A password keychain for the Web
Usable Security Systems addresses the problem posed to users by the necessity of remembering passwords for a multitude of sites. When it debuts next year, the UsableLogin Service will let users use one password for any number of sites. (CEO Rachna Dhamija estimates that the average user has about 25 accounts and logs in about eight times a day.)
UsableLogin creates a verifier, which is equivalent to a strong, complex password, and is unique for each site. It does this by cryptographically combining the person's codeword with data from separate sources, including the computer the person is using and Usable Security's servers. Usable Security does not store or save the codeword. The service works at any Web site that accepts passwords and works with any desktop operating system or browser. Some mobile browsers are supported, but not those like the Apple iPhone's that do not support Adobe Flash. Because the verifier is associated to a specific computer, you cannot log in to sites from other computers or devices without associating them to UsableLogin and your account.
The stolen phone that fights back
Ever had your BlackBerry or similar device stolen? Not only are you out the hardware, but any data you've stored on it could be in the hands of a bad guy. And who knows what bills he may try to run up on it? Enter Maverick Mobile, with software designed to protect mobile devices running the Symbian, Windows Mobile, or BlackBerry operating systems. (Apple's iPhone is on the road map.)
It works like this: The user installs the application on the device and sets up a contact number for a separate mobile device. Should a thief attempt to replace the device's SIM card (which gives it a new ID in the eyes of the phone company, but not in Maverick's eyes), all data on the device is encrypted and thus made useless. The application also captures the phone number of the new SIM card and transmits it to the secondary device. If the SIM card is not swapped out, the rightful owner can retrieve the stored contacts and send text message to his device that encrypts the data anyway -- and then sets off a shrieking alarm that can be silenced only by removing the battery.