Digital certificates and smart card tokens are the future of information security, according to Microsoft chairman Bill Gates.
Speaking in the opening keynote address of the RSA Conference 2007 in San Francisco, Gates said that security needs to migrate from the computer infrastructure to the end user, in order to cope with the changing environment of portable devices inside corporate networks.
"Security is the fundamental challenge that will determine whether we can successfully create a new generation of connected experiences that enable people to have anywhere access to communications, content and information," he said.
Chief research and strategy officer for Microsoft, Craig Mundie, who addressed delegates in the joint speech, added that as increasing numbers of devices connect to the internet and people demand access to information from any location, security will become an even bigger challenge.
"This challenge is going to get a lot tougher," he said. "The threat landscape has evolved in dramatic ways. When we first began working on Vista most attacks were done for notoriety. Today it is a lot more serious and nefarious than it was five years ago," he added.
In his last keynote speech at RSA the Microsoft chairman criticised conventional passwords. "Passwords are not only weak, but passwords have the huge problem that if you get more and more of them, the worse it is," he said. "Smart cards and certificates in general is the way to go. Enterprises should start to migrate from passwords to smart cards. We are laying the groundwork so that we can have certificate-based roots of trust."
Gates went on to reveal that Windows CardSpace will collaborate with the OpenID 2.0 specification, an open digital identity framework.
CardSpace is a service provided to Windows Vista users that allows them to create a digital identity card for online transactions instead of using passwords. Gates claims that it will increase security against phishing attacks without adding complexity to the user’s identity management experience. "This will prevent the man-in-the-middle attack," Mundie added.
Gates and Mundie also said that Internet Protocol version 6 (IPv6) and IPSec, a set of protocols for securing IP communications, could help tackle some of the security challenges in the future. Windows Vista has been designed to be compatible with IPv6, as well as the upcoming release of the software giant’s Windows server Longhorn, which supports IPSec.
IPv6 is designed to support a wider range of IP addresses, as the number of IP version 4 addresses declines. Each device will have its own IP address and the new protocol will allow growing numbers of devices to connect, according to Mundie. "The evolution of IPv6 is another key tool to be used in building up the mechanism to have a point to point capability. There really isn't a challenge, in our view, in moving to the IPv6 infrastructure," he said.