Curated by: Luigi Canali De Rossi

Tuesday, April 20, 2004

Credit Cards Safer When Sound Enabled

BeepCard is a technology company. They sell a sound authenticator for credit cards. The demo looks like a credit card -- an actual credit card that passes all the credit card specs for bendability and reliability and everything -- and contains a speaker and a sound chip. When you press a certain part of the card -- the "button" -- it spits out an audible 128-bit random string. It's a non-repeating string that's reproduced in software at the other end, similar to a SecurID card, so an attacker can't record one audible string and deduce the rest of them. This is perhaps the coolest security idea I've seen in a long time. They have a demo application where you go to a website and purchase something with a credit card. To authenticate the transaction, you have to put the card up to your computer's microphone and press the button. The sound is captured using a Java or ActiveX control -- no plug-in required -- and acts as an authenticator. It proves that the person making the transaction has the card in his hands, and doesn't just know the number. In credit-card language, it changes the transaction from "card not present" to "card present."



Bruce Schneier - [ Read more ]
Readers' Comments    
blog comments powered by Disqus
posted by Robin Good on Tuesday, April 20 2004, updated on Tuesday, May 5 2015

Creative Commons License
This work is licensed under a Creative Commons License.




Real Time Web Analytics