Intel Standard Aims to Tighten Notebook Security

Since March, Intel Corp. has been quietly trying to persuade hardware and software vendors to adopt its Intel Protected Access Architecture -- a blueprint for preboot user authentication capabilities on mobile PCs.

Notebooks supporting the capability will require users to identify themselves via biometric devices such as fingerprint scanners before the operating system is loaded. Most current authentication procedures are done only after the boot process is completed and the operating system is loaded.

'As Valuable as a Brick'

Preventing the operating system from loading means unauthorized users are effectively shut out of the system, making a stolen notebook "as valuable as a brick" to thieves, said Robert Fan, a platform marketing manager at Intel.

Intel's specification defines the interface and method that vendors of BIOS software -- software that helps a machine's hardware communicate with the operating system -- and vendors of biometric security devices can use to support this capability, said Naveen Musinipally, a product manager at Intel.

Intel isn't the first to attempt this. Verdicom Inc., a fingerprint-authentication technology maker that was involved in developing the new specification with Intel, is working with notebook vendors to offer a similar preboot authentication capability.

Intel's specification will provide a standard way for authentication devices to interface with the PC in the future, Musinipally said.

Available Early Next Year

The first notebooks featuring the capability should become available early next year, Musinipally said. Intel will provide development kits, reference designs and technical information to help vendors enable the technology.

Intel's effort comes at a time when notebook theft is posing a growing security problem, said Mike McGuire, an analyst at Dataquest in San Jose.

In one recent example, the U.S State Department announced that the FBI is investigating the disappearance two months ago of a laptop that might contain highly classified material. In March, a laptop containing sensitive data about Northern Ireland was stolen from an agent of Britain's MI5 internal security bureau.

319,000 Thefts

And 319,000 laptops were stolen in the U.S. last year, according to estimates from Safeware, The Insurance Agency Inc. in Columbus, Ohio.

"Intel's is an interesting approach to an issue that's been a quiet little secret" within companies, said McGuire, referring to laptop theft. Requiring authentication at the preboot stage "is the most logical way of protecting the data on a notebook," he said.

Here's how it works: Notebooks that support the capability will require users to authenticate themselves once the processor, chip set, memory and other platform components have been initialized.

Users can authenticate themselves using fingerprint scanners, smart cards or even standard passwords. The information input via such means is compared against data stored in a separate protected memory location on the computer.

Once the user has been authenticated, a software "key" stored in the protected area unlocks the hard disk drive and operating system.

But the specification does little to address the crucial need to protect existing mobile assets, said Eric Hemmendinger, an analyst at Aberdeen Group Inc. in Boston.

"If you are worried about the problem today, there are a number of solutions in the market -- some of which are public key-based, some of which are smart-card-based" -- that provide users with a way to protect data on their laptops, Hemmendinger said. Examples include technologies such as Pretty Good Privacy, he said.

Join the newsletter!

Error: Please check your email address.

More about Aberdeen GroupDataquestFBIIntelLogicalSafeware

Show Comments

Market Place