IBM’s research team in Zurich, Switzerland have been working on solving a huge security issue: Secure, remote, corporate desktop PC environments, delivered within seconds by simply plugging in a USB stick into your existing personal PC.
The new technology, called the Secure Enterprise Desktop, is a modified version of an earlier device called the Zone Trusted Information Channel, or eZTIC, which was first developed by IBM almost three years ago specifically to help Swiss banks — famously among the most secure, private and well-regarded in the world — to protect users against the increasing threat of “man in the middle” attacks. These type of attacks take advantage of even supposedly secure Web banking software to intercept user information.
“The main issue for the banks was that no matter how secure their servers are, end-users possibly still have malware on their PCs,” said Dr. Michael Baentsch, the IBM researcher who developed the technology, in a telephone interview with TPM.
“What this meant is that we needed to create an additional level of protection outside the level of the PC itself, a piece of hardware combined with security software running outside the PC,” Baentsch elaborated. “What we came with was a USB device with its own crypto-engine.”
Once plugged into a user’s Windows or Linux computer, the encrypted USB sidesteps the actual PC itself and establishes a direct connection with the corporate servers, serving up a fully-loaded corporate desktop environment entirely remotely within just 2 minutes, including software the user doesn’t even have on his or her PC, such as Microsoft Office products.
“Whatever software you want will work,” said Baentsch.
The result, as an IBM informational release explains, is that “malicious software (either in the network or on the user’s PC) cannot interfere with the data transmitted between eZTIC and backend server.”
The encrypted USB device itself appears on a user’s PC as a storage drive, and presents a message if the computer failed to boot the remote desktop environment correctly, indicating a possible security breach. Even if a worker manages to lose the encrypted USB device or someone steals it, the network and the device itself are protected, as the device itself doesn’t contain application data, just instructions for communicating with the cloud. The USB also has additional layers of protection, such as requiring password entry or even a physical badge to be scanned.
Moreover, one the initial desktop has been loaded from the cloud, the user can access it any time thereafter even offline, using the USB. That’s because the USB contains disk images for loading the entire desktop environment as it was last accessed and store changes made offline. Once reconnected to the cloud, the USB will save any changes that the user made on his or her desktop environment back again to the cloud.
From TPM IdeaLab at: http://idealab.talkingpointsmemo.com/2012/03/ibm-debuts-swiss-bank-tested-secure-mobile-desktop-via-usb.php?ref=fpnewsfeed