Technology Exploration Project – M591
Patented products boast more security, but privacy might be compromised
Patented protection by wireless connection, patented personal keys for authentication please
The two authentication and data security systems that shall be analysed by this paper are Kai Corps. Passmemory(R) system (Kai Corporation, 2007a), patent number 7065786 (United States patent, 2006) and Radio-IP’s Radio IP MTG system (Radio IP, 2007), patent number 6947431 (United States patent, 2005), with the main area of exploration being how the patent can alter the product, with explicit views on the known and potential privacy risks. To do this the patents themselves will have to be explored in order to determine what information is released into the public domain when a patent is taken out on the product. As well as this any known or potential attacks on the system will be explored, with special interest on how the disclosure of information about the product in the patent has caused potential and real problems for the security provided by the product. The weaknesses due to information being released into the public sector by patenting the product shall be expanded on in the section about potential effects on personal privacy, looking at how secure the system is and how much personal information is contained by the system, as well as looking into the potential effects of insecurity in the system. The commercial strategy used to sell each system will be explored to show how the patent has altered the strategies for marketing the product. It is important that the focus on how the product is altered by the patent such as company marketing and production is addressed, in order that privacy risks a user of a patented system are exposed to be explored.
Passmemory is a method that uses personal keys for remote authentication of a user that wishes to use a dedicated server that has the personal keys already inputted into it. The data on the server is secured by encryption, although this paper will be focusing on the patented method of authentication using authenticated personal keys. It is important to keep in mind that the Passmemory system is primarily designed not only for security and authentication of a remote user, but to also provide easy to remember keys in the form of personal names and to stop phishing schemes by using mutual authentication.
Radio IP MTG is a system that secures data between a remote user and a server, the remote user is potentially mobile and may be using an unsecured network to communicate with the secured server, which means that both the connection and information passed to the server must be encrypted. The encryption of the data and the method of authenticating not only the user but the route taken shall be explored by this paper. The main patent in this system is the data encapsulation method that is used to not only secure the data but to also route the data whilst it is in transit over potentially insecure networks between the mobile user and the server. The main way in which this method differs from previous products is that this system is devised to provide protection for a mobile device connecting over wireless networks, as it is stated that it is necessary to have an in depth knowledge and understanding of their unpublished protocol in order to make the data encapsulation redundant (Radio IP, 2007).
The systems that have been patented have gained a protection for the company’s interests; however this protection for the company has potentially altered the amount of protection provided by the system for the individual’s privacy. Although the act of patenting the product has not directly altered the product, it has altered the amount of protection provided by the product in that the disclosure of information about the product may make the data easier to corrupt. Each of the two companies aim their patented products to provide protection for remotely accessing data on a server, but they have different levels of protection for personal privacy, with the Passmemory system providing high levels of personal privacy for authentication whilst providing less protection for the security of data on the server. Radio IP MTG concentrates more on the security of the personal information on the server, and less about the personal privacy of the claimant that wishes to be authenticated. The marketing strategies used by each company are totally different as well, with Radio IP MTG preferring to sell their products themselves by going directly to their customers and generating extra revenue through support of their product, whereas the Passmemory system is sold through one of Kai corp. business partners. It seems that when it comes to personal information the main area to consider is how much personal information is too much, with the amount of gain from disclosing the personal information measured by the amount of security provided by this information, as well as the potential problems such as discrimination that could be faced should the information be corrupted, so the main issue is that it is truly a matter of balance in order to gain maximum performance in the area of correct authentication.
What is covered by the patents: both systems have patented authentication techniques
The most important thing to look at when exploring how a patent alters a system and the potential privacy of that system is what a patent is, once this is established it is then possible to attempt to analyse how the system can be altered by the patent. Pressman (2006, p. 10) states that “A patent is a grant from the federal government that gives an inventor the right to exclude others from making, using, selling, importing, or offering an invention for sale for a fixed period of time”. This means that once a patent has been taken out on a system or product, the patent holder is afforded rights to control the creation, distribution and use of the patented item. This alteration of control over the complete cycle of the product from creation to end user affords the patent holder the ability to have complete control over producers and distributors for a fixed period of time, which although it does not directly alter the system, may alter the production of the system as well as the marketing of the system.
Passmemory is a system and method for facilitating password control with provided maintenance, the system is provided where a multitude of categories are set so that a single piece or multiple pieces of information that are familiar to the user can be set as a password element or elements for each category. Each sampled password element which is grouped according to a category that is randomly sampled from a stated category is displayed, in random order, together with a multitude of scramble elements on a display device. Of those elements displayed the user has to chooses selected password elements that are familiar to them if all of the selected password elements match the preset sampled password elements, authentication is issued to the user (United States patent, 2006).
There are various claims made by the Passmemory system about the authenticity of their system, which are stated in a simple manner below; A password generation and verification system where a password element is associated with a specific category in group storage of the whole element. Password information can include image information; with mixed element group generating is transmitted via telecommunication line securely to the menus on the user’s display, with the process including utilisation for fixed telephone, cellular telephone, and the Internet. When a password element is not selected in a certain amount of time the password element is not verified. A method for verifying a password, comprising the steps of randomly specifying, from a multitude of element groups that belong to a category that is pre-selected from a multitude of different categories, a predetermined number of such element groups, where in each element group there is a multitude of password elements that belong to the category; mixing a sampled password element that is randomly sampled from one of specified element groups with sampled scramble elements. The system can verifying a selected password element to a sampled password element for each category and provide authentication when all of the selected password elements match the sampled password elements. There is a step of sending a mixed element group onto a display device that is electrically coupled via a telecommunication line for utilizing a fixed telephone, cellular telephone, and the Internet, and receiving a selected password element via a telecommunication line. All of these claims are used to patent the product by claiming that each of the areas claimed are significantly different from any other system (United States patent, 2006).
The Radio IP MTG is a gateway for a wireless network, which allows any wireless device to communicate using the Internet Protocol. The radio gateway works as an agent between the Network Driver Interface Specification (NDIS) layer and the wireless network. The gateway removes the TCP/IP header and adds its own header that can be used to route the packet to the desired server (United States patent, 2005).
There are various claims made by the Radio IP MTG system about the authenticity of their system, which are stated in a simple manner below; Radio IP MTG is a gateway for transmitting data packets between a wireless network and a second network. The gateway comprises of a database of data associating at least one wireless terminal with at least one destination address, the data includes for each of the devices at least one wireless terminal, at least one wireless terminal identifier, at least one source address of at least one wireless terminal according to a protocol of a second network and at least one destination address on a second network. A database manager is used to collect information from data packets received from at least one wireless terminal in order to build up and maintain a database; a header builder receiving data packets from the wireless network without a header suitable for the protocol of a second network should build a suitable header based on the data and information contained within the data packets received and outputting data packets with suitable headers for transmission on the second network. The database manager responds to request messages from at least one wireless terminal, with the request messages comprising information about a communication, the response to the request messages allocates an Identification Number (ID), and header builder reads the ID to determine any information, with the ID being sent to at least one wireless terminal. If the ID has at least a Sub Identification Number (Sub-ID), the Sub ID being used when many of at least one destination address are being simultaneously managed with a single ID, at least one destination address is to be distinguished by the system. The database manager only stores one of the destination addresses per terminal and automatically builds data from the header information received, with the packets received with correct header information being forwarded without a wireless header on the second network and the header builder building header information for a destination address for subsequent packets which do not have any header information. The gateway is able to compress, encrypt and encapsulate the data in the packets prior to transmission to the wireless terminal, also being able to use either a public or private keying scheme. A memory manager requests a response message from sent wireless packets, where the response messages to the mobile wireless terminal gives an Identification Number (ID), and the memory manager reads the ID to determine the header information. As well as this the ID has a sub identification number (Sub-ID), for when many destinations are being simultaneously managed. All of these claims are used to patent the product by claiming that each of the areas claimed are significantly different from any other system (United States patent, 2005).
Patents protect company’s rights, at the expense of security and potentially individual privacy
A patent gives an inventor the right to exclude others from making, using, selling, importing or offering an invention for sale for a fixed period of time, this right gives the owner the right to sue any infringers of the rights provided by the patent (Pressman, 2006, p. 10). If a patent owner wins a lawsuit they can stop the infringer from making, using or selling their invention, as well as this it is possible to get compensation from the infringer, as well as possibly getting the infringer to pay for the costs of the lawyer. It is important to note that although it is stated that a patent provides protection, it is provides more offensive rights than protection, but sometimes the best defence is a good offence.
Although protection is not explicitly provided, the offensive rights do deter most infringers of the patents, with the patent lasting for a variable amount of time depending on what is being patented as well as if all necessary fees are paid. It used to be that utility patents, which are patents that function in a unique manner to solve a problem such as the two systems explored by this paper, lasted for 17 years, but since 1995 all patents last for 20 years, this may be extended due to delays in application for the patent (Pressman, 2006, p. 10).
A patent requires the patent inventor or inventors to fully disclose the new technologies, methods and anything necessary to recreate the technology, which instantly introduces issues in the fact that the patented system can be easily copied or recreated just using the patented information. This means that not only can the system be easily be copied but any potential flaws in the system or potential flaws will be publicly disclosed, making the system easier to find any flaws that may exist. This means that the data secured by the system is put at extra risk so the company patenting the system must be sure that the system can withstand any attacks made against the system. The important factor to consider is the fact that potentially personal information protected by the system is exposed to yet another risk that could potentially be avoided by using other methods of protecting the system form being copied such as copyright or a trade secret.
In the situation or acquiring a patent the disclosure of information relating to the new technologies used by the system being patented means that personal information, both that is used by the system to authenticate the user and personal information that is stored by the system for protection is put under extra risk, so the company patenting the system must be sure that the methods the system uses are secure enough to stand up to multiple high level attacks, as well as using other tried and tested technologies to secure the data.
A patented product has brand new technology, but new is not best: encryption Vs personal keys
In order for a patent to be successful the system being patented must be original and substantially different from any similar technology, which means that the technology used will either be completely new or totally different to any similar systems. Although this means that the system will not have any known attacks when it is first released, this brings both disadvantages and advantages for the system. This is because although the system may have no known attacks, the method of patenting the system makes any new technology publicly available, as well as exposing any old technologies that may also be used. This means that the information about how the system authenticates or secures information can be viewed by anyone, thus making it more likely that successful attacks can be devised. This also means that the company patenting the product must be confident that information authenticated or secured by the system will not be compromised by making publicly available the methods used by the system.
The technologies used for the authentication of each system will be explore in the next few sections to provide insight to the technologies that each company is using to secure data authentication, it is possible to see that the Radio IP MTG system uses combinations of old encryption standards in a new way to secure data by encapsulation, whilst the Passmemory system uses a new method of authentication keys in order to authenticate a user to the system.
Data Encryption Standard (DES) and Triple Data Encryption (TDES)
The Data Encryption Standard (DES) is the standard method for encrypting information that was in use before the Advanced Encryption Standard (AES) and was selected by the United States in 1976 (Wikipedia, 2007c). The algorithm that was used has classified design elements and a short key length compared to AES. DES is now considered generally insecure mainly because the 56 bit key size is too small for the modern processing power that is available, as it has been shown that DES keys can be broken in less than 24 hours. There are also theoretical weaknesses that have been shown in the cipher, however if the DES is run three times on the same piece of data these issues are believed to be addressed, although theoretical attacks still exist (Wikipedia, 2007d). This triple DES is not vulnerable to the brute force attacks that DES was vulnerable to, however AES has replaced all DES ciphers as the more secure method of encrypting data.
Advanced Encryption Standard (AES) encryption works by scrambling data
Advanced Encryption Standard (AES) effectively scrambles the data so that unauthorised users cannot gain any information from data they make have encountered, as they would need to have the program used to encrypt the data as well as the knowledge of the password used to generate the encryption key. This section aims to provide basic understanding of hoe AES works and why it is used. The Advanced Encryption Standard (AES) is used by Radio IP MTG with a 256 bit key (Radio IP, 2007), along with static IP addressing, DES and triple DES. AES has been available for commercial use since 2001 (Wikipedia, 2007a) when it effectively replaced the Data Encryption Standard (DES). AES has a fixed block size of 128 bits and a key size of 128, 192 or 256 bits. R-Guard uses the largest key size which means that the key size array is larger than the fixed block array, which helps to further secure the data by adding in more redundant data. The redundant data makes the ‘value’ of the original data increase by adding in the extra redundant bits, the example of encryption shall be done using the same size arrays for simplicity. There are four main steps taken when encrypting using AES, these are explained below with Pictures 1, 2, 3 and 4 taken from Wikipedia (Wikipedia, 2007a) showing how AES can be used to encrypt and thus secure data.
Sub-Bytes is a non-linear substitution step where the data block array is substituted into the key array into its relevant byte position, according to a lookup table.
Shift-Rows is where each row of the state is shifted a certain number of rows. The first column is not shifted, the second is shifted by one row, the third row is shifted by two rows and so forth until the pattern has been completed for the entire block.
In the Mix-Columns step each column is multiplied with a fixed polynomial (C(x)). The four bytes of each column are combined using this linear transformation. Each of the four inputs to the fixed polynomial function has an impact of the resultant four outputs from the function.
In the Add-Round-Key step each byte of the state is combined with the round key, which is derived from the cipher of the key array, this is done using a key schedule. A key schedule is an algorithm that uses the key to calculate various sub keys using mathematical functions. It is these sub keys that can then be used in this process.
All of this produces an encrypted matrix of bytes that can be deciphered using the reverse of the above steps, where the key array is a necessary component in deciphering the encrypted data. This helps to secure the data from being viewed by unauthorised users, with the knowledge of the attribute of the encryption key authenticating any user that wishes to view the encrypted data. In its simplest form the data has been scrambled and large amounts or redundant data has been added, this type of authentication assumes that only a user with clearance to view the data will have access to the program that encrypted the data, as well as the password that generates the random key. This means that the authentication uses something the user has, which is the program used to encrypt the file, as well as something the user knows, which is the password that the user knows was used to generate the random key.
Encryptions can be broken, but when used correctly this does not matter
Although encryption is difficult to break, it is not impossible, but although it is possible to break almost any encryption, encryption is still used due to the fact that specalised knowledge is usually required to break an encryption, that which most people would not possess, as well as the time taken to break the encryption. Encryption generally secures data by using complex algorithms that are difficult to break, as shown by the example of DES, TDES and AES encryption, encryption uses the complex mathematics in an attempt to secure data that can either be stored in this secure format or transmitted in this secure format. The advantage of using encryption is that it is very difficult to break, even if the hard drive is removed and a different computer possibly with a different operating system is used to access the data, the data should remain safe so long as the data remains encrypted (Godbout, 2007, p. 42).
The encryption used by the Radio IP MTG is a two fold method of authentication, as not only is the authentication encrypted, but all the transferred data is encrypted. Although this authentication is redundant in the fact that an encryption key can be broken given enough time without any level of authentication, it is still considered to be a highly secure method of securing data as the timescale involved in breaking an encryption is usually to long to be realistic, dependant on the encryption method used. Most encryptions can be broken by computers running specalised programs, but the idea is that the encryption is so difficult to break that by the time it can be broken the data protected would either have become redundant or a more secure method of protecting the data would have been invented.
Personal keys are easy to remember as well as providing a high level of security
Personal keys as used by the Passmemory system are the full names of individuals who are stored in the long term memory of the individual that needs their identity to be authenticated. This information is entered directly onto the server that the user may wish to access remotely, where the data is stored securely using a mixture of altering the table fields and encrypting the data. This is to secure the data should the server be broken into, so that the information can not be used to break into individual accounts. Once a server has been successfully attacked it would be advisable in the interest of security of the system for all the users to change their passkeys, as although it may be difficult for the data to be decrypted, as with all encryption it is possible that given enough time and processing power that any information could eventually be recovered. This said, personal keys are able to have the level of security in the authentication process altered for the application that they are designed, as adding more ‘rounds’ where a user can select names will obviously increase security, as well as increasing the amount of false names shown.
Personal keys are readily available to the user, but may not be individually secure: security through obscurity
Although individual keys are easy to remember for the individual, the easier they are to remember then they are potentially more insecure, as the more obscure the relationship with the name, the less likely any connection can be found. Personal keys as used by the Passmemory system are the full names of individuals who are stored in the long term memory of the individual that needs their identity to be authenticated. If the Names stored by the individual are that of close family then all anyone wishing to break the authentication process need do is to choose the names with the same Surname of the individual who they are logging in as. If names of close friends are used 90% of the users tested using the Passmemory system were able to break into a secured account using Facebook to find a list of the targets close friends. This means that the most secure names would be through loose or obscure relationships that were not well documented, thus meaning that to obtain a high level of security out of the Passmemory system the advantage of having easy to remember keys may be negated by the obscurity of the keys for improved security.
Although each system is not totally secure, they are both fit for their purpose
The Passmemory system is highly efficient at stopping phishing attacks due to the mutual authentication that is required by the very nature of the systems authentication method. The method of using personal keys is patented and claims to make passwords a thing of the past by replacing them with names known to the user that are used as keys. Phishing is combated by this system as it is impossible for a fraudulent site server to know the names necessary to populate the list in order to get the user to disclose their details, in this way mutual authentication is done as the user knows that the server is who they claim to be if they are able to populate the list with known names, with the user being authenticated on their ability to choose the correct names out of the list. This means that although the system may not be the most secure method available, it is able to be fit for purpose in the fact that it can use keys that are easy to remember by the user, as well as combating the problem of phishing, which is one of the main selling points of the product.
The main objectives of the Passmemory system is to stop online scammers from doing attacks and protects from attacks such as phishing, key logging, spoofing or account sharing and social engineering (Kai Corporation, 2007a). The very design of the Passmemory system means that phishing and key logging does not prove a threat as the keyboard is not used to enter in a password, as well as the mutual authentication of the client and server stops the problem of phishing. As well as this spoofing and account sharing is combated as it requires a large amount of effort to tell other people of all the existing keys, and in the same way it would be more difficult for a scammer to get a user to divulge multiple keys.
Another of the main points of the Passmemory system is to provide the user with device free, user friendly logins, which upon interviewing 50 randomly selected people most thought that the Passmemory system would be very simple to use and would alleviate the problems encountered by using passwords. The Passmemory also does not need very complex or specalised devices at the user end, such as a password generating device and the information transmitted is already publicly available so there is not and additional personal information being disclosed other than that which already freely available.
Radio IP MTG uses multiple methods of encryption, authentication, data encapsulation and data tunnelling to secure the data that needs to be transmitted over the network from a mobile or wireless connection. As stated earlier the patented method of encapsulating the data is secure as it is stated that it is necessary to have an in depth knowledge and understanding of their unpublished protocol in order to make the data encapsulation redundant (Radio IP, 2007), however the very act of patenting the protocol has meant that the basic method at least has become publicly disclosed, making it easier for anyone wising to break the method of data encapsulation. This said, Radio IP MTG is still fit for its purpose as it allows remote access to mobile users who may be using wireless connections, due to the heavy authentication at the mobile end and the short connection time, as well as the heavy encryption of any transmitted data as well as the authentication process, it is highly unlikely that any information could be accessed before the data becomes redundant.
Radio IP MTG also has a mathematical compression engine that uses a historical data library for compression, the data transmitted can only be read when the exact history generated by this engine is received with it so no other method can read the data, making Radio IP MTG very secure. However other issues are introduced in the fact that there are many complex devices that may need to be used at the user end, increasing expense as well as the amount of personal information that is likely to be transmitted should a biometric reader be used in the authentication process.
Due to the fitness of purpose of each system, they both stand a good chance of being very successful, however improvements can still be made or both systems. In the case of the Passmemory system, the keys themselves would need to be made more obscure as discussed in a previous section in order that the maximum amount of protection is provided, as well as totally disassociating the key from the user as the link of an acquaintance could easily be found out as this is usually public knowledge. In the case of the Radio IP MTG system improvements could be made in securing the cipher for encapsulating the data, so that it is more difficult to break, as well as adding in mutual authentication in order to combat the problem of phishing, although data should still be secured by the encryption even if it is compromised in the transfer stage. When interviewing 50 people it was found that most of the people considered that the Radio IP MTG method of securing data was more effective, probably due to the large amount of encryption involved and the high degree of authentication technology used to authenticate the user, however most people believed that the Passmemory system would be easier to use, providing a good balance between effective authentication and ease of use for low security systems.
Although the patent does nothing directly to improve the technology used for each system, it does mean that the system will be new in some way which may provide it with an advantage over existing systems. It is important to consider the effect on the security of personal information, not only that which is used by the system for authentication, but any that may be potentially stored by the system, as although the patented technology means that new technology may provide some advantages over existing products in certain fields, the new technologies may expose the user or stored data to other risks that did not previously exist.
What are known attacks on each system: AES, DES and TDES attacks, phishing and research
The Radio IP MTG system is vulnerable to phishing attacks, as well as a number of attacks related to the encryption of the data once the raw encrypted data has been stolen. The attacks for breaking the DES encrypted information have been proved and can be done in less than 24 hours (Wikipedia, 2007c), however as described earlier the weaknesses for TDES and AES are mostly theoretical or impractical, so this method of encrypting the data provides a high level of security. The patented method of encapsulating the data has not been broken yet, however by the own admission of the company that produces the product (Radio IP, 2007) it is possible to break the encapsulation provided by the product with enough knowledge of the system, which is handed to the general public in the form of the patent, which discloses the information necessary to gain an insight into how the system works.
It is important to note that although all the aforementioned attacks can be successful against the individual methods, it is the collaboration of all these techniques that provides the security for the system, leading to no known attacks against the system as a whole currently, although the methods could be used to individually attack certain parts of the system. This means that the personal data potentially stored on the server side is secure from attacks from remote users, however is still vulnerable to attacks that may occur against the building and the data should be encrypted on the server to maximise security should any level of security be compromised, however the are that is not so secure is the transmitted information for authentication, as transmitted biometric information could prove costly and irreplaceable as mentioned earlier should it be intercepted and decrypted, although this is unlikely to happen.
The Passmemory system is vulnerable to brute force like attacks where the user could potentially keep on logging on to the system, as the list is populated by one correct key and multiple incorrect keys selected at random, after a large amounts of attempts the correct key will become known as it would be the only key that continues to reappear in each attempt. This is dependant on the number of false names populating the list and the brute force attack would be obvious to the system administrators, as one user may attempt to log on thousands or millions of times before being successful.
The area that the Passmemory system is most vulnerable is in the area of research, as if the person wishing to fraudulently log onto the system they could use a site such as Facebook to gain an intimate knowledge of the users close friends or family in order to use the names to break the system security. When names of close friends are used 90% of the users tested using the Passmemory system were able to break into a secured account using Facebook to find a list of the targets close friends, however this could be avoided by using obscure relationships such as old pets, however people who have known the user for a long period of time may still be able to break into the system.
The server side does have an advantage in that no truly personal data is used for the authentication, so if the system were to be compromised then data used in the authentication process would not be useful to the person that had attacked the system, however the user would need to alter the names used to secure the account. Although the system protects the user from becoming vulnerable if the system is attacked, any other information on the server would not be secure unless it were encrypted, so although the authentication protects personal privacy the information stored on the sever that could potentially contain more personal information is potentially at risk.
The Radio IP MTG system is more concerned with providing security for the data being transferred and does this through tried and tested techniques of heavy encryption that is usually impractical to break, as well as using a new method of data encapsulation so as to attempt to further protect the data and the route taken by the data to the secure server. The server uses encryption technology to secure data stored on it, however if the data transmitted to the server can be intercepted and the biometric data extracted and decrypted, this poses a large security risk for the user, although currently the level of effort involved in gaining information about one person is usually not valuable, if the biometric data belonged to Bill Gates the data could be invaluable.
The Passmemory system does however actively protect against phishing through the use of mutual authentication, as well as protecting against key logging, spoofing or account sharing and social engineering by the vary nature of the authentication. These issues are currently used by many people attacking other systems and such a way to defend against all of the could prove to be useful, however the security could probably be increase if other methods were used as well such as passwords and encrypted data, although this would make the system less easily useable, so there is a trade off between usability and security.
The patent has not altered how the system defends against attacks, however it has opened the amount of attacks each system could be exposed to, as the disclosure of information about the new technologies used by each system have allowed the systems to be attacked by people that can research how the system they are attacking works. This will allow more sophisticated attacks against the system to occur, however the company’s seem confident that their methods will secure the data, with the Passmemory relying on obscurity of the data and the Radio IP MTG relying on the tried and tested method of encryption as well as the new method of data encapsulation.
The Passmemory system concentrated on the security of the users personal information with little personal information being used at the risk of a less secure system, where as the Radio IP MTG system seems to concentrate more on the security of the data itself at the potential expense of the privacy of information about the user, although the system does attempt to secure the users information as well. There are definitely issues about personal privacy when it comes to either system; however it does depend on what is being stored by each system, as the amount and type of personal information disclosed by each system upon authentication is very varied.
The very architecture of both systems have various weaknesses by their very nature, as the use of a central server brings about phishing attacks as well as various other attacks that involve disrupting or eavesdropping the connection between the remote client and server in some way. The Passmemory system is immune to phishing attacks through the use of mutual authentication; however the security is compromised through the use of publicly available information to secure data. For the Radio IP MTG system the connection is inherently insecure due to the fact that wireless connections may not have a static address and as the medium is air, anyone within a reasonable distance can intercept the transmissions without being discovered. Radio IP MTG attempts to counter this problem by securing the transmitted information with encryption and encapsulating the data, not only for routing the data packets but to protect the data held in the packet. As discussed earlier, encryptions can be broken and if the information is of a sensitive or personal nature, such as biometric information, the person who has intercepted and decrypted the information would have access to unchangeable personal information. It is difficult to suggest an improvement for the architecture, as the server to client connection is necessary for the user to be able to have remote access to information through the internet, however it may be prudent to include mutual authentication for this architecture so as to deter online phishing scammers, whereas for the security passwords and encryption should also be used.
Data security is necessary to protect stored personal information, as well information transmitted for authentication
Data secured by the programs may either be costly or potentially costly to the individual or company should the information become freely available in the public sector. The reasons that leaked data may become costly are due to the perceived value of the data, personal information all has a valve as shown by the Table 1 which has been taken from Godbout (2007, p. 42). This is because the information can be used to take out loans fraudulently in the name of the person who has had their identity ‘stolen’. In the case of large businesses stolen data can revile business secrets that the company would not wish to disclose to the general public, such as potential flaws in products right through to amounts paid for supplies and projected acquisitions. Other events such as that of the Formula One incident recently in the news highlighted the fact that insecure data taken from one team could be used to the benefit of another team. Although the individual information is not very profitable to a thief, as there is usually such a small amount of information available to a data thief on an individuals computer, in the business situation there may be many customer details available if the information is not secure, so the information stored on a business computer is potentially worth a large sum of money.
Radio IP MTG would need the information for anyone who accesses their server to be stored on the server for the authentication process, which means that if an attack on the system were successful then large amounts of biometric data could be stolen about multiple users of the system. This data could compromise not only the business but the individual, as biometrics are becoming more widely used, often as an ‘absolute proof’ that a person is who they claim to be and as mentioned earlier it is not possible to hand out new biometrics to combat the problem of identity theft.
The Passmemory system does not have this flaw, as it uses data that is already public, however the data is not used for other systems and is not associated to other details, however some people may still dislike their names being used to secure other peoples data, as people who were able to break into the system would be able to access names of acquaintances of the user who’s account they broke into. As for the data secured on the server it is not necessary for any personal details about the user to be stored on the server, thus protecting an individuals privacy, but if the data stored by the company is personal by it nature, such as patients records in a hospital, then the lack of security provided by the system cannot justify the privacy of the information about the user. All in all this seems a more secure method for maintaining an individuals privacy during the authentication process, however it does come at a price in that the security of the system is potentially less than if more personal data or unique publicly unknown data was used.
How much personal information is used for each system: Token and encryption Vs personal keys
Although the patents of each system do not directly result in the product having more or less personal information, for the Passmemory system at least it may mean that the user uses more personal information in order to provide more security. The information about names of acquaintances could be altered to disclose even more personal information in the name of security; however this does provide further personal privacy issues. The Radio IP MTG system although it does encrypt all the data is still at risk if the data encapsulation and encryption is broken as information such as biometric data that is almost uniquely personal may be transmitted, thus is vulnerable. The main issue produced by the patent is the fact that both the systems may encounter more sophisticated attacks due to the fact that information about each system has had to be publicly disclosed in order to gain the patent.
With Radio IP MTG the user of the mobile device is verified using a logon name, password, token key, smartcard or biometric device as well as mutual authentication between the mobile device and server using secure keys for authentication, which creates a variety of protection of personal information issues. The use of biometrics although potentially very secure due to their uniqueness, can bring about some very grave personal privacy and security issues. Due to the fact that it is biometric information that is being transferred between the mobile users and secure server over a potentially insecure network it is possible for the data to be intercepted. As the data is encrypted it would not be immediately available to the person who had intercepted the information, however as discussed earlier almost any encryption can be broken, in the case of DES this can be done in less than 24 hours. This means that the biometric information could be used by an unauthorised user to gain access to other systems that use biometric information as the access key, as biometric information is usually considered infallible with biometrics being used by some systems as an ‘absolute proof of identity’, but due to the ownership properties of biometrics this type of fraud can not be countered by simply handing out new biometrics!
The Passmemory system encounters similar problems, but on a lesser scale to that of biometrics as although the information is personal it can be altered unlike biometrics. The main issues with the Passmemory system are that the information itself is not secure enough, as the information of most acquaintances are already in the public domain, with sites such as Facebook collating all this information in one easily accessible place. As well as this although the information can be replaced the user would have to travel to the server which is inconvenient, as well as the amount of names available to the user being restricted if the system does become compromised. It would improve security if another method of authentication were used alongside this, although the Passmemory system does protect a large amount of protection for the personal information of the user of the system, however the security of the system itself may not be so secure, which could drastically effect the personal privacy of any individual who has their data stored on the server itself.
What are the known and potential effects on personal privacy issues: too much personal information makes you vulnerable too
Personal information is generally believed to be more secure due to the fact that it is believed that the more personal the information disclosed, the less likely it is that anyone other than the claimant could successfully present that information upon request, however should the information become compromised, even the most private information would become useless as a ‘key’ for securing data. Furthermore when the information is so personal it is unchangeable, such as biometric information, the possible compromise of that data would render the data useless for the multitude of authentication processes that it may be being used for, which could discriminate the individual from activities that require the biometric ‘key’. It is also possible that the ‘key’ itself could be damaging if leaked, for example if a hospital website used the ailment of a patient as their key to gain access to the online site the disclosure of the key into the public domain could breach the individuals privacy. The main issue is that although personal information can be used to protect information by correctly authenticating a user, relinquishing too much personal information can make the individual become vulnerable should the data be compromised.
The advantages of using personal information to authenticate a user and thus to protect data are that the more personal the information, the more accurate the likelihood that the person providing the information is who they claim to be. Biometric is a strong method of authenticating an individual, although it is often used incorrectly as absolute proof if identity, as biometric data is not infallible due to mistakes made by computers, the possibility of identical twins and other possible methods of fooling biometric readers. The whole point of using personal information is to prove beyond reasonable doubt that a person is who they claim to be.
The disadvantages to using personal information mostly stem from the privacy issues that arise from disclosure of personal information, as well as the potential for loss due to identity theft or the possibility of discrimination. It is a fine balance between the level of security that can be provided and the infringement on personal issues that may occur from releasing private data that could potentially make it into the public domain in the instance of the two systems. People could be sceptical of using the two systems due to the fact that their information could be profiled, personal information may be stolen thus allowing others to steal money form them or pretend to be them or they may feel that the disclosure of the information may cause people to discriminate against them as they may be from an ethnic minority or have a disease such as cancer that they do not wish others to know about.
As stated earlier it is a question of balance between the potential gain of using large amounts of personal information to prove beyond reasonable doubt that a claimant is who they claim to be whilst not violating the rights of the individual by making them disclose information which is highly personal and may allow others to discriminate against them, or steal the very proof that they would use thus making their claims to an identity more difficult.
What is the commercial strategy used to sell each system: waiting for customers to come to you Vs seeking out potential clients
The practice of marketing a product has been used for thousands of years in order to put a product on the market that meets a demand in order to satisfy the needs or wants of a customer for a profitable return (Viardot, 2004, p. 2). It is due to the customer’s needs and wants that the two systems have been placed on the market, in the case of the Passmemory system to make the authentication process simpler whilst stopping phishing, key logging, spoofing or account sharing and social engineering by using mutual authentication. In the case of Radio IP MTG the customer’s needs are perceived to be a high level of security through biometric authentication and data encryption whilst still being able to access information remotely from a mobile location that may use a wireless connection.
Each product is marketed to the needs of the target customers, pushing the new and improved features that each system brings to the customers. Although the specific marketing strategies used by each company are not disclosed in order to protect their customer base, the marketing strategies can still be theorised based on their affiliations and target customers. Both companies have their products advertised on the internet, as well as Radio IP MTG disclosing brochures about their system and Passmemory providing an online demonstration of how the product works. Both the companies state how they give talks about their products, which means that they actively pursue their customers who will be interested in their systems.
The patent means that the company has dominance over their technology, with the ability to control who makes, distributes and sells their products. This means that they have a smaller competitor base, are able to choose who they wish to help them sell their product and they know that they hold the exclusive rights to the system. The patent does not mean that the company can afford to relax by any means, as the company needs to produce a strong product brand that will last long after the patent expires. In the case of Radio IP MTG the company provides a great deal of support for all of their products and also generating a renewable source of revenue.
Business partners can help companies to sell their products through the use of their partner’s customer base, as well as generally helping to sell the product itself. The Passmemory product marketing and distribution is handled entirely by their business partner, the Brains Inc. This means that the company does not have to use a large amount of resources in order to sell their product, although the profits experienced may be reduced due to the fact that the business partner may need some of the profits to pay for expenditure necessary for advertising the product.
The business model including the marketing strategy for the Brains Inc. (2007) is shown below and shows how they feel that the marketing strategy is an important and integral part of the product (Brains Inc, 2007).
The best marketing strategy depends on the company’s available resources as well as their long term goals, renewable revenue should be considered as well as making a strong brand so that when the patent expires the product is still the one the target customers want. The price for each product is not provided by either of the researched companies, due to the fact that the systems are customised for the individual purchaser. The level of security and any extra encryption is provided, as well as any additional support necessary for installing and maintaining the product. This is an expensive procedure to go through in order to customise the products for an individual clients needs, thus the costs of each of the systems must be represented by this fact. It is stated by Radio IP MTG (Radio IP, 2007) that their products are in use by the police who need to access secure personal information in mobile situations, which indicates long term contracts with various governments. The marketing strategy used by each company matches their individual abilities with the products tailored to meet the specifications of their customers; the hope will be to make a strong customer base which can supply a renewable source of revenue for the company.
Patenting a product fundamentally alters the protection provided by the product
The systems that have been patented have gained a protection for the company’s interests; however this protection for the company has potentially altered the amount of protection provided by the system for the individual’s privacy. Although the act of patenting the product has not directly altered the product, it has altered the amount of protection provided by the product in that the disclosure of information about the product may make the data easier to corrupt. Each of the two companies aim their patented products to provide protection for remotely accessing data on a server, but they have different levels of protection for personal privacy, with the Passmemory system providing high levels of personal privacy for authentication whilst providing less protection for the security of data on the server. Radio IP MTG concentrates more on the security of the personal information on the server, and less about the personal privacy of the claimant that wishes to be authenticated. The marketing strategies used by each company are totally different as well, with Radio IP MTG preferring to sell their products themselves by going directly to their customers and generating extra revenue through support of their product, whereas the Passmemory system is sold as a solution to phishing as well as other similar scams through one of Kai corp. business partners, the Brains Inc.
The architecture of both systems have various weaknesses by their very nature, as the use of a central server brings about phishing attacks as well as various other attacks that involve disrupting or eavesdropping the connection between the remote client and server in some way. It is difficult to suggest an improvement for the architecture, as the server to client connection is necessary for the user to be able to have remote access to information through the internet, however it may be prudent to include mutual authentication for this architecture so as to deter online phishing scammers, whereas for the security passwords and encryption should also be used. The best marketing strategy depends on the company’s available resources as well as their long term goals, renewable revenue should be considered as well as making a strong brand so that when the patent expires the product is still the one the target customers want. The price for each product is dependant on the level of customisation necessary for the individual purchaser. The level of security and any extra encryption is provided, as well as any additional support necessary for installing and maintaining the product. This is an expensive procedure to go through in order to customise the products for an individual clients needs, thus making the product a high end specalised product tailored exactly to the customers needs. The marketing strategy used by each company matches their individual abilities with the products tailored to meet the specifications of their customers; the hope will be to make a strong customer base which can supply a renewable source of revenue for the company.
It seems that when it comes to personal information the main area to consider is how much personal information is too much, with the amount of gain from disclosing the personal information measured by the amount of security provided by this information, as well as the potential problems such as discrimination that could be faced should the information be corrupted, so the main issue is that it is truly a matter of balance in order to gain maximum performance in the area of correct authentication.
Appendix
When interviewing 50 people it was found that most of the people considered that the Radio IP MTG method of securing data was more effective, probably due to the large amount of encryption involved and the high degree of authentication technology used to authenticate the user, however most people believed that the Passmemory system would be easier to use, providing a good balance between effective authentication and ease of use for low security systems. The table of results are shown below.
If names of close friends are used 90% of the users tested using the Passmemory system were able to break into a secured account using Facebook to find a list of the targets close friends, the system they needed to break into was a preconfigured online demonstration (Kai Corporation, 2007b) using names of close friends that are on Facebook. The table of results are shown below.
Reference list
Information has been sourced from the sites below. Some of the sites have been used to check information obtained from other sites, and all the information has been read and referenced when used in the text.
• Brains Inc. (2007).
The Brains Inc. [Electronic version]. Retrieved November 24th, 2007, from
http://www.thebrains.jp/
• Godbout, Yves. (2007).
What have you got to lose? [Electronic version]. Business Source Premier. Retrieved November 24th, 2007, from
http://search.ebscohost.com/login.aspx?direct=true&db=buh&AN=26011360&site=ehost-live
• Kai Corporation. (2007a).
What’s Passmemory [Electronic version]. Retrieved November 24th, 2007, from
http://www.passmemory.com/english/about/index.html
• Kai Corporation. (2007b).
Passmemory online demonstration [Electronic version]. Retrieved November 24th, 2007, from
http://www.mins.jp/passmemory/en/new_system/top.cgi
• Pressman, David. (2006).
Nolo's patents for beginners (5th Ed). Berkeley: Nolo.
• Radio IP. (2007).
Wireless security [Electronic version]. Retrieved November 24th, 2007, from
http://www.radio-ip.com/wireless-security.php
• United States patent. (2005).
Radio IP MTG [Electronic version]. Retrieved November 24th, 2007, from
http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO2&Sect2=HITOFF&p=1&u=%2Fnetahtml%2FPTO%2Fsearch-bool.html&r=1&f=G&l=50&co1=AND&d=PTXT&s1=6947431&OS=6947431&RS=6947431
• United States patent. (2006).
Kai corporation patent [Electronic version]. Retrieved November 24th, 2007, from
http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO2&Sect2=HITOFF&p=1&u=%2Fnetahtml%2FPTO%2Fsearch-bool.html&r=1&f=G&l=50&co1=AND&d=PTXT&s1=7065786&OS=7065786&RS=7065786
• Viardot, E. (2004).
Successful marketing strategies for high-tech firms (3rd Ed). Norwood: Artech House.
• Wikipedia. (2007a).
Advanced encryption standard. Retrieved November 24th, 2007, from
http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
• Wikipedia. (2007b).
Symmetric key algorithm. Retrieved November 24th, 2007, from
http://en.wikipedia.org/wiki/Symmetric_key_algorithm
• Wikipedia. (2007c).
Data Encryption Standard. Retrieved November 24th, 2007, from
http://en.wikipedia.org/wiki/Data_Encryption_Standard
• Wikipedia. (2007d).
Triple Data Encryption Standard . Retrieved November 24th, 2007, from
http://en.wikipedia.org/wiki/Triple_DES
