Wave Systems Corp. (fka WAVXQ)

[ExPatriate57]

Smart Phones and Data Security:

So, this issue needs to be broken down into two components.

First is the issue of Authentication. Existing smart phone technology has this covered. You can't just take any smart phone and connect to a wireless network. The phone needs to be "registered " on the network first.

Secondly, is the issue of data confidentially and data integrity. Here is where smart phones still have a challenge in front of them. The data stored on smart phones is typically protected only by lightweight password protection. Software protection at that. Vulnerable to brute force hacks.

While it's true that sensitive information is only now starting to be stored on the smart phone platform itself, the impact of " cloud computing " is not to be underestimated. Most smart phones are treated as clients that connect to databases where sensitive information is increasingly being stored. Those databases are almost always independent from the wireless network itself and thus not able to leverage the authentication credentials inherent in the phone itself.

If malicious code is placed on the handset ( as a Trojan in a trusted app or as a standalone app ) one could easily capture the users software based username and passwords used to connect to the sensitive databases.

IMHO, this H/W based encryption and authentication capability is where the opportunity exists.