One often overlooked area of security industry is user participation, the role users play in a security system.  Geeks are so obsessed with technology that there is a valuable resource already assigned to each account: the user.  Users are not only free but also highly motivated.  After all, it's their account that they are watching over.

The problem is that today's security systems do not provide enough tools and information to the users.

When users log into a system, they usually receive almost no feedback beyond seeing the protected resource.  With web pages, all they get is a lock at the bottom of the browser and a sign-out button.  All that let's the users know is where they are and where the exit is.  It doesn't tell them whether someone broke into their account last night.  They wouldn't even know if an intruder is standing right next to them.  WTF.

Technologies that help users play a bigger role in security is an area that is still wide open IMHO.  There are already some patent activities in area, including one I recently filed for a client, but that is just a drop in a bucket.  For example, blogging technology like trackback can be applied to this area by helping users become more aware of activities happening around them.

Effectiveness of most security technologies depend heavily on the effectiveness of the user interface.  Unfortunately, there just aren't many engineer with deep experiences in both areas.  If you are a security expert, you should be thinking as much about the users as the hackers.  Helping them become more aware of what is going on and making it easy for them to take actions will lead to more secure systems.

Update:

A reader asked me to explain what my patent is about because he didn't want to wade through all the exasperating mixture of geektalk and legalese.  Quite understandable.  I don't like reading or writing patents myself so some other poor guy had to write it based on a few hours of my handwaving.

Imagine yourself living in a log cabin somewhere high up in the mountains where it snows all the time.  You wake up in the morning and take a walk around the cabin.  If nothing came by while you were sleeping, you will just see your footprints in the snow.  If something did, you will notice right away.

The patent is about visual methods (sorry) to do the same for users signing into secure system either during or after signing in or at the point of transaction.  You can even print it out on credit card invoice so I can be assured that no one but I used that particular credit card in the past week.  It is similar to the 'last time you logged in' message you get when you log into a Unix system except the visuals are designed to present higher density of information effectively like the way Edward Tafte's Sparklines does.