Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

2/10/2011
02:18 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

'eGo' Turns The Human Body Into Its Own Wireless Network

Gemalto to demonstrate at RSA next week a new, futuristic technology that lets users authenticate, pay, and access systems via wearable technology

In the brave, new world of smart-card authentication, all you have to do is touch a device to authenticate yourself to make payments, phone calls, log into a computer, start your car, or open doors to restricted areas.

Gemalto, a Europe-based smart-card vendor, at the RSA Conference in San Francisco next week will show a live demonstration of this person-to-device direct connection that eliminates the need for a smart card and smart-card reader, or typing in passwords or security access codes. The so-called "eGo" technology, which was developed as part of the pan-European Cluster for Application and Technology Research in Europe on NanoElectronics program, uses a smart-card-like chip that can be embedded in a watch or other wearable device and uses the body itself to transmit wirelessly between the human and an object.

Xavier Larduinat, marketing communication manager for the chief innovation and technology office at Gemalto, says eGo uses the signal modulation of the skin to send information from the device -- which can be no farther than one-inch from the skin -- to the device to which it's authenticating and communicating. "It's like what we have today for the [touch screen] on the iPhone," he says.

The user has an eGo-equipped device on his or her person, either in a wallet, watch, jewelry, or other wearable item, and just touches the eGo-equipped secured door, mouse, or even a soda machine, and if he or she is authorized, gains access via an Ultra Wide Band transmitter. Once the user is 30 feet away, the wireless channel automatically disconnects and the keys clear. The technology was first shown in Paris last December.

At RSA, Gemalto will host a live demonstration of eGo, where a user wearing an eGo device around his neck will touch a mouse to log into his PC. "By touching the mouse, it grabs the information [from his eGo card] and passes the user name and password through his hand to the PC," Larduinat says.

Larduinat says eGo is the future of smart-card technology, and is more secure than Bluetooth because it's a one-to-one connection that requires close proximity. It comes with Java Card technology and secure remote management. "It's the future way of bringing digital rights to a digital device," he says.

The silicon chip inside the eGo device is personalized with the user's credentials and access rights, and could include banking information for payment purposes; the path between the devices is encrypted. Larduinat says the hope is to bring this technology to the consumer side, possibly for cars, appliances, and watches: "You could use your watch to pay" when you go shopping, he says. "You wouldn't need to sign" for a credit card scan, he says.

What if you lose your eGo device? It's basically worthless to anyone else because it requires a fingerprint scan to start the device, Larduinat says.

But eGo doesn't do much for a longer connection, like watching television. "If you are using it to watch TV and walk away more than 30 feet, it will switch off," L says. "It's for the temporary usage of something." Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27020
PUBLISHED: 2021-05-14
Password generator feature in Kaspersky Password Manager was not completely cryptographically strong and potentially allowed an attacker to predict generated passwords in some cases. An attacker would need to know some additional information (for example, time of password generation).
CVE-2021-30183
PUBLISHED: 2021-05-14
Cleartext storage of sensitive information in multiple versions of Octopus Server where in certain situations when running import or export processes, the password used to encrypt and decrypt sensitive values would be written to the logs in plaintext.
CVE-2021-31922
PUBLISHED: 2021-05-14
An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffic Manager before 21.1 could allow an attacker to smuggle an HTTP request through an HTTP/2 Header. This vulnerability is resolved in 21.1, 20.3R1, 20.2R1, 20.1R2, 19.2R4, and 18.2R3.
CVE-2021-32051
PUBLISHED: 2021-05-14
Hexagon G!nius Auskunftsportal before 5.0.0.0 allows SQL injection via the GiPWorkflow/Service/DownloadPublicFile id parameter.
CVE-2021-32615
PUBLISHED: 2021-05-13
Piwigo 11.4.0 allows admin/user_list_backend.php order[0][dir] SQL Injection.