Written by In a research paper, two security experts at the web giant have outlined a future in which the main way of guaranteeing we are who we say we are online will be possession of a physical token, perhaps embedded in smartphones or even jewellery.
[From Google aims to replace passwords with ID ring – Telegraph]
Whatever will they think of next 🙂
I can’t resist flagging up this example because some years ago we worked on a project for a client in the financial services sector who was looking at combining RFID tokens with passwords to make effective two-factor authentication (2FA). The idea was that the, for example, ATM would contain an RFID reader based on ISO 15693 using read-only tags with a range of around two metres. So as you walk up to the ATM it recognises that you are nearby. Then you key in a PIN or a password and the ATM checks this online against the tags that it has lit up. If there’s a match, you get the cash. Anyway, the reason I’m mentioning this (and I’m sure that the client won’t mind me saying it) is because one of the storyboard ideas that we wanted to prototype was jewellery. We went off to talk to a company that had already put tiny RIFD tags in jewellery (it was used for stock management and tracking) and established that the idea was feasible but for one reason or another the client decided that it would be better to make a custom dongle for online use only and leave the ATMs and branch counters alone. These have met a mixed reaction from customers.
the only thing is these blasted little security fobs that you have to keep keying in. I used mine so much that the battery ran out so I had to go and find a replacement locally.
[From Mike Oldfield: ‘Tubular Bells made me a million but the tax bill came to £860,000’ – Telegraph]
That’s why the Google researchers’ other futuristic plan, which is to embed the token in a smartphone, is certain to take off. I’ve even thought of a good name for it: the “secure element”. Not very sexy, but perhaps the marketing wallahs will salvage something from it. The device formerly-known-as-the-mobile-phone is the obvious choice for the remote control to cloud identity. No-one wants another dongle when they’ve already got their phone with them all the time. I know it sounds far-fetched, but I have a dream that one day I’ll be able to log in to my bank by simple tapping my contactless bank card against my laptop or smartphone…
By the way, thinking about futuristic businesses at Google, I remembered reading about another ground-breaking enterprise that they are involved in.
Last week, it was reported that Google founders Larry Page and Sergey Brin and others are investing in a new company called “Planetary Resources” that wants to mine asteroids.
[From Here’s How Google’s Founders Can Mine Asteroids And Become Trillionaires… – Business Insider]
How can they not call this the Weyland-Yutani Corporation?
These are personal opinions and should not be misunderstood as representing the opinions of
Consult Hyperion or any of its clients or suppliers
“Secure element”? Or “be me”?
http://dematerialisedid.com/BCSL/Dematerialised ID Reid.pdf
213. When we make a dematerialised credit card purchase or we take part in an IsEntitledToNHSHealthCare enquiry, for example, we may need a “be me” button on our mobile phone handset to invoke the associated dematerialised ID functions. Or a “be me” chip in the handset. Or a “be me” menu option. The temptation then to say “beam me up, Scotty” will be irresistible. No apology is made for the Star Trek overtones of dematerialised ID. There is nothing fantastic about the idea, it is utterly practical and more or less with us already. And what is the recent history of science, anyway, if not an attempt to catch up with the inventions of Star Trek?