R. A. Hettinga
Mon, 25 Feb 2002 12:41:26 -0800
South China Morning Post Monday, February 25, 2002 US firms move to hardware-based security REUTERS Technology providers are adopting methods of embedding security features into microprocessors and other hardware, with several announcements made at a computer security conference last week. Experts said hardware-based security systems were much harder to break than security software, from which hackers can extract passwords or steal other sensitive data. By using both existing security software and new hardware-based systems, computer users will be better able to protect their data from loss or theft. At the RSA Conference, hosted by security company RSA Security, International Business Machines and Targus Systems unveiled a new biometric fingerprint reader that is built into a PC Card and slides into a card slot of new IBM ThinkPad laptops. When the fingerprint readers are available in March, they will allow computer users to authenticate themselves and access data using a fingerprint rather than a password. In another announcement at the conference, which ended on Friday, VeriSign and Phoenix Technologies said they would be offering later this year a way to tie a computer user's identity to a specific computer. The companies will integrate VeriSign's so-called "root key" software into the next version of Phoenix's FirstBIOS (basic input/output system). Phoenix's BIOS, used in the majority of PCs manufactured, is software in the microprocessor that starts, configures and shuts down the computer. Stolen user names and passwords are useless on any other machine, and if the computer gets stolen no one else but the authorised user can be authenticated on the computer, according to Bob Pratt, technology evangelist at VeriSign. "Normally the key is stored on the hard drive, but a file can be copied off the disk and a password can be cracked," making that method less secure, he said. IBM also announced a new version of its IBM Client Security Software, which allows people to protect their data with encryption and other technology. IBM Client Security Software Version 3.0 now operates with the RSA SecurID authentication system used for accessing virtual private networks, which provide secure channels between remote users and corporate networks. With SecurID, people need a password and a separate token to get onto the network. Now, IBM's Embedded Security Subsystem, which is included in certain versions of ThinkPad notebooks and NetVista desktops, eliminates the need for a separate token. The IBM Client Security Software also can communicate with a wireless proximity badge, made by XyLoc, that computer users can carry separately. The credit card-sized badge locks the computer when the user steps away from it. IBM launched the first PCs installed with a hardware-based embedded security chip in 1999. ------------------------------------------------------------------------ SCMP.com is the premier information resource on Greater China. With a click, you will be able to access information on Business, Markets, Technology and Property in the territory. Bookmark SCMP.com for more insightful and timely updates on Hong Kong, China, Asia and the World. Voted the Best Online newspaper outside the US and brought to you by the South China Morning Post, Hong Kong's premier English language news source. ------------------------------------------------------------------------ Published in the South China Morning Post. Copyright © 2002. All rights reserved. -- ----------------- R. A. Hettinga <mailto: [EMAIL PROTECTED]> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]