US firms move to hardware-based security

Mon Feb 25 07:19:48 EST 2002

South China Morning Post

Monday, February 25, 2002
US firms move to hardware-based security

REUTERS

Technology providers are adopting methods of embedding security features
into microprocessors and other hardware, with several announcements made at
a computer security conference last week.

Experts said hardware-based security systems were much harder to break than
security software, from which hackers can extract passwords or steal other
sensitive data. By using both existing security software and new
hardware-based systems, computer users will be better able to protect their
data from loss or theft.

At the RSA Conference, hosted by security company RSA Security,
International Business Machines and Targus Systems unveiled a new biometric
fingerprint reader that is built into a PC Card and slides into a card slot
of new IBM ThinkPad laptops.

When the fingerprint readers are available in March, they will allow
computer users to authenticate themselves and access data using a
fingerprint rather than a password.

In another announcement at the conference, which ended on Friday, VeriSign
and Phoenix Technologies said they would be offering later this year a way
to tie a computer user's identity to a specific computer.

The companies will integrate VeriSign's so-called "root key" software into
the next version of Phoenix's FirstBIOS (basic input/output system).
Phoenix's BIOS, used in the majority of PCs manufactured, is software in
the microprocessor that starts, configures and shuts down the computer.

Stolen user names and passwords are useless on any other machine, and if
the computer gets stolen no one else but the authorised user can be
authenticated on the computer, according to Bob Pratt, technology
evangelist at VeriSign.

"Normally the key is stored on the hard drive, but a file can be copied off
the disk and a password can be cracked," making that method less secure, he
said.

IBM also announced a new version of its IBM Client Security Software, which
allows people to protect their data with encryption and other technology.

IBM Client Security Software Version 3.0 now operates with the RSA SecurID
authentication system used for accessing virtual private networks, which
provide secure channels between remote users and corporate networks.

With SecurID, people need a password and a separate token to get onto the
network. Now, IBM's Embedded Security Subsystem, which is included in
certain versions of ThinkPad notebooks and NetVista desktops, eliminates
the need for a separate token.

The IBM Client Security Software also can communicate with a wireless
proximity badge, made by XyLoc, that computer users can carry separately.
The credit card-sized badge locks the computer when the user steps away
from it.

IBM launched the first PCs installed with a hardware-based embedded
security chip in 1999.
------------------------------------------------------------------------
SCMP.com is the premier information resource on Greater China. With a
click, you will be able to access information on Business, Markets,
Technology and Property in the territory. Bookmark SCMP.com for more
insightful and timely updates on Hong Kong, China, Asia and the World.
Voted the Best Online newspaper outside the US and brought to you by the
South China Morning Post, Hong Kong's premier English language news source.
------------------------------------------------------------------------

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com