Search:

Newsletter:

CSIRO develop secure two-way transaction device

19 February 2008 03:11PM
Tags: csiro | develop | secure | twoway | authentication | device

Related Articles

• VeriSign boasts secure authentication in the cloud
• Freescale touts two-way traffic TV remote
• CSIRO launches Mantis
• CSIRO in fight to keep masses of data to a minimum
• CSIRO launches Mandarin podcasts

The CSIRO has developed a prototype portable device aimed at minimising the risk associated with performing transactions in untrusted and unknown computing environments.

The prototype, dubbed the Trust Extension Device (TED), is a self-contained, closed software system that consists of a small operating system as well as a set of applications and encrypted data. It can be loaded onto a portable device, such as a USB memory stick or a mobile phone, and then issued to users who require secure two-way communication with other devices.

“The idea is that the person or organisation issuing the device runs their own computing environment and applications within the TED,” said CSIRO ICT Centre project leader, Dr John Zic.

When used, the device creates its own environment on an untrusted computer and, before it runs an application, establishes trust with the remote enterprise server. Both ends must prove their identities to each other and that the computing environments are as expected.

Once the parties prove to each other they are trustworthy, the TED accesses the remote server and the transaction takes place.

“The problem is that trust is currently tied to specific, well-known computing environments,” Zic said. “TED makes that trust portable, opening the way for secure transactions to be undertaken anywhere, even in an internet café.”

CSIRO started developing the TED after focus groups run by the Centre of Networking Technologies for the Information Economy, funded by Australian Government, suggested developing a device to facilitate trusted transactions and provide authorised people with access to confidential and private information.

For instance, banks could use a technology like TED to provide authorised customers and employees with access to financial data or conduct financial transactions over the internet.

“Wherever you go, whichever machine you run on, you and the issuer can be confident both parties are known to each other, cannot engage in any malicious acts, and that the transactions are trusted,” Zic said.

The CSIRO ICT Centre is currently calling for expressions of interest from parties interested in licensing the technology.