Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Software Secures Data when Owners Walk Away

Posted by chrisd on from the don't-lost-your-watch dept.

Makarand writes "Leave an operating laptop unattended on your desk and your sensitive data is accessible to anyone who gets hold of it. To limit this risk many users configure their systems to fall into a "sleep" mode after a period of inactivity and ask for a password before the system can be awakened. This constant re-authentication proves to be a headache for many users. Now a Professor and his graduate student at at the University of Michigan have come up with a system called Zero-Interaction Authentication (ZIA), described in this article in The Age, to protect data on mobile devices. The system works by starting to encrypt data the moment the owner walks away from the system. The owners wear a token with a encrypted wireless link with the laptop. If the token moves out of range the ZIA re-encrypts all data within 5 seconds. If the cryptographic token moves within range the system decrypts the information for the owner. The token, which could take many forms, is currently a wristwatch with a processor running Linux designed by IBM."

3 of 302 comments (clear)

  1. repeat article by Jucius+Maximus · · Score: 5, Informative
    The repeat mania continues ... amazing.

    The original is here. At least they waited some weeks before reposting it.

  2. Re:wouldn't it make more sense by LostCluster · · Score: 4, Informative

    RFIDs are "dumb" devices. They're like your EZ-Pass in your car, when a radio beam passes through them, they alter the beam to add their "signature" which is uniquely identifyable. This is useful for identity, but nonsense for encryption. The problem is that if you are within range to "hear" the signal, you get the ID and enough to make a duplicate token. Tardly the model for security. There's no place for encryption here... whatever value is broadcast is the key value. By requring the token to have a microprocessor, the key never gets broadcast. It's an encrypted conversation between the station and the token, which if properly implemented makes it impossible to have a duplicate token take its place.

  3. ZIA Redux by mcorner · · Score: 5, Informative

    As much as I enjoy the free publicity, this has been posted on slashdot before.

    To correct a serious error that appears in this article and in the nytimes article this was cribbed from: The system was NEVER run on the IBM watch. We mentioned it as a possibility and somehow it was taken as fact.

    I welcome the comments on the work, however remember that the world of university research is often more forward looking than the commercial world. That is our job!