Thursday, October 21, 2004 Tim Churches wrote:
> On further reflection, there is an obvious flaw with this scheme: the
password used to unlock the certificates stored on the USB can still easily
be captured via a keyboard logger or similar, PLUS the entire contents of
the USB memory stick can, of course, be copied off the USB stick and onto
the host computer's hard disc (or somewhere else) without the user being
aware.
> two-factor security due to the physical device (the USB memory stick)
which one must possess, as well as a password to unlock it;
Memory stick turns fingerprints into passwords
Published: October 21, 2004, 3:34 PM PDT
By Declan McCullagh
Staff Writer, CNET News.com
A new memory stick on sale next week turns fingerprints into passwords.
Lexar Media's JumpDrive TouchGuard uses a sensor that reads the miniscule
ridges on a finger, and unlocks the encrypted data on the USB (universal
serial bus) memory stick if there's a match.
"It's going to be in Best Buy stores starting Monday," Christopher Crump, a
project manager at Cogent Systems, said Thursday. Cogent wrote the software.
Fujitsu makes the finger-scanning chip for the TouchGuard stick, which was
demonstrated at a technology conference this week. Sony already sells a
similar product called Micro Vault.
http://news.com.com/Memory+stick+turns+fingerprints+into+passwords/2110-1041
_3-5421645.html?tag=nefd.hed
More food for thought? Three factor security: something you know (password);
something you have (memory stick); something you are (fingerprint
biometric).
Sincerely yours,
Tim
Tim Flewelling
Information Architect/Architecte de l'informatique
Health and Wellness/Sant� et Mieux-�tre
Government of New Brunswick/Gouvernement du Nouveau Brunswick
Tel (506) 453-2871 Fax (506) 444-5505
[EMAIL PROTECTED]
http://app.infoaa.7700.gnb.ca/gnb/pub/DetailPersonEng1.asp?RecordID=17800
Confidentialit�/Confidentiality: Le contenu de cet envoi, privil�gi� et
confidentiel, ne s'adresse qu'au(x) destinataire(s) indiqu�(s) ci-dessus. Il
est interdit par toute autre personne, de le divulguer, le communiquer ou le
reproduire. Si vous avez re�u cet envoi par erreur, veuillez en aviser
l'exp�diteur imm�diatement et supprimer le message de tout ordinateur. / The
content of this e-mail is privileged and confidential and intended solely
for its designated recipient(s). Any dissemination, distribution or copying
of this material, other than by its intended recipient(s), is strictly
prohibited. If you have received this message in error, please contact the
sender and delete the material from any computer.
