Login

Please login to Techworld.com

Forgot password?
Need your new account confirmation email resent?
Forgot email?

Not a member yet?

Register for a Techworld Account and enjoy unlimited access to our extensive white paper library and exclusive Enterprise multi-user software trials. Account members can also comment on articles and access best practices guides.

Security

Top How-Tos / Advice articles

Digital DNA touted for better security

Goodbye PINs and smartcards?

By Matthew Broersma | Techworld | Published: 15:06, 08 July 2008

UK security integrator Torotech has begun offering a new take on securing online transactions such as banking access: a digital fingerprinting system that uses the uniqueness of a piece of user hardware as an authentication token.

Torotech's "Digital DNA" offering takes advantage of the fact that even mass-produced hardware is never completely homogenous. This means that a particular PC, or even a peripheral such as a USB stick or mobile phone, has a unique profile that can be used in the authentication process.

For instance, the system can identify individual devices of the same brand, model and capacity, using supposedly non-forgeable data such as serial numbers, according to Mobilegov, the Franco-British firm that developed the underlying Digital DNA technology.

Mobilegov originally intended Digital DNA for controlling the access of peripheral storage devices to corporate networks, but Torotech argued the system could be ideal for applications such as banking, e-commerce and secure remote working.

Under Torotech's system, the first time a user logs onto a bank or e-commerce site, the site takes a fingerprint of one user-supplied hardware device, whether the PC itself or a peripheral.

Each time the user subsequently logs on, that device is needed to complete the authentication process.

Users who want to log on from multiple locations could use a peripheral device such as a mobile phone or PDA for authentication, said Torotech managing director David Hawksworth.

The technique gets around limitations in the use of ordinary authentication tokens such as smartcards or single-use PIN generators, according to Torotech.

For instance, if a peripheral device is used for authentication, it matters less if that device is lost or stolen, since its role in authentication is not evident to anyone aside from the user, the company pointed out.

The Digital DNA system also cuts the costs that can be associated with maintaining systems that rely on smartcards, tokens or readers, Torotech said.

"Digital DNA is so unique, like our own DNA, that it is impossible to duplicate and therefore can be used to protect personal data and financial information to a much higher level than ever before," Hawksworth said in a statement.

The system covers a range of devices, including removable storage but also network cards, Bluetooth modems, keyboards, monitors and others hardware.

Mobilegov, which developed the underlying technology, is a 2004 spin-off of the European eJustice project, which aimed primarily to develop biometric authentication technologies.

Send to a friend

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.