Sign On to a PC with a Palm

Posted By: Ed Monday, July 9, 2001 10:09:06 AM

CIC's Sign-On for Palm has long allowed users to make their handheld accessible only to someone whose signature matches the owner's. Today they released Sign-On for Windows, which allows files on a Windows PC to be locked and opened by a signature written on a Palm.

Individual files or groups of files can be selected and locked or unlocked by with a signature on the handheld located in the cradle.

When a signature is entered, the software records and measures the speeds, rhythm, patterns, habits, etc., unique to the individual. These measurements are different for each signer based on the qualities and characteristics of their handwriting. Because they are unique to each individual, the underlying biometrics of the handwritten signature can be used to verify the authenticity of the signature and therefore the identity of the individual signing their name.

Each file is protected by a signature, so a single user or multiple users can protect different files. The signature is stored within the file as part of its contents. The same signature is required to open the file. This means that the file is always secure even if it is moved to another computer.

All signature data and templates and the file to be secured are encrypted for secure storage using Triple DES algorithm.

This can be used with Palm handheld running OS 3.3 and above with serial or USB connection. A handheld isn't required. Wacom Graphire or Interlink ePad tablets will also work.

Sign-On for Palm costs $20. Sign-On for Windows costs $40 and is available as a bundle with the Palm version, also for $40.

On the Web:

Article Comments

 (9 comments)

The following comments are owned by whoever posted them. PalmInfocenter is not responsible for them in any way.
Please Login or register here to add your comments.

Comments Closed Comments Closed
This article is no longer accepting new comments.

Down

CIC has not a good upga..

I.M. Anonymous @ 7/9/2001 9:13:39 PM #
CIC hasn't a very good upgrade policy at all. Comments on the security of a signiture vs a pass/code though. Seems that a s
igniture would be easy to beat? Eh?

RE: CIC has not a good upga..
I.M. Anonymous @ 7/9/2001 11:48:21 PM #
If it's anything like the fingerprint-security devices, it seems like it'd be easy to break.

Most of the Biometrics around seem to be kind of leaky security-wise. The easy way to check is, "If I lose my (finger/hand/eye) in a horrible accident., do I lose my data?"

If the answer is 'No', then it's storing it's encryption keys in some database, and not basing them on the biometric data. And therefore, the keys are compromisable without the presence of the biometric.

And if that's the case, why bother with all the fancy new hardware?

Remember - Two keys is one too many.

[ No Subject ]

I.M. Anonymous @ 7/9/2001 11:05:31 PM #
It's all very well with talking about it, but I personally would have thought that there would be a link with which we could access a trial version of "Sign-On"? ;)

Elliot Black, Sydney, Australia

RE: Links
Ed @ 7/10/2001 8:39:06 AM #
I'm going to assume you are an AvantGo user, not a regular Web browser who is just overlooking the links listed at the end of this article. Recently, we decided to not show the list of links to AvantGo users mainly because we weren't sure how useful they were to you. If you are reading this site on your handheld, do you want to be able to visit the sites we refer to, even though those sites aren't going to be reformatted for your device? Naturally, this will require a constant Internet connection.

Currently, we expect you to make a note that there is a site you want to visit and come back to the article the next time you are on your PC and follow the link there. Not the best solution but its the best I can come up with given the limitations of the handheld. Does anyone have a better suggestion?

---
News Editor
Palm Infocenter

RE: [ No Subject ]
Midknyte @ 7/10/2001 11:22:13 AM #
Well, thanks but no thanks.

I am a Wireless AvantGo user, and my ilk can and do follow imbedded links. Furthermore, even if I were not, the AvantGo cache manager would pull down the requested page next time I refresh my content.

Reconsider, eh?

This is a toy, and trivial to defeat.

I.M. Anonymous @ 7/9/2001 11:36:04 PM #
A signature is actually quite hard to forge when things like speed
and rhythm are measured, not just comparing signature images.

However, this is a crappy way to authenticate, since it's trivial
to sniff the protocol from the tablet to the computer and then
just replay a valid signature, or on the palm, capture the digitizer
data with trojan code and replay it to the Sign-On software
later. This is even worse than a password, since you can always
change a password regularly - biometrics like fingerprints, retinas,
hand shape, signatures, etc. are essentially unchangeable and
so an attacker need only grab the data once to compromise
your data for as long as you're using a given method.

Biometrics are fine for a sealed device that an attacker has limited
access to; a biometric sign-on device or method that attaches to
a PC serial port is frankly silly.



Availability

Martin Danieli @ 7/10/2001 2:31:42 AM #
Where is the software available? Any links?

avantgo use

nabeel @ 7/12/2001 1:20:27 PM #
I personally follow links through my avant-go channel all the time. I've got Handspring's Blazer that does a decent job w/normal html pages. Consider this another vote for you to reconsider.

How do you refresh a web page using Blazer 2.0?

I.M. Anonymous @ 1/8/2002 1:47:28 PM #
I have returned to a previously viewed web page, and Blazer only displays the previously cached page.

How do you "refresh"?

Thanks

Top

Account

Register Register | Login Log in
user:
pass: