Cambridge University researcher Frank Stajano recently presented a paper on the Pico, a tiny, portable computer that functions as the authenticator for potentially thousands of different services or devices.
In addition to never having to remember passwords, Pico users would be immune from phishing attacks, choosing weak passwords, or even having a password stolen. "The user has a trustworthy device ... that acts as a memory prosthesis and takes on the burden of remembering authentication credentials, transforming them from 'something you know' to 'something you have,' " Stajano says.
According to Stajano, a Pico would be a small computing device with a radio and a camera, using public key cryptography to generate and store thousands of public and private key pairs, one for every app or gadget the user needs to unlock. The Pico’s camera would read a visual code on a login screen or device to identify it, and then send out a message over its radio to a remote login server, encrypting a message to it that only the service would be able to decrypt with a secret key. The system would not only confirm the identity of the user, but also the service or device the user wants to access.
View Full Article
Abstracts Copyright © 2011 Information Inc. , Bethesda, Maryland, USA
No entries found