PlayApp, LLC (Dallas, TX) has announced what they describe as “a free open-source alternative to Microsoft's Passport”. Instead of routing authentication requests through a Microsoft service, users carry around a tiny plug-and-play USB device that is small enough to fit on a key chain. “The approach doesn't require people to give up their personal information to any one company,” says the technology's inventor, John Willsey.

How does it work? “Each PlayApp Key is pre-programmed with random algorithms, so no two keys are alike”, says Willsey. “Because PlayApp Keys generate random alphanumeric codes, they are 'future-proof' and can be easily used with any application requiring randomly generated security codes,” he adds.

Several software components are required to make the scheme work. A low-level device driver in the user's system or device communicates with the key itself, requesting codes from the key and making them available to other system software. Authentication requests, which originate at the remote system (typically from a web page), are processed by a PlayApp-enabled browser or other application running on the user's system or device. Assuming the process completes successfully, the desired service or access is performed.

In most cases, the entire authentication transaction will be completely transparent to the user, other than the need for the PlayApp Key to be plugged into a USB socket on the user's system or device. For added security, such as protection against a lost or stolen key, the PlayApp technology also offers the option of requiring the use of one or more PIN codes in conjunction with the hardware key.

PlayApp has developed several applications based on its technology for use in accessing protected web content such as music, videos, and e-books. Other applications for the technology are expected to include simplified and secure website login, generating codes for encrypting/decrypting files, generating/using PGP passphrases for secure email/real-time communications, and e-commerce.

Open Source . . . but patented

PlayApp is releasing the necessary software for end-to-end use of the PlayApp Keys under an Open Source license as a way to jump-start interest in using the approach, according to Willsey.

PlayApp already holds one patent on the technology and has applied for several more, according to Willsey, but the company doesn't intend to charge royalties for the use of the patents. The patented (or patent-pending) features of the PlayApp Player software are said to include generating random 8 to 64 character alphanumeric codes for use in password access, encrypting/decrypting files, accessing digital wallets and creating/using PGP passphrases for secure email/real-time communication.

A PlayApp-enabled media player program with integrated security capabilities is available for free download at PlayApp.com. Although the current version requires the use of Microsoft Internet Explorer, a Linux version is planned. Willsey considers a PlayApp-enabled plug-in for Netscape and other popular browsers to be a likely next step, and says the technologies being made available to the Open Source community should make that relatively straightforward.

The PlayApp Keys can be purchased from PlayApp's website for $44 each. The keys can alternatively be obtained from their manufacturer, Rainbow Technologies, a maker of copy protection and security devices.

 
This article was originally published on LinuxDevices.com and has been donated to the open source community by QuinStreet Inc. Please visit LinuxToday.com for up-to-date news and articles about Linux and open source.