Thursday, April 10, 2014

Sometimes I just hate my how we treat users!

Oh! We have a problem! Let's make the users jump through useless hoops, that will increase their trust in the internet. Not!

The latest example is HeartBleed, even the normally sane BBC News Channel is joining in the the hysteria.

Don't get me wrong the HeartBleed vulnerability is really really bad!
However the hysterical cries to "Change ALL your passwords!" is worse.

As a reminder here is the current flow:-
Flaw Detected in OpenSSL (Versions 1.01-1.01f)
 (NB Most sites are still using older OpenSSL code that is the sites are Not Vulnerable)
Some of the "in the know" sites update their sites, and keep their heads down.
Security Experts start crying "Update ALL your passwords!"
News Media picks up and echoes the cry.
The sites with the vulnerability patched keep their heads down.
The sites with the vulnerability unpatched keep their heads down.
Some sites update their Security Certs but not all...
Some Users Update ALL their Passwords wasting time and not getting any real increase in their security.
Most users just raise their eyebrows, and think "Not again!"

(NB Simply patching the OpenSSL code is not enough. The affected sites also need to update their security certificates. As an example O2 have patched and updated, it seems that EE have just patched and not yet updated their Security Certs. Though some Certificate Providers do not update their Certificate dates when re-issuing Certificates so, who knows!!)

Of my 257 internet accounts 249 of them were apparently not affected, either they were not on the affected versions, or they did not use SSL!

Of the 8 sites that Lastpass detected were affected, 5 of them had not yet updated their security certificates,  and only 3 had updated their certificates. So in fact I apparently just had 3 passwords to update.

A far more Open and sane approach to the process would have gone like this-

Flaw Detected in Open SSL (1.01-1.01f)
Some of the "in the know" sites update their sites: Goto **
Security Experts get the message out "Site Admins Update OpenSSL  (Versions 1.01-1.01f) and Certs
News Media keeps its head down. IT and Security Media repeats the message above
The sites without the vulnerability keep their heads down.
The sites with the vulnerability unpatched declare on their website that it is insecure but they are working on it.
The sites with the vulnerability patched and certs updated: Goto **

** Force re-authenticattion and password reset on ALL site users, admitting that the site had been vulnerable.

Funny how LastPass did not declare themselves as one of the affected sites, despite the fact they were, an example of the "in the know" keep our heads down approach to security and brand protection. Thank fully I use my Yubikey(s) to protect their site! I wonder how they have been compromised by Heartbleed?

Oh! how my HeartBleeds!

Tuesday, April 08, 2014

It's the data, stupid!

All this hysteria about Apps is causing a very scary result the micro-silofication of data, making it ever more unreachable. The previous data micro-silofication era, based on the mass production of spreadsheets at least kept the data accessible.

Why are we giving up access to our data so readily?

What will it take to have us realise the significance if this problem?

Where can I put my data?

The meter readings of my energy and water consumption for example whether automated or manual...

Ideas welcome...


Tuesday, March 18, 2014

I'm up to here with Privacy!

Don't get me wrong, I like my Privacy! But everyone trying to legislate for it or protect it, are missing the slow creep of change. Security folks are even largely missing this change, though they might argue that they catch the real issue obliquely under the guise of the I or A in C.I.A. that is Integrity or Availability

But sadly Integrity or Availabilty do not cut it...

It's about Control, or more correctly the downside, ie "Loss of Control". Take a look at the real threat behind Advance Persistent Threats (APTs).  Many of the famous one's had no interest in exfiltrating information, that is threatening Confidentiality or Loss of Privacy. They were about taking control of the assets they were attacking whether alternating rotational speed of centrifuges, in order to cause them to self destruct. or just prior to the attack on Iraq taking control of the Iraqi military Communications, Command & Control system. 

In short Agency is the thing we should be maintaining and protecting not Confidentiality or Privacy. Basically because if the right entities are "In Control" of the right assets then most security problems are solved. 

In order to keep control in the right hands, our focus should be on Identity, and Entitlement.
Watch the Jericho Forum Identity, Entitlement, and Access Management videos on YouTube.

Some call Entitlement; Rights Management, sadly this term has been discredited due mainly to the fact that initial "rights management" implementations were used by the music industry to reduce or control the rights of listeners asymmetrically, i.e. in a manner that is similar to the "Heads I Win, Tails You Lose" model of control.

Effective controls have to be symetrical, with the right entity being in control of the right assets, in order for this to occur, legislators should stop focussing on Privacy, and start focussing on Agency.

We are living in a world where Agency is being, at best reduced, at worst destroyed. Devices are being built and sold that Never give full control to their users. The early PC was Agency neutral, it arrived with no one in control, the owner could gain "Root" access to the device and take full control. more recently devices arrive that can never be controlled by the owner of the device. Sony took control of their Play Stations away from their owners, Apple never gave iPhone Users control, they tried to keep it, "JailBreaking" being the only means of gaining "Root" access.

Samsung Smart TVs are another example of a class of devices that denies control to their owners.
I blogged on this earlier.

Imagine, if you will a world where devices like for example an aeroplane could be configured to act in a manner not directed by the pilot or co-pilot. The current conundrum of the missing Malaysian Airline could well be explained by catastrophic loss of Agency. The communications, command and control systems on the plane are all controlled by software normally controlled by those in the cockpit.  A malicious third party, or nation state may have inserted an APT that took control of the plane. Was this a trial run of a new form of terrorism? 


Agency is far more important than Privacy. We need to focus on keeping control in the right hands.

It may turn out to be a pilots malicious actions, either way it is an Agency problem!

"He says typing on an iPad that he doesn't have full control of!"

(As I have stated before the word Agency is not being used in it's more recent organisational construct.)

Tuesday, February 25, 2014

Aargh! Yet another Raised Bed/Silo in my Walled Gardens

The Internet of Things will hold far less promise if everyone follows the Hive path that British Gas have chosen.

For those that do not know "Hive" is a means of controlling your home heating, and hot water if you have an old fashioned water tank! It comes with a very nifty and useable App, and it can be controlled via the HiveHome website. A word of warning don't forget that you are in Demo mode, I can vouch for the fact that it is very annoying to find you have programmed your whole system in Demo Mode!

The Bottom Line...
British Gas have apparently licensed the AlertMe hub, but taken the Zigbee protocol and made it their own (ie Proprietary Protocol!)

Grrr,  my Home Automation Agency is already under attack! I started looking up "Hive API" as soon as it was installed, by a very kind British Gas engineer named Josh who explained that I could get it done for £179, as he was already here servicing the boiler. I was hooked. I failed to do my normal due diligence!

No APIs currently available or planned. (Though they have been hinted at) :-(
I checked IfThenThat.... nope Hive is not present? :-(

Apparently I can use SMS as an API interface, thanks for that British Gas!

So now to follow my own advice, after the fact, what data/control have I just given up, and can I get it back?

Watch this space... I am still pondering that question. 

We are likely to see many more examples of Walled "Internet of Thing"s Gardens
In fact my Internet of Things garden is starting took like my own garden, a hodge pudge of poorly connected raised beds, think silos of things. 

The X10 System 
The Withings Scales
The Weather Station
The Blood Pressure Monitor
The Heart Rate Monitor
The Mac based Indigo Home Automation System
The Hive
The Solar Panels
The OWL Electricity usage Monitor
The Electric-Save Electricity usage monitor (Don't ask!)
The X10 Secure Alarm System
The Phillips Multifunction Remote
The Apple TV
The TiVo
The PS3
The Samsung Smart TV
The Airport Expresses (iTunes)

My iPad Mini with
   Withings App
   Hive App
   Apple Remote
   Indigo X10 App

No prizes for guessing that they are NOT fully integrated! Yes all of them can connect to the Internet!

I want my IoT Agency to be simple to manage and easy to integrate!

Some Hope!

Dear British Gas,
 You do not understand the power of co-creation. You have treated me just like the crab in my prior blog post. Please reconsider your stance!

Adrian


PS I am off to read the Terms and Conditions, I really was badly hooked !!

Dear Satya

I am looking for a cyber knight, some one who will bring "Human Agency" to the internet and protect it. By Human Agency I mean the capacity to control one's environment, when the environment is the internet, it might be called Cyber Agency.

To give an Entity (Government, Organisation, Person or Device) Agency, there are three things that must be sorted:-
1) The ability and capacity to trust the identity of remote entities,
     whether Anonymous (but same) or Named (and verified)
2) The means to transact in a trusted manner, ie negotiate, contract, commit, deliver, and pay in whatever persona we chose.
3) The opportunity to collaborate in a trusted environment

For me the current manner of attempting to achieve this with secrecy is doomed to failure.

We need an open trustworthy ecosystem, to accomplish the above.

I believe Microsoft can be one of the reasons that this ecosystem can come into being.

Please help us move from the "Agency Free" Enterprise/Network space through the "Agency Impaired"(App/Service)^2 domain to the "Agency Enabling" Entity/Device/Data Nirvannah






Is it just me?

I get the sense that we are sleep walking into a world devoid of human agency, a world where the machines are talking to machines, and corporations are taking the profits.

Human Agency defined previously here; is something that we innately desire, but are too often giving up in exchange for mere fripperies. A free game gets access to our location, our friends, and all their details and even the right to change our address books, without any further input from us, and often with not even a tiny shiver of fear.

Many moons ago I was advised to cook a crab by placing it in cold salt water and slowly bringing the temperature up, as it would not notice before it was too late, that it was in "hot water".

The water is getting warmer, and yet we still do nothing but click on anything that gives us "something for nothing". Except, it is our "Agency", it is not nothing! If we give it away it will be very hard to get back. Atfer all the web never forgets...

If Religion is the opiate of the People, then Apps are the Designer Drugs, and Devices are the Syringes!

Inject them into your life at your peril!

At least think before you click...
"What am I giving away control of, and why, and can I get it back?"

Remember: We are the Crabs!

(With thanks to the Orrinjohnson.com blog)

Organisations that understand these issues will be empowering us to be in control of our cyber selves, there will be a new breed of corporations that understand that e-trust is something hard to acquire and easy to lose. Which is the best type of Competitive Advantage there is! 

As the Internet of Things takes off, there are likely to be two sorts of organisations, those that seek to lock us in, and make us the product, and those that seek to "Co-Create" with us and make us their loyal partners and customers.

What to do...

Enterprises should ask:
How to invest in a Collaborative Future?
How to avoid cooking your customers? 
How to compete in ways that develop Human Agency?

Governments should ask:
How to legislate to protect Human Agency?
How to achieve compliance?
How to punish the theft of Human Agency?
How to empower the populace? (Education?)

Individuals should ask:
How can we (Co-)create our future?
How do we get out of the pot?
How to support organisations that protect our agency?

For the machines might get to ask; "What benefit do these fleshy things bring to our world?"

Deep down it is about Trust and Values, ours and theirs,
and the ecosystem that will support Human Agency.

Some might call this Freedom, which is surely worth fighting for!




Monday, February 03, 2014

The Missing Commandment

Having been intimately involved in the development of the original Jericho Forum Commandments, https://collaboration.opengroup.org/jericho/commandments_v1.2.pdf there were a lot of hours spent in many fuggy rooms, with drained coffee flasks more often than not, with some very impressive individuals.  It is only now many years afterwards that I realise that we missed a key commandment, arguably the most critical of the commandments.  

Happily there are a number of precedents, for missing a keystone Commandment, the fundamental principle, the prime rule, or key law.  Jesus in John 15:12 did this when he gave us an additional commandment, "Love they neighbour as I have loved you", presumably because he recognised that the original commandment covering this area, relied on human foibles; "Love thy neighbour as you love yourself."

My favourite example of realising a "law" was missing and adding the missing law was achieved by Isaac Asimov after his Three Laws of Robotics:

"1. A robot may not injure a human being or, through inaction, allow a human being to come to harm.
2. A robot must obey the orders given to it by human beings, except where such orders would conflict with the First Law.
3. A robot must protect its own existence as long as such protection does not conflict with the First or Second Law."

After Asimov started to have robots, like Daneel, have impact on humanity, he recognised the need for a Zeroth Law:

"0. A robot may not harm humanity, or, by inaction, allow humanity to come to harm."

Some apparently establish the prime law in their initial attempt, in 2009, Robin Murphy (Texas A&M) and David D. Woods (Ohio State) proposed "The Three Laws of Responsible Robotics" 

The laws are as follows:

  1. A human may not deploy a robot without the human-robot work system meeting the highest legal and professional standards of safety and ethics.
  2. A robot must respond to humans as appropriate for their roles.
  3. A robot must be endowed with sufficient situated autonomy to protect its own existence as long as such protection provides smooth transfer of control which does not conflict with the First and Second Laws.
I suspect that even this set of laws could be manipulated in true Asimov style to posit the need for a Zeroth Law "A Robot may not deploy a robot without embedding these laws within it."

However I digress, and am in danger of starting to explore the areas of ethics and trust, so back to the missing Jericho Forum Commandment. When we created the original 10 Commandments we added an Eleventh to ensure that Secure was the Default position.  At the time we coined the Deperimeterization word, it was clear that we had information security at the fore front of our thinking.   (I got over the 's' vs 'z' spelling tension after I learned that 'z' was originally used in Olde English.) We saw the term had two fundamental meanings, the first to imply that it was a natural entropic force that impacts all information, resulting in reduced integrity and data spread.  The second to imply the existance of a set of external negative forces attacking the structure and value of the data.  Both of these meanings could arguably be covered with what I have recently identified as Anti-Clockwise Security. (Shorthand for having a largely Information Risk Reduction mindset)

The 11 Commandments were split into 5 areas:
  1. Fundamentals
  2. Surviving in a Hostile World
  3. The Need to Trust
  4. Identity, Management, and Federation
  5. Access to Data

So what is the missing Commandment?

The fifth area; "Access to Data", arguably signals that we were discussing the underlying concept of the Zeroth Law in those fuggy rooms.  I posit the Zeroth Law should cover the basic concept that data should not be stored, by interested parties; rather, the relevant information should be accessed.  As an example; an entity should not need to transfer their precise date and time of birth, arguably a critical identifier, to a third party who simply wants to know that they are over 18.  Another example would have the reader, listener, viewer or player being trained to understand that they are no longer acquiring full rights to a physical asset, but they are being given licensed access to digital assets, the two books that I just connected to my Kindle account are such examples.  We are in a transitional era moving from physical to digital, paper to silicon, silo to network, moving from egosystem to ecosystem.

In this transitional era, we are in an age of the "big data grab", whole industries are seeing it as their right to insert themselves into our data streams and hoover up all our data.  See my Samsung & LG TV blog posts.  In the prior "Physical" era we had got used to being able to "own" the intellectual assets of others, and felt we had the right to share the physical instantiation of their efforts, either an Vinyl LP or a Book, with others as we saw fit.  The creation of the Philips Cassette, and latterly Video Casettes even allowed us to make physical copies of such intellectual property, while it was being broadcast by radio and TV.  The artists or authors involved thus lost control over their assets in the physical era, and are still doing so in the transitional era.  Apple with it's iBeacon technology are rolling out a technology that has been architected not to share vast mounts of data, but arguably could be part of a huge hoovering effort, or the start of rolling out the solution, something to keep an eye on!.  As individuals we would do well to consider our digital address books, do we own the rights to all the data in our digital address book?  To this day, I still feel guilty about allowing Plaxo a look at my address book, apologies to any impacted by my faux pas! Hopefully no more than an increase in Spam!

As I have previously stated we need to shift from a privacy focus to an agency focus.  In order to achieve that shift and maintain control over our assets we need a new approach, a new mindset, a prime commandment?

"Owning entities should not allow their data to be uncontrollably stored by others"

Remember In the Jericho Forum we included the following as entities:
    People, Organisations, Devices, Code, and Agents.
We recognised that Agents were a special form of Entity that could be any of the five!

In the address book example implementing such a prime commandment would have the benefit of my address book always being up/to date, and not containing the addresses of folks who no longer want a Christmas card from me! Exploring the other examples I can only see positives, of course we won't be able abuse the assets of others, but surely that would be a good thing?

Oh yes the e-Trust ecosystem that enables this Prime Commandment is yet to be built, so until then consider carefully who you chose to give your data to.

To be clear the above is not the final wording of the Zeroth Commandment, simply my first crack at it...

Improvements welcome.

Aside: Before the Jericho Forum quiesced, we posited the need for a set of Jericho Forum Data Commandments, this would surely be one of the first of these?





Tuesday, January 14, 2014

So what drives e-trust in an Outside-In world

I started considering this question while fighting a cough that kept me awake until one am this morning.

We probably first need to define Outside-In and e-Trust:
The first definition will be the most difficult to capture in a single sentence, especially as LEF's own understanding of the concept is fast evolving, from being just an IT based paradigm focussed on platform location, to taking a more holistic business perspective resulting in the importance considering and engaging in the development of new business ecosystems, often powered by the fast evolving internet.

Outside-In
The approach or mindset of an enterprise or entity that makes use of an external network of partners and/or co-creators to expand the size of the network for the benefit of it's participants. This will more often involve the effective use of information or innovation sourced from the external network, than it will internally created information or innovation.

e-Trust
Involves the capacity to develop confidence during specific interactions, that involve specific assets, through various devices and systems across networks to other knowable and unknowable entities. One might call it Virtual Trust.

After my coughing bout, and a period of what felt like insane clarity, I fell asleep after having created the following seven top Level "A"s, as perceived by the end user.
(NB I did not concern myself with the deeper,  more technical components that will be required to deliver on these high level drivers.)

Affordance, Accessibility, Availability, Accuracy, and Agency....

I swear I came up with a sixth and seventh A, but as I fell asleep soon after with a deep sense of satisfaction, I failed to properly store it in my sleepy neurons.  Wait, they have appeared, I can't believe I momentarily forgot them, they are of course;

Authenticity and Authority

As I went to sleep, I gave myself the challenge of comparing these seven terms with the Parkerian Hexad, but first lets quickly define these seven drivers, not in any specific order. I will tweak the Wikipedia definitions to match the needs of this blog post. Remember we are considering the drivers of e-trust in an Outside-In world. I will not argue for or against these terms, I will just try and define them in the context of Outside-In.

Affordance 
The capacity of an object, service, ecosystem, or environment, to allow an entity to perform an action.
This term relates also to such concepts as usability, simplicity

Accessibility is the degree to which information, products, devices, services, or environments are available to as many entities as possible.

Availability is the probability that an item will operate satisfactorily, or information would usable at a given point in time when used under stated conditions in an ideal support environment. Simply put, availability is the proportion of time a system is in a functioning condition.

Accuracy The nearness or closeness of information to the actual value of information being accessed.

Agency is the capacity of an agent (a person or other entity) to act in a world, including controlling access to their own information.

Authenticity The genuineness of content or identity, actually possessing the alleged or apparent attribute or character,

Authority Represents the legitimacy of an entity to define formal rules or rights, established in law or by decree of the owning entity.

So onto my Parkerian Hexad comparison...

My seven terms Affordance, Accessibility, Availability, Accuracy, Agency, Authenticity and Authority

The terms from the Parkerian Hexad
  • Confidentiality
  • Possession or Control
  • Integrity
  • Authenticity
  • Availability
  • Utility
Two direct matches, but the rest all align to one degree or another


I believe that the seven more effectively represent the drivers of trust, rather than outcomes that influence the trust.


All this, apart from the last comparison, in a weirdly clear glimpse just as I fell asleep. It just felt right.

In the cold light of days I am starting to challenge the logic... what say you?

#40 To no one will we sell, to no one deny or delay right or justice.

Article 40 of the Magna Carta (1215) embodies in one sentence the concept of Agency.

#40 To no one will we sell, to no one deny or delay right or justice.


I was listening to a radio news article on the troubles besetting Egypt, when “agency" reared its head again…. For me having "agency" involves not having my rights, sold, delayed or denied.

The binary agency/control option is quite apparently the issue, with the Egyptian voters being given a fools choice.

Option 1) No i.e. you want the Prior Constitution which established the Muslim Brotherhood as the only option leading to a Police State
Option 2) Yes to the New Military Constitution which establishes the Military as the only option leading to a Police State

Getting the "Balance of Agency" right is never easy, I can’t see any easy way out, while neither side wants to truly create a pluralist society. I would commend those developing a new Egyptian Constitution to take the best parts of the Magna Carta.

The same goes for the Internet...

Option 1) Enterprise Centric  …. leads to exploitation of consumers data, and thus the consumers
Option 2) Network Centric …. leads to exploitation of consumers data, and thus the consumers
Option 3) Service Centric …. leads to exploitation of consumers data, and thus the consumers
Option 4) Device Centric …. leads to exploitation of consumers data, and thus the consumers

While Option 2) Network Centric Is currently dominant
(I hold the News Corporations to be part of the Network Centric Option, along with Broadcasters and Network Providers, in my mind Network is not just the wires.)
We are currently in a battle, perhaps as yet unrecognised, between the Service and Device Options for dominance. Clearly the Network Players will continue to fight to maintain their valuable, to them, dominance. Sadly it appears that all the potential winners want to sell, delay, or deny our data rights.

Put more starkly: Who will rule us, through our data, Google or Samsung?

(Apple is still straddling the fence between the two options but by targeting only the wealthier, they will likely be also rans.)
Amazon might be the white knight, if they help build an agency enabling ecosystem that gets the balance right. At present they are seemingly fighting for dominance in option 3, but they are not averse to fence sitting, with devices sold at a loss, if it helps them achieve dominance.

I don’t really like any of the above numbered options; where are the options that allow for the balance of control between providers and consumers. I am not looking for a compromise(d) option, I am asking is there a "Fourth Way"?

Do we need an Internet Magna Carta that focuses not on an individuals right to Privacy, but more on the right of entities and Society to control how their data are used. A charter that does not allow the selling, delay or denial of our data rights.

The intriguing thought I have is that the e-trust ecosystem designed to deliver on the needs defined in an as yet unwritten Internet Magna Carta, might be used to solve the wider societal difficulties that we face; as factions, formed from religion, tribe or dogma continue to rip our plant apart. Only this week we had a world leader get embroiled in an affair of the heart which interfered with the affairs of his state. We also had an individual chose to eat the raw limb of an opponent he had slaughtered as retribution for the loss of his own family members, we are living in a crazy world.

Clearly criminals would not be allowed to hide evidence of their crimes, nor Leaders hide their true values, but isn't it reasonable for us to want entities to have balanced agency?

Let’s build an e-trust eco-system that helps hold our leaders accountable, and achieve an agency balance that; supports rights of many different factions, encourages the growth of enterprises with the right values, ensures the continuation of a trustworthy global communications network, helps reward the development of valuable services, and creates a demand for devices that are valued.  We might call this Internet (or Social Media) enabled phenomena Social Capitalism! Either way “Agency" in the new system should be balanced in favour of no ONE entity or organisation.

Intel has written a paper on the upcoming Data Society in which they wrote "Today, we do not control most of our personal information. People in the future may "want to have more transparency and control over the use of their data." and perhaps more importantly: "We don’t know enough about our own data, and its value."

I hope that this new option will be “Value(s) Centric"

With an e-trust ecosystem in place perhaps we could build a Pluralist Outside-In Society?

I believe that this would be as valuable for the enterprises currently being marginalised in the batlle for dominance as will be to the consumers who are being increasingly exploited.

Whether Extremist Christians or Extremist Muslims would be happy to live in such a society is another matter.

Sunday, January 05, 2014

The big reveal!

I don't know my left from my right! You would however never know as I have a memory implant that gives me the answer on demand. While you can see the implant if you look carefully, you can't see when or if I operate it. A nasty collision with a wooden post in the early 60's, gave an RAF orthodontic surgeon, the excuse to experiment with this futuristic device.

To my delight I mastered the implant with ease, and have been using it ever since. It has no batteries, and has only had to be serviced twice in 50 years, once when the original materials decayed, and once when it came unstuck.

The reader is my tongue, the implant is simply a cap on what remains of my left incisor.

What the heck has this got to do with e-trust I hear you cry! Well actually far more than you might think. 
Having perused the recent news that Google is looking to allow you to unlock Chrome without a password, by using your mobile device, but were concerned that the devices might be abused, my surreptitious tongue interface came to mind. 

If I could give my tooth the power to communicate with my device, I could allow Chrome to automagically authenticate me through my device and then confirm my authorisation with a secret tap on my tooth.

An extension of the now hopefully not patentable idea, as I have put it into the public domain, is to piggy back an interface onto the nerves controlling the muscles in a particular area of ones body. then the user the would teach their identity agent their particular secret musculature confirm command.

For the challenge with establishing if any authentication signal was correct is first establishing with a high degree of authority the actual intent of the principal in question. There would also need to have a secret duress signal. Even more capable identity agents would have the capacity to detect the amount of blood in my alcohol! Authorisation would ever be allowed when it was high enough!

Too often are actions taken to be meant, this is not always the case.

Accepting actions without intent is a very fast way of denying the agency of the principal.

So when will I be able to get my dentist implanting my dental authentication device?
Perhaps more importantly what will it be called? 
Yorkshire Version = t'authorise
Modified Joke  = 2or30 ( two authority ok a stretch but close in an Irish accent)

Or a strap round my ankle that detects me twitching my left big toe, three times.
"Trust Ankor"?

It is not sufficient for a device to be able authenticate my ident, my device will need to confirm my intent, the two are very different problems.

As we shift to an Intention based economy this will be a real issue, for which we will need answers.