Passlet

Year: Nov’12 – Jan’13
Role: Developer, UX Designer & Ideation
Tools, Language or Script used: Arduino, Processing, Java
Main site : passlet.shilpanbhagat.com

Passlet is a wearable  device which authenticates the user/ transfers files/ controls devices – by the mere act of touch.

This video below is a short demo of the device with the concept:

 

This project began with a vision. So before I explain what Passlet does, let me tell you a bit about how it essentially came around. There were a couple of factors which led me to make this project as my final physical computing project. The first was my thought on the future of technology and my almost obsessive need to make technology not disrupt our interactions with the natural environment.

I believe that with the continuing increase in the ‘technology per unit currency’ ratio there will come a day when the act of ‘device ownership’ would become blurry. Now when I say ‘device ownership’ I do not mean the physical device. Let me give you an example – Google is already  taking steps in this direction. It’s recent chromebook release made the device superiorly cheap but on the other hand it took a very important step by making ‘device ownership’ meta-physical – taking all the data to the cloud. This means that one chromebook can essentially have multiple personal filesystems. All you need to do is type in your username and password and there you have it. Some other guy’s chromebook is no different from yours. All your files and personal settings are downloaded to your computer. It’s as if you ‘own’ the device but you really don’t. What does this achieve? Think of a world where you never had to ‘configure’ yourself to the computer. Any device you use will set itself up in accordance to your settings. So it’s no more just your e-mail or social network. It’s about changing your entire computing experience. Although I believe there is still a lot to be done to achieve this. (like syncing mobile and computer OS as one)  I believe it’s not that far away. Google started it’s approach via chromebook, while Microsoft is doing it in a different manner and is very close to syncing it’s Mobile and Computer OS.

I believe very strongly in the idea that when I say ‘touch’ the first thing on your mind should not be a screen. Technology has connected us with  one another in more ways than one but I believe that it is also responsible for disassociating ourselves from our environment. In principle, it has brought about a lot of ‘artificial’ interactions which now have become a way of life. I recently found an article which talks about my thoughts in a more detailed manner. You can look at it here

One example, of the many, would be operating the computer/mobile phone. Due to security reasons, we have introduced a wide variety of steps in order to get to the required information. The first and foremost is username and passwords. I believe the current security  measures are not catered to how we perform our usual tasks. Remembering a username and password is really artificial in nature. That is the reason why people keep forgetting their passwords/username all the time. To compensate, they keep known entities as their password – like their dog’s name, which makes it even easier to hack. An interesting article came out on Wired recently by Mat Honan called Kill the password. The article a really good read about what’s wrong with passwords. However there are a few things he said that I agree/disagree with.

Excerpts from Kill the password:

  • The other thing that’s clear about our future password system is which trade-off—convenience or privacy—we’ll need to make.
  •  “We need to make that trade-off, and eventually we will. The only way forward is real identity verification: to allow our movements and metrics to be tracked in all sorts of ways and to have those movements and metrics tied to our actual identity. We are not going to retreat from the cloud—to bring our photos and email back onto our hard drives. We live there now. So we need a system that makes use of what the cloud already knows: who we are and who we talk to, where we go and what we do there, what we own and what we look like, what we say and how we sound, and maybe even what we think. That shift will involve significant investment and inconvenience, and it will likely make privacy advocates deeply wary. It sounds creepy. But the alternative is chaos and theft and yet more pleas from “friends” in London who have just been mugged. Times have changed. We’ve entrusted everything we have to a fundamentally broken system. The first step is to acknowledge that fact. The second is to fix it.”

I completely disagree with the first and agree with his vision on the second. I believe passwords or secure communications require some kind of ‘real world’ feedback which has not been done before but that does not mean that it has to be inconvenient. Overall the article talks about passwords but I believe that the same applies to secure connections of any kind.

So far I have said that my vision of the future deals with complete cloud based computing experience and that secure communications needs some kind of ‘real world’ feedback. But how do these two make sense together? It does if you keep in mind that the one of the most important part of cloud computing is identifying the user to give access to the required resources. And how does it happen currently? Yes, usernames and passwords. So overall, in order to make the future a bit more secure, a ‘real world’ feedback of some kind would be required.

Now there are many security measures already present which help identify the person by a great measure. They mostly go by the name of Biometrics. But there are two problems with them. First in terms of scalability they are extremely costly and do not scale very well since each device would require to host them. And second is context. Most security measures I know are trying to understand or identify a person. But they are on a machine. Do you get where I am going? The problem is that most devices are placed on the machine and are required to identify a person based on a database in the cloud somewhere. But if we want to authenticate a person – should the device not be on the person instead? The information required for authentication, I believe, should exist on the user instead of a machine.

What are the advantages of this? First, the database is distributed and in control of the user. This protects the user from any kind of online attacks which seem to be the biggest concern for a majority of people. Second, it can essentially eliminate the entire process of username/password protection.

Now talking in terms of user experience, you would not want to wear a bulky gadget on your body for simply protecting yourself from online attacks. But if the technology is small enough to be a part of your bracelet or watch, I do believe you would not mind it. Also, as a user experience designer, I am aware of how people react to change and hence let me tell you that I am not trying to reinvent the wheel here. Just trying to provide a safer way to save passwords and completely eliminate the username from the scenario. Please be patient and I will tell you how. Now for my the last part of authentication that bothers me (as a designer) – typing. About 5% of all you type while you surf the internet goes into typing authentication strings. It believe that our touch should be enough to authenticate us or create a secure connection for transmission of data.

And this is where Passlet comes in – It is a wearable device which you can wear on your hand and simply log into a device/website/or transfer data by simply touching the device. Sounds simple right? That’s how it’s meant to be.

Underlying Technology:

Method of authentication:

The sensor, is supposed to be paired with the user’s phone. Every sensor has a unique ID which can be paired with only one phone. The event of you touching the object is then sent from the sensor to the phone along with the ID. The phone, on authenticating the message, adds the locally stored username and password to the message and sends the entire packet to the object touched. The receiving device constantly polls for request and on attaining a packet tries to authenticate the user using the username and password. If the receiving device has not received a request from the sensor before, you pair the device to it, otherwise it directly authenticates you. And logs you off when you stop touching it (or maybe after a while, still need to figure the appropriate way of doing that).

 

Method of data transmission:

The technology used in passlet actually allows data to be transferred from your body. That means that this bracelet can act as a mediator for you in the digital and physical world. All your digital transfers and payments can be mediated through this one device and what one can do with such a device is only bound by the imagination of the person using it!

These are some of the few applications that I have come up with. The point is that, it is possible to create a secure connection using touch as a method of authentication.

So how does this co-relate with the vision? Kyle McDonald had an interesting analogy which I would like to present before I stop. He said imagine paper and our right of ownership on it in the current world. If I give you one of mine, you will assume ownership of that paper. The future of devices is at par with that except in a meta physical manner.