At next week's RSA Conference in San Francisco smart card vendor Gemalto will introduce new technology designed to give online shoppers an easy way to log on to their accounts using a smart card device that plugs into any PC.
Gemalto, based in Amsterdam, is already a major provider of smart cards to government and the enterprise, but the company hopes that its new system, called the Network Identity Manager, will be easy enough to use that it will appeal to consumers.
The USB devices will not require any specialized software and will work with standard browsers and use the same Transport Layer Security (TLS) mechanisms already used by Web sites. Network Identity Manager will also use a "token management system" that will sort out which credentials need to be supplied to different Web sites, and will support Verisign's VIP Network Identity federation framework, according to Gemalto's Web site.
Because the user has to have the smart card device plugged into the PC before logging onto an online bank or e-commerce site, the device will thwart many common identity theft tactics including phishing or keylogging, according to Amol Deshmukh, a marketing manager with Gemalto. "It can create a much stronger link with whatever back-end you're trying to connect with," he said.
Gemalto may face a tough sell, according to Avivah Litan, a Gartner analyst. While, products like the Network Identity Manager will provide protection from many types of attacks, but so far U.S. banks have not been clamoring for this kind of USB device, she said.
Still, as phishing losses continue to rise, U.S. financial institutions have been offering their customers more secure ways to log on to their Web portals. In 2005 ETrade Financial began giving customers RSA Security's SecurID tokens, which generate a random numerical identification number that users must enter in order to log onto the ETrade network. EBay's PayPal plans to introduce a similar system to its customers in the coming months.
But the USB device vendors said that consumers will not be willing to lug around too many of these devices. "It seems very complicated," said Ron LaPedis, a product manager with Sandisk. "Users don't want a plethora of tokens."
Like Gemalto, Sandisk will be promoting USB products that can be used to simplify key management at next week's show, but the Sandisk products will have more of an enterprise focus.
"We're going to be introducing a product that can centrally manage and secure Sandisk USB flash drives and enable secure remote access to the enterprise," LaPedis said.
Sandisk already sells a USB smart card product called the mToken, but unlike Gemalto's Network Identity Manager, the Sandisk device uses flash memory to store applications on the USB device.
Sandisk acquired the mToken technology as part of its November purchase of Msystems and the RSA Conference will give the flash memory maker its first opportunity to discuss what it plans to do following the US$1.5 billion acquisition.
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Zones provide focussed content from Computerworld and leading technology partners.
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
Fortinet November Threatscape Report Shows Calm Before Holiday Storm 2008-12-05 16:00:00+11
Epicor® Cited as an Order Management Solutions Leader by Independent Research Firm 2008-12-05 15:52:00+11
F-Secure: Growth In Internet Crime Calls For Growth In Punishment 2008-12-05 13:00:00+11
International researchers gather in Sydney to preview the clever web 2008-12-05 09:48:00+11
Borderless corporate networks to shift focus to secure content management in Australia in 2009 2008-12-04 16:06:00+11
Wireless LANs: Is my enterprise at risk?
Achieve an overall understanding of the risks associated with wireless LANs. Discover their inherent properties, as well as what makes them different from wired networks. Read on to uncover a list of recently published articles on real-life breaches and incidents illustrating the need for proactive measures to mitigate wireless security risks.
Buying Guides
Latest Products
