Personal Encryption

The Nature of Computer Crime

2004-07-24T10:14:00.000-07:00

Computer crime is on the rise is perhaps a natural result of introducing computers into American society. In an earlier era, the advent of the automobile opened the way for criminals to target the automobile itself (e.g., auto theft) or use it to facilitate traditional crimes (e.g., the bank robbery getaway vehicle). Consider, for example, the way the crimes of theft and criminal mischief have evolved. Before the advent of computer networks, the ability to steal information or damage property was to some extent determined by physical limitations. A burglar could break only so many windows and burglarize only so many homes in a week. During each intrusion, the burglar could carry away only so many items. This does not, of course, make this conduct trivial, but it points out that the amount of property a burglar could steal, or the amount of damage he could cause, had physical limits.

In the information age these limitations no longer apply. Criminals seeking information stored in a networked computer with internet access can acquire that information from virtually anywhere in the world. The quantity of information stolen or the amount of damage caused by malicious programming code may be limited only by the speed of the network and the criminal's computer equipment. Moreover, such conduct can easily occur across state and national borders.

Computer Persona Fraud

2004-07-24T10:13:00.000-07:00

On October 26, 2001 by the USA PATRIOT anti-terrorism legislation defined computer persona fraud as:

(1) Having knowingly accessed a computer without authorization or exceeding authorized access.

(2) Intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains--
Did you know? . . .

(A) information contained in a financial record of a financial institution, or of a card issuer as defined in section 1602(n) of title 15, or contained in a file of a consumer reporting agency on a consumer, as such terms are defined in the Fair Credit Reporting Act (15 U.S.C. 1681 et seq.);

(B) Information from any department or agency of the United States; or

(C) Information from any protected computer if the conduct involved an interstate or foreign communication;

(3) Intentionally, without authorization to access any nonpublic computer.

(4) Knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value.

Whos the target?

2004-07-24T10:10:00.000-07:00

As Americans improve their computer skills and grow more comfortable over the Internet, the hackers and other fraudsters are honing their nefarious skills as well. The Federal Trade Commission received 301,835 fraud complaints and 214,905 identity theft complaints in 2003. Bank fraud accounted for 17 percent -- more than 36,000 -- of the identity theft complaints. That represents just the victims who actually filed a complaint with the agency. The FTC estimates there were 10 million identity theft victims that year.

In a 2003 survey of financial institutions around the world, 39 percent of respondents said their computer systems had been "compromised" in some way the previous year.

"The financial services industry has always been a target. People go where the money is," says Ted DeZabala of New York's Deloitte & Touche, the company that conducted the survey.Fraud crimes are considered the fasted growing crime across the United States. A survey of Sheriff Offices across the US in 1987 reported there was and average 1,393 computer fraud complaints; by comparison in 2002 the same counties reported an average 3,643 complaint

File Synchronization

2004-07-21T09:36:00.000-07:00

Is one of the most dynamic facets of technology development, it has evolving from a simple data exchange and backup between a server and desktop to become the enabling technology for powerful mobile enterprise applications. As mobile professionals increasingly rely on mobile devices and solutions, and anytime, anywhere access to the Internet and intranets and/or extranets, they require synchronization applications that go beyond the limited role of personal tool to offer large-scale improvements in productivity and communications to teams, groups, and organizations.

An enterprise not utilizing synchronization technology relays upon countless man-hours on Operating System Upgrades across enterprises with end-user impacts in the restoration of the users computing persona. Restoration of traditional backup systems at best are frustrating, but in most cases have to rebuild the information from a primary backup with incremental changes. As we have seen the impact to industry, the destructive nature of virus and worm attacks have caused. The costs are in the billions as counted in loss in time, productivity, and restoration of the individual employee and company computing persona.

Biometrics is the Methodology for Recognizing and Identifying Individuals

2004-07-21T09:24:00.000-07:00

Essentially all security features are based on a combination of three key concepts. Security can be based on something you have, something you know or something you are.While tokens or passwords can be copied or stolen, biometric identifiers are much more difficult to reproduce.
Currently physical traits which can be used as identifiers include facial shape, fingerprints, iris patterns, retina patterns, hand geometry, speech, handwriting / keystroke order, and finally even wrist vein patterns. For these identifiers to be physically compromised it would involve a very gory operation...

It is the task of biometric products to apply a mathematical algorithm to the identifier (retina, or fingerprint for example) to determine if a user is who they say they are. In devices where a finger print is the means of identification, a small device will scan the fingerprint of the user and momentarily record the fine details. Where fingerprints are concern this may include features such as the finger prints' hills and valleys, the direction and branching points, line endings and dozens of other minutiae.

The fingers features can be acquired optically, thermally based on temperature differences between the fingertip's valleys and ridges, by a pressure sensor or via a capacitive sensor which is essentially a small silicon chip with many thousands of sensing elements.

Why Personal Encryption

2004-07-19T20:19:00.000-07:00

What most people do not realize is that when you send information over the Internet which is a public network, anybody can read it by making a little bit of effort. Sending an e-mail is as private as sending a postcard through the mail, and encryption is like the sealed envelope for your e-mail. It makes your communication almost unreadable to anyone but the intended recipient. While your computer or e-mail can never be 100 percent secure, any steps taken to encrypt data are better than not encrypting at all as most people are foiled by any level of encryption. And although using encryption takes some extra time, the added security is often of great benefit to human rights activists.

Encryption not only protects your data and your communications, but it is also a method of authentication. You can digitally stamp press releases, e-mails, or any other document so that people are absolutely sure that it has come from you and that someone else did not send it pretending to be you. There are ways that people can spoof documents if you are not using encryption technology so that a press release can look like it was issued by your organization. Such a spoof can be used to get a group of people all in one place at the same time so that they can be arrested or to get people to do something that they normally wouldn't do.

Recovery from a virus

2004-07-19T13:25:00.000-07:00

Recovering a computer from a worm or virus is time intensive, costly and produces losses in access of $20 Billion each year..

Recovering the operating systems and applications is only part of the battle. The users environment must be totally reconfigured (application environment and credentials), by the user, leading to more lost time and productivity.

The cost of recovering one desktop with reconfiguring the user’s environment averages $600 within a business organization excluding lost opportunity costs.
Computer users and businesses are losing millions of dollars per year with help desk calls for password recovery.

The opportunities in The United States for cost recovery, cost management and business expansion through the development of transactional certificates is very huge.
The gaming industry pays over $10 per check cashed at casino teller terminals. This costs the gaming industry and the games over $5 Billion in annual fees.

You can take your computing persona with you.

2004-07-19T13:14:00.000-07:00

Username/Password as a secure identification method has been declares as passé.
The entertainment business has been unsuccessful at protecting the theft of its intellectual property over broadband distribution methods.
U.S. businesses lose $20B annually in productivity lost due to recovery from virus/worm attacks.
There is extensive check fraud on a daily basis.
Biometric and information synchronization solutions provide > 500% ROI on each virus attack.

Homeland Security Report

2004-07-19T13:13:00.000-07:00

A senate report on Homeland Security has identified fingerprint technology as playing on of the most significant roles in the future of information management systems. There are several reasons for this:

Fingerprints have been collected for law enforcement and various identification purposes for decades.
Fingerprints are among the most accurate biometrics, as measured by the degree to which samples can be matched without match or non-match error. The more fingers used and the more area of the finger used, the more accurate they can be.

Homeland Security is investing heavily into biometric fingerprint authentication. Beginning this year US airport security will be incorporating fingerprint scanning as positive identification for airport staff and security members.

Personal Encryption

2004-07-19T13:12:00.000-07:00

The role of biometric security and information synchronization is the key enabling technology driving mobile professional and enterprise synchronization needs. Your fingers are always at hand. You don't need to remember them; they're there!

Traditionally, passwords have provided security, but they have certain drawbacks. They are easily forgotten with a small number of them memorized by the user. Users often write them down where they can be stolen by sharp-eyed pirate; they often do not follow password policies. Furthermore, the process of issuing passwords to individuals and deleting them when personnel circumstances change is an ongoing headache for administrators.

Movement of your computer personality between computers is difficult at best. How you configure your desktop, e-mail, browser, word processor, spreadsheet, presentation software and your enterprise applications is your computing persona.

Taking that with you between computers, and using it at a guest computer is not an option available in current environments; until now. Evolving your persona and files from one operating system to another, and restoring them after a hardware failure or virus/worm attack is difficult at best. The productivity lost in not carrying your persona and data will reach over $20B per year.