Untitled

Some great ideas can stun you with their simplicity. ComSense Technologies' network authentication card, ComSense, is a perfect example.

When you first encounter the ComSense authentication card, you won't be sure whether it's for real. That's because it seems to defy a basic tenet of smart card technology: It interfaces to PCs without a reader. That's right, no new peripherals need apply. All you need to do is download a free software program and install it on the PC that you want to use with the card. Then a single click of the card's "Comdot" button opens your browser on the PC, launches the logon script for your ISP, and authenticates you to any number of services.

What's the catch? Well, you need to download and install ComSense's companion software, but that's not a huge deal. The software is less than 30K bytes and it installs as an ActiveX Control from "Comdot-enabled" Web sites. You need a PC equipped with a microphone and sound card, but that description fits most new PCs these days.

The card uses ultrasound - inaudible to the human ear - to communicate with the PC through the computer's microphone. So, you don't need a smart card reader or an infrared port or a Bluetooth port, or any other fancy peripheral that most PCs lack. The Comdot technology enables the cards to run out of the box with almost any new voice-capable client, including notebooks, telephones and cell phones. When the user presses the Comdot button, the card emits an encrypted, high-frequency, sound-based digital identifier that, at short range, authenticates the user to the PC (or voice-capable client) and network applications.

Smart cards are a pet technology of network security purists because they make possible strong, multifactor authentication. The technology ensures the ability to make logon contingent on something you hold - the card - and something you know, such as a password. Smart cards let users keep their personal identification numbers (PIN), passwords and secret keys in a safe place - in the card's protected memory - rather than storing them on a PC or server where they're vulnerable to eavesdropping.

Combined with PINs and biometrics (which card licensees would be free to add), Comdot technology could help smart cards live up to their long-unfulfilled promise. You could employ this technology to support single sign-on to online accounts, eliminating the need to memorize myriad passwords and effectively disabling PCs unless an authorized user is physically present.

Of course, nothing is stopping unauthorized users from stealing your Comdot-enabled card, pressing the button, and thereby gaining access to your network accounts - which is why added authentication factors (such as PINs and biometrics) would be a valuable complement to the technology for systems that require higher security.

Technological pioneers can't rest on their first-mover advantage. They must market and commercialize their inventions to survive. ComSense is seeking licensing deals with traditional card issuers, such as automated teller machine card and credit-card providers, though there's no telling how successful the company will be in this regard. Likewise, it must either partner with third parties that can contribute the other authentication factors needed to enable a truly secure card-access environment, acquire such functionality or develop it in-house. ComSense faces an uphill battle against a general feeling that smart cards are intrinsically awkward and, where security is concerned, a bit overkill for mass market applications.

So ComSense may find its greatest success in the traditional smart card market: companies with high-sensitivity corporate applications. It is targeting financial card and online services markets, pitching the card as a convenient and easy way to access preferred sites and secure personal data. It may also find a receptive market among consumers who worry about their increasing financial exposure to network security breaches, considering the range of banking, brokerage and other accounts accessible online.

This wireless smart card could become a fast, cheap, easy way for average users to hang virtual padlocks on their PCs and portable Web clients.

Kobielus is an analyst with The Burton Group, an IT advisory service. He's located in Alexandria, Va.