iPass Adds Wi-Fi Device Fingerprinting

By Ed Sutherland

October 06, 2004

The company's acquisition of former partner Safe3w will allow it to do a three-factor identification of users before they sign on.

iPass Tuesday announced it has purchased technology permitting its WLAN network members to "fingerprint" devices connected to corporate wireless networks. Coming from the company's $8.5 million buyout of Safe3w, "ID Shield" will be first rolled out for corporate customers later this year, then sometime in the future for all iPass WLAN users, according to iPass corporate officials.

"iPass intends to offer new service capabilities to help companies better enforce security on both company-owned remote and mobile computers as well as employee home PCs — every time they touch the Internet," according to a prepared statement from the Redwood Shores, Calif.-based hotspot aggregator for corporations.

Safe3w was a technology partner with iPass.

ID Shield allows "access control of mobile users to be based on a combination of three dimensions: who they are; where they are; and now which device they are using," continues Tuesday's statement.

ID Shield, a software-based product allowing IT departments to maintain an inventory of authorized devices linked to users and any security rules that may apply, says Roy Albert, iPass CTO.

"What becomes important is who they are, what machine they are on and where they are," says Albert. Such three-dimensional WLAN security is "a trend we are seeing," according to Albert. In part, ID Shield is in response to a greater sensitivity surrounding corporate data.

"Because data and resources stored on remote computers are also increasing in value, the danger associated with not keeping these devices secure and up-to-date has reached a critical level," according to iPass.

iPass points to figures suggesting two thirds of U.S. workers will be mobile by 2006. This "dramatically increases the need for technologies that protect corporate networks and the remote computers that access them," according to the company.

"I want to be better at identifying the device," says Albert.

In July, iPass conducted a survey among its customers which found there were "holes in the process" and "there were gaps we needed to cover," Albert says.

ID Shield will "deepen computer and network protection by layering device identification and authentication onto the connection process," according to iPass.

While iPass sees many potential uses for the device fingerprinting technology, Albert says the company is already working with firewall vendors and is in discussions with its partners on specific products that might employ ID Shield.

iPass CEO Ken Denman sees ID Shield as an integral part of the company's recently announced Policy Orchestration Initiative.

"It's no longer enough simply to keep mobile workers connected; enterprises must also secure multiple points of vulnerability in the connection process from the user's device to the corporate network, and the data flow between them," Denman said in July.

The announcement of ID Shield to protect corporate wireless networks comes on the heels of T-Mobile Hotspot unveiling support for 802.1X security for users of its network of hotspots.

iPass is "delighted they are getting 1X out," says Albert. The move by T-Mobile "will be a boon" to hotspot usage overall, he says, and to corporate use in particular. The addition of 802.1X "allows users to have trust with the iPass network," Albert says. T-Mobile and iPass have a roaming agreement.

Comment and Contribute
(Maximum characters: 1200). You have
characters left.