Intel to build strong password authentication into Sandy Bridge Core processors
Intel Identity Protection Technology based on two factor authentication
By Ellen Messmer | Network World US | Published: 11:30, 10 February 2011
Looking to help customers strengthen data security, Intel said it will include stronger one-time password authentication in its upcoming 2nd Generation Intel Core Processor platforms.
The system, known as Intel Identity Protection Technology (IPT) features built in two-factor authentication to stop unauthorized access to the system. Mike Reed, general manager of identity protection in the PC Client group at Intel, says IPT "is brand-new technology running in the firmware embedded with the chipset."
He says Intel expects the Intel 2nd Generation Core Processors, including Intel Core vPro processors, that support Intel IPT, to be available in the March timeframe.
Related Articles on Techworld
Security vendors Symantec VeriSign and Vasco Data Security also announced their own specific one-time password authentication technologies would be able to use the Intel IPT embedded token-security method.
One-time passwords, viewed as stronger security than re-usable passwords, need to have a way such as an algorithm to generate a unique password each time a user wants to authenticate online. The Intel IPT technology allows for third party vendor software to be embedded in the Intel chipset's firmware, so that the Intel-based computer itself, instead of a separate hardware token, can generate the one-time password for the user.
"One-time password credentials are often found on discrete devices," such as handheld token hardware or even cell phones, notes Atri Chatterjee, vice president of user authentication at Symantec. The Intel IPT technology, which Symantec supports with the Symantec VeriSign VIP software and cloud-based service, means that the stronger one-time password authentication "comes in your PC" rather than a separate handheld token.
The Symantec VeriSign approach is the back-end authentication processing the user one-time password submission online is done through the Symantec VeriSign cloud service. "You can use the VIP service to authenticate into your organisation, or to PayPal or your bank," Chatterjee says. Paypal, for example, already accepts strong authentication using VIP, he adds.
In general, end users obtain the embedded credentials for free while organisations, such as e-commerce sites or enterprises, buy the VeriSign VIP authentication service, which typically runs $3 or $4 per year per year based on volume. Chatterjee said about 1,000 organisations use the VIP service today.
