25 comments

[ 2.8 ms ] story [ 54.1 ms ] thread
i remember reading about this in an old good french computer magazine : Login

now you can put rfid in ring :)

Oh man, I wouldn't be half the hacker I am today without Login: (and a few other programming/linux zines I would buy in middle/high school). I was so sad when they stopped publishing it. I still have a pile of them at my parent's house... thanks for the memory :)

(France's press culture is much superior to any other country that I've been to - when I go back to visit family, I always grab a pile of magazines to bring back with me)

yeah it was an awsome magazine, tech , prog news.

I miss it.

I would really love something like this to be standardized for IAM (identity and access management) purposes. Far too often the "something I have" is forgotten or non-standard in security. "Something I know" is standardized as passwords. "Something I am" is fairly standardized as fingerprints. But the concept of "smart cards" still isn't there yet, for some reason.

If we could get rid of the "something I know" and go to "something I have" and "something I am", network-based attacks would be that much more difficult. The password is dead. With something like an RSA token, barring any breach of RSA's algorithm (again) or a complete bypass of the authentication system altogether, an attacker would need to be physically near me to compromise my account (would need to steal my fingerprint AND my smart card).

And no, Google Authenticator isn't quite the same. I use it on all my accounts, but it's just so damn inconvenient. A ring, a watch, or even an NFC version of Google Authenticator would work so much better.

I personally like the idea of the Nymi. http://www.getnymi.com/

There are plenty of NFC-like standards, and smart card-like authentication protocols. Can we just standardize on one of them, get the hardware out there, and solve this problem already.

Ah, the late nineties, when the dream of "Java in ALL THE THINGS" was alive and strong.
Is there a general consensus to why Embedded Java and other Java techs like Java Card never took off?
There's a tiny computer inside your iPhone running Java. It really is everywhere.
JavaCard _did_ take off. More likely than not the SIM card in your phone runs it, and so does your EMV/NFC bank card (if you have one).
A great example of the difference between mindshare and marketshare
Didn't that more or less happen? Your phone runs Java (well, maybe not, but most people's do). The SIM card in your phone runs Java. Set-top boxes and TVs run Java. I know a guy who programs washing machines in Java. The servers serving up the pages you read on your phone run Java (or at least the JVM). Most of the current big data software runs on the JVM. About the only applications which aren't Java are desktop apps, and those are kind of a hangover from the, er, 90s.
... and unremarkably, the software on set-top boxes and TVs (and perhaps washing machines--mine's pretty buggy considering the number of inputs and outputs involved) is uniformly terrible, along with most pre-Android Java-based phones. Not to mention the overhead required to run something like Java in an embedded system was until very recently, bad for keeping costs down.

It's notable that the current, much more successful, wave of embedded platforms suitable for DIY work don't run Java.

I remember rolling my own authentication system using an iButton back in college. I had it mounted on a key fob. Worked pretty well, you touched it to the reader and typed in a 4 digit PIN.

Don't really understand why these didn't take off vs. a smart card for authentication: as far as I know they're more durable and they're pretty cheap.

We had these for the EE department doors in college. They were pretty cool.

Nowadays I don't want another key. I want a standardized RFID protocol (active and passive). I have two office RFID cards, a key-fob for my car, a card for the garage, my phone supports NFC and I get another card when I go to a hotel. And they are all different and incompatible. I can't keep both of my office cards in my wallet, because while they are not the same protocol, they are on the same frequency and conflict.

It is maddening. I want my phone to act as an active NFC identity transmitter, and I want a backup passive RFID card I can put in my wallet. It should be simple to pair these two devices with all of these desperate systems.

Oh, and while I am at it, can my phone not be a whore about it and only respond to receivers that I have expressly authorized.

Why is standardization so hard?

I just don't lock my door. Or my car. Anyone interested in stealing my stuff is probably more interested in skeletal integrity anyway.
Does it show the confirm the fact that java was cool tech only in late 90ties ?
This doesn't need to be confirmed: LiveScript was renamed JavaScript back in 1995 so it would be percepted as hot.

On a more universal level, it shows just how ridiculous most buzzwords are. As we laugh today about JavaScript and the Java Ring, we will laugh tomorrow about today's ubiquity of the "cloud."

IIRC they gave these out at the first Java One. You could program it with what kind of coffee you liked, and hold it up to the coffee machines there. At the time I worked at a company that also had a JavaStation (basically a SPARC that only ran Java).

We all thought the JVM was about to revolutionize client software development and break Microsoft (once everything ran on the JVM, MS wouldn't have an app ecosystem that tied us to them). Meanwhile, the browser was staring us right in the face, and it was server-side where the JVM blew up.

This was the coolest thing about JavaOne that year, I was particularly excited about the strong encryption that was included on the ring ... oh wait. As it turned out the encryption bits were embroiled with the state department etc etc. To compensate I created an Enigma machine simulator[1] on mine :-)

I did eventually get my hands on a "fully enabled" ring, which I've still got. As I recall the best it could do was 1024 bit RSA though.

[1] http://www.javaworld.com/article/2076726/learn-java/my-enigm...

And I thought it was too early to have ring computers. Time for some Alan Kay nostalgia.
I bought a developer kit at the time this came out and I was hoping to program it to act like a tiny storage device to copy files from one machine to another (like today's USB flash drives). I never got around to learning to use the SDK and toolchain -- and definitely didn't know enough crypto at the time to try to use it for some of the intended authentication applications!

I guess a lesson of the intervening decade and a half has been that almost nobody knows enough crypto for the applications they're trying to develop. :-(