Phoenix authentication security takes wing

The BIOS maker launches security technology that ensures only authorized users with a "trusted device" can gain access to a corporate network.

Munir Kotadia Special to CNET News

See full bio

Munir Kotadia

April 28, 2004 12:07 p.m. PT

2 min read

Phoenix Technologies has launched security technology that allows network administrators to authenticate hardware devices.

The company, one of the biggest makers of BIOS (basic input/output system) software, unveiled the technology Wednesday at the Infosecurity Europe show in London. The utility allows hardware to be used in conjunction with a traditional login system to ensure that only someone who is authorized and is using a "trusted device" can gain access to the corporate network.



		Get Up to Speed on... Enterprise security Get the latest headlines and company-specific news in our expanded GUTS section.

The Phoenix BIOS, which comes installed in about 100 million PCs every year, is activated as soon as a computer is switched on and before the operating system kicks in. The BIOS' job is to ensure that all the computer's hardware components--including the hard disk drive, memory and keyboard--are installed and working correctly.

Shiva Mandalam, director of security product marketing at Phoenix, said the Phoenix TrustConnector allows companies to extend the level of access control they have beyond usernames and passwords. It also authenticates the computer making the connection.

"This provides a way of representing a device as part of your application authentication, so when a user logs in to an application, the user and the device are getting authenticated at the same time," he said.

Mandalam said the TrustConnector generates an encryption key using information gathered from the notebook's hardware profile, and that key is passed on to the network when a connection is made. If the hardware can be authenticated, it is "trusted," and the person making the connection logs in with his regular username, password, smart card or token. If the person tries to log in using a different machine or has modified the device, access can be restricted or denied altogether.

"They can't use a different machine because the profile is different, so companies can set a policy so a trusted device can get onto the network and a non-trusted device can be allowed to access parts that do not contain any enterprise resources," he said.

Rob Enderle, principal analyst for the Enderle Group, said the increase in security threats means that device authentication has never been so important. "Until now, device authentication has been one of the missing links to this end-to-end network requirement," he said.

Munir Kotadia of ZDNet UK reported from London.