[Dave Birch] As I’ve written before, there are reasons for preferring an identity and authentication infrastructure that is based on tamper-resistant hardware with local authentication rather than passive identification technologies, largely because it allow the individual control over multiple identities, which I regard as an important contribution to the “privacy settlement” that we are going to need to negotiate in the online future, so naturally I was pleased to see that some security experts at Google have come to the same conclusion, albeit a few years later.
In a research paper, two security experts at the web giant have outlined a future in which the main way of guaranteeing we are who we say we are online will be possession of a physical token, perhaps embedded in smartphones or even jewellery.
Whatever will they think of next
I can’t resist flagging up this example because some years ago we worked on a project for a client in the financial services sector who was looking at combining RFID tokens with passwords to make effective two-factor authentication (2FA). The idea was that the, for example, ATM would contain an RFID reader based on ISO 15693 using read-only tags with a range of around two metres. So as you walk up to the ATM it recognises that you are nearby. Then you key in a PIN or a password and the ATM checks this online against the tags that it has lit up. If there’s a match, you get the cash. Anyway, the reason I’m mentioning this (and I’m sure that the client won’t mind me saying it) is because one of the storyboard ideas that we wanted to prototype was jewellery. We went off to talk to a company that had already put tiny RIFD tags in jewellery (it was used for stock management and tracking) and established that the idea was feasible but for one reason or another the client decided that it would be better to make a custom dongle for online use only and leave the ATMs and branch counters alone. These have met a mixed reaction from customers.
the only thing is these blasted little security fobs that you have to keep keying in. I used mine so much that the battery ran out so I had to go and find a replacement locally.
That’s why the Google researchers’ other futuristic plan, which is to embed the token in a smartphone, is certain to take off. I’ve even thought of a good name for it: the “secure element”. Not very sexy, but perhaps the marketing wallahs will salvage something from it. The device formerly-known-as-the-mobile-phone is the obvious choice for the remote control to cloud identity. No-one wants another dongle when they’ve already got their phone with them all the time. I know it sounds far-fetched, but I have a dream that one day I’ll be able to log in to my bank by simple tapping my contactless bank card against my laptop or smartphone…
By the way, thinking about futuristic businesses at Google, I remembered reading about another ground-breaking enterprise that they are involved in.
Last week, it was reported that Google founders Larry Page and Sergey Brin and others are investing in a new company called “Planetary Resources” that wants to mine asteroids.
How can they not call this the Weyland-Yutani Corporation?
These are personal opinions and should not be misunderstood as representing the opinions of
Consult Hyperion or any of its clients or suppliers
These are the personal opinions of Consult Hyperion and its guests and should not be misunderstood as representing the opinion of its clients or suppliers. To discuss how any of the technologies discussed in this post can benefit your business, please contact Consult Hyperion.