Cute security technology from Beepcard:
The Comdot™ solution is easy and convenient: Users simply hold the card in front of their PC, phone or other networked microphone and squeezes the Comdot™ — a flat button on the card — the card uses sound, carrying a one time 3DES encrypted code, to identify the user to the destination server.
Bruce Schneier’s comments:
This is perhaps the coolest security idea I’ve seen in a long time. They have a demo application where you go to a website and purchase something with a credit card. To authenticate the transaction, you have to put the card up to your computer’s microphone and press the button. The sound is captured using a Java or ActiveX control — no plug-in required — and acts as an authenticator. It proves that the person making the transaction has the card in his hands, and doesn’t just know the number. In credit-card language, it changes the transaction from “card not present” to “card present.”
Even cooler, they are making an enhancement to the system that also includes a microphone on the card. This system will require the user to speak a password into the card before pressing the button.
Why do I like this? It’s a physical authentication system that doesn’t require any special reader hardware. You can use it on a random computer at an Internet cafe. You can use it on a telephone. I can think of all sorts of really easy, really cool applications. If the price is cheap enough, BeepCard has a winner here.