X

Microsoft tests identity technology in schools

Microsoft takes end-to-end trust to school in proof-of-concept trial featuring information cards on small notebook PCs handed out to students, Microsoft executive says in RSA keynote.

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
See full bio
Elinor Mills
2 min read
Scott Charney
Scott Charney, corporate vice president of Microsoft's Trustworthy Computing Group, delivers a keynote address at RSA. James Martin/CNET

SAN FRANCISCO--Microsoft is testing some of its new identity-based security technology in Washington state schools, where students and teachers will be able to securely access grades and class schedules, a Microsoft executive said in a keynote address Tuesday at the RSA 2009 security conference here.

The software company is working with the Lake Washington School District-- comprised of 50 schools and nearly 24,000 students in and around Microsoft's home town of Redmond--to deploy its Geneva claims-based identity platform, said Scott Charney, corporate vice president of Microsoft's Trustworthy Computing Group.

Students and parents will bring identification information into the school to prove children's identities, and the students will then get small notebook PCs with identity information cards on them to be used for accessing online education materials.

Microsoft announced the Geneva technology last week when it announced its first hosted security service under the Forefront brand.

A former leading federal prosecutor for computer crimes at the Justice Department, Charney left PricewaterhouseCoopers to join Microsoft as chief security strategist in 2002.

"Initially my friends laughed because I used 'Microsoft' and 'security' in the same sentence," he quipped. Microsoft has made progress since then, he added.

In addition to improving the security of Windows, Microsoft offers SmartScreen technology in Internet Explorer 8 that allows users to block malware from being downloaded onto their computers. The company also shares its Software Development Lifecycle guidelines and tools for building secure software with outside developers and firms.

Current mechanisms used by Web sites to protect consumer data by requiring people to prove they are authorized to access sites are broken, Charney said. Web sites ask for personal information, like city of birth and mother's maiden name, "but those secrets aren't secret at all," he said. "We need a different model for thinking about identity."

All of Microsoft's security news is designed to further the company's mission to provide what it calls "End to End Trust" for people using the Internet, regardless of what data they are working with, what hardware they are using, and where they are located.

Key to the End to End Trust initiative, which was launched at RSA last year, features a trusted stack of components that authenticate everything from the user to the data and applications.

In addition to software features for authentication and identity, the Windows 7 beta includes support for Trusted Platform Modules that provide encryption at the hardware level.

In discussing all the threats and risks Internet users face today, Charney revealed what he called "Charney's Theorem"--"there's always a percentage of the population up to no good."