Personal security gets DIVA treatment

Singapore government develops a security software tool to help users manage their digital identity via various devices, including flash-based storage cards.

SINGAPORE--The local government has developed a personal security software designed to let users manage their digital identity with the help of flash-based devices.

Dubbed DIVA (Dynamic Isolation of Virtualized Applications), the application was unveiled today at the annual Governmentware 2007 conference and exhibition held here this week. Discussions at the three-day event revolve around infocomm security threats within the public sector, and the event was presented by Ministry of Home Affairs, said Ian Monteiro, a spokesperson for Governmentware 2007.

According to Monteiro, the DIVA application can be loaded on a portable flash-based storage media, such as SD cards and portable USB drives, and used with mobile devices and PCs. The software is also operating system (OS) and device-independent, he added.

"The [objective] of DIVA is to give [consumers] convenient, secure access to a wide variety of applications," Monteiro said, noting that the core function of the software is to verify the identity of the user in an electronic transaction.

For instance, when a DIVA-enabled USB storage device is plugged into a PC, a virtual keyboard appears and users key in their password to verify their identity. According to Monteiro, the virtual keyboard can help prevent key-logging since the users input their password with a mouse rather than the physical keyboard.

Currently at the proof-of-concept stage, DIVA was fully developed by Singapore's MHA and evolved from DORIS (Digital Online Registration and Identification System), a hardware-based personal security system--also developed by the MHA--showcased at Governmentware 2006, he said.

Used as a form of "mobile identity" and two-factor authentication, DORIS is a thumb-size USB hardware token based on smart card chip and flash-based memory technology.

"[DIVA] is the next stage," Monteiro explained, noting that the protection of a user's identity should be enabled by software rather than hardware tools. "Flash-based memory [then] becomes a repository for information rather than anything else."

"The whole concept of DIVA is [based on the need for] single sign-on... Think of it as an access card," he said. "How you want to use this card is really up to the organizations to decide, because if the security is absolute and your privacy and security are protected, you can do almost anything [with it]. So, it's up to the individual organization [or] industry to adopt it."