Motorola Developing Pill and Tattoo Authentication Methods

redletterdave writes "In trying to solve the 'mechanical mismatch' between humans and electronics — particularly wearables — special projects chief Regina Dugan unveiled two new projects currently in development at Google's Motorola Mobility centered on rethinking authentication methodology, including electronic tattoos and ingestible pills. Of the pill, which Dugan called her 'first superpower,' she described it as an 'inside-out potato battery' that when swallowed, the acids in one's stomach serve as the electrolyte to power an 18-bit ECG-like signal that essentially turns one's body into an authentication token. 'It means my arms are like wires and my hands are like alligator clips [so] when I touch my phone, my computer, my door, I'm authenticated,' Dugan said. 'This is not science fiction.'"

Beowolf?

Imagine a beowolf cluster of digestible pills.

Re:Beowolf?

[Penguinisto]

I did, then I imagined a huge cluster of janitors needed to clean up the resulting mess in the Men's Room.

Re:Beowolf?

Imagine a Beowulf cluster of cocks in your ass.

Tattoo Authentication Methods

Didn't we have a problem with this in Europe last century?

Re:Tattoo Authentication Methods

This time the tattoo goes on the forehead or the palm of your right hand.

Re:Tattoo Authentication Methods

[h4rr4r]

This would be voluntary. That is a pretty big difference.

Re: Tattoo Authentication Methods

Voluntary, if you want to use any of the services connected to it.

Just like cell phones and automobiles are voluntary yet essential services.

Re: Tattoo Authentication Methods

[h4rr4r]

I have friends with no cell phones, and plenty with no automobiles. The last one depends highly on the public transit situation in your area though.

I would say where I live both are very convenient but not essential. When not on call I often disable the cellular connection of my phone. You should try it some time.

Re:Tattoo Authentication Methods

Tell that to the school kids in Florida who just got tattooed without their parent's permission.

Oh wait, that was something else...

Re:Tattoo Authentication Methods

[ArcadeMan]

I vote for the forehead tattoo with an "H" letter design.

Re:Tattoo Authentication Methods

[kheldan]

This would be voluntary. That is a pretty big difference.

At first. It would be voluntary at first.
There are many people in power in this world today who would love to be able to tattoo some sort of ID on people from birth, or embed an RFID in their bodies at birth, and so on, so they can be tracked everywhere they go (with greater ease than we already are with goddamn fucking cameras everywhere. NO. JUST. NO.
Yes, I understand the article is talking about something like a henna tattoo or a sticker you wear.. but it would set a dangerous precedent. The line has to be drawn here, no farther!

Re: Tattoo Authentication Methods

[stanlyb]

Yep, but most of the people are not sociopaths like your friend....

Re:Tattoo Authentication Methods

[aztracker1]

Not that I believe in voodoo/magic... but the bible talks about something like this too... requirement for trade etc.

I also remember something similar in the movie Demolition Man as well... Are you an Oscar Mayer Weiner?

Re: Tattoo Authentication Methods

[cayenne8]

Are there really people out there creating a market clamoring for pill swallowing transmitter ID for devices?

Seems like a strange idea, for a small market...I mean, we've seen how well the inject-able RFID chips have sold....

Re:Tattoo Authentication Methods

[h4rr4r]

So your right to be afraid trumps my right to get one of these devices for my own use?

Am I allowed to wear it outside or will you object to that as well?

Re:Tattoo Authentication Methods

[sudden.zero]

Awww, but I don't want to be a hologram!

Re:Tattoo Authentication Methods

[jeffmeden]

This would be voluntary. That is a pretty big difference.

At first. It would be voluntary at first.
There are many people in power in this world today who would love to be able to tattoo some sort of ID on people from birth, or embed an RFID in their bodies at birth, and so on, so they can be tracked everywhere they go (with greater ease than we already are with goddamn fucking cameras everywhere. NO. JUST. NO.
Yes, I understand the article is talking about something like a henna tattoo or a sticker you wear.. but it would set a dangerous precedent. The line has to be drawn here, no farther!

Some perspective du jour...

Rewind 50 years:
"You mean those fuckers are going to require that they have my picture just so I can get a drivers license? Hell no! Let's draw the line in the sand! The MAN already knows too much about me, and it would set an unthinkable precedent!"

Fast forward 5 years (maybe less):
"Oh, wait, you mean it will make my email and phone and bank account basically un-hackable in the face of wave after wave of cybertheft? Yeah, well, ok let's draw the line just a little further out"

Re: Tattoo Authentication Methods

[h4rr4r]

Hospitals would love this.
So would retirement homes and other care facilities.

Re: Tattoo Authentication Methods

[h4rr4r]

I am not sure I have sociopath friends.
I hope not.

Re:Tattoo Authentication Methods

[kheldan]

I see. So are you declaring that you'd be OK with a state-mandated permanent tattoo on your skin, or an RFID tag surgically implanted in your body? Mandated, as in you submit to it or are imprisoned? That's where this is going, and I and many others are not OK with it.

Re:Tattoo Authentication Methods

[Runaway1956]

Yeah, it's voluntary. But, more and more banks use it, more and more retailers use it, employers use it, then Wal-Mart says that all credit card users MUST have it, then the state says that all beneficiaries of Medicaid, food stamps, social security, and unemployment benefits MUST have it.

Give it ten years, and "voluntary" will be a completely meaningless descriptor.

"Well, Junior, there's no law that says you HAVE TO swallow this pill, but you can't get a job, you can't buy groceries, you can't see the doctor, you may not even be permitted to breathe good American air if you refuse!"

Re:Tattoo Authentication Methods

[Reverand+Dave]

Brilliant, that way when you die, it won't be as bad for your career!

Re:Tattoo Authentication Methods

[chuckinator]

If we mandated it be SH on the forehead, it would apply to corporeal smegheads equally well.

Re:Tattoo Authentication Methods

This time the tattoo goes on the forehead or the palm of your right hand.

What if the area is subjected to a lot of... umm... friction?

Re: Tattoo Authentication Methods

I have to wonder what one of those "pills" would do if the patient was given an MRI.

Re: Tattoo Authentication Methods

[h4rr4r]

Obviously they would need to be designed around that limitation.

Re:Tattoo Authentication Methods

[okeuday]

This is ZPG all over again.

Re: Tattoo Authentication Methods

[Russ1642]

It's not that bad. You can have decent quantities of metal in your body and still have an MRI. I had one last year and I have a permanent stainless steel retainer on some of my teeth. It wasn't an issue at all. I looked it up and apparently the only issue is the reduced quality of the scan in the area immediately around the metal.

Re:Tattoo Authentication Methods

[Russ1642]

Gay Marriage is voluntary AT FIRST!!! But soon everyone will be required to be gay married.

Re:Tattoo Authentication Methods

[lxs]

Negative I am a meat-popsicle.

Re:Tattoo Authentication Methods

Until you can't buy or sell without it...

Re:Tattoo Authentication Methods

[moj0joj0]

I see. So are you declaring that you'd be OK with a state-mandated permanent tattoo on your skin, or an RFID tag surgically implanted in your body? Mandated, as in you submit to it or are imprisoned? That's where this is going, and I and many others are not OK with it.

I think you should think that bit through a little more.

Driver's licenses are state mandated to operate a vehicle legally in the United States. I haven't had a driver's license since about 1994, I still drive almost daily, I have insurance on my cars and they function just fine. I do have an ID card that has my picture on it, (I do still sometimes get carded at some pubs or when buying smokes) however that card has very old data on it. I have been pulled over, but presenting my ID card and insurance has been more than sufficient for the officer.

My point is that you may just be overstating things slightly. Sure, it could become a law that you need to have XYZ to access things, or for identification purposes, but people will object over religious beliefs or other concerns and an alternative will be available - such as an ID card with RFID, rather than a glow-in-the-dark tattoo or a RFID capsule over your right scapula.

I am sure that all sorts of abuses of the system will happen, it always does, but it won't happen like the mark of the beast scenario you're suggesting.

This implant stuff... meh, neat-o tech, but not really something to worry about - I mean hell, if you're worried about Big Brother, we're already fucked, just look around for a minute.

Re:Tattoo Authentication Methods

[jeffmeden]

I see. So are you declaring that you'd be OK with a state-mandated permanent tattoo on your skin, or an RFID tag surgically implanted in your body? Mandated, as in you submit to it or are imprisoned? That's where this is going, and I and many others are not OK with it.

Not sure if "whoosh"

Or just "splat"

Eh here goes: Does everyone either have a drivers license, or live in fear of being jailed? And how is that "huge mandated database of photos and identities" working out for us? Is it the end times yet? Are dogs and cats living together? Any mass (government-induced) hysteria?

Re: Tattoo Authentication Methods

[rthille]

It depends on whether the metal is ferrous or not. If you've worked in a machine shop they want you to get your eyes x-rayed so they don't extract any filings which might have lodged in there without your knowledge...

Re: Tattoo Authentication Methods

[Penguinisto]

I have friends with no cell phones, and plenty with no automobiles.

...and are therefore dependent on the local infrastructure, cannot travel anywhere, etc. Makes them very easy to track and catch if needs be.

It's those mobile mofos that need to be kept tabs on.

Re:Tattoo Authentication Methods

[Penguinisto]

I haven't had a driver's license since about 1994, I still drive almost daily, I have insurance on my cars and they function just fine. I do have an ID card that has my picture on it, (I do still sometimes get carded at some pubs or when buying smokes) however that card has very old data on it. I have been pulled over, but presenting my ID card and insurance has been more than sufficient for the officer.

...and you're saying that in all this time, no police officer that pulls you over has ever, *ever* cited you for having an expired license that's nearly 20 years out-of-date?

What state/country do you live in?

Re:Tattoo Authentication Methods

[Penguinisto]

Gay Marriage is supported voluntary AT FIRST!!! But soon everyone will be required to support gay marriage.

FTFY.

Re:Tattoo Authentication Methods

How is anything like this going to make you unhakable? Just like your ATM pin keeps your account safe? Any digital signal that is broadcast is subject to capture and replay. So now when someone steals your pin it will mean you have to undergo surgery to disable it and get a new one? Sounds like a lovely idea.

Re:Tattoo Authentication Methods

[kheldan]

I am not religious in the least. I do not even discuss the subject because I do not find it relevant.

Carrying a driver's license or some keyfob that generates a unique encryption code is fine. Attaching something permanently to my body? Fuck no. Did you think I was just typing to hear my keys click? Answer the question: Would you be OK with the government mandating a permanent tattoo or an RFID chip implanted in your body for "identification purposes" or "security purposes"?

Re:Tattoo Authentication Methods

[kheldan]

I notice nobody wants to answer the question directly: If the government of your country mandated you be tattooed "for identification purposes" or "for security purposes", are you saying you're OK with that?

Re:Tattoo Authentication Methods

[mrmeval]

Of course not! There's another called scrotum / vaginal mapping that could be used. It's very difficult to alter those. Couple that with the blood vessel map of the eye and fingerprints and it will NEVER be defeated!

Ok funs over (I am sad)

Two factor, biometric, cryptographic, personal managed by people who are not morons who need a brick encrusted cluebat to shatter their eggshell covered brain meats.

It's either casual like your bank pin or it's serious.

Re:Tattoo Authentication Methods

I vote for the whole face tattoo of a spider. That or getting electrolysis hair removal for your whole head and then having a "hairstyle" tattooed on.

Re: Tattoo Authentication Methods

its a tattoo , im sure your fapping wont be altered in anyway

Re:Tattoo Authentication Methods

Maybe the "whoosh" or "splat" is on you.

In case of those licences its you who offers them (or not) to whomever is asking.

Its a bit diferent when such a "tattoo" or "pill" is sending out your identification all the time.

Wanting to pick up that booklet on veneric diseases anonimiously ? Not possible. Wanting to make a donation anonimiously ? Not possible. When you touch it (or maybe even when you come near enough to it) you leave your "fingerprint" for anyone to store and/or track.

Although ... It seems that lots of people have no problem with either carrying RFID cards with them or divulging their day-to-day lifes in Facebook and its ilk.

Than again, an RFID card can be blocked, and using Facebook is a persons own choice.

Re: Tattoo Authentication Methods

I have a tattoo of a vagina on my anus. That way when dudes fuck me, they can pretend they are fucking a woman.

Re: Tattoo Authentication Methods

Bat wing. So veiny!

Re:Tattoo Authentication Methods

[krashnburn200]

I am for it just to give y'all shitfits

Re: Tattoo Authentication Methods

[drkim]

its a tattoo , im sure your fapping wont be altered in anyway

If they put the tattoo on the BACK of your hand it could display pr0n while the palm is... ah... busy.

Re:Tattoo Authentication Methods

[JimBobJoe]

"You mean those fuckers are going to require that they have my picture just so I can get a drivers license?

In case you cared, most states started to add photos to licenses in the late 60s and early 70s, finishing up in the early to mid 80s. It appears that heavy lobbying from Polaroid, which had introduced color instant photography in the mid 60s is what lead states to adopt photo licenses.

Having said that, some people were pretty pissed about the photo requirement, but I think we were less sophisticated in terms of privacy and security than we are today. Had they tried to introduce photo licenses in the 90s I think they would have had a much more difficult battle.

Re:Tattoo Authentication Methods

Kang: Gay marriage for all!
Crowd: Boooo!
Kang: Very well, no gay marriage for anyone!
Crowd: Boooo!
Kang: Hmm, gay marriage for some, miniature american flags for the others!
Crowd: YAYYYYYY!!

Re: Tattoo Authentication Methods

I'm 34 and I have no car or even driver's license. I've never felt the need to have a car either. The subway gets me around to wherever I need to go daily, and since I don't have to drive I use the time to read (books, newspapers, blogs, whatever) catching up on tv series, etc. Trains are very convenient and confortable for travelling inside the country or to get me to the airport when I travel by air. My 10 year old bike suffices for everything else.

I have two mobile phones, one personal and one work. The work phone is set to disable the radio automatically whenever it registers to the cell that covers my home. The personal one is set to ring _only_ for family and close friends, at all times.

It's not hard being free.

Re:Tattoo Authentication Methods

[kheldan]

Fine.
Just remember this: questions like this have come up before, for real, and they'll come up again, for real, and it may very well happen in a way that doesn't give you a direct opportunity to cast a ballot that says "No, I don't want this". Your only opportunity to say "no" may be pleading with your local congressperson, who probably won't listen to you.

Re:Tattoo Authentication Methods

[moj0joj0]

That's what I'm saying - I live in the good ol' US of A and have resided in several states.

Re:Tattoo Authentication Methods

[moj0joj0]

Would you be OK with the government mandating a permanent tattoo or an RFID chip implanted in your body for "identification purposes" or "security purposes"?

Personally? No. Will it happen? Perhaps, but not anytime in the near future. Will it matter to me? Again, no, it probably won't. Why? Because, so many people will have a problem with it that an alternative method will have to be allowed.

Having said that, if there were a valid reason for a tracking device being implanted, then I probably would do so.

For example, I were a colonist on a tera-forming project that had been ordered to check out an "anomaly" and had subsequently brought back something that then killed the colony and the Marines needed to locate my dead body... I mean they could just nuke it from orbit, just to be sure... However, if they needed to find MY body, then yeah, I'd get the RFID implanted.

Re:Tattoo Authentication Methods

[lsatenstein]

This would be voluntary. That is a pretty big difference.

At first. It would be voluntary at first.
There are many people in power in this world today who would love to be able to tattoo some sort of ID on people from birth, or embed an RFID in their bodies at birth, and so on, so they can be tracked everywhere they go (with greater ease than we already are with goddamn fucking cameras everywhere. NO. JUST. NO.
Yes, I understand the article is talking about something like a henna tattoo or a sticker you wear.. but it would set a dangerous precedent. The line has to be drawn here, no farther!

Some perspective du jour...

Rewind 50 years:
"You mean those fuckers are going to require that they have my picture just so I can get a drivers license? Hell no! Let's draw the line in the sand! The MAN already knows too much about me, and it would set an unthinkable precedent!"

Fast forward 5 years (maybe less):
"Oh, wait, you mean it will make my email and phone and bank account basically un-hackable in the face of wave after wave of cybertheft? Yeah, well, ok let's draw the line just a little further out"

===
'My dog has embedded rfid chip. He does not suffer. And if he is lost, we can get him, if the finder takes him to a vet with a scanner.

And when in the future I get Alzheimer or dementia, it would be a good idea to have me identified by such a chip. And if I end up in the hospital, unconscious, the hospital could find out all my allergies before administering me penicillin or other anti-biotic.
I am for it, the good outweighs the bad.

Re:Tattoo Authentication Methods

Any mass (government-induced) hysteria?

Did we forget about the War on Terror(TM)? I'd call that government-induced mass hysteria. Mild hysteria, perhaps, but irrational nonetheless.

Temporary token

So I have to check my poop all the time for my auth token?

Eat it again? Renegotiate?

How do you authenticate yourself without the "inside out potato" - not science fiction maybe, but rather far out research - I like it ! :)

Re:Temporary token

So I have to check my poop all the time for my auth token?

Eat it again? Renegotiate?

How do you authenticate yourself without the "inside out potato"

Parser failure. "Potato battery" is one token; "inside-out" modifies the whole thing.

And of course it doesn't fucking work for more basic reasons, because anything that touches your hand can read the whole 18 bits of the electric signal, then program their own pill to reproduce it. You need a way of proving you have the authentication secret without providing the authentication secret -- public-key cryptography is the answer, and it doesn't sound like this implements it, since public-key authentication normally requires two-way comms or a synchronized bit of variable data (e.g. synchronized real-time clocks) to prevent replay attacks.

Once you add two-way comms, then it's not hard to swallow another pill, and have the old one sign the new one's public key, so there's always at least one in your system, and it has a chain of trust going back to the first one. Add some infrastructure on the other side so once a longer chain is seen anywhere on the internet, a shorter chain is no longer valid, and now you don't have to worry about somebody else going through your poop for yesterday's auth-pill and using it to impersonate you.

Re:Temporary token

And of course it doesn't fucking work for more basic reasons, because anything that touches your hand can read the whole 18 bits of the electric signal, then program their own pill to reproduce it.

The point of the research is to minimize the aggravation of human-computer interaction required for authentication and authorization, dumbass. If the prototype can deliver some 18 bits of electric signal, then it can (trivially) be modified to act as a second authentication factor or to implement PKI.

Try thinking *outside* your little box sometime.

Re: Temporary token

So.. People keep chugging pills to authenticate??

That's dumb.

Re: Temporary token

[h4rr4r]

Many people already take pills everyday, for them this would not be a big deal.

Re: Temporary token

[ArcadeMan]

That's not dumb for the manufacturer. In fact I'm going to guess that some USA politicians may have already received a cash bonus to vote in favour of this stupid idea.

Re:Temporary token

Try reading *past* the first sentence sometime.

2-way communication is not a trivial extension, but it's doable, and it's the right fix. Once you have that, AS I EXPLAINED, the other problems GP mentioned are trivially fixable.

Re: Temporary token

So.. People keep chugging pills to authenticate??

That's dumb.

But less dumb than keeping chugging the same fucking pill after it goes through your digestive tract, no?

Less disgusting, anyway.

Re:Temporary token

[gl4ss]

Try reading *past* the first sentence sometime.

2-way communication is not a trivial extension, but it's doable, and it's the right fix. Once you have that, AS I EXPLAINED, the other problems GP mentioned are trivially fixable.

well there's still the slight problem of just taking your pills...
the tech has some uses.. for some other cyber things. using it for unlocking just doesn't seem quite right.

Re: Temporary token

hmm i also take a piss everyday, maybe they could just limit it to me pissing to authenticate.

Re:Temporary token

[cusco]

There are already RFID tags that can be fed to cattle to track them throughout the entire life cycle that have little hooks. The tag lodges in the intestinal tract until the animal is slaughtered.

Re:Temporary token

[rthille]

You don't need 2-way to do PKI. You can just sign some string with the current time with the private key, and the validator check against the same string with the public key. So, you would need a fairly accurate real time clock, but not 2-way comms.

Re: Temporary token

A fairly accurate RTC connected to every element of the PKI. Oh, wait, that's stupid, since it "solves" the replay problem with a burdensome requirement, and still leaves us with the re-keying problem, whereas 2-way comms both fixes that AND lets me authenticate to my phone when it first boots up after the battery's been out for a while and it doesn't know the current time. (The phone should refuse to boot far enough to get online and sync with NTP until after I've authenticated, obviously -- when I'm not using it, there's no point enabling the additional attack surface for the guy who we may assume stole my phone.)

I will take two pills!

[fredan]

So that I've got 36-bits of this securitybits!

Re:I will take two pills!

[Intrepid+imaginaut]

What happens if you get an evil bit by accident?

Re:I will take two pills!

[Nadaka]

You become a were-cyborg.

Re:I will take two pills!

A red AND blue pill at the same time? Careful or you might end up like Violet (from Charlie and the Chocolate Factory).

Re:I will take two pills!

But you only transform at the 2038 integer overflow.

Re:I will take two pills!

[fahrbot-bot]

What happens if you get an evil bit by accident?

You get a job offer from Wall Street.

Re:I will take two pills!

[drcheap]

What happens if you get an evil bit by accident?

Just use Richy_T's "logging out" method of converting it into a dirty bit.

I can't swallow a pill that big!

[AioKits]

Good news! It's a suppository!

Re:I can't swallow a pill that big!

Needs acid. Ow. Or is it Wow?

Re:I can't swallow a pill that big!

[VortexCortex]

I crap from my mouth, you insensitive clod!

Re:I can't swallow a pill that big!

[ZooDog]

Bad news is it's the size of a softball...

Automatic authentication by contact sounds bad

So all i need to do to get into your stuff is knock you out and touch you to it?

Seems a bit insecure.

Re:Automatic authentication by contact sounds bad

Better than a rubber hose.

Re:Automatic authentication by contact sounds bad

[FooAtWFU]

It also sounds vulnerable to replay attacks. I can have you touch something that secretly records the signal, then play it back to the actual input device. Seems like a password you're always broadcasting from your skin...

Re:Automatic authentication by contact sounds bad

[jeffmeden]

So all i need to do to get into your stuff is knock you out and touch you to it?

Seems a bit insecure.

They have this thing we call "Two factor authentication"... as long as your remembered, short-term password is not exposed before they knock you out then you are still safe (at least your deepest darkest secrets are, maybe Facebook will ignore the two factor auth requirement). Then again if they are going to knock you out why not just resort to restraining you, while awake, and forcing you to hand over your credentials at the threat of torture or death? If violence is on the table, not much will save you (except a good guy with a gun).

Re:Automatic authentication by contact sounds bad

[gl4ss]

you just need to shake the hand....
you know what's coming up? CUTS AT MOTOROLA.

how does one know that? the research labs start publicizing all kinds of crazy shit to news outlets.

that and the fact that they're overdue, because of money(shitty sales, really) and this is why google is keeping them as a separate entity, so that they can do the cuts with them still seeming like Motorola doing them and not Google since Google has money and doesn't have a pressing need to cut the staff.

Re:Automatic authentication by contact sounds bad

[ArsonSmith]

That's why you never depend on a single item. At least two of: something you have, something you are, something you know. this is sort of a bluring of something you have and something you are, but this combined with a PIN/Passphrase would make authentication quit secure.

Re:Automatic authentication by contact sounds bad

Can't believe I'm saying this, but swallowing an RSA generator analogue with an appropriately fast refresh would tie the token more specifically to a particular space/time point. Not sure how much power that would take though, nor whether some constantly generating bit stream is secure over lifetime X of the device.

The concept seems viable, which is terrifying. Once the protocols have matured to that extent the downside of the system becomes...swallowing the pill. May as well just implant it then!

Re:Automatic authentication by contact sounds bad

So they knock you out (or otherwise make you comply), touch your device to you, and get your 2 factor auth key from the fob on your keychain.

This approach i just silly.

Re:Automatic authentication by contact sounds bad

If the first level of security is making your body the key, then the second level of security is obesity and the third level of security is extreme body odor.

Re:Automatic authentication by contact sounds bad

[Richy_T]

They have this thing we call "Two factor authentication"

Which the banking industry appears to be doing their goddamn best to avoid right now.

Re:Automatic authentication by contact sounds bad

[charles2678]

It also sounds vulnerable to replay attacks. I can have you touch something that secretly records the signal, then play it back to the actual input device. Seems like a password you're always broadcasting from your skin...

No reasonable authentication system works that way. Typically, one uses bidirectional communications -- present a piece of data, get back a signature with a private key stored within the device. That's been done in extremely-low-power scenarios for ages -- remember the crypto iButton?

Re:Automatic authentication by contact sounds bad

In the case of serious two-factor authentication schemes, one of the factors isn't basically public knowledge. In this set-up, since the user of the pill doesn't take any action to authenticate, any person with an appropriate scanner can capture one of the user's authentication tokens. More importantly, as the person who has swallowed the pill, you don't even know that you've been compromised (as you would if, for instance, someone stole your RSA auth token). This effectively reduces the complexity of attack for a competent, determined attacker to the same level as attacking a system solely protected by a password.

Re:Automatic authentication by contact sounds bad

[networkBoy]

My bank has it.
Something I have, something I know.

If I am on a trusted computer I can store the something I have portion and only need to provide the something I know.
If I am at an untrusted computer (or just got a new computer I want to trust) I get a PIN texted to my phone (trusted) that I can enter along with my normal passphrase. the PIN is from a OTP, so is useless after one use or 5 min, whichever comes first.

If I lose my phone I can notify the bank (same as lost card) and both the phone number and stored token are invalidated.

To validate a new phone I take it to the bank.

Re:Automatic authentication by contact sounds bad

[Richy_T]

OK, I admit I was engaged in hyperbole and it's good that your bank does that. I'm referring to this story http://news.slashdot.org/story/13/05/18/146205/uk-consumers-reporting-contactless-payment-errors

Re:Automatic authentication by contact sounds bad

" Seems like a password you're always broadcasting from your skin..."

And thus anything you touch throughout the day can potentially be used to track your physical location. If anyone thinks this "superpower" is anything but tracking technology, you're the tool of some crazy bitch with a scary tattoo.

Re:Automatic authentication by contact sounds bad

Unless someone invents a camera the size of a pin hole to also record you entering your pin. But I'm sure that would never happen.

Re:Frosty

Fail!

Clip this!

[Impy+the+Impiuos+Imp]

And there should be regulation to prevent all corporations, but not government, from surreptitiously reading your "alligator clip" ID because we have been trained, by government, to think of business as the Prime Evil of existance.

Re:Clip this!

[Farmer+Pete]

Are you shaking my hand because you're friendly, or are you secretly reading my ID, sending the information off to your ops center, and are now going to clone my ID and sneak into my secret lab that I shouldn't have just mentioned on Slashdot....crap

Re:Clip this!

[serviscope_minor]

because we have been trained, by government, to think of business as the Prime Evil of existance.

I think I'm not alone here when I say: WTF?

Re:Clip this!

I second your WTF. Especially on /. where people think governments are the biggest evil of all, while businesses should be allowed to do anything because "freedom".

Re:Clip this!

Especially on /. where people think governments are the biggest evil of all, while businesses should be allowed to do anything because "freedom".

Hate to burst your bubble, but around these parts we don't like either of them.

Re:Clip this!

He's saying when you go all occupy and demand the Government rein in Evil Business, you've fallen for the oldest trick in the book.
(Which is true.)
What he's suspiciously not saying is that when you go all tea party and demand the Evil Government collapse and let Business do everything, you've also fallen for the same damn trick.
(Which is also true.)

In point of fact, Government is evil, and Business is evil*, and they each want you to see the other one as the enemy so you don't notice them raping you up the arse.

What to do? Be an anarchist! You get the good feeling you alone have the moral high ground, and you don't ever have to worry about a country actually implementing your beliefs and showing them to, in practice, enable evil (as the laissez-faire capitalists have the U.S. today and the socialists had Russia back in your parents' day). Failing that, a Jeffersonian liberal stance (with a bit less agrarian nuttiness -- odd how good farming looks when you have slaves to do the backbreaking work, eh?) could work, believing in both limiting government and not handing any business any special privileges, including incorporation.

*Can you figure out what Government and Business have in common? They're both bigger than about 20 people -- which is the biggest group where people can do anything like consistently getting along with one another. Above that order of magnitude, society simply doesn't work, and until someone comes up with a way to reprogram us sociologically (or it happens in advertently, a la Voyage from Yesteryear), we're terminally fucked when we get into larger groups -- and if you try to live some sort of small-group nomad life, you'll find yourself unable to defend adequately when the terminal fucked-up-ness of some much larger group turns outward.

Re:Clip this!

[gorzek]

And yet the prevailing political philosophy I see expressed by Slashdot commenters falls somewhere in the anarchist/libertarian area of the political graph, where there's little to no government and virtually unfettered personal (and corporate) behavior. In concept, it's nice to imagine a world where everyone can do anything they want as long as it's not harming anyone else. In practice, we find that "harm" is not always easy to see, and can result from complex sequences of events and interactions that are not individually problematic but nevertheless result in systemic harms.

I am by no means saying that government is the perfect solution to every problem. In fact, there is no perfect solution to most problems. There's only bricolage and compromise. Some things are better managed by government. Some things are better managed by the private sector. Both need to be accountable, though: the business world is accountable to the government, and the government is accountable to the people. When any of those mechanisms fails, the system has failed.

That is to say, I am deeply unhappy with the current state of US politics, since any efforts at accountability for government are stymied by the total lack of accountability in the business world.

But there's no way I'm going to take that and conclude the option is to nearly get rid of the government and just trust the market to work everything out. That way lies insanity, or at least a whole lot of misery.

Re:Clip this!

[lgw]

That is to say, I am deeply unhappy with the current state of US politics, since any efforts at accountability for government are stymied by the total lack of accountability in the business world.

It's circular, I think. The only place where there's no accountability in the business world is where there's no penalty for failure (and thus you can piss off your customers fee of consequence for that), because of some government prop: legal monopoly, bailing out failures, whatever.

I think it's obvious that "no government" and "totalitarian government" are bad answers, but I've come to believe that "more government" and "less government" as answers simply miss the point.

The problem is the kind of power we give government over business. Amending the constitution to prevent the government from granting a monopoly to any business for any reason, and from the government bailing out a company for any reason (but how would you word that?). Would make things much better. Not a magic bullet, regulatory capture is going to need a separate answer, but those two changes would be a marked improvement.
 

Re:Clip this!

[networkBoy]

nah, we're using it to prove to your lady that we are you, despite what we look like.

Authentication In Pills = Dumb

[Farmer+Pete]

What goes in, must come out. I'm not sure if I'd like to swallow a pill every day for authentication. Besides, it doesn't seem that secure. What's to stop my friend from taking my pills and authenticating as me? The Tattoo idea may be better, but it better be secure. You can't exactly "Patch" a tattoo with a security fix.

Re:Authentication In Pills = Dumb

[kevkingofthesea]

The pill itself isn't the auth - the pill uses your body to generate a signal which is used to auth.

Re:Authentication In Pills = Dumb

[fuzzyfuzzyfungus]

What goes in, must come out. I'm not sure if I'd like to swallow a pill every day for authentication. Besides, it doesn't seem that secure. What's to stop my friend from taking my pills and authenticating as me? The Tattoo idea may be better, but it better be secure. You can't exactly "Patch" a tattoo with a security fix.

C'mon, coward, the patching process is a routine inpatient procedure, and isn't quite as gruesome, painful, or infection-prone as that picture makes it look.

Happy patch Tuesday!

Re:Authentication In Pills = Dumb

[Farmer+Pete]

What happens if I lose weight or I am a teenager and I grow 6 inches?

Idiocracy becoming more true.

Tattoo authentication...I just see Idiocracy.

Re:Idiocracy becoming more true.

sure, laugh now, but tomorrow that vision will be reality.

welcome to costco, i love you.

erm

[Aryden]

Because nothing at all could go wrong with changing your body chemistry to turn you into a battery for the purpose of unlocking a phone....

Re:erm

[MightyYar]

I change my body chemistry all the time, just for recreation. If this thing is powered by booze, I'm all for it.

Re:erm

[Aryden]

well sure, you change it for short (relatively) periods of time not for 24/7.

Re:erm

[ArsonSmith]

Using biological energy to make a device work, wasn't there a movie based on this?

Re:erm

[Aryden]

could have sworn there was a guy named Neo...

Re:erm

[MightyYar]

This pill uses magnesium (and copper as the cathode, which should stay intact), so no worries. You need around 400mg/day just to stay healthy. The pill is FDA and CE certified.

Re:erm

[drinkypoo]

Oh good, it's FDA certified! What could possibly go wrong?

Re:erm

[MightyYar]

Well, it implies a certain amount of testing. It's not just "we threw something that looks like a battery into a person", and it probably won't "change your body chemistry" in any significant way.

Re:erm

[drinkypoo]

Well, it implies a certain amount of testing.

Yes, it does, but it does not imply adequate standards, nor adequate testing.

Re:erm

[MightyYar]

That is an area fraught with subjectivity :)

Re:Frosty

First!

Fail!

Motorola no more

[subnomine]

Having worked in Motorola research (and later the cellular infrastructure), a long time ago, my first reaction was "Wow, Motorola has finally got some balls!" Then I remembered that it is now Google.

Re:Motorola no more

[fishbonz]

I initially thought it was some campaign to generate interest in Motorola for stock sales or something..then I remembered the same thing you did...it's Google

Re:Motorola no more

[aztracker1]

Only Motorola Mobility (cell phone division) was sold off to Google... I don't know that the research division was with that though. This could still be Motorola of old.

Sounds unhealthy

What are they going to use in this proposed battery that won't be toxic? Remember, when a battery provides power, the anode is dissolved into the electrolyte.

Re:Sounds unhealthy

[MightyYar]

So use zinc?

Re:Sounds unhealthy

[compro01]

Would 40mg (dietary upper limit for zinc) be enough anode to power the thing for ~24 hours?

Re:Sounds unhealthy

[MightyYar]

Sorry, turns out it uses magnesium (with a copper cathode), which you need around 400mg of per day to stay healthy. The pill is FDA and CE certified.

Data in, data out

[Hoi+Polloi]

I poop information!

Re:Data in, data out

[VortexCortex]

I pee what you did there...

MARK OF THE BEAST!!!

[RevWaldo]

GOOGLE IS A TOOL OF THE ANTICHRIST!

It's true! I read it in this little pamphlet I found on the subway!!

.

Medical Identification For Surgery

I see this as a great benefit for proper patient IDing for surgeries. Just a quick scan of the patient to double check the proper one before commencing the procedure. Bonus points for including the correct body part and procedure in the authentication.

Re:Medical Identification For Surgery

[demonlapin]

That only moves the point of error into a computer being run by $8/hr admissions clerks. At least when someone's name is wrong on an armband, you can see it.

Re: Medical Identification For Surgery

They will need to provide some sort of a carrier bag for organs and body parts that have been removed in the surgery and contain the identifier.

Overly complicated

[nickmalthus]

Instead of focusing on ergonomics they should simply force the user to wear a cattle ear tag. After all, cattle is what the government and corporate America think we all are.

Well, fuck.

[fuzzyfuzzyfungus]

What kind of shitty future did I wake up in where 'unlocking your cellphone' is a "superpower"?

Re:Well, fuck.

[gstoddart]

One in which marketing wants to convince us this is a good idea.

I for one have no intention of using either of these proposed methods, and Motorolla can go pound sand.

Re:Well, fuck.

[h4rr4r]

The kind where we are solving so many issues that this sort of stuff is what is left. Sure lots of disease and that sort of thing being worked on, but that is not what moto does.

People just don't notice how awesome 2013 is because they are jaded.

Re:Well, fuck.

[Ambvai]

That's STILL a better superpower than this poor guy: http://en.wikipedia.org/wiki/Arm_Fall_Off_Boy

I believe the URL says it all.

Re:Well, fuck.

[ceoyoyo]

One in which Google is running things. First their phones are sentient, now convincing them you're you is a superpower, but requires you tag yourself.

Re:Well, fuck.

[LordNightwalker]

What kind of shitty future did I wake up in where 'unlocking your cellphone' is a "superpower"?

Don't know man, humanity's changing and more and more people are waking up with new and strange powers. Take me, for example... A couple of weeks ago I discovered I have the power to look through solid windows!

666?

[Naatach]

I'd get the tattoo only if it goes on my hand or forehead. Can you hear Jerry Falwell & his type screaming yet?

Personalized Tattoos

[nickmalthus]

Maybe the electronic tattoos can be personalized, allowing a user to project a retro "holocaust concentration camp ID number" type vibe.

Well, my eyes are safe

I guess I won't have to worry about my eyes being plucked out of my skill for retinal identification spoofing after all!

Re:Well, my eyes are safe

[TheCarp]

Nope, now they have to route around in your stomach and intestines. Big win there, that will really show them!

Re:Well, my eyes are safe

[3.5+stripes]

Root, route would mean they were driving some sort of vehicle around in there.

Re:Well, my eyes are safe

[cusco]

That research is under way . . .

Temporary authentication

[sjbe]

I'm not sure if I'd like to swallow a pill every day for authentication.

Doesn't have to be every day. The pill thing would be most useful for temporary authentication procedures. Issued to authorize someone for a limited time only. I could see some circumstances where the pill thing could be useful. I could see it being used as a second factor id for military, etc. Think similar to a visitor badge but harder to lose.

Big "D" cell

[RedMage]

This is all well and fine, until they herd us all into some kind of processing center and then hook us up like some kind of "D" cell in series to power the mastermind machine...

Re:Big "D" cell

[Plazmid]

Actually that would be more of a "Z" cell than a "D" cell.

Tattoo permanency

[DigitAl56K]

Tattoos are permanent, technology moves on at an incredible pace. This seems like a bad idea.

Re:Tattoo permanency

[swb]

Hey, obesity moves at a pretty rapid pace yet there's an awful lot of girls out there who thought they were going to have a lifetime "enter here" tattoo that's turned into a "wide load" sign.

Re:Tattoo permanency

[aztracker1]

That's #1... #2 You are a god damned idiot.

Re:Tattoo permanency

[chuckinator]

18-bits is cryptographically insecure. PCI and DoD restrictions require atleast 128-bit AES keys, and prefer 256-bit or higher. Public key crypto requires even more, with 1024 as the typical recommendation and going up as high as 4096 bit for the uber-paranoid.

MITM attack

[femtobyte]

'It means my arms are like wires and my hands are like alligator clips [so] when I touch my phone, my computer, my door, I'm authenticated,'

So, whenever you hold a metal hand rail walking down stairs, someone just needs to hook up a sensor to it to grab your authentication signal and relay it to your "secure" devices? This doesn't seem like a particularly more secure biometric than the "old fashioned" iris or fingerprint scans; anyone else can intercept your authentication signal any time you touch any object which they can insert sensors into.

Imagine being locked-out,

[AvgCsStudent]

Would this require surgery?

Re:Imagine being locked-out,

Nope - Ex-Lax

not in prison if they want to have some thing like

[Joe_Dragon]

not in prison if they want to have some thing like this.

What could possibly go wrong?

[Jahta]

'It means my arms are like wires and my hands are like alligator clips [so] when I touch my phone, my computer, my door, I'm authenticated,' Dugan said. 'This is not science fiction.'

"I assume your handprint will open this door whether you are conscious or not." - Commander Data, Star Trek TNG episode "A Matter of Time"

Re:What could possibly go wrong?

There is a great concern about using dumb biometrics implementations. If they authentication system does not require you to be alive then is is incentive for body mutilation or death. I would much rather have a key I could hand over to a robber than to be kidnapped because someone wants to steal something from me.

Re:What could possibly go wrong?

[drcheap]

"I assume your handprint will open this door whether you are conscious or not." - Commander Data, Star Trek TNG episode "A Matter of Time"

Handprint identification, please.

Re:not in prison if they want to have some thing l

[h4rr4r]

Having some form of ID in prison is already not voluntary. That is sort of the point.

mmmm

[houbou]

interesting.. wonder how hacking a human is gonna be like? can somebody be turned into a cyber terrorist, simply because his signal was hacked and used for illegal activities? then you become a human beacon.. does that make sense?

Imagine this

... in the world of silly "password security" rules such as having to change your password every 30 days.

Everyone uses google

[Marrow]

At this point, God, Santa, and the Easter Bunny use google.

Re:Everyone uses google

[aztracker1]

God created Google to index everything so he wouldn't have to think about it all...

How to tattoo?

Would they use e-ink for the tattoo ?

Doesn't have the problem of iris or fingerprints..

[RobinH]

So you can't just cut off the person's finger to activate some lock somewhere, like you can with fingerprint ID. But it seems to me that you can easily make a device that copies the ID just by touching it to their skin. Unless it has challenge/authentication, of course. If so, then you need to physically kidnap the person.

MITM vulnerabilities

[WaffleMonster]

Brings a whole new meaning to the man in the middle attack.

Multiple Accounts?

As a security precaution, I generally use an account with limited access most of the time and only use accounts with elevated access for specific actions. If our authentication is based on a tattoo or pill, how feasible is it to indicate which account we want to use this session?

Re:Multiple Accounts?

[CanHasDIY]

As a security precaution, I generally use an account with limited access most of the time and only use accounts with elevated access for specific actions. If our authentication is based on a tattoo or pill, how feasible is it to indicate which account we want to use this session?

This is your last chance. After this, there is no turning back. You take the blue pill - the story ends, you wake up in your bed and believe whatever you want to believe. You take the red pill - you stay in Wonderland, and I show you how deep the rabbit hole goes.

Oh, you just wanted to log in to your Steam account? Take this purple one then.

Re:Multiple Accounts?

As a security precaution, I generally use an account with limited access most of the time and only use accounts with elevated access for specific actions. If our authentication is based on a tattoo or pill, how feasible is it to indicate which account we want to use this session?

This is your last chance. After this, there is no turning back. You take the blue pill - the story ends, you wake up in your bed and believe whatever you want to believe. You take the red pill - you stay in Wonderland, and I show you how deep the rabbit hole goes.

Oh, you just wanted to log in to your Steam account? Take this purple one then.

Does that mean I have to wait for my privileged pill to exit my system before I can log into any social networks? Or for my social network pill to exit my system before I can do any server maintenance?

Obligatory

[Adm.Wiggin]

My body is my passport. Verify me.

I agree

[stanlyb]

This BULSHIT. I just wonder, if your pill is compromised, what are you supposed to do to shut it down!!!

How do you limit authentication?!

[mprinkey]

This idea is terrible. It is even worse than RFID credit cards. Since it has active electronics, I assume this is able to do challenge/response authentication, which is good. But how do you disable it? Somebody just "bumps" into you with a scanner and pays their dinner bill with your gut. At least RFID-chipped cards can be stored in a conductive pouch to prevent walk-by theft.

Whatever shape these new authentication methods take, they need to be at minimum:

(1) Challenge/Response based, and
(2) Momentary ON

Requirement 1 kills most biometrics systems. And Requirement 2 kills most implant/ingested systems.

So, how are you holding up?

[freeze128]

...Because I'm a potato!

Re:Frosty

First Fail, Fail!

Just wonder how....

[LVSlushdat]

I just wonder *how* they intend to *keep* it in the stomach.. Many people know instictively that items that enter the stomach pretty much *leave* the stomach in a fairly short period of time.. Unless they intend this to be a temporary authentication, and make you keep eating these "pills", to keep the effect working, they have a *bit* more work to do, in my opinion... VERY cool idea tho...

bonus

[CosaNostra+Pizza+Inc]

As an added bonus, It might be an effective weight loss product too if the pill obstructs your gastro-intestinal track. All jokes aside, this pill could have positive implications in addition to authentication.

New Euphemism

[Richy_T]

Brings a new meaning to "Logging out"

Re:New Euphemism

OK. Right there is why "Funny" comments deserve karma.

Re:Doesn't have the problem of iris or fingerprint

[Areyoukiddingme]

If so, then you need to physically kidnap the person.

Or steal their pills...

Fingerprints or retinas anyone?

What happened to those? And what about DNA you exhale?

We have a lot of things going on automatically naturally that we dont have to swallow a glorified rfid tablet.

I for one....

welcome our new Beast overlords. Anticipating the full revelation of the Bible and the Antichrist's benefaction whereby I cannot buy or sell without a 'mark' on me, I wait with baited breath for my marching orders once so owned.

Really? No one else thinks this is even a little scarey?

Re:I for one....

This get's erased off the site? What editorial license is that? Are geeks atheists? Never heard the story? I think the parallels are amazing to be honest...

Posted:
welcome our new Beast overlords. Anticipating the full revelation of the Bible and the Antichrist's benefaction whereby I cannot buy or sell without a 'mark' on me, I wait with baited breath for my marching orders once so owned.

Really? No one else thinks this is even a little scarey?

Someday

It's only a matter of time before we get wristwatch tattoos

Re:I will take two pills! - oblig. XKCD

Too obvious.

Pills extremely easy to defeat?

I haven't seen anyone else point this out, but it seems an obvious problem: all you would have to do to defeat this is to steal one of their pills.

oh yes

because pill bottles NEVER get stolen

Security flaws...

Plan for future ID theft:
Step one: Buy a sharp knife. ...