Month: September 2004

The National Highway Traffic Safety Administration, part of the U.S. Department of Transportation, will give Digimarc a $1 million grant to collaborate on the study with states.The program will examine the possibility of creating licenses with embedded digital watermarks that can be read by machines operated by police officers, retailers and other people.

“Part of the value is that this shows good cooperation between federal and state governments, a number of which are already deploying the technology,” said Reed Stager, a Digimarc vice president. “This can be used to increase highway safety; it can reduce underage drinking…and also has potential to help reduce ID theft and fraud.”

Although driver’s licenses are ordinarily overseen by each state, the federal government is exploring ways to make such identification more secure, as part of an effort to improve highway safety and reduce counterfeiting. The federal drive for more secure ID has also been given impetus by concerns about homeland security. Many state driver’s licenses already have magnetic strips containing data, such as age, about their holders. This technology is built to commonly available specifications and is relatively easy to counterfeit, however.

Digimarc says its “covert watermarking” technology would provide an additional layer of security, since it would be harder to mimic. The Beaverton, Ore.-based company said it plans to use the $1 million grant to help fund state implementations of the watermarking technology, as well as to help establishments such as state-owned liquor stores to purchase card readers.

The pilot program is expected to be completed in late 2005, the company said.

http://news.zdnet.com/2100-1009_22-5390619.html?tag=default

According to the Meta Group, passwords aren’t cutting the mustard because of both organizational and user failings, as well as a lack of cost-effective alternatives.

“Enterprises are pretty frustrated with passwords,” said Earl Perkins, vice president with the firm’s security and risk strategies group. On the organizational level, Perkins said that passwords’ failings range from enterprises wasting time creating convoluted policies to spending too little time protecting crucial applications.

On the end-user front, meanwhile, passwords are ineffective when people have too many to maintain. But the issue with password protection isn’t just numbers, said Perkins.

“From a cultural standpoint, many individuals don’t believe the value of the password reflects the value of the assets it protects.

The solution that enterprises are looking for is a low-cost way to add strong authentication to identity management. Among the possible additions or alternatives to passwords are such concepts as tokens, smart cards, and PKI-style services. “But it’s going to take someone willing to drive down the price of, say, tokens to create a low-cost solution,” he added.

There are hints that that might happen as early as the end of 2004 or the beginning of 2005, Perkins said, if only because rivals of RSA, the dominant player in the identity management market with its SecureID, want to break its grip. “If a competitor can shake that tree, things will loosen up.

One of Meta Group’s clients, for instance, wanted to deploy a token-based authentication to its entire 60,000+ employee workforce, but the price tag was simply too high.

Instead, companies tend to apply the higher-cost, but more secure, authentication to higher-value assets, such as servers, and leave passwords, as ineffective as they are, to defend other assets, like desktops.

http://www.techweb.com/wire/security/47900125