Improving Security Of Handheld IT Devices

While their small size can be an advantage, it also can be adisadvantage since handheld devices can be easier to misplace or tosteal than a desktop or notebook computer. If they do fall into thewrong hands, gaining access to the information they store can berelatively easy. The National Institute of Standards and Technology(NIST) has recently issued two reports aimed at making it harder forunauthorized users to access information from these devices.

Proximity Beacons and Mobile Device Authentication (NISTIR 7200)describes how two different kinds of location-based authenticationmechanisms that use signals from wireless beacons can be used toauthenticate handheld device users. If the user is in an unauthorizedlocation or a location outside a defined boundary, access will bedenied or an additional authentication mechanism must be satisfiedbefore gaining access.

While many organizations use smart cards for security, they require acard reader that can be nearly as large as the handheld device. SmartCards and Mobile Device Authentication (NISTIR 7206) describes twotypes of smart cards that use standard interfaces supported by handhelddevices, avoiding the use of more cumbersome, standard-size smart cardreaders.

Both reports describe these innovative authentication mechanisms andprovide details on their design and implementation. The reports areavailable at http://csrc.nist.gov/publications/nistir/index.html.