Authenticating users
Bill Vermillion
fp at wjv.com
Tue Jun 8 20:38:11 PDT 2004
In a thread this past week [and I have not message to which I can
attach a reply] fingerprint ID was mentioned.
This came in one of my e-newsletters this evening. It's part 1 of
2 part, and follows on a previous thought Kabay had last week on
passwords, and how they hamper work.
Date: Tue, 08 Jun 2004 20:20:01 -0500
Subject: The end of passwords: Ensure's approach, Part 1
To: bv at wjv.com
From: "NW on Security" <Security at nwfnews.com>
....
NETWORK WORLD NEWSLETTER: M. E. KABAY ON SECURITY
06/08/04
....
_______________________________________________________________
Today's focus: The end of passwords: Ensure's approach, Part 1
By M. E. Kabay
In the previous articles in this short series, I explained that
I have long sought a system for using proximity devices as the
basis for identification and authentication, especially in the
medical environment where most users are under too much pressure
to tolerate logon/logoff procedures. Such applications would
benefit from a system that automatically allows session
initiation when an authorized user approaches a workstation and
then either suspends access or terminates the session when the
user needs to - all without any particular human intervention.
Imagine my delight when I received a press release from Ensure
Technologies announcing precisely this technology. Within a few
seconds (literally) I was on the phone and arranged to interview
Tom Xydis, Ensure's CEO and inventor of the XyLoc proximity
devices.
Here is an abbreviated version of that interview. Note: This
interview should not be construed as an endorsement of the
products discussed. I have not personally evaluated the XyLoc
system and I have no financial involvement whatsoever with
Ensure.
Q: Tell me about your background.
A: I went to Northwestern University for my B.S. in electrical
engineering (EE) and have a M.S. and a Ph.D. in EE from
Michigan. I worked on digital radios and other equipment in the
1970s and developed the key-fob keyless entry system for cars;
that got me into low-power wireless. After that I was involved
in various committees for IEEE 802.3 and .4 and .11, and now
Bluetooth.
The genesis of the invention for Ensure was my involvement in a
wireless controls company in the 1990s; we built wireless
control systems for everything - lights, fans and so on. We had
a security breach where the salary information for the
executives ended up on a bulletin board. So people said,
"Someone must have hacked in." Actually, somebody used an
unattended terminal that was already logged in.
The comptroller tried to use a password-protected screen saver,
but it kept interrupting her work, so she started locking her
door and moved her administrative assistant in front of her
office rather than use the screensaver. It was that incident
that made me realize how passwords were getting in the way of
productivity. I formed Ensure Technologies, where I invented and
patented the XyLoc in 1998. We knew it was a good product and
realized that healthcare was the ideal vertical market. They
needed security but they couldn't let security get in the way of
their efficiency and workflow.
Q: Tell us what the XyLoc does.
A: Our product automatically senses the presence of an
authorized user carrying the badge (called the XyLoc KeyCard).
It knows how far away the person is, so it provides
identification information to the computer when the person is
the "Active Zone," which is configurable by system managers. The
bearer of the key is identified to the system automatically
logged on for appropriate access as defined by the
organization's policies. When the person leaves, access is
suspended or terminated as required. But when a new person
arrives, the system registers the identity of the new user and
so the log files are correct and access is appropriate.
For example, if the IT manager arrives, (s)he might be able to
access the desktop directly without closing the medical
application; if a nurse arrives, the system can open a separate
session for the nurse. So if the doctor has left the terminal
without completing a critical authorization, the system may
alert the next nurse who arrives about the situation and suggest
that (s)he find that doctor stat (at once)! This will all depend
on the organization's security policies in general and for
particular classes of users.
Next time: How it works.
_______________________________________________________________
I'll send along part 2 when he writes it if anyone wants to see it.
Bill
--
Bill Vermillion - bv @ wjv . com
More information about the Filepro-list
mailing list