Sony Ericsson Clicker is a shareware that lets you use a Sony Ericsson phone as a universal remote by running and controlling scripts on a bluetooth-enabled Mac using your phone.  Scripts can be fired when your phone enters or exits with Bluetooth range around a Mac.  This got me thinking about proximity authentication.  I am sure others have already thought of this, but I haven't enumerated the issues involved before.

How it works: As I enter a room with a computer, the computer (C) detects and authenticates me by forwarding a challenge sent from the authentication authority (AA).  My proximity ID (bluetooth-enabled phone with smartcard capabilities) sends back a signed challenge as response which C forwards to AA for verification.  Upon receiving result back from AA, the computer knows who I am and enables nearby dumb devices that I am allowed to use.  Meanwhile, the authentication server notes that I am in that room so access from other rooms can't be made.  When I exit, C disables the devices.

Theft: To prevent illegal access using lost or stolen proximity ID, one or more PINs can used and session can be time limited.  Entering the PIN in the morning as you enter a hospital should provide access to most staff-only doors for 8 hours.  Bank vaults can require a PIN to be entered upon entry and every 15 minutes.

Strongarm: To prevent illegal access at gunpoint, access control database can require presence of others to enable access.  Bank vault can require a guard to be present in the same room or in route to the room.  The guard can be required to reauthenticate before reopening the vault to let me out.  Pressure-plate can be used to make sure there is no unauthorized person accompanying me.

Crowd: If there are multiple authenticated persons in the room with a range of access permissions, context specific policies can applied.  Usually, highest access permission in the room should apply for the entire room.  For example, computer can enable missile launch control only if there is a commissioned offer in the room.

Proximity authentication is less intrustive than other authentication schemes in the physical world and is ideal for environments where there are difficulties with using hands to handle security token and keyboard.  Surgery room is one such place.  I am assuming that there are no interference problems between bluetooth and medical instruments.