New Software Secures Data when Owners Walk Away

Makarand writes "Leave an operating laptop unattended on your desk and your sensitive data is accessible to anyone who gets hold of it. To limit this risk many users configure their systems to fall into a "sleep" mode after a period of inactivity and ask for a password before the system can be awakened. This constant re-authentication proves to be a headache for many users. Now a Professor and his graduate student at at the University of Michigan have come up with a system called Zero-Interaction Authentication (ZIA), described in this article in The Age, to protect data on mobile devices. The system works by starting to encrypt data the moment the owner walks away from the system. The owners wear a token with a encrypted wireless link with the laptop. If the token moves out of range the ZIA re-encrypts all data within 5 seconds. If the cryptographic token moves within range the system decrypts the information for the owner. The token, which could take many forms, is currently a wristwatch with a processor running Linux designed by IBM."

Something's missing

[Safety+Cap]

(from the article)

At the beginning of the process, the user enters a password on the watch~.

Isn't the point so that lazy people don't have to be bothered with remembering passwords? Doesn't this defeat the purpose? (sigh)

What happens if you take your watch off and leave it next to the computer? It never encrypts!

Worse yet---what happens if your watch gets stolen? Now you can't get at your data! Better make sure you get the Casio watch option instead of the Breitling. No one would want to steal a Casio POS, so you should be safe.

Is it really so hard?

[NineNine]

When you stand up, hit ctrl+alt+del. When you sit down, type in your password. I had to do it at one company, and now it's just habit. Not exactly a tough thing to do. I think that these guys are trying to solve a non-problem.

Re:wouldn't it make more sense

[cybermace5]

As the previous poster pointed out, RFID is relatively easy to snoop on.

One of my major peeves is the RFID card that gets me into work every morning. In certain stores, my RFID card returns a code that sets off their RF tag detectors at the door. Usually I remember, pull out my wallet, and hold it over my head while walking through. Once I forgot at Fleet Farm (basically a giant general store, like Home Depot with tractor parts) and I set off the alarm. Of course someone came to visit me, and it was especially embarrassing because I was wearing a big coat and didn't buy anything. She handed me a little piece of cardboard called a "Schlage Shield" and said to put it in my wallet. No more alarm.

Worked great, except that opening the door at work involved putting down my coffee, laptop, and lunch to get out the RF card (instead of conveniently pressing my butt against the door). So I took it out, and promptly set off a Barnes & Noble alarm. No one seemed to care, so I just pulled out my wallet and walked through with the wallet over my head again.

ANYWAY...the point is that RFID tags are barely more secure than keeping a post-it note with an access code.

I am curious exactly what my card claims to be on the store scanners....

And the whole article is a duplicate.