WORLD
Oxford and Cambridge in the race to eliminate passwords
Baku, August 7 (AZERTAC). More novel approaches to authentication have been gaining media attention this week, each linked to major universities.
Cambridge University are working on a technology-oriented approach where multiple small devices create an "electronic aura", enabling a main device to transmit a unique identification signal.
Meanwhile a company spun out of an Oxford University programme is developing more biomechanical methods of recognising humans, and indeed specific people, based on the way they move, behave and interact with devices.
The problem of authentication is central to secure use of computers and the internet. Our machines and services need to know we are who we claim to be, if they are to ensure only the right people can access their stuff.
Passwords are regularly leaked in data breaches and need to be reset, with sloppy approaches to alerting people putting them further at risk.
Major cross-industry alliances are working to make sense of all these options, and produce a unified framework to support them, but it remains a chicken-and-egg problem - no single scheme can really take off without widespread adoption, and widespread support won't be provided until an approach is well-established, trusted and used by significant numbers.
The device connects as and when needed to confirm the identity of its owner, but will only do so in the presence of a collection of miniature secondary devices referred to as "Picosiblings", worn on the body or clothing.
This solves the main problem of using biological information such as retina patterns or fingerprints, that they cannot be changed once compromised or forged, and avoids the issues of a single identifying item, which could simply be stolen.
The Pico setup would require all the items be stolen, which might be fairly easy with a phone-sized device, but the pickpocket's job would be considerably harder if he also needed a ring, a pair of glasses, and few micro-devices embedded in clothing or carried in a pocket or wallet.
To make it all the more difficult, there's no reason part of the aura couldn't be embedded in the body itself.
Spoofing by relaying the signals from the real user to a stolen device is prevented by requiring close proximity of the devices, measured by checking the response times from inter-device communication.
The main device would be programmable, and backed up so it could easily be replaced if lost - a stolen device on its own would be safe as the highly sensitive data on it would be inaccessible without the ancillary "aura".