Computer Security Comes of Age

Computer security, until now, was a matter of bolting on third-party hardware products or adding on software to screen out unauthorized users. Not so any more.

Keyboard-bound passwords, smart cards and dongles are becoming a thing of the past. These staples of the old school of computer security are as archaic as the small, single-toothed lock and key that was once standard on pre-Windows IBM-style personal computers.

The new age of computer security is fast becoming a matter of what is built into the box to give approved users access. Biometrics devices like fingerprint readers and voice scanning tests give consumers and enterprise IT managers new hope that data and networks are secure.

Safer Atmosphere

A new generation of security-minded desktop and laptop computers is giving new marketing life to the IBM Personal Computing Division. Add to this new line an innovative, out-of-the-box approach to user authentication, and computer security takes on a much safer atmosphere.

A new security platform for business requires customers to type in their user name, and a second later their cell phone or business line rings. Consumers answer the call and instantly are logged onto their bank account or corporate network. That method of user authentication is already available from Strikeforce Technology.

IBM announced on Feb. 15 that it has surpassed the 11 million mark in its marketing efforts. A major driving point in its successful computer sales is the built-in biometrics security, Clain Anderson, director of wireless and security solutions for IBM Personal computing Division, told TechNewsWorld.

In 2005, IBM will extend its previously announced biometrics security solutions by expanding the integration of fingerprint readers more widely among ThinkPad notebooks. This makes IBM one of the industry’s largest suppliers of biometric-equipped devices. Other additions to its security portfolio for ThinkPad notebooks and ThinkCentre desktops include new data encryption solutions and enhanced anti-theft technologies.

IBM introduced the first PC with an Embedded Security Subsystem in 1999. That move set the security standards for other PC companies to emulate, according to IBM officials.

Anderson said that IBM four months ago began to integrate the hardened security features into its desktop models. Late last year, IBM began offering some ThinkPad models with a fingerprint reader built in.

Security Costs Shared

“Adding the security chip integrated with the built-in fingerprint reader was expensive at first,” Anderson said. “Now it adds about $1 to the cost of the system, and we charge nothing for the security chip.”

While IBM absorbed the cost of the security chip, it is passing some of the other hardware costs to the consumer. The built-in fingerprint reader on ThinkPad models adds US$99 to the system’s cost. The USB keyboard with fingerprint reader on the ThinkCenter desktops adds $69 to the system’s costs.

The owner determines what level of security is activated on the computer. User authentication can be turned off completely or configured for convenience over maximum security.

Anderson said the desktop keyboard is designed to resemble the fingerprint reader’s placement on the ThinkPad models.

Multiple Innovative Measures

IBM’s push for improving computer security began five years ago. The latest developments in virus and spyware attacks finds IBM’s strategy leading the pack.

The new technologies follow results this month from IBM’s 2004 Global Business Security Index Report, which provided new details about the spread of viruses and worms and their impact on users and IT departments.

Anderson said that consumer response to the need for security will drive other computer makers to provide similar technology.

The three new security technologies for IBM’s ThinkPad notebooks and ThinkCentre desktops include new biometrics fingerprint options, data encryption solutions and embedded notebook traceability tools.

Embedding the security into the included security chip helps to harden the systems against intrusion.

“Every PC user recognizes that security threats are increasing in volume and complexity,” Anderson said. “Our solution is to provide an even stronger, multi-layered set of security tools that builds on IBM industry leadership.”

Security at a Glance

Biometrics Security Authentication via the fingerprint reader provides one of the most secure log-in processes available. The new keyboard and reader offer users the convenience to gain access to confidential files with the swipe of a finger, rather than typing passwords for many applications.

They also work together with IBM’s patented Embedded Security Subsystem to provide a multi-layered approach that is more hardened than software-only solutions.

IBM worked with Utimaco, a leader in enterprise information security, to build in data encryption and security protections. SafeGuard PrivateDisk is a tool that generates an encrypted “virtual” disk drive that serves as an electronic safe for the secure encryption and storage of sensitive data. It works on local hard disks, network drives, and all removable media.

This software enables customers to backup, save and encrypt data on removable media without fear that important information will be compromised if lost or stolen. This new software tool integrates seamlessly with IBM’s embedded security chip.

SafeGuard PrivateDisk comes in two versions. The Personal Edition is designed for small and medium-sized businesses. The Enterprise Edition, with its extended configuration and distribution options, is designed to meet the needs of larger organizations.

SafeGuard PrivateDisk-Personal Edition will be available for free Web download at www.ibm.com starting March 1.

Banishing Username/PIN Combinations

George Waller, executive vice president and co-founder of Strikeforce Technology, is convinced that computing could become more secure if consumers got rid of username and PIN or password combinations. His company offers an innovative approach to eliminating identity theft, phishing and keylogging.

ProtectID is a suite of software products that is based on a three-part holistic principal for guaranteeing security. The software addresses the issues of protection, authentication and verification.

Waller’s solution is to use two separate pathways to authenticate a person’s identification. One speaks to the server via a traditional route, and another travels “out-of-band” using a telephone or cell phone.

ProtectID can also add up to nine layers of security, including biometrics such as voice recognition, iris or fingerprint scanning.

The ProtectID authentication platform is a gateway application. Businesses and financial institutions purchase the system.

New Solutions Needed

Since the 1990’s, virus writers and hackers have joined forces to create a much more complicated level of threat. Spyware takes the best tricks of viruses and hacking and adds a profit-driven motive to unwittingly gain consumers’ personal information.

“To stop this problem you have to replace the lock on the door,” Waller told TechNewsWorld. “We took the password box out of the hacker’s reach.”

Online identity theft is so prevalent that the federal government recently passed laws subjecting those caught stealing other’s personal information to prison time.

ProtectID, Wallace said, is the only pure out-of-band authentication system that secures a person’s information by decoupling the username/password combination that travels the very public and easily hacked Internet pathway. It sends one piece of information via phone lines, an out-of-band channel.

“This makes it virtually impenetrable by cyber criminals,” Wallace said. “I can’t stop phishing attempts, but I can stop password loss.”

Phishing and Keylogging Defeated

The Strikeforce Technology solution prevents e-mails from luring customers to sites where they are tricked into entering account numbers, passwords or Social Security numbers and other personal information. This practice is known as phishing. The solution also protects against “keylogging,” a program or device that records and transmits keystrokes, including passwords.

The ProtectID suite of products gives consumers the ability to verify identities before an application is completed by asking users a series of questions only the actual person would be able to answer, such as prior addresses, relatives’ names, etc.

The ProtectID system searches a database of more than 30 years of public records to confirm the correct answers and person’s identity. This dramatically minimizes the risk of identity theft and fraud for banks, financial institutions and merchants, including fraudulent chargebacks.

“This system doesn’t require human intervention. It’s like a digital fingerprint,” Waller said.