Phoenix Technologies has announced a new product designed to tag and identify Windows PCs using a BIOS-protected encryption key.
The software, called TrustConnector 2, works by creating a unique encrypted key, which is then stored either in a Trusted Platform Module (TPM) chip, or in an area firewalled by the Phoneix BIOS, if one is present.
When PCs running the system connect to a network, they can then be identified as legitimate. The attraction for sysadmins is that attackers attempting to access the network using stolen user names and passwords will be refused, despite having legitimate logins.
The software can carry out this device authentication, regardless of connection type. VPNs, wireless connections, and any application supporting X.509 certificates are all supported. A range of x86-derived devices will work with TrustConnector, including PDAs and smartphones.
The company trialled the system in the Japanese market over last year, where it claims to have enhanced its capabilities in a real-world security environment. This explains the fact that the first release is denoted as being version two the first version being the trial software.
According to CEO, AL Sisto, the company had developed the product in response to the limitations of current device identification techniques such as MAC and IP address logging. These were prone to spoofing, which ruled them out for many secure environments.
The encrypted keys used by TrustConnector were secured in hardware because that offered the highest degree of protection from tampering. TPM chips, secure NICs, and hidden areas of the hard disk only accessible by the Phoneix BIOS, are all supported.
The advantage of using BIOS-level protection was that the PC would not require a hardware upgrade, he said.
Sisto emphasised that TrustConnector had no bearing on the controversy surrounding using Trusted Platform Modules to enforce digital rights management. It was simply another technology for helping with the authentication process, he said.
Pricing for TrustConnector, including the back-end server system, will be announced this week.