New Intel Identity Protection Technology

Just recently Intel has been putting authentication technology into its chips. These consist of some Core and Core vPro processor-based PCs from HP, Lenovo, Sony and others. These enhanced chips started shipping to consumers over the summer, while many were clueless of the technology.

Intel Identity Protection Technology generates a unique number for the specific PC and a six-digit code that is used to authenticate your computer with your account when logging into a Web site. (Credit: Intel)

This is a two-factor authentication process, which adds an extra layer of security. When you visit a site and type in your username and password, an algorithm running on the chipset generates a six-digit code that changes every 30 seconds from the embedded processor. That generated six-digit code is then validated by the site. Although the downside is that the web site needs to be using this identity protection technology that works with the Intel chip to enable this two-factor authentication.

I think this security tech is promising because it’s making use of hardware to add security. I would hope though that the algorithm that’s used to generate the six-digit codes would be hard to figure out or replicate by a hacker.

http://news.cnet.com/8301-1009_3-20126770-83/intel-chips-let-web-sites-check-your-computers-id/

What do you guys think about this added security method in Intel chips? Is it practical and would sites adopt it?

Advertisements

3 thoughts on “New Intel Identity Protection Technology

  1. Very interesting post. I think this may be promising as well. I hope this works out in the end. If so, I think this would definitely increase the level of security for banking and online purchasing. However, I think this may make it easier for tracking. If they can know somehow “this chip” went to “that site” and ordered “that product”, it may alleviate the need for tracking cookies, but they’ll still get what they need.

  2. This sounds like an overblown attempt at security through obscurity, and I expect it to fail. Here’s why:
    1) One advantage of a hardware token is that it (or a copy) is present when authentication is performed. Intel has thrown away this advantage; the third party you are authenticating with only receives a code (supposedly generated by the hardware token), without ever seeing the physical item. As far as the third party knows, the code received could be generated by an Intel processor, a software program, or _anything_ else.
    2) One advantage of hardware token is that its internal functioning is a secret; it’s impossible for a third party to know what’s going on inside. I find it unlikely that these processes will remain secret. Microprocessors are devices that are produced on a grand scale and sold to anyone willing to buy; anyone who wants to reverse-engineer (or otherwise inspect) the token simply needs to buy one from Intel. Furthermore, Intel is an extremely large corporation that has many, many employees; It’s hard for people to keep secret, and the problem only gets worse as you add more people.

    I don’t think Intel understands the principles behind security.

    • And what happens when a customer needs to enable a new device to perform authentication? Do they just call up PayPal and say “Hey, I got a new PC! Will you let me log in using it?”. Anyone can do that. The article linked to also talked about sending text messages containing a secret code to the user, when their PC was not available for use.

      There is _so_ much potential for social engineering.

Comments are closed.