So on the first day of the RSA Conference they hold the Innovation Sandbox; a contest for select new companies to present their ideas in 3 minutes as the best new innovation in security. Congratulations to the winner this year Waratek, but I would actually like to talk about one of the other finalists, ticto.

What I find interesting about titco is that their product is basically a smart card with an e-ink display and an LED indicator. The idea is for visual verification that the person who you see is authorized to be there. One of their examples is to use these for events as your pass. So everyone wears the ticto, and maybe based on the type of ticket you have, it shows a different image and color, so security can know you are where you should be. Since they are programmable, they can be reused over and over, and it doesn’t require a scanner to detect since it is designed to be a simple visual indicator.

The thing I find interesting is that this is like a “post-authentication” badge that humans can read. Obviously Green Rocket Security is primarily focused on digital authentication, not physical authentication. But one of the big problems with physical authentication is how to maintain it over time and prevent things like fake IDs (or just not having one that you can’t see). The idea with the ticto is that it shows a constantly changing pattern and color on the display, so at any time you can know if they are in the right place or not, without a special reader, since the indicators are designed to be visual.

This goes to the heart of one of the problems in authentication systems; how to ensure a user is still “authorized” after the authentication. If I authenticate right now to my device, in 20 minutes can you still trust I am the same or do I need to authenticate again? In the case of ticto, having the badge and it showing the proper image and color shows you are still authorized.

This is an interesting piece of tech, and it will be interesting to see if they can get wide adoption.

Stay tuned for more posts about RSA this week.