This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

RSA: Gates says smart cards are the future of data security

Share this article:

Digital certificates and smart card tokens are the future of information security, according to Microsoft chairman Bill Gates.

Speaking in the opening keynote address of the RSA Conference 2007 in San Francisco, Gates said that security needs to migrate from the computer infrastructure to the end user, in order to cope with the changing environment of portable devices inside corporate networks.

"Security is the fundamental challenge that will determine whether we can successfully create a new generation of connected experiences that enable people to have anywhere access to communications, content and information," he said.

Chief research and strategy officer for Microsoft, Craig Mundie, who addressed delegates in the joint speech, added that as increasing numbers of devices connect to the internet and people demand access to information from any location, security will become an even bigger challenge.

"This challenge is going to get a lot tougher," he said. "The threat landscape has evolved in dramatic ways. When we first began working on Vista most attacks were done for notoriety. Today it is a lot more serious and nefarious than it was five years ago," he added.

In his last keynote speech at RSA the Microsoft chairman criticised conventional passwords. "Passwords are not only weak, but passwords have the huge problem that if you get more and more of them, the worse it is," he said. "Smart cards and certificates in general is the way to go. Enterprises should start to migrate from passwords to smart cards. We are laying the groundwork so that we can have certificate-based roots of trust."

Gates went on to reveal that Windows CardSpace will collaborate with the OpenID 2.0 specification, an open digital identity framework.

CardSpace is a service provided to Windows Vista users that allows them to create a digital identity card for online transactions instead of using passwords. Gates claims that it will increase security against phishing attacks without adding complexity to the user’s identity management experience. "This will prevent the man-in-the-middle attack," Mundie added.

Gates and Mundie also said that Internet Protocol version 6 (IPv6) and IPSec, a set of protocols for securing IP communications, could help tackle some of the security challenges in the future. Windows Vista has been designed to be compatible with IPv6, as well as the upcoming release of the software giant’s Windows server Longhorn, which supports IPSec.

IPv6 is designed to support a wider range of IP addresses, as the number of IP version 4 addresses declines. Each device will have its own IP address and the new protocol will allow growing numbers of devices to connect, according to Mundie. "The evolution of IPv6 is another key tool to be used in building up the mechanism to have a point to point capability. There really isn't a challenge, in our view, in moving to the IPv6 infrastructure," he said.


Share this article:

SC webcasts on demand

This is how to secure data in the cloud

Exclusive video webcast & Q&A sponsored by Vormetric

As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.

View the webcast here to find out more

More in News

Microsoft warns on yet another zero-day security flaw

Microsoft warns on yet another zero-day security flaw

Microsoft has warned Windows users about a zero-day security issue with malicious PowerPoint documents being emailed to recipients. The software giant is working on a patch for the problem.

Google launches FIDO-compliant 2FA USB key for Chrome and Gmail

Google launches FIDO-compliant 2FA USB key for Chrome ...

Google has souped up its two-factor authentication (2FA) login process with the launch of Security Key, a physical USB that only works after verifying the login site is truly a ...

Evolving TorrentLocker ransomware generating big money

Evolving TorrentLocker ransomware generating big money

The TorrentLocker ransomware has returned with a vengeance and is starting to bring in big money for its operators.