Slashdot Mirror

• use an iButton for authentication. I still think these things would make for great security devices...unless, of course, you lost it.
• use a PDA with GPS and/or some other kind of personal id (voice - the HandSpring has a mic builtin) to upload a one-time key to a computer.

Ibutton is a small device which fits on your keychain and can plug into the USB port on your computer. You can use it to store your private key, along with the public keys of others. It can also be used as a key to your computer, both through the usb port, or through a little thing you tap it against that you attach to your monitor. It's also good for door authentication, several lock companies make locks that work with these for around $80 each. The Ibutton itself costs between $10 and $25 depending on which model you get. It can do other things too, and it's not a foolproof way to prevent someone from getting at your key, but, it's a good preventative measure, and it's sure to make it harder for an attacker.

A somewhat cheaper alternative to *magnetic* cards would be optical bar-codes.

Yeah, but that's a two-edged sword. It's cheaper for you to make the card, but it's also cheaper (and easier) for someone to copy. All you need is access to a real card for long enough to photocopy the barcode and bingo! you're in the building.

Most secure buildings I've seen use magnetic proximity cards that you hold up to the reader, not pass through a slot. Where I work it's a separate card (ProxCard II by HID Corporation) that hangs behind the badge with our name and photo; where my wife works it's integrated into the badge itself. The badge has a mag stripe but I've never seen it used. The proximity cards are virtually impossible to pirate (it's far easier to use human engineering to get around this system -- you know, walk through the door behind a real employee).

You could also build a system perhaps more secure than that (cheaper, too) using an i-button. They even make rings that hold i-buttons for this very purpose. Not as convenient as the badge/card idea, but just as effective and far geekier! :-)

You can readily integrate the Novell login into the NT login. I see it all the time at a local unnamed government entity who is one of my customers. In addition to all the other mentions regarding SAMBA, etc. to synchronize passwords with systems, I really like the hardware keys and biometrics.

I use fingerprint authentication on several systems here. I enjoy it. It works. To a point. Just don't was your hands right before logging in. That causes enough tissue swelling that you can't get an accurate reading. I use a $100 scanner from Digital Persona that we routinely pick up at Fry's. These things are very flexible and cheap enough to be used on any USB system. They currently only have Windoze support for their drivers, but I haven't checked in a while. I like the hardware tokens like iButton which can store enough data to provide a login for each individual system. Some awefully large amount of storage for keys and completely waterproof, etc.

If you want to keep people from taking them home and losing them, have a security guard type checkout for these bad little boys. That depends upon your level of security, of course. If someone loses one, it can be disabled from the network immediately and a new one issued. Every time they lose one, dock their pay! I know their union would have a fit for that! ;-)

Plus for the iKey: it's a USB device, so most PCs can chat to it. There's even an NT stack for it, though I suspect that non-M$ OS support is lacking. I do believe that there is a single-logon software suite that supports the iKey.

Maybe an iButton might do the trick. You can put these in keyfobs, on rings, build them into wallets etc. You can get one of the ones guaranteed to have a unique id on them (they're cheap too), and issue them to all of your staff.

Unfortunately you might have to write some software to automate the login process there. The bonus will be that they won't even have to remember their password at all - let the iButton handle that!

Three IR LED beacons, mounted on the gateposts. Each one bleeped a simple ID code (TV remote chipset, with a button permanently down).

On the two 'bots, were scanner heads. These were dead simple, a stepper to rotate it and a pair of IR detectors and lenses as a simple 1-axis discriminator. By stopping, then scanning the head around a bit, the bot could take a bearing on each of the beacons. Some triangulation and it then had a position fix. Crude, inefficient, lots of software, but the hardware was cheap & easy.

Control was a couple of nested state machines.

One beacon had few bits of data link in the code as well; just a simple "Wander around the garden", "Come home now", "'Bot A get into the kennel" code.

"Home" was a kennel in the conservatory, with the coded beacon mounted directly above the door. When "homing", they just did a home on the beacon until they were nearby to it. To get them through the kennel's bot-flap there was a buried wire inductive guide. Each bot 'was called through in turn, at which point it homed as close as possible to the beacon, until it picked up the wire field and then line-followed that through the flap. Indoors there were actually two separate wires, so the 'bots could park side-by-side and charge up.

The 'bots themselves were just little diamond chassis, with a single powered wheel each side and a castor at each end. In the middle was a plantpot (that being the function of the whole malarkey).

Battery life was OK, as they didn't move much. They weren't mobile 'bots, so much as randomly re-positioning on an intermittent basis.

Stuff they should have had:

• Better traction in mud. We had to limit their "range" to a tiny part of the available garden, as they got bogged down near the edges.
• Garden edge detection, with a buried inductive wire. After all, they already had the on-board detectors
• A 'bot -> base signalling channel for "Call me home, my battery is getting flat"

Dallas Semiconductor's TINI board is cool for this sort of thing.

He tried to be discreet, and he says he got no exposure, so he posted to all the developers.

I can relate sort of. A few years ago I developed a digital lock product using Dallas iButtons It was intended for residential customers to unlock their houses at the touch of a button. I searched the net extensively trying to see if my preferred name (DigiLock) was used elsewhere. I came up empty. I didn't trademark it myself because we were a small company and I just did want the trademark hassle.

Well, about a year later, I start getting emails and calls from people asking if I sold a DigiLock that would secure a gym locker or cabinet. At first I thought they were confused. Well, eventually, I got someone inquiring to tell me more and eventually found a company that sold locks you could mount on cabinet and locker doors that also used iButtons. They called it the DigiLock and TM was all over the website. Sure enough - a check of the trademark website (which wasn't nearly as useful when I first developed my product) turned up that that company had a trademark for that name and they got it like 6 months before our product was released.

Our products were too close and I honestly didn't want to deal with all the folks inquiring about a product I didn't sell. So I changed the name to something I knew wasn't trademarked. Simple enough and my customers accepted the change easily when we publicized it.

Bottom line is - he's dead on about the added aggrevation dealing with confused customers because of a name.

I vote for secsh.

--

Designing a custom chip or two would be cool...not having to go out and buy new hardware whenever I want to experiment with a new chip, just having to download to the new spec when I would like to use a different design would be completely awesome.

Also I could see a PCI board that you could have about 50/100/200 of the little guys on it (I know that they won't fit now...but i bet they would start if hardware open source took off.). Or more. I see wonderful experiments in parrallel processing to come from this. Or to implement complex hardware devcies that don't work well in software. Hardware involves a lot of work...and alot of knowlegde...but more people will get that knowlege the more that they can start to do with it.

TINI boards are bringing more people into embedded programming because its so much easier to do simple things. I can't even begin to imagine all the stuff that would come out of cheap and extra usable open source hardware.

I'm surprised they haven't mentioned the TINI from iButton, it doesn't run Linux but a Java based OS and only costs $50, it's the size of a standard DIMM and includes a serial port, ethernet, and 1-wire bus. These things have various applications, somebody is building a MP3 player with one.

I'm surprised they haven't mentioned the TINI from iButton, it doesn't run Linux but a Java based OS and only costs $50, it's the size of a standard DIMM and includes a serial port, ethernet, and 1-wire bus. These things have various applications, somebody is building a MP3 player with one.

I'm also putting my pinball machine on the web. Only difference is, mine is a 1977 Bally Night Rider Electro-Mechanical (anyone remember those?)
I'm using the TINI processor, www.ibutton.com/TINI and a 20x4 lcd screen www.matrix-orbital.com. In case you're not familiar with TINI, it's an embedded java processor on a SIMM. It's got onboard ethernet and serial, as well as its own proprietary "One-Wire" IO.

I will start out by keeping track of the high scores and storing them on the embedded java computer. Once I get that down, there's no end to what I should be able to do. This project has just started, it's not even documented online yet, but if anyone is interested in it, or has any ideas or opinions, please let me know.... beb1964@cs.rit.edu

The TINI from iButton is the shit for doing this sort of thing - $50 gets you a board that has ethernet, serial, loads of goodies, it's a joke to interface to, and it speaks Java, so it's easy to program, has a full suite of internet connectivity and you can do it in linux to boot! These things are a great deal, and offer all sorts of interesting possibilities with the addition of iButtons and the Java Ring, for instance..

I'm sure this stuff was covered on /., but I'm too lazy to look :).

Also, take a look at some of the cool devices you can use to carry your certificates in. They are very inexpensive these days and you can use them on almost any platform and take them with you! Check out http://www.ibutton.com/pki.html. These things rock! I just bought one!

-Pat

Notice the One-Wire sensors and think of what projects you could make with some of these, all connected to a single serial port. Other than the obvious weather sensors.

If you have an AMEX "Blue" card, then you have a JVM in your pocket (I believe its an Hitachi H8, but one of the tiny 8 bit versions).

About half of all smartcards made right now (including almost all from European giant GemPlus) run JVMs.

Anyone who went to Sun's JavaOne show a couple of years ago was handed a rather chunky ring, which had a Dallas Semiconductor iButton on it - this too has a JVM (I actually wrote some code for mine - using the same toolchain as for regular desktop java). I believe it is an 8051 microcontroller.

I just received a TINI board from Dallas, which is the same as the iButton, but in a DIMM form-factor. It's sooooo cool. Info about it is here

Maybe someone should code a 4-bit JVM, so we can run it on Voyager 2 (which has two 4-bit processors) - how's that for mobile code!

Another contender for "first 8-bit Java VM" is Dallas Semiconductor's collection of embedded Java devices at www.ibutton.com.

There's some neat stuff, like the "tini" board - a small (68-pin SIMM form-factor) embedded computer with 10BaseT ethernet and TCP/IP networking. It can run a web server, as well as Telnet and FTP. It also has a couple of serial ports for interfacing to other components.

I'm not sure exactly what they're claiming but the TINI board has run java on an 8 bit processor for some time.

Check out the TINI, a SIMM sized embedded Java device. It has built in Ethernet and serial communications, and can be had for under $100, including the SIMM, and appropriate mounting board. It's also got a built in webserver, and telnet server....and you can write your own Java programs for it, and upload them over the ethernet!!

And get yourself the books "Getting Started In Electronics" and ALL of the little "Engineer's Handbook" books (recently updated, I noticed) by Forrest Mims. This man has started more people into electronics than I could possibly imagine. I hope he was compensated well by the publisher for his great contribution to electronics - I owe a lot of my start to get where I am now to him.

I CANNOT recommend these books highly enough and I'm suprised nobody else has. Once you get those, you can get on your way with some parts and things, but get them from someplace like DigiKey or Mouser and you'll save a lot of money experimenting. I also recommend surplus places, one in particular: BG Micro, they have lots of stuff to tinker with cheap.

Do you like digital stuff? Then go check out a Java-based TINI from Ibutton or even better, some of the kits that are available from Parallax Inc. They're expensive, but their stuff is quality and works.

Good luck on a rewarding and interesting hobby with almost no bounds!

Java was a great idea let down by a flawed implementation and a flawed corporate strategy IMHO. What I think is that whilst the language itself isn't really going anywhere fast, the idea behind it will live on.

Java is used by almost every major player in every major industry in the U.S. and beyond. Personal Java runs on the myriad embedded systems with their own JVM and even American Express credit cards. Java servlets and JSP run myriad websites from mail.com to First Union . Enterprise Java Beans and it's associate web server platforms has spawned a cottage industry of server platform developers that include IBM, Bea, Allaire and more. Java ships with a free fully functional CORBA orb which allows for rapid development of robust, multi-tiered distributed applications.

Simply because all the C hackers and Perl users on Slashdot aren't using Java does not mean that it isn't going anywhere fast. I haven't seen a new Linux app coded in Lisp or Smalltalk in a while, this doesn't mean they are dead.

And it seems as though Microsoft have learned the lesson from this that Sun didn't, so I expect C# to go places Java never will.

C# will be a Microsoft only language which already puts it behind Java in places it can go. Standardization of the syntax of the language is useless if all the underlying DCOM/COM+/.NET infrastructure exists only on Windows.

On the other hand, I recently wrote a testing tool for a multibillion dollar corporation that sells SCM software to several Fortune five hundred companies, over the summer and noticed that Java is almost Write Once Run Anywhere as originally promised by Sun. The company I worked for supports six different platforms and is considering supporting Linux as a seventh. Their languages of choice for building tools for cross-platform development were Perl and Java. The chances of them switching all that to C# and losing over 50 per cent of their customers? ZERO

Of course the actual apps were written in Motif/MFC depending on the platform



Grabel's Law

You could build a security system using these. The advantage over a normal loop-of-switches setup (where if one switch is opened, the loop stops carrying current, and the alarm is tripped) is that you can identify which switch was opened. There is also the TINI, a microcontroller with Ethernet, one-wire, serial, and a Java virtual machine. More info here and here.

Such ballot boxes could be locked inside the voting terminals and removed by the precinct captain. Each ballot box serial number is published before the election. Each serial number is accounted for after the election and the entire contents of each ballot box is posted on a public site. Ballot ID's are verified after but not published before.

Scenario:

1. Voter goes to desk, registration is confirmed, is given a bar code containing the ballot ID.
2. Voter goes to voting terminal, swipes :CueCat over bar code :-) . Voter then votes using whatever user interface is deemed reasonable.
3. Votes are recorded to the ballot box. Votes are then hashed with ballot ID and whatever other information is considered important (ballot box serial number?). Hash and ballot ID are written to the ballot box.
4. When the ballot box is full or the polls close, the precinct captain signs the ballot box with her own key and seals the ballot box in a static-free container.
5. When ballots are counted, each ballot box is read out (an operation that takes on the order of 20 seconds) and stored under surveillance. Missing/unauthorized ballot boxes and voter ID's are recognized at this stage.

Of course, these aren't the votes that really matter, if you think about it. It makes more sense to work on Congress first, providing non-anonymous, non-repudiatable voting and prohibiting the voice vote. When it can be proven who voted for what, the wolves will drop like flies, OR the dittoheads will stop bitching about accountability and responsibility.

-jhp

Of course - one needs a way to get the key to it - I would imagine that it could be kept on a floppy and inserted at boot time, or whenever the partition needs to be mounted.

Seems like an iButton would be perfect for something like that...

--K

---

They've all got their own unique ID that you could perhaps work into your key to identify it, they seem pretty resilient, and they're fairly cheap.

They've even got one that'll do all the crypto for you, on-chip..

"// this is the most hacked, evil, bastardized thing I've ever seen. kjb"

Check out this article on an iButton interface for your Visor...

iButton Digital Jewelry

What's more interesting perhaps than the bike is the Tiny InterNet Interface - basically a Java computer running on a 72pin SIMM that's part of the bike. The SIMM and a board to bring out the RS-232, Ethernet, and 1-wire interfaces is quite affordable and begs to be used for all sorts of cool projects. It's at TINI

... do you really want to look like this?

>Writing debug routines that writes to stdout or some mechanism are
>just a fact of life. But the trouble is, they add to size and
>complexity of the compiled code.
>
>They can be turned off with conditionals like this
>
> boolean debugging_on = true;
>
> if(debugging_on)
> {
> System.out.println("I am in here");
> }
>...

>Create a debug class with a static final boolean variable called
>DEBUGGING_ON and set it to true
>
>public class debug
>{
> public static final boolean DEBUGGING_ON = true;
>}
>
>Now, wherever you want debug code, use that in a conditional
>e.g.
>
>if(debug.DEBUGGING_ON)
>{
> System.out.println("I am in here");
>}
>
>The Java compiler can resolve this at compile time and will toss out
>the entire thing when you set the flag to false.
>
>You can verify by building with and without it turned on and then tear
>apart the classes with javap to see that one has the code in there and one
>doesn't.

Those lovely people over at the Dallas Semiconductor toyshop make a gadget that's just the job for this, the TINI board.

Size of a DIMM module, built-in 10baseT, a Dallas one-wire interface, runs Java and costs $50. What more could you want ?

Just my $0.02

The bastard

"Oh, I got me a helmet - I got a beauty!"

Oh - and did I mention you program it in Java - it has it's own virtual machine on board. Plus stacks of I/O - 4 serial, 1-wire, CAN, SBX, I2C, ethernet, parallel, etc. And all for only $50US

I'm using one for my final year project, and they are very cool.

- Lindsay

Dallas is giving away their OS, apps, docs, schematics, and source for free from their site.

I'm surprised that the TINI never made it on Slashdot before. Who cares about 486-that-fits-in-my-pants-and-costs-as-much-as-a-P C systems when you can do just about the same for much less? Sure, it's neat-o and geekworthy that it could be done, but is it practical?

I'm part of a physical security project at my company. We are a Linux company, and would also prefer an open source solution, whether we write it ourselves or not.

We've been playing with Dallas Semiconductor's TINI boards, which are small, cheap, Java microcontrollers intended for use with their iButtons. Well, it's more than playing, we have 100 of them on order...

The controllers have many communication options, including Ethernet, EIA-232, CAN, and one-wire protocols. They're extremely cool, and they have a UNIX-like shell, Slush, which makes development fairly easy.

It looks like a very good solution, and if the software is open, we could collaborate.

Plus, it might be fun to use the TINIs for their intended purpose for a change :-)*

If you want a flexible, tiny webserver that can communicate over ethernet, serial, and can attach stuff using the wonderful 1-wire technology, a TINI is what you need.

This is what I am doing with my TINI, for those who think such a thing is not useful.

Forget about PICs, they may be useful for charging your phone (there is one in my phone's charging base) but they don't run Java, and they don't talk ethernet.

Finally, this discussion comes to light without me having to ask it. I've been thinking about trying this for about 2 or 3 months, the problem I have is that my design seems rather novel, and I havn't seen any of the small boards/systems (like LART, TINI, TIQIT, uCLinux) that would support it hardware-wise, let alone getting the software working for it. Most of the following rant is nothing more than a pipe dream, but if you know of something to make this dream a reality, by God post it.

I envision a bifold device, about the size of a deck of cards, with rounded edges. The device flips open (either spring loaded to a set angle ala Psion, or with a friction clutch holding it at any angle), and both inside faces are LCDs with digitizers on them. The side that you hold in your hand is the input area,which can be changed to fit the application (for example, all buttons for a calculator app, or a few buttons with a writing area for a notepad app). The top half is the display area.

Two displays/digitizers may seem like a waste, but an infinitely configurable input area seems like it might be just the kind of thing to make this badboy very easy and fast to use. The other nice thing about two halves is that you get about twice the screen real estate, as well as a measure of screen protection. Additionally, the bottom half in the hand, with the top half above, allows you to write while resting your writing hand against the holding hand, which would make input more natural (i.e., just moving the wrist, as opposed to the whole arm I envision this system using Quikwriting as the primary input method, but implemetning other software would also be necessary, especially the stuff with the input area and receiving input. I could imagine that a writing area with four general buttons would be the default, and a special call would be executed to change this, that way, only programs that need to have a different input method would have it. Other programs could act as if they were receiveing input from a keyboard.

I already have the case design in my head (at least the design for individual manufacture). The problem I've run into is the lack of suitable hardware. Some of the devices listed above are small enough, but do not include any way (that I can see) of having a configurable input area that is separate from the display screen.

I am a Mechanical and Biomedical engineer by training, so most of the aspects of specialized hardware implementation are beyond me, and I have been looking into using pre-built boards and stuffing them into a novel case (which my training does let me specialize). So I ask you, fellow /.ers, "what do you think?" Am I a deranged loon, or does an idea like this have some merit (if not, I'll still want to build one for myself)? Can anyone offer me guidance for hardware and even some software? Anyone want to help build one?

--Copyright, 2000 by WhyCause (just in case something pans out)

$1000 seems pretty steep when you can get a SIMM-sized computer for $50 from Dallas Semiconductor. It's called TINI (get it?). If you haven't seen it before, take a look; it runs Java and includes an ethernet connection and an interface to their iButton components.

I have one of these , for my final year project, and they're pretty cool. These guys have written some GPL code that lets you run servlets. Of course, you'd probably better not plan on getting too many hits - It doesn't seem to handle too many hits too well! Well, it is only 103mm by 32mm by 10mm, so what can you expect

(I know this is kinda off-topic, but, well, so what)

My point is this - I'm sure it wouldn't be too hard to build a small (and cheap - thats why we're using it :-) system that allows device control using the computer and the TINI as a bridge to the 1-Wire network.

The 1-Wire network consists of a dasiy chain of devices using standard RJ11 networking gear. So this would be relatively cheap and easy to instal. And devices can talk to it using cheap 1-Wire interface modules (2 way for approx $10-$15 US) from Point Six Inc.

The TINI can also be used to send email - so maybe even some sort of alarm. If a button is pressed an email goes out asking for help.

An iButton, with no special features, so it's just a serial number chip, costs about $1 each in quantity. That probably indicates that it costs only a few cents to serial numberize a chip.

One of the main goals of this project is the implementation of security - the system has to be accessed remotely from cell-phones and/or laptops over wireless internet links so that is why I chose the native java TINI micro from Dallas Semi.
The java lets us specify some pretty strong security at the server level - and since it is server side and the processor is native java it isn't even too slow =)

As an aside - the java also makes the implementation of basic webpages that are readible by cellphones/pda's using WML, WAP or HDML quite easy to do. This is another goal for the project - so the yuppies *grin* that can afford to fit out their house with this system can access it in the Mercedes over their cellphone and open the door/turn off the alarm etc...

Sorry, that link is www.ibutton.com. I screwed up the last one. :-)

--

1. A lightweight operating system. Of course, that means running PalmOS. Sad to say, Linux doesn't have the applications for this kind of situation (yet?).
2. Cryptofinancial Privacy. Use iButton(s) to store things like private keys and other cryptofinancial information. For now, I'll have to be content with GNU Keyring on my Palm IIIx. Confinitiy's PayPal gets a poke in the eye until they get their act together and make a Linux installer for their Palm software.
   
   

   Regarding PayPal: I encourage everyone to open an account (it's free unless you want to use it, then you will have to put some money in it-- personally, I won't be putting any money into it until I can put the PayPal software into my Palm from my Linux box.) and then dropping them a note saying that you would like a Linux installer for the Palm software.

3. Real Style. Not look like something from Logan's Run. Technology is at its best when its subtle and unnoticable. A Palm device in your pocket or purse is pretty unnoticable (until you start using it, then the Unknowing clamor about it 'Ooh, what is that?')
4. Cesium-133 Timepeice Accuracy. It should know how to set its time/date from the Atomic Clock in Fort Collins, CO.
5. Where are ya?. If you're going to put in any kind of radio receiver, you might as well throw a GPS receiver in it so you don't get lost. Or, at the least, be really annoying when you can say "If we keep walking at this rate, we'll get to Fargo in 345 days, 6 minutes, 35 seconds!"
6. Remote control. A really strong IR transceiver for remote control applications. It would be really nice if I didn't have to get up off the couch to grab a remote. Cripes, I've got like 10 of them on the coffee table.

Otherwise, I think the show was mostly an opportunity to show off sexy-sexy models wearing either Goretex or shiny black vinyl. :)
_______
computers://use.urls. People use Networds.

Idea 1, SSH: I don't allow telnet to any machine I admin, just SSH. I've wanted to generate RSA keys for every host, and then burn them onto a CD. Use the same password to protect every key. Then, you'd have to have both my password and the CD to hack my boxes. This, of course, requires both SSH and a CDROM drive on any client machine that you access from. It doesn't work just for general passwords.

Idea 2, iButton: Maybe a different system would, however. It involves those funky iButtons. These are little watch battery sized devices which store some fixed amount of data (different sizes up to about 64k), and can be addressed by a simple serial interface. You touch the iButton to a small contact (called a "Blue Dot") which plugs into a serial port, and software downloads the data. Store the authentication data (RSA key or just a plaintext password) in the iButton, maybe all encrypted with a single password. Then when authenticating, touch the iButton to the contact, and type in the (single) password to decrypt. The software could figure out which account was being accessed, and use the appropriate key. I think the software bits here wouldn't be too hard (I only see software on iButton's site for Windoze machines, is this being remedied?). Of course, this would require a iButton contact on any client machine that you access from; or it would require you to carry the contact thingy around and plug it into a serial port (pain in the ass).

I've often wondered how well this would work in an environment with lots of people. Could you reasonably expect people to hold onto an iButton or a CD? Maybe the iButton, if it attached to their keys? Is this too Draconian?

Thoughts?

-c

No, passwords are not sufficient.

The reason is that most passwords that people pick are not good passwords. Most users will select "12345" or "bird4me" instead of "7yhX%^I]w." Also, many people are not very security-aware, and so will be installing various trojans that could capture keystrokes.

My suggestion is to use a password and an iButton. Put an iButton on a serial device and have that as additional authentication. All iButtons have a unique serial number. iButtons are from Dallas Semiconductor and lots of information can be found at www.ibutton.com.

Actually, a "digital signature" is a lot more secure than a physical one these days. Although it's hard to forge a written signature by hand, it's trivial to scan or photocopy it, and only moderately difficult to digitize it into X-Y plotter coordinates (to draw it with a real pen).

Digital signatures are much better since they start by taking a digital checksum (e.g. md5sum) of the document being signed, and then sign this information with an RSA-style private key. Therefore, each document gets a different digital signature, and copy-pasting the signature block onto a different document will produce an invalid signature.

Another bonus is that if your private key (perhaps stored in a Dallas Semiconductor crypto iButton) is stolen, you can just revoke your public key so that no further signatures from that key are trusted.

I think this would be a great group project. You can count me in, although I admit I not that electronically inclined. However, I am pretty good in Java. You should check Dallas Semiconductors, they have a alpha product called TINI which looks like a good direction for the project.

JavaRing was an implementation of JavaCard API for smart cards. The rings were manufactured by Dallas Semiconductor

Dallas Semicondutor puts JavaTM technology power in the iButton, a portable computer chip armored in stainless steel and wearable as jewelry or other personal accessory. In fact, the iButton in the JavaTM Ring gained attention as the first successful application of the Java CardTM 2.0 specification. A Java technology-enabled iButton conforms to the Java Card 2.0 specs and adds enhancements for a superior Java programming environment -- such as 32-bit Java technology integers, automatic garbage collection, and a true-time clock. Each iButton has a unique ROM registration number to which a PIN number can be attached for the same level of security banks use. Moreover, the ROM number is Java technology-accessible and supplements IP addresses, making all mobile iButtons globally addressable. Besides being physically tough and tamper-resistant, the Java technology-enabled iButton carries 800,000 transistors for cryptographic processing. A high-speed processor with a math accelerator performs the encryption to generate a digital signature in less than one second. One iButton's high-capacity NV SRAM can support multiple applications, thus maximizing the possibilities for a variety of secure Java Card technology transactions.

Smart cards are quite popular in Europe, where magnetic credit cards never got to the same level of popularity as in the US. Smart cards haven't taken off in the US because VISA and MasterCard are restraining competition.