• Login
    • Search
    • [[global:header.recent]]
    • [[global:header.tags]]
    • [[global:header.popular]]
    • [[global:header.groups]]
    • [[global:header.search]]
    1. Home
    2. DanielAC
    3. Posts
    D
    • Profile
    • Following 0
    • Followers 0
    • Topics 0
    • Posts 2
    • Best 0
    • Controversial 0
    • Groups 0

    Posts made by DanielAC

    • RE: Thinking about security

      This is some great discussion, and I hadn't considered the limitations that a finite number of reliable "write" actions can present to consumers.

      My suggestion here is this: Along with each ring, accompany with an inexpensive NFC-enabled card. The card should look like something quite innocuous (library card, discount card, etc). Instruct the consumer that if he intends to use the ring for security/authentication, then strongly urge them to place identical digital keys/signatures on both the ring and the card.

      The purpose of the card would be to act as a failsafe in the event the user loses his ring or it malfunctions. This gives the user the ability to either quickly replace the ring, or enter into one's house/system and disable the NFC authentication requirement just long enough to get a replacement.

      The card should stay on one's person at all times, much like a credit card in an NFC-shielded card holder or wallet. If successful, this should also serve to greatly reduce the burden on the vendor to answer calls for "what do I do now?" should the ring be lost or malfunctions.

      I would also strongly advise the vendor to shop around and see if some kind of partnership can be struck between themselves and some major digital certificate companies to design and market a consumer-level PKI solution for the ring. Symantec owns Verisign, as just one example. I'm not sure, but can SSL certificate technology be adapted to verify the identity of a ring-bearer just as much as a web server can have its identity authenticated to a web client? If so, it's worth noting that GoDaddy has been pioneering a lot of the low-cost SSL certificate services for consumers at about $60/yr.

      PS. -- Note to admins. I have some contacts with organizers of one nationally-known US-based conference held annually on the theme of web communications technology, and may be submitting a proposal to speak on personal security in 2014. Let me know if I might assist in helping market this in my own circles.

      posted in Ideas for using NFC Rings
      D
      DanielAC
    • RE: NFC Mouse (input device)

      I feel I should press this point rather strongly:

      A security-conscious user would never use this ring as the only means of unlocking a system containing potentially sensitive information (including your phone or PC). But if you make this part of multifactor authentication to computers, phones, etc, you'd have one hell of a security device which would sell amazingly well in security conferences the world over.

      I understand convenience is highly marketable, but with recent events in the news, you'd better believe personal security is also a major market. A system that combines traditional username/password requirement with an NFC token (such as an NFC ring embedded with a unique "signature"... perhaps even a Public Key within a networked PKI environment) all but ensures you are protected against potential damage caused by password interception.

      This effectively would protect you against:

      • Keyloggers
      • Packet sniffing on an untrusted/unencrypted network
        ---Wireless cafe's or even at work/school, either of which can monitor your traffic.
      • Compromised third-party password vault services
      • Compromised local-based password vault apps.
      • Compromised banking web sites which may have been hijacked by man-in-the-middle attack.
      • Session hijacking (where sessions frequently fail to regularly poll the presence of the NFC token)
      • Brute Force attacks
      • Dictionary attacks
      • Password "recovery" attacks
      • ... need I go on?

      This ring could become a serious competitor as a piece of information security jewelry IF you allow security geeks the ability to adapt this product for two-factor authentication.

      posted in Ideas for using NFC Rings
      D
      DanielAC