Prior to seeing this, we've had discussions at work about how there is "ambient" security in the physical world. For instance, my coworkers know me. It would be very difficult for somebody to impersonate me in the work place. So one of the people at work has suggested that his phone or his computer could know him in a similar way. This might actually be acceptable as long as the data that is used to create the knowledge remained strictly confined to the device. Of course, I doubt that is the model that will be pursued.