As the joke goes, on the Internet nobody knows you’re a dog. But although anonymity has been part of Internet culture since the first browser, it’s also a major obstacle to making the Web a safe place to conduct business: Internet fraud and identity theft cost consumers and merchants several billion dollars last year. And many of the other more troubling aspects of the Internet, from spam emails to sexual predators, also have their roots in the ease of masking one’s identity in the online world.
Change, however, is on the way. Already over 20 million PCs worldwide are equipped with a tiny security chip called the Trusted Platform Module, although it is as yet rarely activated. But once merchants and other online services begin to use it, the TPM will do something never before seen on the Internet: provide virtually fool-proof verification that you are who you say you are.
The TPM chip was created by a coalition of over one hundred hardware and software companies, led by AMD, Hewlett-Packard, IBM, Microsoft and Sun. The chip permanently assigns a unique and permanent identifier to every computer before it leaves the factory and that identifier can’t subsequently be changed. It also checks the software running on the computer to make sure it hasn’t been altered to act malevolently when it connects to other machines: that it can, in short, be trusted. For now, TPM-equipped computers are primarily sold to big corporations for securing their networks, but starting next year TPMs will be installed in many consumer models as well.
With a TPM onboard, each time your computer starts, you prove your identity to the machine using something as simple as a PIN number or, preferably, a more secure system such as a fingerprint reader. Then if your bank has TPM software, when you log into their Web site, the bank’s site also “reads” the TPM chip in your computer to determine that it’s really you. Thus, even if someone steals your username and password, they won’t be able to get into your account unless they also use your computer and log in with your fingerprint. (In fact, with TPM, your bank wouldn’t even need to ask for your username and password — it would know you simply by the identification on your machine.)
The same would go for online merchants — once you’d registered yourself and your computer with an Amazon or an e-Bay, they’d simply look for the TPM on your machine to confirm it’s you at the other end. (Of course you could always “fool” the system by starting your computer with your unique PIN or fingerprint and then letting another person use it, but that’s a choice similar to giving someone else your credit card.)
Another plus for the TPM is that your computer will be able to make sure that it’s really a legitimate e-commerce site you’re connected to, and not some phishing-style fraud. There would still, of course, be ways that you could access your bank or e-commerce accounts from other computers when you were traveling, but the connection wouldn’t be as secure as using your own computer. Plans are already underway to put TPMs into smartphones and other portable devices as well.
The TPM will become even more important as we move toward Web-based applications, where we may actually store our documents and files on remote servers. The TPM could automatically encrypt any files as soon as they left your computer, and only allow decryption privileges to your TPM and any others you might specify. It could automatically encrypt email as well, so that only specific recipients are able to read it. And it could more firmly identify where email originates, taking a big step forward in controlling spam at the source.
That is the potential good news. But some critics are worried that the TPM is a step too far. Their concern particularly revolves around using the TPM to control “digital rights management” — that is, what you can and cannot do with the music, movies and software you run on your computer.
A movie, for example, would be able to look at the TPM and know whether it was legally licensed to run on that machine, whether it could be copied or sent to others, or whether it was supposed to self-destruct after three viewings. If you tried to do something with the movie that wasn’t allowed in the license, your computer simply wouldn’t cooperate.
Related posts:
- How Personal & Internet Security Works Publisher: QueAuthor: Preston GrallaISBN: 0789735539Release Date: 31 May 2006 eBook...
- Mail and Internet Surveys: The Tailored Design Method 2007 Update with New Internet, Visual, and Mixed-Mode Guide Publisher: John Wiley and SonsAuthor: Don A. DillmanISBN: 047003856XRelease Date:...
- Internet Forensics Publisher: O'ReillyAuthor: Robert JonesISBN: 059610006XRelease Date: 07 October 2005 eBook...
- Stealing the Network: How to Own an Identity (Stealing the Network) Publisher: SyngressAuthor: Jeff MossISBN: 1597490067Release Date: 01 August 2005 eBook...
- Internet & Intranet Security Publisher: Artech House PublishersAuthor: Rolf OppligerISBN: 1580531660Release Date: 15 January...
- Computer-Based Testing and the Internet : Issues and Advances Publisher: WileyAuthor: Ron HambletonISBN: 047001721XRelease Date: 23 December 2005 eBook...
- Webbots, Spiders, and Screen Scrapers: A Guide to Developing Internet Agents with PHP/CURL Publisher: No Starch PressAuthor: Michael SchrenkISBN: 1593271204Release Date: 30 March...
- Software Engineering for Internet Applications Publisher: The MIT PressAuthor: Andrew GrumetISBN: 0262511916Release Date: 06 March...
- Essential Computer Security: Everyone’s Guide to Email, Internet, and Wireless Security Publisher: SyngressAuthor: Harlan CarveyISBN: 1597491144Release Date: 01 October 2006 eBook...
- Scalable Internet Architectures (Developer’s Library) Publisher: SamsAuthor: Theo SchlossnagleISBN: 067232699XRelease Date: 21 July 2006 eBook...
Home > About This Post
This entry was posted by Administrator on Thursday, December 15th, 2005, at 3:18 pm, and was filed in The other side.
Subscribe to the
RSS 2.0 feed for all comments to this post.
Post a Comment
You must be logged in to post a comment.