Illiri sound API aimed at secure mobile data exchange, log-ins, payments

Sound-initiated data exchange similar to Near Field Communications but without proximity requirements

Something as simple as a sound should be all it takes for a mobile device to securely log-in to a website, complete a payment or connect two or more devices together to share data, according to a startup making noise in the mobile space.

Illiri last month introduced its SAPI application programming interface, which is the cornerstone for a sound-based data exchange that appears to be an alternative to Near Field Communications.

The company's co-founder, Vadim Sokolovsky,  said Illiri uses sounds to initiate a connection.

"We get a unique session ID from the server and transmit it using sound waves," he said. "We pretty much shout out, 'hey guys, if anybody is interested the session number is 12345 and I'm actually listening on it.' "

The sound-based connection can link two or more devices but also connect a device to a web site. Sokolovsky said a connection to a Web site represents a method for users to provide log-in information via JavaScript over the Illiri connection. Sokolovsky said using a sound-enable app to log-in would bypass keyloggers since the user would never have to touch the keyboard.

The company is also promoting mobile payments, gaming, and social media as potential applications.

Unlike NFC, physical proximity is not a requirement because sound can be transmitted over an app or service such as Skype or video conferencing systems.

All users in the connection must be running an application that supports Illiri's Sound API (SAPI).

A user initiates the connection by clicking a button in the app, which makes a request for a session ID. The ID is wrapped in a sound by the server and returned to the phone and played via the phone's speaker.

The listening device hears the sound, decodes it and returns the ID to the server. The server establishes the connection. The client app allows users to either confirm or deny a connection. Multiple devices can hear and decode the sound, but the range is limited to a few feet.

The data exchange server either runs on Illiri's public network or can be deployed inside an enterprise or service provider network. Illiri has built a card exchange app and a photo exchange application that are available for free.

Illiri is offering SAPI for free with the expectation that a portion of customers will run their own servers. Illiri also plans to offer a fee-based cloud service. Illiri said the servers do not store any information; they just matche the devices to make the connection and transfer data via TLS/SS using standard cell networks or wi-fi.

In terms of security, Sokolovsky said the session ID is short lived and that a user initiating the session can set the number of connections the session will handle. That would prevent a third party from recording the sound and then playing it back to join a two-party session. Likely that would take too long to execute before the intended recipient would connect, Sokolovsky said. In addition, someone attempting to intercept the message would have to be running a SAPI-enabled application.  

Sokolovsky said the company is thinking about an ultrasound option for SAPI. He said SAPI-based apps would likely be more consumer focused initially, but that there is nothing preventing the technology from being used in business applications.