Every now and then I have an idea that I think would probably be valuable, but rather than running with it I just chicken out and document it. Sometimes it turns out to be a decently good idea (such as when I thought that there might be money to be made going around to homes and offices and running anti-virus and anti-spyware software on a regular basis, since most people can’t seem to be bothered to do it for themselves), and other times it turns out that somebody is already doing it (like when I had the idea of combining small/fast/expensive disk storage with bigger/slower/cheaper disk storage with even bigger/slower/cheaper tape storage, and software to stage data between the different levels of storage depending on usage patterns).
Today’s million dollar idea: a usb dongle that you wear on a wrist strap, or a wireless device that you keep in your pocket or wear as a ring (like the wireless keys for Toyota Priuses) that acts as an encryption/decryption device for your laptop. The device provides the key that is used to encode the data in your laptop so that only somebody who has the physical device can decode it. The OS recognizes the device at a very low level and is constantly checking for it. That way, if you step away from the laptop, even to walk to the printer or go up to the barista to pick up your latte, your data is secure and the screen is scrambled. No screen saver passwords, no complex login procedure, nothing to write down on a post-it note on your monitor, nothing to forget and have to phone the help desk – either you have the dongle and you can see the data, or you don’t have it and you can’t. And unlike other security methods, you can’t by-pass it by putting the disk in another machine or booting with a Knoppix CD.
Of course, it won’t do you any good if you keep it in your laptop bag or leave it on the desk with the laptop while you step away, which is why I suggested something wearable. Trying to find the balance between convenience and lose-ability would be the hard thing, I think.
Speaking of lose-ability, the other thing that has to be figured out is how to make sure you can get your data back if you lose the dongle, but at the same time making it impossible for somebody to surrepticiously copy the dongle in preparation for stealing the laptop, or for somebody to sell their corporate laptop and a copy of the dongle.
Ideally, the dongle could be programmed on a desktop computer, so for a personal laptop you’d set up and store your security key somewhere where it’s less likely to go walk-about, but if you lose the device you could program another. And if it was a corporate laptop, the company could do the programming, meaning they would know the key and you wouldn’t, so you couldn’t duplicate it on another dongle, meaning they’d have control over how many duplicates they issued. I guess the dongle would have to use some sort of write-only memory with a public/private key thing so that there would be no way to retrieve the key from the dongle to make duplicates. I wonder if that technology exists yet?
It’s sort of been done, with Bluetooth on the Mac:
http://www.macosxhints.com/article.php?story=20030224123820592
I’ve heard of a better variation; facial recognition. The PC/laptop/whatever has a camera. You login (maybe using facial recognition as part of the process) and as long as your head is within camera view then you’re OK. Move away and instant screen lock. This is great for traders who may be sitting there for a long time just watching screen updates without necessarily entering data at the keyboard or moving the mouse; for them idle timeout screen locks are annoying. But having one based on their presence… very useful!
I’ve not seen this working in practice, but I’ve heard of some banks trialing it.