The Memory Doorbell

1 September 2008 at 11:14 | Posted in Building Security, Innovations, Intercom Systems, Memory Doorbell, Security, Security Access Systems | Leave a comment
Tags: , , , , , , ,

[Category: Innovations. If you are new to my blog please read the “About itimes3” page first]

Today I was on the phone with someone at a courier service: they claimed they had tried to deliver a package last week, but I did not think anyone ever rang my doorbell. Although it could have been while I was away, but I had no way of verifying this.

I live in an apartment, and the doorbell is a video intercom, as is common in apartments. This is nice, because I can see who is there when the doorbell rings, but it is not a very smart device, because if someone rings the doorbell when I am not there, there is no way for me to know, unless the person tells me afterwards.

In some other places I have been, the video intercom is linked with the TV set (you can tune one channel to the video intercom) and the TV will switch on when the doorbell rings and show the person standing there.

This is nice, and conceivably I could record this event, but the recording facility is not part of the manufacturer setup so I would have to rig this up myself somehow which would be time consuming, costly, difficult and interfere with using my recording device for other purposes.

So I was wondering, why does the video intercom not have a recording device built in, much like a telephone answer machine?

So that when I get home after work, the device display says something like “3 events” and then I can playback the footage from the intercom.

Obviously the quality of the recording will need to be high enoughs so that the person is recognizable even without talking to them, or ideally, the concept of the video intercom would need to be changed somewhat, in the sense that it will need to have a built in “voice sentinel” that challenges the visitors in a way that does not reveal whether the occupant is home or not.

This could be done in the following way:

  • Visitor rings doorbell downstairs at apartment bell board.
  • Voice of sentinel erupts from speaker saying something along the lines of: “Welcome to the ABC Apartments. Please state your name and the purpose of your visit”.
  • Visitor states name and purpose of visit (this has already been patched through to the apartment in realtime).
  • Sentinel waits to see if door release is activated from apartment. If nothing happens within say 30 seconds, the sentinel comes back on the speaker saying: “Sorry there was not reply from the apartment just now. Do you wish to leave a message?”
  • Visitor leaves message if desired and leaves.

With this system, if the inhabitant of the apartment is away or does not want to answer the doorbell, there will be a recording that can be played back later.

Added on 18 September: an even better system would be one that would call my cell phone when someone rings the doorbell, and would patch through the camera so I can see live from anywhere in the world who is there. Again, this is a system I could rig up myself with some effort, however it would be nice if it were installed by default in new buildings…

If you like this idea and you work in a type of industry where this is relevant, I would be happy to discuss in more detail, answer questions or assist in other ways. For details and contact information please see the “About itimes3” page.

George Spark

Disclaimer: Any trademarks mentioned herein are the property of their respective owners.
All usage of this site is entirely at users risk.

Advertisements

Passport of the Future

11 August 2008 at 19:32 | Posted in Airport Security, Aviation Security, Electronic Identification, Ideas, IT Security, passport, Security | Leave a comment
Tags: , , ,

[Category: Ideas. If you are new to my blog please read the “About itimes3” page first]

Yesterday a friend of mine, who is prone to forgetting his passport as well as losing it from time to time due to forgetfulness, asked me: “George, what do you think is the future of passports?”. He was wondering whether there would ever be a better solution than having to remember carrying a small booklet around the world to prove his identity.

So I gave him my vision of the future of passports, which I believe will be more or less as follows:

First there will be a process of (further) standardisation, computerisation and globalisation. This may lead to the passport as a booklet being replaced, say in 10 to 20 years, by a smart card of some sort (probably a credit card sized plastic document with embedded RFID-type chip). The smart card will contain all relevant user data including travel history, biometric identification data, photo, etc.

All the technology is available, main problems are with global standardisation and systems integration (which can only happen as fast as politicians work, e.g. generally slow) as well as with security.

Once this stage has been reached, further convergence will be possible, towards everyone carrying only one card or similar item which contains the passport data, but which can be loaded with additional functionality such as driver license data, bank card data, health records, phone data, and random additional items such as gym access, security access to buildings, cars, etc. etc.

The main issue there once again will be security, but it will be possible to overcome this (although of course nothing is ever totally secure). The card data may be transferable to authorized devices such as cellphones (so the cellphone could be used as passport, etc.) or for the owner to create a read-only backup copy.

The next step after this will be embedding. The “converged passport” will be embedded into the body in the form of an implanted chip, much like more basic chips (usually based on RFID technology) are already implanted in animals and in some humans.

At this stage, more data will likely be added to the implant (for example it would be nice if we could carry our computer data within our body). Our body would communicate with various wireless networks as we walk down the street (for example receiving messages), access buildings, our bank accounts, enter new countries, enter our cars (which will only start with us or an authorized person at the wheel), etc.

As an added form of security, DNA sequencing should be fast enough at this stage to allow it to be used for authentication purposes (perhaps not sequencing someone’s entire DNA, but a few key points that are unique idetifiers, much like fingerprint scanning only scans for a few unique identifiers and does not deal with the entire fingerprint).

So I answered my friend that in the end, we will be our passports: all current passport data – and much more – will be carried within our bodies.

If you like this idea and you work in a type of industry where this is relevant, I would be happy to discuss in more detail, answer questions or assist in other ways. For details and contact information please see the “About itimes3” page.

George Spark

Disclaimer: Any trademarks mentioned herein are the property of their respective owners.
All usage of this site is entirely at users risk.

Biometric Cell Phone Security

3 August 2008 at 21:50 | Posted in Biometric Security, Biometrics, Cell Phone, Cell Phone Security, Innovations, Mobile Phone, Mobile Phone Security, Security | Leave a comment
Tags: , , , , , , , ,

[Category: Innovations. If you are new to my blog please read the “About itimes3” page first]

Well this one is for the Sunday night (Sydney time), a bit of a shorter one, its been a busy day walking around the Supa Centre for hours and hours with my girlfriend buying furniture for her new apartment, so I’m kind of tired ūüėČ

But to return to the subject: have you ever wondered if anyone has been messing with your cell phone (mobile) in your absence at any stage in the past? You probably have, if an informal poll amongst my friends is correct (the far majority thought that their phone had been messed with at least at some point in the past).

It could have been a partner checking the phone out of (legit or paranoid) jealousy for messages, numbers or calls of a competitor, or it could have been someone wanting to make a free international call, or any conceivable other reason.

Now laptop computers have had fingerprint readers for some time, at least on a fair number of models from different manufacturers; however what surprises me is that cellphone manufacturers have (as far as I know at least) never included biometric security in their products so far.

I have seen all sorts of password or “image-sequence” protection systems, but they are time consuming to work with so one would expect them to be disabled by the user.

So the reason I am writing this is to suggest to cell phone manufacturers to include one or more biometric security devices in their products.

This could be a fingerprint reader, which would prevent anyone but the legitimate owner access the phone, an iris scanner (which would use the phone’s camera to scan the iris and would unlock upon viewing the owner’s iris), or a different option such as taking a snapshot of the owner which would be checked against a stored image.

I’m really quite surprised that as far as I know none of the cell phone manufacturers have integrated any biometric security until today.

If you like this idea and you work in a type of industry where this is relevant, I would be happy to discuss in more detail, answer questions or assist in other ways. For details and contact information please see the “About itimes3” page.

George Spark

Disclaimer: Any trademarks mentioned herein are the property of their respective owners.
All usage of this site is entirely at users risk.

The Permanent Electronic Luggage Tag

2 August 2008 at 2:00 | Posted in Airlines, Airport Security, Aviation Security, Budget Airlines, Electronic Luggage Tag, gps, Innovations, RFID Tag, Security, Travel | Leave a comment
Tags: , , , , , , , ,

[Category: Innovations. If you are new to my blog please read the “About itimes3” page first]

A long time ago I changed the plastic luggage tag attached to the handle of my suitcase to only read my name, my mobile number and my email address – destination address, originating address, and any other cumbersome information henceforth ommitted, I don’t waste time anymore updating the tag for each flight.

However there is still the time consuming and messy process of attaching paper (or paper-like plastic) destination tags to the luggage at check-in. I don’t have to do that, but I have to wait for it, and it is an old-fashioned solution with more cons than pros.

The problem with the paper tags is that they are in most cases still based on optical technology (large human readable airport code, and machine-readable barcode), which makes them more prone to be the cause of handling errors. And even when they have an embedded RFID tag (which was experimented with at some airports and may still be ongoing, I am not sure), they are still fragile as they depend on the sticky surface being applied correctly, plus this type of label sticks out so can catch on objects and be torn off, with as a result lost luggage.

Another problem is that printing and attaching the destination tags is a cumbersome process that takes too much time at check-in. If printing and attaching the label(s) for an average passenger takes 30 seconds, it will take 150 minutes for a flight with 300 people. That’s more than two hours of staff time! And even at an unrealistically low average of 10 seconds, it would still take 50 minutes per flight, nearly an hour of staff time.

And finally, it is a waste of resources (tons of plastic and paper thrown away worldwide every day), and a messy business removing the tags at the other end.

To fix this issue permanently, I propose the creation of a permanent electronic tag.

This tag can be built into the suitcase at manufacture, or attached to a handle if the suitcase does not have one built in, or the built-in one is broken (or perhaps it can be glued like a sticker to the suitcase, inside or out, if it is flat enough). These attachable tags would be for sale at the airport, and should be reasonable in cost (a few dollars each max; perhaps a durable and a cheaper non-durable version could be offered).

This tag would have (at least) two items of information: The first item being the owner’s details, with email address and phone number, and including perhaps a passport number or other means of identification (however not home address or similar, to avoid risk of “burglary in absence” should someone unauthorised read the tag at the airport).
The second item would be the flight details, including destination, flight number, etc.

These two items are in a sense independent from each other: the owner of the luggage should be able to change the personal details, however the flight details should only be changeable at check-in, and show up on a screen there so both the check-in attendant and the suitcase owner can verify the details are correct.

During processing, the flight details are read off the tag by proximity scanners located along the conveyer belts etc. and also when entering the aircraft, as well as when leaving it and during arrivals processing.

The personal details in the tag can be used as proof of ownership should this be disputed in any way at destination, or to locate the owner should the luggage be lost somehow.

The technology should be based on current RFID technology, with the difference that the tags will be built to have a near-permanent durability. The system could be built and marketed globally by the big airport luggage handling manufacturers, for example, in association with airlines, the luggage manufacturing industry and likely at least some other global players in the travel world, particularly to handle the IT and data processing side of the project.

Additional features of this type of tagging would include the ability to “read” all tags of all luggage in the hold of an aircraft in one hit (provided the right active technology us used), so that a list of luggage can quickly be matched to passenger lists.

The system, once implemented, could then also be used for cargo, which probably would be equipped with less permanent RFID tags.

Note: here is the link to the Wikipedia entry on RFID tags, which provides a lot of information about the technology: http://en.wikipedia.org/wiki/RFID

In the more distant future, a tag or beacon based on GPS-technology could be used, so that each piece of luggage could be tracked anywhere in the world by satellite. The technology exists, but is perhaps somewhat expensive still…

If you like this idea and you work in a type of industry where this is relevant, I would be happy to discuss in more detail, answer questions or assist in other ways. For details and contact information please see the “About itimes3” page.

George Spark

Disclaimer: Any trademarks mentioned herein are the property of their respective owners.
All usage of this site is entirely at users risk.

Cloud Computing Security

1 August 2008 at 13:40 | Posted in Cloud Computing, Data Centres, Ideas, IT Security, Online Backup Services, Security | Leave a comment
Tags: , , , , ,

[Category: Ideas. If you are new to my blog please read the “About itimes3” page first]

Cloud computing is the next big thing, or perhaps the current big thing. If you work in the IT industry like me, you’ve read about it and heard sales talk about it for several years now, and the pace is stepping up.

Yet what has been surprising me, particularly now that cloud computing appears to be taking off in earnest, is that there does not appear to be any formal, independent global body as yet that overseas the cloud computing industry.

There are no ISO certifications for cloud computing operators, there is no standardised security benchmark, no governing body, no way you can tell whether a service you may want to subscribe to is run in a secure data centre or on a stack of dusty, failing reconditioned PC’s in the corner of someone’s flood-prone garage.

For the past few years I have been doing my backups online, online backup being probably the most basic form of cloud computing. Problem is: each of the big operators in this market claims they have secure facilities, store your data in a way nobody can access it, use private keys for encryption, etc.

However there is no way I can know for sure that the data centres they use, and the systems they use, are truly secure and compliant with any standard Рparticularly because there is no standard. One thing is certain: there are vastly differing setups out there, yet everyone claims high levels of security.

Case in point is the use of “private keys”. Several operators claim to offer data security via the use of a private key, and that they cannot access the data because the private key is entered by the user and thus the user is the only one who knows the key and can encrypt and decrypt the data.

However this is not technically possible. Because all these backup services use versioning to track changes in the data and back up files incrementally, which very significantly saves on disk space.

In order to use versioning, the data needs to be decrypted to check the file content and how it changed, then back up the changes and re-encrypt the file. For this, the private key is required. Which means it is stored somewhere and accessed by the backup service on a practically non-stop basis whilst the backup is occurring.

Obviously this is all done in an automated way, no human being is sitting there manually decripting and re-encrypting these files. But it means that if someone at the backup service provider wanted access to your data, all they would need to do is load the private key, which they have to have access to, and decrypt any files they wanted.

And this is just one example. The same applies to any other cloud computing services available today. We do not know what is out there at the data centres. Our data is lost in the fog. A big brand name makes no difference (as recent big outages at one key provider show). What is needed is independent verification and compliance with standards.

So I say: it is time for either the industry or user interests to initiate the creation of an independent governing body, that issues certifications to cloud computing providers that comply with a published minimum security standard. And to verify compliance on a regular basis, through, for example, unannounced annual inspections.

If you like this idea and you work in a type of industry where this is relevant, I would be happy to discuss in more detail, answer questions or assist in other ways. For details and contact information please see the “About itimes3” page.

George Spark

Disclaimer: Any trademarks mentioned herein are the property of their respective owners.
All usage of this site is entirely at users risk.

Next Page »

Create a free website or blog at WordPress.com.
Entries and comments feeds.