Thursday, November 21, 2019

Using an Activity Tracker as a Wireless Key


You don’t even need to say Open sesame!

Many of us wear an Activity Tracker (AT) most of the working day, partly because we have thrown our watches away! The ATs communicate with our cell phones by Bluetooth. We usually also carry our cell phone on our person. Women tend to carry purses or small handbags and put their cell phones in them. There is enough technology in the world to create a secure locking mechanism to enable the presence of these two devices to open an electronic lock on our door and to help us login into our computing devices. The cellphone and AT form a fine pair, complementing each other. One can put in special hardware such as a chip containing a private key into the AT. It would be difficult to hack such a system. The cell phone can come from any one of several manufacturers. It can run apps, display an invoice, and verify the user by finger print, face recognition or a PIN.  The cell phone also can use the WLAN and the cellular network.

The proposed system requires careful design if it is to be reasonably secure. Let us anticipate possible problems.

Firstly, the fact that I am inside the house should not open my front door to all and sundry. There must be a distance limiting mechanism which prevents the electronic key working beyond one metre or so. The front door should recognize me only if I am close to it and outside the house. The system should work only if I had identified myself to my cell phone within the previous 24 hours by entering a PIN or by my fingerprint or face recognition. Otherwise it should issue an alert.  If I move away from my Laptop, the system should not log me out, but temporarily lock up my keyboard and shut down the display till I return, when it should turn these on again.

The system should have good enough cryptographic protection to ensure that the chances of my door and laptop being opened by some stranger’s AT should be negligible. Ideally, the system should enable me to share it with my family members. The system should be resistant to hacking.

It would be valuable if a log is maintained on my cell phone or on the cloud showing a record of each time any of my locks was opened by the system. A bonus would be a photo record of every person who entered my home or used my Laptop.

The next step could be to extend the use of this system to make e-payments at POS terminals, and over the Internet. One way would be to equip each AT with a chip that encrypts text strings involved in transactions with my private key. Anyone with my ID string associated with that text string should be able use my public key and decrypt that text string.

The security mechanism should ideally be common to all credit cards and debit cards one uses. One should be able to create a common book-keeping mechanism to build a common account of all expenses incurred through this mechanism.

Widespread use of this mechanism should reduce risks in the payments industry. It should also significantly reduce processing costs, besides opening the doors for new entities to compete with the traditional “card issuers”.
Creating a cryptographically secure mechanism like the one described above for authenticating oneself over the web is essential. With Internet giants such as Google Inc buying AT companies, one can anticipate some developments like this. What would this imply for the world of business? How would it impact the credit card and debit card issuers? What would it mean for banks and their customers?  How can a company prepare itself to be a front-runner in the use of this technology?     
Srinivasan Ramani


No comments: