Motorola has announced it is looking at alternatives to traditional passwords in a bid to make logging into online sites, or accessing mobile phones, more secure.
Among the ideas discussed at the D11 conference in California on Wednesday were electronic tattoos and authentication pills that people swallow.
The tattoos, developed by Massachusetts-based engineering firm MC10, contain flexible electronic circuits that are attached to the wearer’s skin using a rubber stamp.
Motorola’s senior vice president of advance research, Regina Dugan, shows off an electronic tattoo at the D11 conference in California. The tattoos, designed by Massachusetts-based firm MC10, are made from silicon and contain electronic circuits that bend and move with the wearer’s body. The tattoos, called Biostamps, were designed for medical purposes to track a patient’s health, but Motorola thinks the technology can be used for authentication purposes, as an alternative to traditional passwords
This image shows the various parts that make up the MC10 electronic tattoo called the Biostamp. It can be stuck to the body using a rubber stamp, and protected using spray-on bandages. The circuit can be worn for two weeks and Motorola believes this makes it perfect for authentication purposes
HOW DOES THE MC10 ELECTRONIC TATTOO WORK?
A researcher at the University of Illinois used standard CMOS semiconductor computer chip technologies to create the Biostamp.
It uses high-performance silicon and can stretch up to 200 per cent.
The Biostamp can monitor temperature, hydration and strain, among other medical statistics
The first prototypes were stuck on using an plaster-style patches.
More recent prototypes are applied directly to the skin using a rubber stamp.
It can then be covered with spray-on bandage to make it more durable and waterproof enough to wash.
The MC10 Biostamp is said to last up to two weeks before it starts to come loose.
MC10 originally designed the tattoos, called Biostamps, to help medical teams measure the health of their patients either remotely, or without the need for large expensive machinery.
Motorola claims that the circuits, which also contain antennae and built-in sensors, could be adapted to work with mobile phones and tablets.
The mobile devices could then be used to confirm the owner’s identity and log them in to accounts automatically.
This would prevent thieves and other people from being able to access a phone, or individual apps on the device, if it is stolen or lost.
Another idea presented during the keynote talk at the Wall Street Journal conference with head of Motorola Dennis Woodside and senior vice president for advanced technology and products, Regina Dugan, was a swallowable pill.
The Proteus Digital Health pill has already been approved by the U.S. Food and Drug Adminstration and was given European regulatory approval in 2010.
Another password-alternative presented by Motorola at the Wall Street Journal’s D11 conference was the ‘vitamin authentication pill’. It contains a computer chip that creates an 18-bit signal when swallowed. Motorola is testing whether this signal can ‘talk’ to mobile phones and be used to authenticate a wearer’s identity
HOW DOES THE PROTEUS DIGITAL HEALTH PILL WORK?
The Proteus Digital Health pill contains a computer chip and a switch.
Once swallowed, the acid in the wearer’s stomach causes electrolytes to turn the switch on and off.
This creates an 18-bit ECG-like signal that can be picked up by mobile devices and authentication hardware to verify the wearer is the correct owner of the device or account.
It can also monitor heart rate.
The pill was approved by the U.S. Food and Drug Adminstration in 2012 after getting European regulatory approval in 2010.
Motorola’s Regina Dugan called it the ‘vitamin authentication pill’ and said the pills can be taken every day for 30 days, if necessary, without any problems.
It contains a computer chip that can be powered like a battery using the acid in the wearer’s stomach.
Once swallowed the ‘vitamin authentication pill’ creates an 18-bit ECG-like signal inside the wearer’s body that can be picked up by mobile devices and authentication hardware outside.
This could be used verify the wearer is the correct owner of the device or account.
Dugan continued that the pill could be taken every day for 30 days, if necessary, without any problems.
Woodside added Motorola would not be shipping these ‘right away’ but they have ‘tested it authenticating a phone, and it works.’
He continued: ‘Having the boldness to think differently about problems that everybody has every day is really important for Motorola now.’
Dugan, who used to be head of the US Pentagon’s Defence Advanced Research Projects Agency, explained that each signal emitted by the pill could be unique to each user.
Both these ideas move away from traditional passwords and towards technology that turns the user into a physical authentication token.
Explaining the reasons behind the plans, Dugan said: ‘Authentication is irritating. In fact its so irritating only about half the people do it.
‘Despite the fact there is a lot of information about you on your smartphone, which makes you far more prone to identity theft.
‘After 40 years of advances in computation, we’re still authenticating the same way we did years ago – passwords.
The so-called ‘vitamin authentication pill’ has been designed by Proteus Digital Health in California. It was passed by the FDA in 2012 after gaining European regulatory approval in 2010. The chip can be swallowed and used to monitor the wearer’s health and Motorola thinks it could be used for authentication
PASSWORDS ARE NO LONGER SECURE
A team of hackers, commissioned by technology website Ars Technica, recently managed to crack more than 14,800 supposedly random passwords – from a list of 16,449 – as part of a hacking experiment.
The success rate for each hacker ranged from 62 per cent to 90 per cent, and the hacker who cracked 90 per cent of hashed passwords did so in less than an hour using a computer cluster.
The hackers also managed to crack 16-character passwords including ‘qeadzcwrsfxv1331’.
Earlier this month PayPal’s chief security officer, Michael Barrett said he wants to see a mixture of online passwords with hardware-based identification such as finger print scanning becoming more common.
Talking at the IT conference Interop in Las Vegas at the start of May, Barrett said: ‘Passwords, when used ubiquitously everywhere at Internet-scale are starting to fail us.
‘Users pick poor passwords and then they’ll reuse them everywhere.
‘That has the effect of reducing the security of their most secure account to the security of the least secure place they visit on the internet.’
‘In fact it’s worse, the average users does it 39 times a day and it takes them 2.3 seconds every time they do it.
‘Power users will do it up to 100 times a day.
‘So what are we doing about it? Well [Motorola] is thinking of a whole variety of options for how to do better at authentication such as near-term things including tokens or fobs that have NFC or bluetooth.
‘But you can also think about a means of authentication you can wear on your skin every day, say an electronic tattoo or a vitamin pill’.
During the talk, Woodside also unveiled Motorola’s plans to launch a new handset.
Motorola was bought by Google 2011, which owns the Android operating system.
The new phone, called the Moto X, will be built in Texas and Woodside said he was ‘pretty confident in the products we’re going to be shipping in the fall’.
Woodside added that the Moto X would benefit from Motorola’s expertise in managing ultra-low power sensors — such as in accelerometers and gyroscopes — that can sense usage contexts and turn off certain components when not required, to save power.
He added that it will interact in different ways to other handsets and said the camera would ‘fire up in a way not seen before’ calling the handset ‘more contextually aware’ than other phones.
Motorola’s engineers have also come up with processors that will help save power, but didn’t elaborate further.