Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

2/10/2011
02:18 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

'eGo' Turns The Human Body Into Its Own Wireless Network

Gemalto to demonstrate at RSA next week a new, futuristic technology that lets users authenticate, pay, and access systems via wearable technology

In the brave, new world of smart-card authentication, all you have to do is touch a device to authenticate yourself to make payments, phone calls, log into a computer, start your car, or open doors to restricted areas.

Gemalto, a Europe-based smart-card vendor, at the RSA Conference in San Francisco next week will show a live demonstration of this person-to-device direct connection that eliminates the need for a smart card and smart-card reader, or typing in passwords or security access codes. The so-called "eGo" technology, which was developed as part of the pan-European Cluster for Application and Technology Research in Europe on NanoElectronics program, uses a smart-card-like chip that can be embedded in a watch or other wearable device and uses the body itself to transmit wirelessly between the human and an object.

Xavier Larduinat, marketing communication manager for the chief innovation and technology office at Gemalto, says eGo uses the signal modulation of the skin to send information from the device -- which can be no farther than one-inch from the skin -- to the device to which it's authenticating and communicating. "It's like what we have today for the [touch screen] on the iPhone," he says.

The user has an eGo-equipped device on his or her person, either in a wallet, watch, jewelry, or other wearable item, and just touches the eGo-equipped secured door, mouse, or even a soda machine, and if he or she is authorized, gains access via an Ultra Wide Band transmitter. Once the user is 30 feet away, the wireless channel automatically disconnects and the keys clear. The technology was first shown in Paris last December.

At RSA, Gemalto will host a live demonstration of eGo, where a user wearing an eGo device around his neck will touch a mouse to log into his PC. "By touching the mouse, it grabs the information [from his eGo card] and passes the user name and password through his hand to the PC," Larduinat says.

Larduinat says eGo is the future of smart-card technology, and is more secure than Bluetooth because it's a one-to-one connection that requires close proximity. It comes with Java Card technology and secure remote management. "It's the future way of bringing digital rights to a digital device," he says.

The silicon chip inside the eGo device is personalized with the user's credentials and access rights, and could include banking information for payment purposes; the path between the devices is encrypted. Larduinat says the hope is to bring this technology to the consumer side, possibly for cars, appliances, and watches: "You could use your watch to pay" when you go shopping, he says. "You wouldn't need to sign" for a credit card scan, he says.

What if you lose your eGo device? It's basically worthless to anyone else because it requires a fingerprint scan to start the device, Larduinat says.

But eGo doesn't do much for a longer connection, like watching television. "If you are using it to watch TV and walk away more than 30 feet, it will switch off," L says. "It's for the temporary usage of something." Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
AI Is Everywhere, but Don't Ignore the Basics
Howie Xu, Vice President of AI and Machine Learning at Zscaler,  9/10/2019
Fed Kaspersky Ban Made Permanent by New Rules
Dark Reading Staff 9/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16317
PUBLISHED: 2019-09-14
In Pimcore before 5.7.1, an attacker with limited privileges can trigger execution of a .phar file via a phar:// URL in a filename parameter, because PHAR uploads are not blocked and are reachable within the phar://../../../../../../../../var/www/html/web/var/assets/ directory, a different vulnerabi...
CVE-2019-16318
PUBLISHED: 2019-09-14
In Pimcore before 5.7.1, an attacker with limited privileges can bypass file-extension restrictions via a 256-character filename, as demonstrated by the failure of automatic renaming of .php to .php.txt for long filenames, a different vulnerability than CVE-2019-10867 and CVE-2019-16317.
CVE-2019-16307
PUBLISHED: 2019-09-14
A Reflected Cross-Site Scripting (XSS) vulnerability in the webEx module in webExMeetingLogin.jsp and deleteWebExMeetingCheck.jsp in Fuji Xerox DocuShare through 7.0.0.C1.609 allows remote attackers to inject arbitrary web script or HTML via the handle parameter (webExMeetingLogin.jsp) and meetingKe...
CVE-2019-16294
PUBLISHED: 2019-09-14
SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of service via Unicode characters in a crafted .ml file.
CVE-2019-16309
PUBLISHED: 2019-09-14
FlameCMS 3.3.5 has SQL injection in account/login.php via accountName.