenTec is a company that only has $18m in the bank, it had better have a very good reason to change its mind and fail to sell to Apple, and lose that cash. And anyway it has a customary "no-shop" restriction placed on its ability to solicit alternative proposals from third parties or to enter any kind of discussion. This has to be subject to some exceptions, such as when another company approaches it, it must have something to say.

But we expect that whatever comes of these legal moves, the deal is more or less done and Apple will get the spoils, even if anyone gets shareholders a little more cash. So why does it want AuthenTec? Most analysts in this area cannot see the wood for the trees. The first thing they do is look up what this company does. The bulk of its revenues comes from fingerprint recognition systems and it has genuine IPR here. It is a decent market leader in this nascent field, and most people assume that Apple will use this technology for one of two things, to secure iOS devices on a fingerprint, for either enterprise apps or to introduce it for mobile payments.

The myth of fingerprints

We tend to think this is pie in the sky. You cannot dominate the global banking community and introduce authentication technology which they have yet to approve of, no matter how ground breaking. Apple already has patents on accessing devices using unique gestures and these have already all been copied by rivals.

On the enterprise front there may be applications where this could be used, but to put this in perspective, right now AuthenTec has only quarterly revenues just over $10m in fingerprint recognition. These revenues are going down, or are at best flat, and the company has recently reduced its R&D in this area marginally. So what else could Apple be after?

Well there are two other security businesses that AuthenTec is present in, using software protection for DRM systems, so that you can have an (arguably) secure downloadable DRM, and a silicon based embedded execution area for encryption – a set of cores that can be used to securely process decryption on-chip, which any security software layer could benefit from. Samsung has recently taken this to underpin a VPN, but it might just as easily be used to underpin a DRM system for video delivery.

HD video on tablet

Now one of the debates that has been raging around the most recently launched iPad is the ability of its screen to handle HD video content. Hollywood has vacillated between banning premium HD video from portable devices and allowing it. The best solution has seemed to be to downgrade the resolution on this video for tablets. Many content owners allow video which is premium paid video, such as pay TV, to be delivered over IP in parallel with its TV delivery, to tablets, but at a lower resolution, while some ban it altogether.

But blocking HD content to a tablet is a lottery – your rival may get many more viewers by NOT banning it, because tablets of all types are taking off. The problem has been the software only nature of the security and only two solutions have emerged which really offer any comfort at all, one from Arxan, which AuthenTec uses, and one from Irdeto called Active Cloak for Media, and both use a form of white box encryption, as well as object code obfuscation and multiple frequent authentications between system components.

These two systems are dominant but slightly different, and regardless what both companies say about how secure they are, they are not secure enough to entrust Premium paid HD content to, where it has not yet been widely pirated. One security analyst told us that if smart cards were a 9 out of 10 in security terms, these software only systems were a two and a half.

The most secure approach is putting a secure set of decryption processing cores – complete with a hardware enforced firewall and separate processing elements for decrypting keys, on the processing chip. The problem here is that although AuthenTec offers its DRM Fusion product as a secure software only, downloadable DRM, the underlying security technology belongs to Arxan, and so it has no real IPR to offer Apple, which is what leads us to believe that this is not the reason for Apple‘s interest.

AuthenTec has made a number of strides here and signed some new customers recently, but while many of the App Store video apps are based on either the Arxan or AuthenTec implementations, Apple should have been buying Arxan if it wanted to control this process. This brings us to AuthenTec‘s third security business, based on its SafeXcel IP chip cores. AuthenTec acquired this technology from SafeNet two years ago along with its DRM Fusion product and since it did so it has been investing more R&D in this than any other part of its product portfolio, doubling it each year so far.

Mobile application security vulnerability report

Next page: Luring in the devs

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
BMW's ConnectedDrive falls over, bosses blame upgrade snafu
Traffic flows up 20% as motorway middle lanes miraculously unclog
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Attackers raid SWISS BANKS with DNS and malware bombs
'Retefe' trojan uses clever spin on old attacks to grant total control of bank accounts
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.