Bøker Datalagringsdirektivet E-valg Egypt - Høst 2006 Fildeling Forskning Humor Internett Kenya Klima Madagaskar Musikk Opphavsrett Overvåkning Politikk Sikkerhet Spam Sykelønn Ting og tang

Tekster

Bilder

Videoer

Eksternt

Hvem

My voice is my password...

Well, not really.
I don't like biometric authentication for many reasons - one of the most important being that it simply cannot be revoked.  If someone manages to fake my biometric data, whether it is my iris, my fingerprint or my voice , it is impossible for me to change it. All I can do is to hope the imposter will get caught, and that nobody else will repeat the process...

But that's not what this piece is all about - it's about another voice related technology that can be used to iidentify you, and grant you access to your home, your office, public transport, your computer - almost anything. That device is your cellphone.

More and more places, ordinary keys are replaced by different kind of card readers. There are good reasons for this. They are relatively cheap to install, you can easily revoke or replace single cards without changing the entire system. You can grant and deny access to different cards at different times of the day and there are almost unlimited variations of access lists you can implement and number of cards that can be used at the same time.
Ofcourse there are a few issues with this as well. You might be locked in(!) by your vendor, and if they stop supporting your system, you might run out of cards or will have to change all your locks. There are also some privacy-concerns, as the key is now personal, and it is very easy to log and track who enters where and when. Also, it is generally easier to copy or clone a keycard than an old metal key. - Some reports have shown that RFID or other proximity cards can be read from several meters away, and even magnetic stripes or smartcards can be copied in seconds with the right hardware - hardware that is small enough to carry in a pocket. So all I need is physical access to your card for a few seconds, and I can deliver it right back to you and say "I believe you lost this", and I have a perfect copy of your key, without you even knowing it was stolen.

Also, it is a problem that after a while I need to have a gazillion different cards. One for the main entrance to my office, one for a remote location we have access to. Another card to get access to the facilities of a partner. One card for the gym, one for the marina, one for the city bikes, one for the subway... And because the readers are usually quite dumb, I can't just swipe my wallet over them, I have to take the cards out, as they interfere with each other when they are all stacked together.

So what I want, is for all this to be embedded in my phone. Now before you object, and say "but what if you lose your phone" - well "what if you lose your wallet"?  It does not matter that there are individual cards for all the places, as long as I keep them together anyway. All it means is that I have to go to all these places to get a new card if I lose my wallet instead.
And personally, my phone is more important to me anyway, as it contains my entire life - contacts, calendar, notes, todo-lists - everything. But ofcourse I back up these regularily. That's more than I can say about my key cards.

The best thing about this suggestion is that it is really quite simple to implement, You need an RFID-reader. These can be really small and cheap. And you need a slightly advanced RFID-transmitter, that can be reprogrammed by software. I don't think this should be very hard to find either.
Also, you would need a nice keycard-app on your phone. This app should make sure the transmitter is turned off whenever it is not needed. Also it should allow you to read any RFID-code, and store it, and then send it back when you select the code from a menu. 
So when I receive a new card, I open the app on my phone, press "learn new code", hold the card up to the phone, the phone beeps, and I can read the code in the display, and add a name or description to the code. The physical card could then either be disposed, or stored somewhere safe.

Whenever I need to use this "card", I open the software (add a pincode or password for safety), click on the correct code, and the RFID-chip will transmit it for a short period (a few seconds should be enough in most cases), and auto shut down again.
I guess the softare could even be smart enough to detect that "something" has read the code, and maybe even detect if it was read by the same reader as last time, and log (or even as for permission) every time it is read by a new device.
That would make copying of the "card" almost impossible, and at least easily detectable.

The phone should also be able to generate and transmit a unique code (revokeable ofcourse), so you do not need to have a physical card first. So when I become a member of a new club, I can just hold my phone up to a reader in th reception, press "genereate new card", a new unique code is generated and transmitted. The phone stores this code (with a name and descriontion) and the code is mapped to my profile in the software used to authenticate users at that place.

All these codes must ofcourse be encrypted on the phone, and it should be an easy task to back them up.

But if done correctly, I think this kind of technlogy is both safer and more user friendly than todays keycards and definitely a much better idea than biometrical authentication.