Feeds

AuthenTec sells out to Apple to the sound of 1,000 lawsuits

Directors hounded for not hawking the business to Samsung

SANS - Survey on application security programs

The $356m purchase of AuthenTec by Apple has not been universally welcomed. Not only are analysts and potential rivals trying to piece together the logic of the deal, but investors and, more importantly, class actions lawyers, are trying to work out if the 60 per cent trading premium that the deal is set at, was sufficiently high.

There is a thought out there that since AuthenTec had just concluded a deal with Samsung, its directors had the fiduciary duty when approached by Apple to at least ask Samsung if it wanted to counter-bid. We cannot go along with that thinking. When a board is approached with an outstanding offer compared with its current share value, it has every right to take the money and commit the company to a merger. However what these complaints might make possible is the extension of the time period over which the deal will move to completion, and that MAY give AuthenTec time to at least talk to Samsung.

Of course the whole point of agreeing cancellation fees (there are two way cancellation fees in here valued at $20m from Apple and $10.95m the other way) is so that the target company cannot go and talk to someone else and ramp the price, and so that the buyer cannot walk away, having shown an acceptable bid valuation to the world.

Since AuthenTec is a company that only has $18m in the bank, it had better have a very good reason to change its mind and fail to sell to Apple, and lose that cash. And anyway it has a customary "no-shop" restriction placed on its ability to solicit alternative proposals from third parties or to enter any kind of discussion. This has to be subject to some exceptions, such as when another company approaches it, it must have something to say.

But we expect that whatever comes of these legal moves, the deal is more or less done and Apple will get the spoils, even if anyone gets shareholders a little more cash. So why does it want AuthenTec? Most analysts in this area cannot see the wood for the trees. The first thing they do is look up what this company does. The bulk of its revenues comes from fingerprint recognition systems and it has genuine IPR here. It is a decent market leader in this nascent field, and most people assume that Apple will use this technology for one of two things, to secure iOS devices on a fingerprint, for either enterprise apps or to introduce it for mobile payments.

The myth of fingerprints

We tend to think this is pie in the sky. You cannot dominate the global banking community and introduce authentication technology which they have yet to approve of, no matter how ground breaking. Apple already has patents on accessing devices using unique gestures and these have already all been copied by rivals.

On the enterprise front there may be applications where this could be used, but to put this in perspective, right now AuthenTec has only quarterly revenues just over $10m in fingerprint recognition. These revenues are going down, or are at best flat, and the company has recently reduced its R&D in this area marginally. So what else could Apple be after?

Well there are two other security businesses that AuthenTec is present in, using software protection for DRM systems, so that you can have an (arguably) secure downloadable DRM, and a silicon based embedded execution area for encryption – a set of cores that can be used to securely process decryption on-chip, which any security software layer could benefit from. Samsung has recently taken this to underpin a VPN, but it might just as easily be used to underpin a DRM system for video delivery.

HD video on tablet

Now one of the debates that has been raging around the most recently launched iPad is the ability of its screen to handle HD video content. Hollywood has vacillated between banning premium HD video from portable devices and allowing it. The best solution has seemed to be to downgrade the resolution on this video for tablets. Many content owners allow video which is premium paid video, such as pay TV, to be delivered over IP in parallel with its TV delivery, to tablets, but at a lower resolution, while some ban it altogether.

But blocking HD content to a tablet is a lottery – your rival may get many more viewers by NOT banning it, because tablets of all types are taking off. The problem has been the software only nature of the security and only two solutions have emerged which really offer any comfort at all, one from Arxan, which AuthenTec uses, and one from Irdeto called Active Cloak for Media, and both use a form of white box encryption, as well as object code obfuscation and multiple frequent authentications between system components.

These two systems are dominant but slightly different, and regardless what both companies say about how secure they are, they are not secure enough to entrust Premium paid HD content to, where it has not yet been widely pirated. One security analyst told us that if smart cards were a 9 out of 10 in security terms, these software only systems were a two and a half.

The most secure approach is putting a secure set of decryption processing cores – complete with a hardware enforced firewall and separate processing elements for decrypting keys, on the processing chip. The problem here is that although AuthenTec offers its DRM Fusion product as a secure software only, downloadable DRM, the underlying security technology belongs to Arxan, and so it has no real IPR to offer Apple, which is what leads us to believe that this is not the reason for Apple‘s interest.

AuthenTec has made a number of strides here and signed some new customers recently, but while many of the App Store video apps are based on either the Arxan or AuthenTec implementations, Apple should have been buying Arxan if it wanted to control this process. This brings us to AuthenTec‘s third security business, based on its SafeXcel IP chip cores. AuthenTec acquired this technology from SafeNet two years ago along with its DRM Fusion product and since it did so it has been investing more R&D in this than any other part of its product portfolio, doubling it each year so far.

High performance access to file storage

Next page: Luring in the devs

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Arts and crafts store Michaels says 3 million credit cards exposed in breach
Meanwhile, Target investigators prepare for long process in nabbing hackers
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.