Phoenix Technologies, the company behind the Phoenix Bios firmware that is installed in about 80 percent of all PCs, launched a utility at the InfoSecurity show in London on Wednesday that can allow users' hardware to be used in conjunction with a traditional login system to ensure that only authorised users with a "trusted device" can gain access to the corporate network.
The Phoenix Bios, which comes installed in around 100 million PCs every year, is activated as soon as a computer is switched on and before the operating system kicks in. The Bios's job is to ensure that all the computer's hardware components -- such as the hard disk drive, memory and keyboard -- are installed and working correctly.
Shiva Mandalam, director of security product marketing at Phoenix, said the Phoenix TrustConnector allows companies to extend the level of access control they have beyond usernames and passwords. It also authenticates the computer making the connection.
"This provides a way of representing a device as part of your application authentication, so when a user logs into an application, the user and the device are getting authenticated at the same time," he said.
Mandalam said the TrustConnector generates an encryption key using information gathered from the notebook's hardware profile, and that key is passed onto the network when a connection is made. If the hardware can be authenticated, it is "trusted" and the user logs in using their regular username, password, smart card or token. If the user tries to log in using a different machine or has modified the device, access can be restricted or denied altogether.
"They can't use a different machine because the profile is different, so companies can set a policy so a trusted device can get onto the network and a non-trusted device can be allowed to access parts that do not contain any enterprise resources," he said.
Rob Enderle, principal analyst for the Enderle Group, said the increase in security threats means that device authentication has never been so important: "Until now, device authentication has been one of the missing links to this end-to-end network requirement," he said.