Microsoft Commits to Strong Security, Promoting Use of Smart Cards and Biometrics

LAS VEGAS, May 9, 2000 — Today at NetWorld+Interop, Microsoft Chairman and Chief Software Architect Bill Gates issued a call to action, asking companies throughout the high-tech industry to work together to eliminate the economic and deployment obstacles to stronger computer security. He noted that smart cards, encrypted communications, firewalls, directory policies, and biometrics would provide more transparent, secure, and manageable security on a mass scale. Gates also announced the availability of Microsoft Windows Services for UNIX 2.0 (SFU), part of demonstrating the groundbreaking advances in Windows security, reliability and interoperability.

In addition, Gates highlighted the upcoming Windows 2000 Reliability Online initiative that will allow customers to receive free resolutions, workarounds and general troubleshooting information, as further proof of Microsoft’s commitment to providing the most reliable version of Windows ever developed.

“Windows 2000 enables the secure networking our customers require, through support of such standards as PKI, Kerberos and IPSec,” Gates said. “We will continue to include improved support for important security technologies like smart cards, smart card readers and biometrics. Today, I’m asking the industry to join Microsoft in working to make it easier to purchase and deploy these security technologies.”

Gates called for the industry to mobilize around reducing the costs of smart cards and biometrics technologies, so that over time, the use of smart cards and biometrics will increase the security of computing by eliminating the need for passwords and drive the pervasiveness of the Public Key Infrastructure (PKI).

For end users, Microsoft has already added smart cards as standard items employees can order for their PCs, and are being added as a standard configuration option for new PC purchases. Steps are also being taken to accelerate deployment across all systems under the typical three-year new-system purchase cycle time.

In addition, Microsoft has integrated a strong authentication architecture to support smart cards and other advanced authentication solutions as part of Windows, and is accelerating integrated support for smart card authentication into services that run on Windows.

Recently, the company announced that five new original equipment manufacturers (OEMs) have signed on to build and distribute Microsoft Windows Powered Smart Cards. Windows for Smart Cards provides a standard-based platform that enables secure storage for smart cards used for a variety of purposes, such as secure network authentication, secure corporate transactions, healthcare information, electronic cash and customer loyalty programs. Windows for Smart Cards looks and can act like a credit card, but with built-in intelligence and security so that a single card can be programmed for a wide variety of uses.

Microsoft will hold its second annual smart card summit, SmartCard 2000, June 29 and 30 on the Microsoft campus in Redmond. The event, which will feature a keynote presentation by Microsoft President and CEO Steve Ballmer, is aimed at networking channel partners and key customers looking to deploy smart cards in the future. The company maintains that the implementation of Smart Card authentication through Extensible Authentication Protocol (EAP) should be the common interoperability mechanism across all vendors for a high level of security.

Since the launch of Windows for Smart Cards at Cartes 99, Microsoft has received orders for over 15 million Windows Powered Smart Cards solutions from card manufacturers. Today, Gates specifically called for hardware vendors to accelerate the integration of smart card readers into all systems. Gates suggested that airport kiosks and other public access systems and networks be built out with smart card support, so that people are receiving the highest level of security possible.

This call to action is but a part of Microsoft’s ongoing security efforts. Windows 2000, the company’s newest operating system, has a number of security features built right in. Created in order to help organizations let the right people into a network or system and keep unwanted people out, Windows 2000 leverages the powerful security features of Windows NT — including single sign-on, easy to use administrative tools for security policy and account management, and a security model predicated on tight integration with the Microsoft BackOffice family of application services — and extends them, with new features designed specifically to enable the creation of distributed networks that are secure, easy to deploy, easy to manage, and easy to use.

Perhaps the most important new function within Windows 2000 is Active Directory. Active Directory uses containers and objects to organize network resources in a logical hierarchy, storing all the information about users, groups, machines, and applications in one location, and giving network administrators an easy way to update that information. Users seeking access to network resources now only have to pass through a single checkpoint. This integration helps Windows 2000 overcome an especially vexing set of issues for both managers and users of distributed network systems, and provides for a much higher level of security.

With Active Directory and Windows 2000, network managers can delegate selected administrative privileges to designated users; implement policy-based management that allows them to assign specific security controls to classes of machines, Internet or extranet users, applications, or servers; control access to printers, folders, and other resources; and assign different sets of authentication procedures for different groups of users; all from a single location. Active Directory serves as the foundation for a wide range of security services that provide for the authentication of users as they enter the system, while protecting the integrity of data and applications that reside within, and safeguarding data as it moves between systems.

Another security service that is now included in Windows 2000 is the Kerberos Version 5 authentication protocol. An open-standards protocol, Kerberos provides authenticity, confidentiality, and integrity of network communications. Created at MIT, it is a “shared-secret” protocol that authenticates not only the user, but the network as well, protecting against hackers who attempt to impersonate a server to enter the network.

PKI, also added to Windows 2000, represents a standards-based security architecture that combines public-key cryptography with digital certificates to verify the safety and integrity of data and documents and validate the identity of users coming in over the Internet. It provides network administrators with a powerful way to protect the security of their communications and business transactions over the Internet.

At today’s conference, Gates demonstrated high-speed networking that illustrated how Internet businesses in the future will be able to exchange information across a network, protecting content from copyright infringement and unauthorized use through the digital rights management technology found in Windows Media 7.0. The demonstration showed the network throughput performance of Windows 2000 transferring a movie encrypted with digital rights management across a gigabit network in under 20 seconds.

Another way that Microsoft is demonstrating its commitment to security takes the form of biometrics, the science of verifying a person’s identity by comparing physical characteristics of his or her body with stored data such as a fingerprint or iris pattern. Biometrics is well suited to replace passwords and PINs, because biometric data cannot be forgotten, lost, stolen or shared with others.

Last week, Microsoft and I/O Software Inc. announced their cooperation to foster widespread growth of biometrics through the integration of biometric authentication technology in future versions of the Windows operating system, providing users with a higher level of network security based on a secure and reliable personal authorization method.

“Biometrics will provide an alternative to passwords in Windows to provide our customers with increased ease of use, a higher level of network security, and lower overall management costs,” said Tod Nielsen, vice president of the Platform Group at Microsoft.

In conclusion, Gates said the combination of Windows 2000, Smart Cards and biometrics is the most effective way to provide privacy of consumer data, and will ultimately provide customers with the highest level of security possible.

Related Posts

Microsoft and China Announce Government Security Program Agreement

Representing the China government, the China Information Technology Security Certification Center (CNITSEC) signed an agreement with Microsoft at the State Development & Planning Commission (SDPC) office to participate in the recently announced Government Security Program (GSP).