Ah. Tough issue. There sort of is such a beast on the market -- USB and PCMCIA versions. It's by a company called Priva Technologies. It's a tiny ASIC crypto processor with its own certs, support for many algos, and a tiny fingerprint reader for activation (local -or- remote biometric store).
They are about $200 each, but there is *no* per-seat cost on the software side (and it's a full scale LDAP + RADIUS server), which makes them close to the price of RSA tokens in small scale. I would guess they do the usual "buy a lot, get a discount" routine. I've met their CEO (who seemed to my limited crypto-sapience to be extremely knowledgeable) who told me that these things were first developed to resist active attack; the convenience/utility was almost an afterthought. Think "resistant to lighting up selective data paths with a linear accelerator" and you get the original idea. To the commercial sector, that stuff is mostly goobledie-hype. Now, it's merely a hardened off-host cryptographic processor with locked datastore, which is cool.
They architect it around a cert store, signed (verified in the fob) Java applets, and creating a verified datapath while on untrusted hosts. You can set your server-side so they won't accept traffic except pathed through the fob (since it can use ordinary RSA client certs, that's pretty easy). I'd say it's definitely an 'early' version of the tech you talk about -- much in need of improvement in speed and implementation.
MITM and untrusted host use is without a doubt one of the toughest issues IS security faces. Great, the user authenticated with handstands, faceprint, footprint, voiceprint, and the host is now using a cert derived from that and the biochip embedded in the user's eyeball... and it can still inject keystrokes once the session is up. I already use a Palm for offline SNK, S/KEY, password safe, and the like. The next step would be to turn IT into the inline crypto engine and portable keyboard, rendering the 'untrusted host' little more than a screen and ethernet card. Got VC? [grin]
no subject
They are about $200 each, but there is *no* per-seat cost on the software side (and it's a full scale LDAP + RADIUS server), which makes them close to the price of RSA tokens in small scale. I would guess they do the usual "buy a lot, get a discount" routine. I've met their CEO (who seemed to my limited crypto-sapience to be extremely knowledgeable) who told me that these things were first developed to resist active attack; the convenience/utility was almost an afterthought. Think "resistant to lighting up selective data paths with a linear accelerator" and you get the original idea. To the commercial sector, that stuff is mostly goobledie-hype. Now, it's merely a hardened off-host cryptographic processor with locked datastore, which is cool.
They architect it around a cert store, signed (verified in the fob) Java applets, and creating a verified datapath while on untrusted hosts. You can set your server-side so they won't accept traffic except pathed through the fob (since it can use ordinary RSA client certs, that's pretty easy). I'd say it's definitely an 'early' version of the tech you talk about -- much in need of improvement in speed and implementation.
MITM and untrusted host use is without a doubt one of the toughest issues IS security faces. Great, the user authenticated with handstands, faceprint, footprint, voiceprint, and the host is now using a cert derived from that and the biochip embedded in the user's eyeball... and it can still inject keystrokes once the session is up. I already use a Palm for offline SNK, S/KEY, password safe, and the like. The next step would be to turn IT into the inline crypto engine and portable keyboard, rendering the 'untrusted host' little more than a screen and ethernet card. Got VC? [grin]