Protecting the PDA | eWeek

Protecting the PDA

Écrit par
Dennis Fisher
Dennis Fisher
Jun 11, 2001
3 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

In what amounts to a 180-degree reversal, the mobile computing industry is starting to take security seriously.

Certicom Corp. and F-Secure Corp. are each preparing to launch file encryption products for the ever-growing number of PDAs (personal digital assistants) on the market, devices that at present have few security features.

Standard security on the Palm and Pocket PC platforms consists of password-based authentication and little else. And, as more users store ever-more-sensitive corporate data on their handhelds, those very PDAs represent one of the largest—and most ignored—security holes in corporate networks.

As a result of this weak link, many IT managers have been reluctant to deploy PDAs on a large scale.

One vendor addressing the need is Certicom, of Hayward, Calif., which this week will roll out its MovianCrypt product for Palm Inc.s Palm OS. The product, which uses the 128-bit Advanced Encryption Standard algorithm, encrypts each record in the Palms database, but users can choose to disable the encryption on a per- application basis.

With MovianCrypt, users will be required to enter a password upon turning on their PDA. To improve performance, MovianCrypt, which works in 98KB of storage, decrypts only the record that the user requests. This provides an extra layer of security, since a thief would, at best, have access to only the record that was displayed at the time he or she stole the PDA.

Once the user is finished with the record, it is re-encrypted using idle CPU time, minimizing the performance hit that usually accompanies encryption operations on small processors.

In addition, the users password—which is required for HotSync and beaming operations—is hashed and not stored on the Palm and therefore cannot be synced with the data, protecting it from attack.

A Pocket PC version is in the works.

This level of security is exactly what many corporate users have been waiting for.

“Users tend not to think much about security and privacy, and they just go out and use [PDAs],” said John Luo, director for psychiatric informatics at the University of California Davis Medical Center, in Davis, Calif., which has been beta testing MovianCrypt since August.

Luo has rolled the application out to 40 users in his department who previously used Palms with just password protection. When one of the devices containing reams of patient data was stolen, Luo decided he needed more security. “Theres a great need for encryption in this industry because the data is so sensitive. Our PDA solution has to be secure,” he said.

F-Secure has taken a slightly different approach to the problem. Its Security@Hand, which will ship in August, will include the companys FileCrypto software, with support for the Pocket PC and Symbian Ltd. platforms as well as the Palm OS.

Like MovianCrypt, FileCrypto uses 128-bit encryption and requires a password to decrypt files, but it does not allow users to define which files to encrypt; that decision is reserved for the IT manager, who must enter a second password to access the policy administration tools.

This feature is meant to appeal to IT managers in large corporations who want to retain some control over the way users handle sensitive data.

“In security, the user is always the weakest link, so you want to take those decisions out of their hands,” said Chris Vargas, president of F-Secure, which is based in Helsinki, Finland, with U.S. headquarters in San Jose, Calif. “If the device is lost or stolen, you want to know that the data is safe.”

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.