A new NFC Ring use, read now!
-
I suppose you're all wondering why I've gathered you here today...
I'd like to talk about the NFC Ring for a moment, this wonderful and unobtrusive piece of technology which can allow access to all sorts of things.
Commercially available door locks, android smartphones and tablets are the immediate short list that you tend to think of but there's a whole world more out there.
The NFC Ring can unlock a modified car, and even start it. It can open a locked box, desk or safe. It can interact with a custom made drink flask or turn on your modified coffee machine.The possibilities are limitless, we're living in an age of wonders.
But there is still one thing (other than filament light globes...), one household item which has failed to move with us into this glorious future! The humble home PC is still a difficult thing to unlock with an NFC Ring, and this needs to change.
It's holding us back!
We need to emerge from the dark ages of passwords and PINs and enter a bright, glowing, neon coloured future where you can unlock your PC with the wave of a hand! We must throw off the time wasting shackles of manual password entry and move forward into a brighter, easier, more NFC future!Are you excited for the possibilities here? I know my heart is going pitter-patter at the thought of using my NFC car key for my NFC house door, my NFC safe AND my NFC computer!
And yet how can this be achieved? What do we need to do to make this happen?And now that the hyperbole is out of the way...
There have been a few attempts already from community members using currently available methods and hardware but none of the solutions are easy to set up or to use and tend to be locked to certain brands of desktop or laptop. And most importantly, they're closed source. We just can't tinker with it, we can make it neither better nor worse.
So with this in mind John has suggested a kickstarter, to build our own new software solution for the community and maintained by the community.
Open source will mean that once the software is released you can make your own bug reports, suggest features or fixes and generally have a real and lasting impact on your software. You should even be able to build your own initially buggy version for testing from github while it's being written.The current plan is to support Windows 7 through 10 - this is because writing the code for Windows will be completely different to that for other operating systems. So we'll start here and perhaps see what the community feedback is like. Other OS aren't being ruled out forever but they would require a completely seperate software package and would have to be addressed accordingly, another time.
There have been some questions kicked around about how secure this will be - what if you lose the ring, can somebody copy the ring and break in, is it better than the current login methods available, should we use certificates.
My favourite line from James Mickens is fairly relevant here:" Basically, you’re either dealing with Mossad or not-Mossad. If your adversary is not-Mossad, then you’ll probably be fine if you pick a good password and don’t respond to emails from ChEaPestPAiNPi11s@virus-basket.biz.ru. If your adversary is the Mossad, YOU’RE GONNA DIE AND THERE’S NOTHING THAT YOU CAN DO ABOUT IT. "
Let's assume we're not dealing with intelligence agencies, it should be fine as long as the ring isn't left right next to the reader while you're out of town for a week...
This won't be a method that stores the password in plain text on the ring, leaving you vulnerable to the occasional accidental password post online.
Initially the login method will be UID based, that's the individual ID number for that specific NFC inlay on your ring.
While UID can be copied, it's an involved process and the ring would have to be cloned first. It involves physical access to the computer as well as the ring, and all without you noticing.
There will possibly be more secure methods available involving NDEF records, but before we go crazy with that we should re-read James Mickens at the start of the paragraph.
The NDEF record method would also lock your ring inlay to that one single computer, whereas using UID would allow you to unlock multiple different computers (as well as your house door, lollipop+ android etc).What's being aimed for is ease of use - high security nightmare should be strictly optional.
Myself, I want to sit down at the computer, grab the mouse and be logged right in. To me that's a perfect setup, and I'll be attempting to make that happen by playing with hardware. Another possibility is a USB based reader that is mounted in the desk in such a way as to be hidden from casual view. That would be cool too. There are all sorts of very real possibilities for the hardware side, and that will be up to you.
The name of the software is also up to you, the community. I've suggested "NFC Sesame" or some form thereof, but you can make other suggestions.So what we're going to be asking of you is feedback on things like the price points and what you would like to see included in the project (at https://www.kickstarter.com/projects/mclear/526261309?token=201aa2e8 ), there are bound to be some very good ideas that haven't been kicked around yet. And finally, when the kickstarter goes live have a look and pledge what you can to help! I know I'll be pledging what I can.
The support of the community can make this a reality instead of a hopeful dream! -
Sounds great, but Windows only... I haven't had Windows on a PC for about 15 years; makes me kinda reluctant to pledge if I'm honest.
-
Depends on how you interpret it. Historically Windows login was Gina based, and a pain to develop. The range of Windows suggested here has the notion of credential providers which is more PAM like so not completely disjoint.
-
Good news folks, we're approved on KS :)
-
How long between approval and the sample page become real/live?
-
@Engarde you can have the sample page live before approval.
-
You guys need to speak up and be heard to make this a reality - leave feedback here or on the kickstarter sample page, show that there's a real interest in it and that it's worth doing!
-
It was more now that KS had approved, when was the page going to allow me to back it...
-
@Engarde until we get feedback and what you guys actually want this wont go live. We need a full conversation and input on your wants/needs/desires.
-
So basically this is an 'ASUS NFC express' emulation but better because its open source and will likely work with a variety of hardware.
-
Basically. And not as buggy as the currently available ones.
-
@Lokki said:
Basically. And not as buggy as the currently available ones.
Since getting the 2016 ring iv'e actually found it quite flawless (once I put a sweet spot sticker on it) also doubling as a USB 3.0 hub is nice as I don't have to get under the desk to plug in a USB stick.
I had to buy a new one after I destroyed the old one trying to hack it to work with the 2013 ring. I see the biggest draw card of this kick starter project above the NFC express is that it will read the ring ID and wont require a text string entry on the tag itself.
-
Yeah I hear that - and the ACR122 readers are spectacular compared to a lot of other reader devices I've tried. So, BYO reader for the win there.
-
@Lokki I actually have an ACR122, which I bought a while ago testing if it would work with the ASUS software, so I'm good to go :)
-
@jasok2 Pretty much.
-
looks good to me! Get the project live!
-
Update is live with a link to the project preview page. Some useful feedback is in. Things we need to consider:
- Which NFC Reader will we provide with the campaign?
- We need a more commercially appealing campaign video
- D Nuk'em said "This seems super similar to open source projects that are available all over the internet. What's the USP of this project?
Can I get some input on these 3 things please? :)
-
@johnyma22 said:
Update is live with a link to the project preview page. Some useful feedback is in. Things we need to consider:
- Which NFC Reader will we provide with the campaign?
- We need a more commercially appealing campaign video
- D Nuk'em said "This seems super similar to open source projects that are available all over the internet. What's the USP of this project?
Can I get some input on these 3 things please? :)
In regards to point 3, I have not seen any application that I can just download for windows specifically for this, paid or free. Everything requires hacking hardware or programming skills to implement. And we do need something easy to help adoption. currently the only option ive been able to find that is easy for windows is ASUS NFC express.
-
Agreed, @jasok2 - this is about bringing an existing community towards the idea of easy computer login, with easy being for the reader, the rings/tags and the software setup. I love hardware hacking, it appeals to the inner Lokki, but I know that sometimes it's nice to be able to buy the first cheap piece of gear you find, just plug it in and go.
The hardware bundled in the kickstarter pledge will help this along because there'll be no searching the interwebs for specific dongles or whatever, it's all there in the one place. Others who're contributing will likely have the same hardware and that will help with any troubleshooting that may be necessary. Plus I'm pretty sure John will be looking at a great, quality product at a decent price. You won't need to sell your collection of pogs to get it.
I think there's a need for a slightly more polished video, but not overboard crazy polished. This is more along the lines of a big group buy crossed with software exploration that is helping a larger portion of the community than the usual hardware tinkerers.
Something that does need to be discussed quick-quick before there's an arbitrary decision made is the reward levels!
Do people agree with them? There was talk of t-shirts, but is this a thing people want? (more postage cost for larger parcel!)
Do you agree that the 10gbp and 30gbp pledges need to disappear into a river somewhere and sleep with the fishes?Jump in and have a say while you can, guys.
-
See PM Lokki.