Secure PDAs

An anonymous reader writes "This article at LinuxDevices.com introduces a unique Linux-based 'secure PDA' co-developed by IBM and Consumer Direct Link, Inc. (CDL). The Paron MPC combines the functions of a PDA, Bluetooth wireless access, cellular telephone, and biometric fingerprint recognition, along with a security-oriented hardware/software architecture. The device is claimed to be the world's first handheld wireless device with built-in biometric user authentication. The Paron is based on an Intel StrongARM SA-1110 processor and uses a Linux 2.4.x kernel and provides a GUI environment and PDA app suite based on Trolltech's Qtopia and Opera's browser much like the Sharp Zaurus."

Not-so-secure PDA

[kaosrain]

This may not be so secure after all, if it includes Bluetooth. Read here for more.

-Kaos

Wot no CDMA?

[smammon]

I was real excited about the device - Linux, Security, Phone - wow! But I guess they only intend it for the European/Asian markets as it's only GSM. Pitty.

Looks fairly similiar to the Zaurus SL-5500

[pheph]

which I picked up fairly recently and is exactly what I've been looking for in a PDA (with OpenZaurus its even better). However:

this machine does not feature the slide out keyboard, and while it is quite small on the zaurus, I'd say I use it about half the time (hey, you ever get drunk and try to use graffiti? ;) )

the machine [looks] very large! Like a Jornada or something! ;)

I'd rather see 802.11b than bluetooth...

If you disagree, don't post anonymously :)

Secure?? how?

[carlmenezes]

How does the fact that it uses Biometrics make it secure? We all know that biometrics can be defeated rather easily. So what's the point? fingerprinting is easy to defeat. So are voice prints and eye scans. So someone please tell me how exactly this is more secure than the average linux PDA?

Re:Secure?? how?

[swillden]

fingerprinting is easy to defeat.

Okay, e-mail me an image of my fingerprint. I don't care which, any of them will do. Right now, please.

I agree that biometrics are just moderately low-security passwords except in tightly-controlled environments (e.g. an armed guard checks your finger closely before allowing you to place it on the sensor), but they have the advantage that they're fantastically simple to use, which makes it reasonable to use authentication where you would otherwise use none.

For example, the CDA device has most of the standard PIM applications fingerprint-protected. It would be a real pain in the butt to have to enter a password every time I wanted to check my calendar, but it's quite reasonable to place my thumb on the scanner for a fraction of a second. Actually, I'd like to see a small enhancement so that rather than tapping on an app and then putting a finger on the scanner, I'd prefer to just place a finger on the scanner and have the device start a different app depending on which finger I use -- app selection *and* authentication in one step!

Further, biometrics have the advantage that, from the average user's point of view, they're not shareable. The inability of users to give their fingerprints to someone else goes a long way to ensuring that access to systems won't be passed around.

Biometrics are not, generally-speaking, good tools for strong security, but they *do* have exceptionally useful security characteristics that can be used to enhance security, when applied appropriately.

my electronic wallet

[nege]

How cool would it be to have it as your credit card too? I have heard of cell phones that work like a credit card (hold up the cell to a coke machine for example to get some caffeine). WOuld this be secure enough to do that sort of transaction? It would be really nice to have an all in one wallet / phone/ portable PC solution. (I know this article isnt about a phone, but hey, why not!)

Too late for this guy!

[bstadil]

Sony Clie 'proves' identity theft

San Jose police have broken up an alleged identity theft crime ring using search warrants to seize and examine the suspects' PDAs.

According to the New York Times the alleged ringleader had the names of more than 20 victims along with their social security, bank account and credit card numbers and other personal information stored on his Sony Clie handheld device.

Included in the To Do list were tasks such as picking up materials at the local office supply store to make fake cheques.

A police spokesman said that it was difficult for the suspect to deny that the Clie was his, as it had his parents' details stored in it under the name 'Mom and Dad'.

Re:never work

[swillden]

Never work for what?

That's the question.

Biometrics are useful for some applications and not useful for others. As a mechanism for securing extremely sensitive data, they're only useful in extremely confined circumstances. As a key for casual protection of low-security data, they're excellent. As one of multiple factors used to protect moderately high-security data, they can also work well.

Blanket statements about any security technology are invariably false.

Cool but what about my current needs..

[Aaton]

I love my Zaurus but I have to say I still need to carry my Visor since nobody has put out a good One Time Password (S/KEY) mannager tool like Strip. Yes there is ZSafe but it just holds passwords. To generate a S/KEY you need another peice of software like LEP-Gen

Having Biometrics is neat-o but I need tools that work with what I have already have in place. I need to generate my S/KEY on my laptop when/if my Visor dies (can we say PalmOS Emulator). No what happens in you Biometric PDA dies, hope they will provide software and readers I can uses on my laptop or workstation for those days that PDA just doesn't want to work.