ACM TechNews, Wednesday, August 24, 2011: Pico authenticator
kahl at cas.mcmaster.ca
Wed Aug 24 12:05:48 EDT 2011
----- Forwarded message from ACM TechNews <technews at HQ.ACM.ORG> -----
From: ACM TechNews <technews at HQ.ACM.ORG>
Subject: ACM TechNews, Wednesday, August 24, 2011
Read the TechNews Online at: http://technews.acm.org
Could A Crypto-Computer in Your Pocket Replace All Passwords?
Forbes (08/17/11) Andy Greenberg
Cambridge University researcher Frank Stajano recently presented a paper on the Pico, a tiny computer that can be carried around and functions as the authenticator for potentially thousands of different services or devices. In addition to never having to remember passwords, Pico users would be immune from phishing attacks, choosing weak passwords, or even having a password stolen. "The user has a trustworthy device ... that acts as a memory prosthesis and takes on the burden of remembering authentication credentials, transforming them from 'something you know' to 'something you have,'" Stajano says. According to him, a Pico would be a small computing device with a radio and a camera, using public key cryptography to generate and store thousands of public and private key pairs, one for every app or gadget the user needs to unlock. The Pico's camera would read a visual code on a login screen or device to identify it, and then send out a message over its radio to a remote login server, encrypting a message to it that only the service would be able to decrypt with a secret key. The system would not only confirm the identity of the user, but also the service or device the user wants to access.
----- End forwarded message -----
More information about the discussion