Why NFC Keyboard emulators / readers are a bad idea

For a while I was using an NFC Keyboard reader to automatically type my password into linux until one event really changed my perspective on this..

Obviously from a security perspective storing your password in plain text on an NFC tag is suicide, but let’s assume for a second only your computer has the key to read the NDEF record on your NFC Ring so even if someone else was able to read the NFC Ring they wouldn’t be able to figure out your password..

It doesn’t seem like such a bad idea now to emulate a keyboard and type in your password? Wrong.. You see what happens is that your computer can read that data at any point, so let’s say you are on IRC chatting away to your buddies and by accident you scan your NFC Ring. Boom, your password is pasted into the chat window, this is what happened to me and it sucked. To be fair to recover I only had to type passwd and provide my old and new password but still, it could have been way more painful..

Obviously a work around is to only enable keyboard emulation on the login screen but it’s still an interior and inadequete solution for logging into your desktop.

Basically Keyboard emulation for Auth sucks, don’t do it, or if you be fully aware of the pitfalls!

I’m doing a webinar about wearable technology

I’m excited to be doing a webinar for Farnell / Element 14 on the 24th of September. The topic is wearable technology.

I will mostly be focusing on the potential of wearable rings but I will also cover bracelets and how I hope wearable technology can disrupt the resource hungry jewelry industry.

Attend the 9am GMT session
Attend the 3pm GMT session

It’s a free webinar so sign up now 🙂

Ring Sizes And You – A hackers approach to making rings fit on your finger

Understanding the mess

To someone that works with technology the jewelry industry is a strange beast. Each standard for measurement includes a margin of error by default. This margin of error exists due to an attempt at simplification however this simplification has removed accuracy, an engineer’s worst nightmare.

Many rings are hand polished, done on different machines that are setup slightly different. If a truly large number of rings are manufactured there could easily be an inconsistency as calibrated blanks (molds) could be used to set up each machine for each size of ring. ring size gauges also are not consistent, plastic ones deform when you push a ring on harder, and some are grooved in steps that also change accuracy from ring mandrel to ring mandrel.

Wearing Rings for newbies

If this is your first ring wearing your ring will be uncomfortable at first, be prepared for a few weeks of discomfort until eventually your finger gets used to having a new friend to build a relationship with. This relationship is a two way street, your ring gives you great power but it comes at a cost. There will be times when your ring causes you some discomfort, this is normal and expected. Your finger will begin molding itself to the ring, do not be shocked or concerned if you feel some initial discomfort, if it lasts more than a few weeks then you need a different size ring.

Your fingers may sweat and some people have a reaction to skin getting to moist, trapped dirt or other materials under ring. The wider the ring the more that this is an issue. Callous’ (thick skin from activities such as drumming) can cause also issues, be mindful of this.

It’s important to get a good measurement, if your ring size is wrong your ring will be uncomfortable, a few 10th of a mm can make the difference between a ridiculously comfy experience or a finger throttling nightmare. Getting a slightly larger ring is sensible, usually by +0.4mm increase of the ID (Inner Diameter).

The size of your finger changes, be careful swimming in cold places as this is the most common place to lose rings. Cold water can decrease the size of your knuckle/finger by ~0.4mm ID (Inner Diameter) in a few seconds.

Initial Measurement – How to get it right

Using the correct Gauge tool

We strongly recommend using a “wideband gauge tool”. If you can’t access a wideband gauge tool then adding 0.4mm(~½ size US) to the ID (Inner Diameter) might be good enough. Alpha NFC ring purchasers should add 0.8mm or so. As a general rule of thumb always round up if providing your ring size in US Ring sizes. Ideally we’d of asked for your size in MM but hindsight is always 20/20.

Why your knuckles are so important

Your knuckles are the second barrier for keeping the ring on your finger, the NFC Ring comes with a comfort fit so that means there is limited surface area, this means that larger rings can have a more comfortable feel in daily use. The reduction in surface area and radius of the ring makes it easier to slide over your knuckles than a ring that doesn’t have a comfort fit.

Knowing when to get your measurement

Get your ring measurement when your hand is warm and when you have been doing physical activity with your hand. Carrying loaded up shopping/carrier bags is usually quite a good one to prepare your finger for measurement.

Knowing when NOT to get your measurement

DO NOT get your ring measurement when your hand is cold or after you have been swimming. You might choose to get two rings, a summer and a winter ring, it depends on your life style.

Finger Size Changing

% change

On an average day your finger ring size will fluctuate ~0.7mm on the ID (Inner Diameter). We call this ring size deviation and it is described with the symbol ±.

Factors that affect finger size deviation

  • As you get hotter your finger will expand
  • As more blood flows to the further parts of your body your finger will expand (caused by phsyical activity and body orientation)
  • If your Body Mass increases your finger will expand

Different Fits

Comfort Vs Standard Fit
Comfort Vs Standard Fit

Standard Fit

A standard fit ring has no radius where the ring meets the finger, it is completely flat.

Comfort Fit

A comfort fit ring has a radius, we use these for the NFC Ring project as our contact surface area is quite large compared to the average ring. Comfort Fit is measurement at the point where the skin makes contact with the ID which is the narrowest point on the ID. Comfort fit also reduces the chance of finger irritation and allows your finger to “breathe” more.

Different Widths of Rings

By Width here we mean the depth of the ring, the distance from the base of the finger towards the tip of the finger. The Thicker the ring the less comfortable it usually is, this is due to the increased surface area and therefore friction caused by the contact with the skin. To address this the NFC Ring uses a comfort fit however wearing any wide ring for long durations.

Image below a modified version from Wikipedia

Black location shows optimum location of ring

As you can see on the image above where the finger joins the base of the hand the Proper palmar digital arteries and nerves show a slight indent making this the narrowest point on the hand near the base however this point only extends to the point where the tendons and muscle begins. I have labelled this point with a thick black line. This size of this location can be identified by placing a tightly fitting ring on a finger then moving the ring towards the knuckle whilst rotating the ring. The ring will become more difficult to spin as it gets closer to the knuckle. This space is roughly 11 mm on an average male hand, if the ring is worn at this point the wearer benefits from a few things.

  • The wearer is less likely to lose their ring as it is a “good fit”.
  • The wearer won’t experience discomfort of the ring squashing their muscle under a tight fit.

There is however a disadvantage of wearing a ring in this position. The ring will fit deeper into the finger and the lumbrical muscle will create a void space when holding the ring up to a flat service. This could be resolved by wearing a thicker ring however this would make for a more uncomfortable experience as the ring would cause friction with surrounding fingers . This space is visible below:

Gap between target device (mug of tea) and ring

This void can be the difference between a successful and unsuccessful read. This problem is more prominent on the middle of the fingers on the hand, the solution often used by other fingers is to rotate the hand to get good contact. Be mindful outside fingers provide less security as they are easier to read.

Different edge radius (curved/rounded)

Different Edge radius, normal ring (left) has a very small radius.  Alpha (right) has a large radius
Different Edge radius, normal ring (left) has a very small radius. Alpha (right) has a large radius

Rings tend to come with either a relatively brutal square edge rim or a soft radius. Square edge rings(Rings with none or very little radius) make for a slightly less comfortable daily wear but do ensure the ring is more difficult to lose. The soft radius on the NFC ring makes the ring easier to place on your finger and also more comfortable on a daily basis.

Some proposals for solutions in the future

Using a webcam to get a measurement

The lack of third dimension in existing webcam technology means it is only possible to discover the width of a finger at the point of ring contact, not it’s height, while it is very common for the width to be wider than the height it is possible that not having the height for measurements could cause some anguish.

The lack of pixels in existing webcam technology makes it difficult to take exact measurements against a reference point.

The lack of accessible objects to measure against is a current limitation. The best standard size object people have easy access to is a credit card with a magnetic strip, another option is a cell phone SIM card however these vary in size and access can be difficult.

What technology/technologies could be used to get a truly accurate measurement

  • High resolution 3D scanner with point of reference for scale
  • Kinect-esque camera and software

Note: One might also consider providing some way of measuring or controlling the state of the measurers hand IE if it’s cold or not.

What technologies can be used for a semi-accurate measurement on one axis

  • 1080p+ Camera with a reference point such as cell phone app or magnetic strip
  • 1080p+ Camera with well trained Haar Cascade classifiers (Machine Learning)

A ring that re-sizes the DI +-~10% based on

Why make a ring that can resize?

  • Increase comfort
  • Decrease possibility of losing ring
  • Reduce # of rings required to enter onto market
  • Reduction of Non-Ferrite Material in ring
  • Decrease in Security due to reduction in Non-Ferrite Material
  • Address the issue of the ring not being able to reach the reader when recessed.

Laser cut wood and airport security

If you ever travel with laser cut wood through airport security you may set off some alarms.

Sometimes after wood is laser cut the dark edges are treated with hydrogen peroxide, a common material used in making explosives. If the security guy swabs your wood (giggidi) then runs it through the particulate inspector it will set off alarms and the sturn woman with a clipboard will ask you lots of questions. No doubt you are smart enough to search for “Laser cut wood”, “explosives”, “screening”, “security” and hopefully you landed up here and now you can tell them what they detected and why they detected it…. GOOD JOB YOU!

I thought this was worth sharing as I set off a few alarms taking my NFC Ring test tool through airport security at MAN.

If this blog post saved your ass, feel free to check out the nfc ring

44 Tech sites to contact when launching your product

This is my contact list for an NFC piece of tech I’m working on.  I thought it might be useful for other tech startups launching new products especially for those in the mobile / android / NFC space.

When you submit a news tip to these websites you might not receive a response and/or you may be waiting up to 4 weeks before they get around to writing publishing.  Don’t worry if this is the case, they are very busy and sometimes your products just doesn’t fit in with what their audience might be interested in.

You should use the Chicago manual of style when drafting any newsworthy articles.  The likelihood of your tip being picked up on depends on the quality of your press pack and it’s relevance according to the editors audience.  I would suggest spending at least a week working on your press pack and if possible get it proof read by an expert.  Creating a press pack is a skill, this contact list is only 1% of the problem solved.

When contacting for a review you wont need to be so formal however you may want to provide them with a press release style statement so they can quote you.

Each website will have a different audience so you should tweak how you contact them to emphasize how your new product will affect their audience.

  1. xda-developers  – http://www.xda-developers.com/suggest-content/
  2. YCombinator – http://news.ycombinator.com/submit
  3. Reddit – http://reddit.com
  4. slashdot – http://slashdot.org/
  5. Wired – http://www.wired.com/about/feedback/
  6. engadget – http://www.engadget.com/about/tips/
  7. Gizmodo – tipbox@gizmodo.com
  8. theregister.co.uk – news@theregister.co.uk
  9. gadgetsin – https://twitter.com/gadgetsin
  10. The huffington post – scoop@huffingtonpost.com
  11. Mashable – http://mashable.com/submit/
  12. Techcrunch – tips@techcrunch.com
  13. Before it’s news – http://beforeitsnews.com/editorial/
  14. gizmag – editor@gizmag.com
  15. guyism – http://live.guyism.com/submit
  16. sellcell.com – http://www.sellcell.com/help-and-support/
  17. sellmymobile.com – http://www.sellmymobile.com/help-and-support/
  18. the next web – http://thenextweb.com/contact/
  19. geek.com – http://www.geek.com/about/
  20. the gadgeteer – http://the-gadgeteer.com/well-review-it/
  21. ewallstreeter – http://ewallstreeter.com/page/contact.php
  22. gear diary – http://www.geardiary.com/how-to-submit-your-product-for-review/
  23. android spin – http://androidspin.com/contact-us/
  24. gizbot – https://twitter.com/gizbotcom
  25. rfid journal – mroberti@rfidjournal.com
  26. gentlemint – http://gentlemint.com/
  27. pymnts.com – http://pymnts.com/regulations/submit-content/
  28. dailyme – http://dailyme.com/mynews/addcontent
  29. lazy tech guys – http://lazytechguys.com/contact-us/
  30. techchee.com – tips@techchee.com
  31. nfc world – http://www.nfcworld.com/tip-off/
  32. tech wench – http://www.techwench.com/contact/
  33. damn geeky – damngeeky@gmail.com
  34. runaroundtech – http://www.runaroundtech.com/product-submission/
  35. golem.de – news@golem.de
  36. betakit – tips@betakit.com
  37. android rundown – http://www.androidrundown.com/about/submit-app-hardware-review/
  38. Android Banks – http://www.androidbands.com/
  39. mobile developer tips – http://mobiledevelopertips.com/submit-tip
  40. nfcnews – http://www.nfcworld.com/contacts/
  41. TG Daily – http://www.tgdaily.com/contact
  42. Electronista – http://www.electronista.com/contact/newstips/1
  43. GigaOM – http://gigaom.com/tips/
  44. Forbes – readers@forbes.com

Do you think your website should be included?  Leave me a comment and I will check it out.

Also this