Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Encryption Security

Crypto Leash for Laptops? 243

timman999 writes "New Scientist reports a new device that will automatically encrypt all the data on a laptop when it is separated from its owner. It uses a small receiver and the user has to wear a transmitter on his wrist."
This discussion has been archived. No new comments can be posted.

Crypto Leash for Laptops?

Comments Filter:
  • If it isn't a part of the hard drive it's self then it is 100% worthless..

    Anyone wanting to steal a laptop for it's data will find trivial ways around anything that is a "add-on" solution. It has to be a part of the hard drive it's self or all content on the hard drive needs to be encrypted already and the "device" only allow's access.

    • You probably haven't read the article thanks to true slashdot tradition. In this case, the data in the hdd is encrypted when the wrist watch device worn by the true owner is not at a certain distance. Sure you can still use some l33t way to decrypt the files or what not, but it makes the task that much harder.
    • If it isn't a part of the hard drive it's self then it is 100% worthless..

      Not true. If the decryption key is stored on the device worn by the user it doesn't matter which way you wire the receiver.
      • Not true. If the decryption key is stored on the device worn by the user it doesn't matter which way you wire the receiver

        Umm... lets see... yank the HD before the user is out of range, all data is now unencrypted. The only solution (worthwhile) is for all the data to already be encrypted by the HD and decryption only to take place on access.
  • by rbgaynor ( 537968 ) on Friday August 16, 2002 @02:07PM (#4084074)

    Noble says the system would work well with a prototype computer wristwatch developed by IBM. This watch uses the Linux computer operating system and can communicate with other devices through the Bluetooth radio protocol.

    ...I want the linux powered wristwatch

  • by djm2cmu ( 455791 ) on Friday August 16, 2002 @02:07PM (#4084075)
    Man, NOBODY will buy a stolen laptop if all the previous owner's data is encrypted!
    • by afidel ( 530433 ) on Friday August 16, 2002 @02:15PM (#4084179)
      Who gives a shit about the laptop, for personal use you might but corporate clients (the people who buy probably 95% of laptops) the data is worth way more than the laptop. For us losing a $3k laptop is nothing, when you buy $90k suns and making a new chip mask is $800k a $3k laptop is a drop in the budget bucket. Now the data and loss of proprietary info to competitors could be potential losses of hundreds of millions, that should kind of put things in perspective. If Bill Gates, John Chambers, Larry Elllison or any number of other other CEO's laptops were stolen the potential for blackmail or selling of corporate secrects could be in the billions.
      • Who gives a shit about the laptop, for personal use you might but corporate clients (the people who buy probably 95% of laptops) the data is worth way more than the laptop. For us losing a $3k laptop is nothing, when you buy $90k suns and making a new chip mask is $800k a $3k laptop is a drop in the budget bucket. Now the data and loss of proprietary info to competitors could be potential losses of hundreds of millions, that should kind of put things in perspective. If Bill Gates, John Chambers, Larry Elllison or any number of other other CEO's laptops were stolen the potential for blackmail or selling of corporate secrets could be in the billions.

        I think your estimate of the % of corporate users is seriously off, but it hardly matters. The bottom line is that (doing my own made up estimate) if a laptop is "liberated", 99%+ of the time it's just going to be reused, even if the information is more valuable than the hardware and even if it is Larry Ellison's. And unless the thief if really clueless, the data will be wiped before the sale so that the new owner doesn't easily track down the old owner. But in those few cases where the device is taken for the information it, the thief will certainly not be stopped by this technique from getting those corportae secrets with a value that could be in the billions. About all this gimmick might do is convince the user that the data was safer than it really is.

        • Gimic, hmm strong crypto that is easy to use and is basically idiot proof. That is a weird definition of gimic. I think easy to use encryption is what we need more of, not less.
          • Gimic, hmm strong crypto that is easy to use and is basically idiot proof. That is a weird definition of gimic. I think easy to use encryption is what we need more of, not less.

            OK, you and I differ in the use of one word in what I wrote. Shall I take you that you agree with everything else I said?

      • Assuming that the other things I'd be looking at were met (light weight, mostly), I'd seriously consider one of these if they were no more than an extra hundred to two hundred dollars. I'm not a fan of the wireless connection - I'd rather see a USBish or iButtonish physical connection - but that's a fairly minor point. If someone starts making these and they have reasonable success, I'd expect to see other manufacturers pick them up as well with some variations on function.
    • But maybe the IRS and the State Department could use this.

      Oh, hell... they'ld just loose the damn watches, too.
  • How to steal (Score:1, Interesting)

    by Kallahar ( 227430 )
    How to steal one of these self-encrypting laptops:

    1) steal it (many means available)
    2) as soon as possible, remove the battery.
    3) profit

    Encryption takes a whole lot of time to do, especially on the monster hard drives available today. What might be a better way would be to have the system already encrypted, and just delete any cached keys, etc. when the laptop goes out of range. This will really only stop clueless people who wouldn't have profited off any data on the computer anyway.

    Travis
    • from the article:

      To speed up the encryption process, most of the files is already encrypted and only a cached portion is automatically decrypted when the user is in range. This means it takes around six seconds to encrypt and decrypt data.

    • Re:How to steal (Score:3, Insightful)

      by bjschrock ( 557973 )
      Encryption takes a whole lot of time to do, especially on the monster hard drives available today. What might be a better way would be to have the system already encrypted, and just delete any cached keys, etc. when the laptop goes out of range.

      The article states that the encrytion/decryption only adds about a 6 second lag to normal operation. Most of the data on the computer is kept encrypted except for a cached version of the data currently being used (the lag in encrypting/decrypting that).
    • Ought to be a damned moderator choice for that.

      You, sir, are yet another bozo here who did not read the article. The hard drive is always encrypted. Only the cache is decrypted; power off and there is no decrypted data anywhere.

      RTFA
    • You, like the watch gimmick, miss the point. Why steal the laptop in the first place? If it's because you want the hardware, then this isn't going to stop you one bit. And if it's because you are after the important information stored on it, then you better be doing your homework and understanding your target, else you're more likely to end up with a file of cookie recipes than corporate secrets. If you're targeting a particular notebook, then I don't see this as a real obstacle, just another issue to resolve. The false sense of security might even keep the victim from taking steps that would otherwise lower the value of the stolen information.

      And one nice side effect of this for the discerning footpad: A simple radio receiver listening for the bluetooth watch can be used to alert you when someone is bringing a highly valued prize your way!

  • To just have an encrypted filesystem, and make the user type the password when it boots? Less points of failure, less expensive, and less trouble.
    • by gwernol ( 167574 ) on Friday August 16, 2002 @02:29PM (#4084302)
      To just have an encrypted filesystem, and make the user type the password when it boots? Less points of failure, less expensive, and less trouble.

      But that doesn't solve the problem that this is aimed to solve, which is either the laptop is stolen while on (and therefore decrypted) or the user walks away from the machine (leaving it decrypted).

      As the article said, this could have a real application for people in busy semi-open areas (like a trading floor) who have to sometimes go away from their machines - even traders sometimes have to answer the call of nature or the boss.

      This simply automates the encryption process once user and machine are separated by a specific physical distance. I particularly like the fact that it auto-decrypts when the user returns, although the potential exploits involving a detatched body part returning are rather disturbing...
      • But that doesn't solve the problem that this is aimed to solve, which is either the laptop is stolen while on (and therefore decrypted) or the user walks away from the machine (leaving it decrypted).

        Many of the current solutions work like screen savers. If there's no activity for a while everything gets decrypted. The RFID solution is just a little better in that it narrows the time window during which the owner is absent and part of the data is still in decrypted state.

        the potential exploits involving a detatched body part returning are rather disturbing...

        Actually, if there is a detached body part involved, it usually doesn't matter whether the key is stored in the aforementioned body part or the user's head. Unless, of course, you have been trained by the very best... ;-)
      • That's what XLock is for :) If you have to leave it somewhere, just lock the screen; they'd have to reboot it to get access, etc.

        So that only really leaves someone running up and grabbing your laptop while it's running and you're using it. While this could happen, it doesn't seem a major security concern to me.
      • by ryanwright ( 450832 ) on Friday August 16, 2002 @03:58PM (#4085043)
        But that doesn't solve the problem that this is aimed to solve, which is either the laptop is stolen while on (and therefore decrypted) or the user walks away from the machine (leaving it decrypted).
        Users are stupid.

        How do you plan against the idiot who says, "I'm not wearing that stupid watch", takes it off and sets it next to the laptop? Or, in traditional user fashion, fastens it securely to the laptop?

        At my last place of employment, we instituted strong password requirements. That didn't stop half the users from writing them on post-it notes and sticking them to their laptops. When caught, it was always, "Well you make me change it every 90 days! And you make me put NUMBERS in it! I can't remember that!"

        "I can't wear that silly watch" will replace "I can't remember that" if this device is put into real world use.
  • ... step away to go to the bathroom, when you come back, you will have to sit and wait for all your 20 gigs of pr0n to finish encrypting :)
  • This is cool, until of course an enterprising user just tapes the decoder to the laptop.
  • by Lawmeister ( 201552 ) on Friday August 16, 2002 @02:08PM (#4084087) Homepage
    Pull a Bruce Campbell and cut off hand of owner... :)

    messy, and would elevate theft to a felony.
  • That should help with the U.S. government not being able to keep ahold of their laptops.

    http://news.com.com/2100-1020-950155.html [com.com]
  • by Papineau ( 527159 ) on Friday August 16, 2002 @02:09PM (#4084094) Homepage
    First thought I had: just remove the battery when you steal it, so that any gadget inside wouldn't be able to change something on the HDD. But the article says that the files are always encrypted, and only a cached copy (probably in RAM) is used when the user is viewing or modifying a file.

    Time to find another loophole...
  • Isn't that backward? (Score:4, Informative)

    by sysadmn ( 29788 ) <sysadmnNO@SPAMgmail.com> on Friday August 16, 2002 @02:09PM (#4084097) Homepage
    My first thought reading the description was, "Wouldn't it be better to encrypt everything, and only DECRYPT when the user is in range?" Fortunately I read the article before posting (that'll get me modded down...)
    To speed up the encryption process, most of the files is already encrypted and only a cached portion is automatically decrypted when the user is in range. This means it takes around six seconds to encrypt and decrypt data.
  • Now, I have this really neat gizmo hooked up to my laptop. I walk to to the kitchen for a glass of milk and a nice loose meat sandwich after not being able to connect to my favorite FTP server. While in the kitchen, I accidently walk beyond the leash range. The laptop encrypts my HDD. Now, after making my sandwich I walk back and can't use my laptop until it decrypts my entire HDD.

    Wouldn't this just be annoying?
    • No, the hdd is always encrypted, only a cached version is open, and that is what gets re-encrypted back to the hdd. Basically it combines the key and an autosave feature into the bluetooth enabled watch.
    • Read the fscking article. The hard drive is always encrypted. The cache is decrypted.

      I swear this is one of the worst articles for write-only idiots.
  • And if they steal both?

    A whole new emergence in the field of crime, pickpockets and laptop thieves combining forces, united at last!
  • by Jonny Ringo ( 444580 ) on Friday August 16, 2002 @02:10PM (#4084119)
    see: http://zdnet.com.com/2100-11-950155.html

    Although I'm afaid our government will probably have just as hard of time keeping track of the transmitter that goes around the wrist.
    • I know of many accounts of pirates/hackers who placed HUGE magnets in their doorways so when the Feds came to take their PC away all the data was lost (or enough data that is)

      Now I can download mp3s and pr0n.. hack all day and 0wn the pentagon but when they confiscate my PC then "oops, no more evidence!"

  • by Inexile2002 ( 540368 ) on Friday August 16, 2002 @02:11PM (#4084129) Homepage Journal
    My keys, wallet, watch, PDA, Blackberry, Cel AND my crypto leash. Great.

    Anyone who is concerned enough about their laptop security to consider bothering with one of these should already have good crypto security in place. And preferably security where the 'key' can't be stolen off the nightstand. These will attract the gadget happy crowd and CFO's who don't understand info sec and want to see a physical product. Anyone who feels the need to be able to point to their security device shouldn't be making security decisions.
    • Anyone who feels the need to be able to point to their security device shouldn't be making security decisions.

      Just remember the info sec triad: good security is a combination of something you are, something you have, and something you know. For that reason, if this physical key had a passphrase requirement (don't know if it does, didn't read the article as per /. SOPs) then it would be a GOOD thing.

      If the physical key was the ONLY thing required, then I agree that it would be BAD THING.

  • They used to do this with handcuffs and briefcases. The only problem was that too many curriers ended up sans hands.
  • There's no way that they are going to encrypt everything in a reasonable amount of time (even just an xor would take forever on a 40GB drive), and if they did, there's no way they could decrypt it fast enough on your return.

    The implication is also that data is in an unencrypted state for some period, a risk in itself (just pop the battery when you take the laptop, remove the hard drive and attach to another system to see what's unencrypted). An encrypted filesystem seems more appropriate if you are really concerned about security.

    Does anyone know how this product really works?
    • in which it explains that the hard drive is always encrypted, only the cache is decrypted.

      Does anyone know how so many /.ers can read the /. summary, know how inaccurate these summaries are by definition / tradition, and STILL not read the article itself?
  • "It could be useful for the UK's Ministry of Defence, which has admitted to having lost track of nearly 600 laptops."
    Excuse me? If you've lost 600 laptops, I don't care how elegant your encryption solution is -- you've got other issues. Technology is not the panacea to cure cruddy management.
  • by jbf ( 30261 ) on Friday August 16, 2002 @02:15PM (#4084186)
    The data is always encrypted on the hard drive, and is only decrypted at the cache. So steal it, remove battery, submerge in liquid nitrogen is the only way to get even a little bit of data out of it. The really cute exploit is to tunnel their challenge/response over a network of some sort (say, cell phones), and just have someone follow the legitimate user around until all the information is decrypted.

    The research paper [acm.org] on this will be presented at ACM MobiCom 2002 [acm.org], the premier conference on wireless networks and such.
  • The person wearing the watch doesn't have to be the owner.

    It seemed to me to be a lot like those security systems based on a fingerprint -- the finger doesn't have to be attached to the owner to give access to the presenter.

    I thought the best security had three criteria -- something the user has, something the user knows, and something the user is (physically). I'm sure someone can elaborate better than I.
  • Link to Paper (Score:5, Informative)

    by mcorner ( 168581 ) on Friday August 16, 2002 @02:20PM (#4084231) Homepage

    As always it is difficult to discern the technical details of how a system works from a news article. If you are interested, I urge you to read the technical paper. My papers [umich.edu]

    FYI, the data sits on the disk encrypted and in the page cache decrypted. Keep in mind this is a technical paper and a research prototype and not a product.

  • Perhaps these government agencies should look into this. [hangonbaby.com]

    A laptop in each hand, connected by a string running through their sleeves. Twice the computing power, and no more missing laptops!

    Just a thought.

  • Get a nice, strong RF generator in the room with all those paranoid stock traders and watch all the laptops encrypt.

    New way for DOS attack!

    Then, when their battery in the "watch" dies? Or better, xmits the decrypt key over WAP or some such and is snooped and possibly CHANGED.

    And the non-volatile RAM that stores the decrypt key proves to be a bit more volatile than thought?

    etc., etc., etc.
  • by Torgo's Pizza ( 547926 ) on Friday August 16, 2002 @02:40PM (#4084390) Homepage Journal
    For all my sensitive information, I just use my wife. She keeps all my appointments, scheduling and list of chores for me to do in her head. She already has built-in encryption because as everyone already knows, there is just no comprehending women.
  • ...even if the headline is wrong. Encrypting a (say) 40GB drive like I have in my Vaio would take an hour or more. The battery can be removed in 10 seconds to stop that.

    However the device is essentially a crypto-filesystem that uses a wireless token. Except for the obvious attack of stealing the token as well, this is pretty secure. The problem with a conventional crypto-filesystem is that it usually remains open until reboot or keeps bothering the user with requests to give the key again. In the first case a thief just needs to keep the laptop running in order to copy the data.

    Barring implementation problems, I don't see this being hackable in any "easy" way. Of course there might be all kinds of implementation or fine-design mistakes. And of course you can still steal the token as well or "convince" the owner to cooperate. The advantage of this device is just that an easy attack (Stealing a running laptop) does not work anymore. If you use a conventional crypto-fs and make sure your laptop is well-guarded as long as it is on, you are as secure. Probaly more so.
    • (time for anohter obligatory...)

      You didn't read the article, did you?

      The data is already encrypted on the hard drive, and only a cached portion is decrypted into RAM while the key is nearby.
      • I did read the article. You seem not to know what a crypto-filesystem is.
        • Sorry, I just noticed I made an unclear statement. What I meant by "even if the headline is wrong" was "even if the link text on /. is obviously wrong". The second sentence of my original post demonstrates why the link-text is nonsense.

          Only the rest of my posting is about the system. And yes, a crypto filesystem does on-demand decryption. Otherwise it would be insecure on power-fail. The "small cache" is nothing special. First there is the ordinary buffer-cache or the OS (No, not a cached portion is the decrypted. A decrypted portion is cached! Otherwise this does not make sense.). And second, using a fast cipher (e.g. AES) it does not really matter that much.

          The one inovative idea is that the crypto-fs as implemented here refuses to serve further requests when a distance to the user is exceeded. The techniques used for securing the filesystem itself are standard (at least in Linux).

  • Are there any existsng GPL folder/drive encryption programs someone could use now? In Windows? With decent performance?
  • Wow! What a great idea, what could posiably go wrong with this?

    ;-)

  • the magnet door coil in cryptonomicon is the coolest.
    I want those all over the place.
    my credit cards would never work in person.
  • by Wee ( 17189 ) on Friday August 16, 2002 @02:45PM (#4084439)
    Why the hell would you want /usr to be encrypted? That would take like a year. All you need is to keep your personal files encrypted -- $HOME, /var/spool/mail, and so forth. I use BestCrypt on my laptop and one of my Linux servers. It does a great job whether you use Linux or Windows or both.

    On the laptop, I have an encrypted home directory [jetico.com]. I never suspend my laptop, so I always log in/out when I use it in different locations. If someone stole it, they'd have a nearly impossible time getting to my personal files.

    On the fileserver I use it via Samba and NFS mounts. This is why I chose BestCrypt over some other kind of encrypted filesystem/volume, actually. My wife can mount a volume file from her Windows machine via Samba and I can mount them via NFS (or via Samba when I'm booted into Windows game mode).

    Best part is that there's no batteries, bracelets, rings, whatever to worry about. Just remember your passphrase and you're good to go. I'd recommend BestCrypt to anyone.

    -B

  • ..because I use Windows xp and nobody can boot up and see my data unless they know my password.

    err.. or maybe if they just create an NTFDOS [systernals.com] diskette.. damn.
  • by HEbGb ( 6544 ) on Friday August 16, 2002 @02:57PM (#4084520)
    Why bother with the wristwatch? Scramdisk (free) and Drivecrypt (commercial) already do this in software, using strong passwords.

    1. Use the software to encrypt your disk contents
    2. To decrypt (on the fly), you need the password
    3. Set your screensaver to lock, with a (different) password.

    Voila. Done. Rebooting to get by the screen lock unmounts the drive, rendering it useless.

    This is really, really easy. What's the big deal about all this gadgetry nonsense?
    • Maybe because most users tend to use passwords that are trivial to break?

      And when forced to not use a trivial password they then write the password down on a sticky pad that gets attached to the notebook or put in the notebook carry bag?
    • K, so i leave a Brute force dictionay attack running for a few days/weeks if i really need the data.

      Next, the silly corporate users forget their passwords, and at the same time they used a really secure one. Now the drive is fubar and all data is lost.

      Next up, the user lost/breaks the key. Or even the key goes fubar itself. All data is lost again. Grrrr..

      But then again, whats stopping the attacker/theif from recording the Key exchange somehow and duplicating it later back in the garage.

      • Almost a year ago, I took Prof. Rivest's introductory computer security class (MIT 6.857). For thier final project, a few of the students researched systems very similar to this. The easiest way to securely do the key echange is to have the laptop and the tamper-resistant token (e.g. a JavaButton or a tamper-resistant buetooth wristwatch) share a block cipher key. The laptop sends a random number (tesame nubmer of bits as the cipher key) and the encrypted key (or block offset, depending on the scheme) for the block it's reading or writing. The token calculates the decyption key for the disk block. The nonce (random number) is then ecrypted with the shared key to generate a "session key". The session key is used to encrypt the disk block decryption key. The session-key encrypted disk block key is then transmitted back to the laptop, where it is decrypted (the laptop can calculate the seesion key, since it knows the nonce and the shared key) and used to decrypt the disk block. The simplest safe method for generating the shared key is to use public key crypto. The laptop generates a new random shared key every time is starts up and encrypts it with the token's public key. Then it signs the key with it's private key. The signed encrypted shared key is transmitted to the token. The signature is verified and the secret is decrypted.

        If the laptop gets stolen, the thieves can change the public key on the HD, but that simply allows them to use a different token. The token they substitute doesn't have the key to decrypt the encryped disk block keys.

        If all of the transissions get recorded, they can't be played back to the laptop, becuase the laptop will never (statistically speaking) send the same nonce twice before the Sun gets old and bakes the Earth to a crisp.

        If you record all of the transmissions and steal the token, you can play them back to the token and get the disk keys, but that doesn't help, since all of the data stays on the laptop. If you're really worried about this, use an interactive signature algorythm on the shard secret so that it can't be replayed to the token.

        If you steal the laptop, guess the password used to encrypt thesig nature key, then get a transmitter near the token (wristwatch), you can trick the token into accepting a shared key o your choice and then sucessfully querry the token for the encryption keys. You could also steal the laptop and use hardware to boost the transimmsion range so the token and laptopstill think they're close together. Having a panic button on the token (wristwatch) to turn off the crypto functions will eliminate both of these attacks as long as the owner realizes the laptop has been stolen and quickly hits the stop button on the token. The second attack can be prevented by having the latop place strong limits on the querry latencies.

        Of course, if both the token and the laptop are stolen and the password to decrypt the signature key is gussed, it's game over. Kindapping and torturng the owner of the laptop (with the laptop and the token) also results in a game-over scenario. (Unless you use the rubber-hose filesystem.) There are ways to minimize even these attacks. For instace , if the owner's pulse gets too low (chloroform or arm cut off) or too high (torture) then the token writes over the area of memory used to store the secret used to calculate the disk block keys. However, the false alarm rate would be too high for systems like this and the HD would neeed to be reformatted too often.

        There is no perfect way to get security, other than melting down the laptop as soon as you put sensitive information on it. However, using the public key encryption, interactive signatures, and shared key system, you can get reasonable throughput and very good security.

  • Let me be sure I understand this, we have a watch running Linux that can communicate with the laptop running bluetooth. If I get out of range, the laptop encrypts the files.

    Of course, there's still a good chance that someone has stolen my laptop, and even less of a chance that anyone will look at the files on a lost laptop and get it back to me. My data is protected but still lost to me. As is my laptop. With all that technology, why not just save my critical data to the watch? It's not on the laptop so there's no chance an attack will break the crypto. And I still have my copy, unless the thief gets my fancy computer watch; when I get to another system I will not have lost my work.

    Seems to me like NT and XP already have some encryption in the NTFS file system, but most users refuse to use it 'cause you have to think and type in a password when you start to use your computer. Is a techno watch the answer? Should your laptop start encrypting your files every time you go to the bathroom? Will this really accomplish anything when the average user is about as bright as the power led on the laptop when it's running on battery? If you can't store the data on the watch, why not just have the smart watch do the login, and make sure that proper sharing rules are enforced on the files?

    • The files are ALWAYS encrypted on the hard drive. A small cache of data in RAM is unencrypted, only when the watch, or other dongle is in proximity. When the devices are separated, the laptop goes into a sort of hibernation, with the contents of that RAM cache encrypted.

      When the laptop comes back into relation with the watch, the encryption chip wakes up the l;aptop, decypts the RAM cache, and life goes on.

      See that wasn't that hard to understand was it.

  • by wo1verin3 ( 473094 ) on Friday August 16, 2002 @03:03PM (#4084578) Homepage
    ... what would happen if there was quick back and forth wrist action (with the device being on your wrist), this wouldn't damage any of my sensitive business "mpegs" and "gifs" would it?
  • So foreign spys can just look at the remenants of what used to be on the hard drive. Unless they wipe the decrypted data 20 or so times . . .
  • I've been advocating for something like this for quite a while, with only a few differences in implementation primarily in the area of what happens when the key is removed.
  • I hope the range is long enough... otherwise the poor machine would be encrypting/decrypting data all the time while people are watching pr0n.
  • I mean, there is no shortage of secure ways to keep the data on the laptop inaccessible to others. Encrypt the disks and shut down the laptop before leaving. Encrypt the RAM image before suspending and saving it to disk, and ask for the key when resuming, if you don't want to shut down. Keep the portion of key on some device that should be physically connected, and shut down or suspend when it's removed.

    But the main ideas should be -- if the data is not supposed to be read by someone else, it should be encrypted already, and if user is not at the keyboard, the thing is not supposed to be running in the first place. And no one should rely on anything that happens when user is already away.
  • I'd really like a system like this for a desktop PC - a proximity tag which would automatically unlock the screensaver when I get within 6 feet of the machine, and automatically re-lock when I move away.

    I don't particularly need the encryption side of things, I just don't want anyone messing with my machine in my office.

    Anyone know of such a device for less than a small fortune?
  • just as the proliforation of car ignition kill switches making traditional theft difficult caused the number of car hijacking to sky rocket, this could do the same for laptop users with their key attached to or hidden on or in their person.

    i'll keep my hand rather than attach a key controlling access to millions dollar secrets to it.

Any sufficiently advanced technology is indistinguishable from a rigged demo.

Working...