DENVER-Mobile phones are used for talking, texting, gaming, photographing and documenting. They link to the public Internet and private, corporate Intranets. They store important names, numbers and calendars.
In the not-so-distant future, wireless devices may be used for identification purposes and as payment devices, storing more vital information like social-security numbers and credit-card payment information. Similarly, wireless devices and networks may be used to read personal information from advanced identity or payment cards. Either way, it appears to be widely agreed upon that wireless technology will play a major role in advanced security solutions.
The Liberty Alliance, formed in September 2001, is a forum for various companies, including some major wireless industry players, to explore advanced security solutions. The group boasts more than 160 member organizations, and L.M. Ericsson, France Telecom, Hewlett-Packard Co., Nokia Corp., NTT DoCoMo Inc., Sun Microsystems Inc. and Vodafone Group plc-which all serve as management board members-are among the wireless companies involved.
Liberty Alliance has developed specifications in an effort to create an open standard for federated network identity. Everyone has a distributed network identity, explained Eric Norlin of Ping Identity Corp., another member of the alliance. That distributed identity includes each of the various points of identification a person has created for themselves. Federated network identity would link all of those distributed identity accounts without centrally storing all of their personal information.
At the recent Digital ID World conference here, Liberty Alliance announced its new interoperability certification program to validate products that work with its specifications. The group also recently announced that Radicchio Ltd., which has been heading up an initiative for secure m-commerce, will contribute all of its existing work in the mobile data services sector to the Liberty Alliance for further development.
“We quickly learned identity and authentication is key to security and mobile services,” explained Stefan Engel-Flechsig, Radicchio’s chief executive officer. “Our work was becoming more identity-related and the Liberty Alliance is the natural and universal place for conversations, concepts and standards around identity to develop.”
Meanwhile, technologists are rapidly developing ways to use biometric information, including fingerprint, voice and face-recognition technologies to secure vital information stored on mobile devices and transmitted on wireless networks.
Atrua Technologies Inc., previously called I-Control Security Inc., for example, recently released its flagship fingerprint-recognition technology product portfolio specifically for mobile consumer devices.
The company’s solution, requires mobile device users to unlock their device through fingerprint recognition, providing privacy and security to the device. Atrua believes both wireless users, who store increasing amounts of personal information in their devices but rarely bother to set and use passwords to access their devices, and the industry, constantly seeking to increase the value of the mobile phone, will reap benefits from its technology. The company has filed 11 patents covering sensors, algorithm implementation methods and applications, and has several more in progress.
Atrua recently hired Anthony Gioeli to serve as president and chief executive officer and Peter Buhl, a partner at Nokia Venture Partners, and previously Atrua’s interim CEO, to serve as chairman of the board. The company’s financial backers include Nokia Venture Partners, Ericsson Venture Partners, Acer Technology Ventures and Intel Capital.
Smart-card technology is also being embedded in wireless devices to ensure security. GSM handsets, for example, contain subscriber identity module (SIM) cards that function as smart cards to allow subscribers to securely access the device and mobile network, explained Marvin Tansley of Axalto, formerly Schlumberger’s Smart Cards & Terminals division. In addition, manufacturers have begun installing card readers on devices to read a user’s smart card, which can securely store log-in information and passwords. Dell Computer Co. is offering Axalto’s Cyberflex access product with a built-in card reader on some of its PCs, Tansley said.
Smart cards are also used to ensure secure access to physical areas, in which case a compact wireless device could be used as a card reader. A PDA could read contactless smart card identification cards at an airport, for example, explained Tansley. Axalto develops contact smart cards that communicate with a card reader when swiped through it and more advanced contactless smart cards capable of communicating with a card reader in a specific proximity to the card.
Security solutions can also interact directly with the data being transmitted through a network. For example, critical corporate data transmitted via a Wi-Fi network by an enterprise user could be encrypted to minimize its vulnerability to hackers or corporate spies. CoSine Communications offers a wireless virtual private network security solution that leverages Internet Protocol Security (IPSec) encryption technology so that corporate data transmitted through a Wi-Fi network is securely encrypted. In addition, a personal firewall installed on the wireless device used to access the network protects the device from hackers.
CoSine said its outsourced security solution allows enterprise customers to use Wi-Fi networks without putting strain on their IT departments, and offers wireless carriers an opportunity to make money on Wi-Fi services by targeting the enterprise market.
