Technology Roundup: Is Your PDA Secure?
We hear a lot of talk—and see a lot of products—designed to protect laptops,
desktops, and networks from theft and security breaches. But what about
personal digital assistants (PDAs)? Not only are they completely portable
and thus quite likely to be left behind somewhere, but they often contain
confidential data.
Sure, they're relatively cheap to replace. But as with any computer,
it's the information inside them that holds the real value. What's more,
with their port and beaming capabilities, PDAs also serve as access points
into users' desktop machines and all their proprietary assets. Here's
a look at software products that protect these small devices from invasion.
OneTouchPass
OneTouchPass 2.3 from Softava controls entry into the PDA by touch control.
Users identify a series of touch points, in a particular order, on the
screen image. That sequence becomes a password that unlocks the contents
of the PDA. Users can select any image they want for touch control by
uploading a favorite photo or image, or they may use one of a set of screens
provided by OneTouchPass.
The touch system overlays the text password. If the wrong touch sequence
is entered, the system reverts to requiring a text password. If someone
shuts off the device before entering the text password, OneTouchPass requires
the text password upon starting again. Also, if a user turns on the PDA
and d'es not see the OneTouchPass screen, he or she knows that the device
has been tampered with. According to Softava, even a single-tap password
provides more than 99 percent security, so adding multiple tap sequences
improves security without adding considerably to start-up time. Contact:
Softava, www.onetouchpass.com
or www.softava.com.
PDA Defense
PDA Defense takes a different approach to PDA security. To gain access
to applications and functions on the PDA, users must enter a password
either by typing on the keyboard or by using a hardware button. According
to the product manufacturer, start-up time is immediate after entering
the password. The product is built on the PDABomb Security Platform, a
multi-tiered security system that uses industry-standard encryption.
PDA Defense is available in standard (Palm), professional (Palm and Pocket
PC), and enterprise versions (for Palm, Blackberry, and Pocket PC). PDA
Defense Standard protects five core PDA applications: address book, date
book, to-do list, memo pad, and mail. The professional version adds additional
features, including 128- or 512-bit Blowfish encryption which protects
all information stored anywhere on the device; application lockout, which
prevents unauthorized users from accessing applications without the password;
and additional lock, stealth, and bitwiping functions.
The enterprise edition allows an administrator to create versions of
the software that make particular security features mandatory or optional.
Only the administrator can access or change the instructions. Contact:
Asynchrony, St. Louis, Mo.; (314) 678-2200; www.pdadefense.com.
PDA Secure
Trust Digital's PDA Secure, also password operated, is available for Palm
OS, Pocket PC, and Symbian. The software, which incorporates six different
encryption standards, enables secure password and data encryption. Users
can operate the Palm version in either Local Mode, which locks all applications
on the PDA, or Global Mode, which completely locks the PDA itself, forbidding
any use. It comes in three product lines: PDA Secure Standard and Premium
for individual users, and Enterprise and PDA Policy Editor for network
users and centralized managed security. Premium offers more features and
encryption algorithms than the Standard version. Enterprise is the client
piece and Policy Editor is the server piece of the network edition.
Trust Digital's product lets users define a sequence of touches for identification
rather than a password, when that is more convenient. Users can switch
from password to touch ID when they want to unlock the device subtly or
perhaps in secret, while it is still in a purse or backpack. Contact:
Trust Digital, Fairfax, Va.; (703) 246-9198; www.trustdigital.com.
PDALok
PDALok requires not a password, but a signature to gain access to the
device. The use of Penflow Biometric Signature Recognition affords several
advantages. For one thing, it's one less password to remember. Signing
on and gaining access only takes a moment, even for longer signatures.
The software creates a personal profile for each user, recognizing the
signature, with its typical variations, over time.
Even though no signature is exactly the same, this software purportedly
can identify between authentic and forged signatures. The lock prevents
unauthorized users from gaining access to any of the PDA's functions and
from synchronizing it with a desktop PC. Users can change their signatures
by first entering the old signature and then entering the new one. The
software can also be used to sign word documents and to verify signatures
that are sent to the user. Contact: PDALok, Bio4 Limited, Hampshire, England;
44 (02392) 627 979; www.pdalok.com.
