/TECH

New security card lets your wallet do the talking

June 22, 2001 Posted: 11:07 AM EDT (1507 GMT)

NEW YORK (Reuters) -- Want to access your medical records online, without exposing them to prying eyes? Just have your customized credit card say "open Sesame."

Hold the ComDot card, a new product from Tel Aviv-based ComSense Technologies Ltd., up to your computer's microphone and squeeze the slight bump in its center. Otherwise indistinguishable from a garden-variety credit card, it emits a high-pitched series of noises similar to that of a fax machine or dial-up modem.

Because it communicates via sound, the ComDot doesn't require a specialized card reader like other "smart" cards -- only a computer with a sound card and a microphone. It is even designed to work over the telephone.

"I think it's a great product," said Shalini Chowdhary, senior industry analyst for Frost and Sullivan. "The main thing is that it doesn't require a reader -- that's its strongest point. ComSense has done a smart thing in going around the need for one."

One of the first companies to license the ComDot technology is iMetrikus Inc., operator of the MyHealthChannel Web site. Starting June 22, users will be able to use the cards to access accounts containing private medical information.

Here's how it works: Visitors to MyHealthChannel are asked if they want to download a small program, similar to the plug-ins used in Web browsers. Once the program is installed, users hold their ComDot card up to their computer's microphone and squeeze.

The card transmits an encrypted identifying code via high-frequency sound waves -- a long screech, followed by a lower-pitched warble. The computer then verifies the ID with the ComSense servers; the user enters a PIN (personal identification number) for added security, and the log-in is complete.

Never the same sound twice

The ComDot itself consists of a three-year battery, computer processor, two speakers and a small amount of memory. It never emits the exact same tone twice, so even if someone trying to gain unauthorized access to patient files were to record the sound and replay it, they would not succeed.

Still, Chowdhary cautioned that no security system or encryption scheme is impregnable.

"They claim that these frequencies change each time, but if somebody finds a way to crack the system ... hackers are getting better and better," she said. "But that's a problem with every new technology."

ComSense says about 98 percent of computers currently sold have the necessary sound cards; for those that don't have microphones, an inexpensive one could be bundled with the service.

After the initial installation of the ComSense software, squeezing the ComDot card will automatically take users to the MyHealthChannel Web site.

Access to records

San Diego-based iMetrikus sells its service to pharmaceutical companies, medical device manufacturers and disease management firms. A company that makes glucose monitors for diabetics, for example, could have users upload their blood sugar levels to the Web site, and send out customized warnings and messages.

"Fear about privacy is the single biggest factor that prevents people from using the Web to manage health information," said iMetrikus' Darrell Atkins.

Atkins said the company also plans to let patients use the ComDot to allow doctors, therapists and other health care providers access to their records.

Although ComSense is starting off with medical privacy, it has much bigger plans, starting with the lucrative financial services industry. Notably, VISA International President and Chief Executive Malcolm Williamson is also the chairman of ComSense; Deutsche Bank, which has a pay-by-mobile-phone service called PayBox in Europe, has invested $5 million in the firm.

Not only could the ComDot sit inside a fraud-proof, ultra-secure credit or ATM card, but the technology could also be used to validate online commerce transactions. Instead of merely requiring consumers to type in their credit card number, they would squeeze their ComDots, and perhaps enter a PIN.

Chowdhary said that convenience might even trump security for online shoppers who tire of entering in their credit card information and address.

"It's going to have a lot of convenience for users," she said. "The financial market is going to be a big thing for them, and I'm sure they'll be aiming at it."