TOP 10 CONTENT DOWNLOADS
- Nine Tips to Parallel Programming Heaven
- Intel® AMT Start Here Guide
- Easy Performance Boost with Unthreaded Apps
- Terabyte-Class Transactional Processing
- Intel AppUp℠ Java* Developer Guide
- Microsoft Cloud Builder Reference Design
- Intel® HD Graphics DirectX Developers Guide
- Enhanced Cloud Security: HyTrust + VMware
- The Parallel Universe Magazine #6
- User Virtual Desktop Experience Comparison
POPULAR E-ALERT DOWNLOADS
NEWS & UPDATES
- Intel AppUp℠ Application Fund
- Intel AppUp℠ center Launches Digital Chocolate Games
- Ultrabooks = No Compromise
- Download Intel® Media SDK 3.0 Beta
- Intel Launches Digital Media "Creators" Program
- Announcing Intel® GPA 4.1
- Conversations in the Clouds Podcasts
- Intel® Software Network Blogs
- Intel® Software Network Knowledge Base
RSS FEEDS 
Developer Programs
Software Tools & Resources
Intel® Identity Protection Technology (Intel® IPT) is a family of silicon-based security technologies that can overcome both those sets of limitations - high cost and limited effectiveness - and more. One of these offerings, Intel IPT with a one-time password (OTP), offers capabilities baked into the firmware that don't require a physical token and are extremely cost effective. Credentials can be centrally revoked and reprovisioned over the wire in minutes if needed, narrowing any fraud-exposure window.
User Name and Password Pairs No Longer Equate to Security
Username and password pairs are notoriously vulnerable. Unauthorized parties can discover them by means as trivial as the proverbial post-it note on a user's monitor or as stealthy as keylogger malware - or worse, a brute attack on a database of usernames and passwords. Across that range of possibilities, the compromise of a username and password is often not detected because their authorized owners can still use them freely. Making matters worse, many users assign the same username and password to many different resources, widening the impact if and when their password is compromised.
Two-factor authentication, a well-established approach to overcoming those limitations, requires both "something you know" (for example, a password) and "something you have" (for example, a hardware or software-based token). In the case of a token, the system uses a clock-based algorithm to generate an OTP, which the user must include with his or her other login credentials. But as already mentioned both hardware and software tokens have significant limitations:
- Software tokens depend on the OS for security. Because the software that generates the OTP works on top of the OS, system compromise by malware or other means renders the overall protection provided by the token ineffective.
- Hardware tokens add complexity and expense. Users often lose their hardware tokens, and anecdotal evidence suggests that a significant percentage of help desk calls in many organizations are the result of hardware token-related issues. Moreover, distributing the devices to a large, distributed workforce carries significant cost.
Intel IPT with OTP has neither of those sets of limitations because firmware built into 2nd generation Intel® Core™ processor-based platforms handles the OTP generation. The technology will also be offered in Intel® architecture-based Ultrabook™ devices and client systems based on Intel® vPro™ technology in 2012.
The implementation of Intel IPT silicon-based security features in Intel vPro technology will support public key infrastructure (PKI), using digital certificates to authenticate the user and server to each other. Future functionality within the Intel IPT family will also include a solution for signing transactions, where an encrypted bitmap can be rendered outside the OS and outside the utilization of any resident malware on the user's system.
This combination of OTP, PKI, and encrypted transaction bitmaps offers a range of two-party authentication options for enterprises, well beyond what was previously available. To optimize global choice in industry deployments, Intel is working with a broad spectrum of ecosystem members to enable solutions that include Symantec Validation and ID Protection Service (VIP), VASCO DIGIPASS* for Windows* powered by Intel® IPT, Feitian FOAS OTP with IPT, and InfoSERVER InfoToken*.
Robust Consumer Credentialing for Web Resources and Beyond
Many approaches that online companies use to identify trusted client platforms are becoming increasingly ineffective. For example, browser rejection of cookies is increasingly common, and IP address consistency is thwarted by more rapid rotation of those addresses. These trends leave few options for consumer-facing sites to secure transactions beyond simple username and password pairs, with the shortcomings outlined above.
The Intel IPT family of silicon-based capabilities provides an alternative. Using the same underlying OTP functionality, web sites can use a simple JavaScript* routine to identify capabilities provided by Intel IPT with OTP on the customer's system and give users the option to opt in to establish a trusted platform. This form of two-party authentication is highly transparent to the user, allowing low-friction operation while also enabling web sites to require additional credentials when needed.
Further adoption of the Intel IPT family of silicon-based security capabilities for consumers is expected to include a broad range of usages. For example, Intel is also working with the financial services industry to provide protected electronic payment solutions. As the ecosystem develops, consumer businesses and their end customers alike will benefit.
In combining the security of hardware-based tokens with the usability of software-only solutions, the Intel IPT family of silicon-based security capabilities promises to spur adoption with simplicity for both end users and the companies that serve them. Stay tuned!
Footnotes
- 1 Source: McAfee.
- 2 Source: The Guardian, October 2011.