That's the thinking behind Validian's new enterprise IM system, which is made for deployment to end users on a USB fob -- an increasingly common means for easily transporting data.
Players like M-Systems' DiskOnKey, perhaps the best-known vendor in the space, market USB fobs as a way for business users to transport their personal data on a small device that hangs on users' keychains, which can then be plugged into a PC to serve as a hard drive. The devices rely on flash memory.
A handful of companies offer specialized USB fobs for security and authentication, but Ottawa-based Validian, formerly known as Sochrys, is the first to incorporate it into an instant messaging architecture. The company is expected to announce its first customer tomorrow.
Users are authenticated against Validian's Domain Controller, which is deployed at corporations either behind or in front of the firewall, before they can initiate chats with other authenticated users. By linking the Domain Controller to corporate user databases, IT administrators can oversee user messaging and file transfer privileges.
Before an IM session can be begun in earnest, a user also must be approved by their intended message recipient -- by way of an "Allow or Deny" pop-up query. If denied, messages from the user are blocked.
"People that want to access a secure [IM system] site must have the authorization of the site, as well as that of the individual recipient within that framework," said Validian chief executive Andre Maisonneuve. "The security level is twice what is common at this point in time -- people typically have access to a site, and can go just to about anybody on that site. In our environment, we extend security to the site and the individual, who must recognize the person who wants to talk to them. This offers second-level authentication and identification."
Once two users have agreed to chat, the instant messaging session takes place via point-to-point communications. After users have agreed to receive communications, they also appear on each other's contact lists. The lists support grouping and nicknames. In connection with the company's free SDK, the system can be tied into corporate directories and login systems, enabling presence detection.
Use of the IM client is free for message recipients -- they need only download the client from Validian's Web site to receive messages. However, users must authenticate against the corporate Domain Controller before they can initiate IM sessions with other users.
Maisonneuve said benefits of a system where users keep their personal authentication criteria and IM clients on USB fobs include end-to-end security designed for mobile users in particular.
"With SSL ... the client authenticates the server, but the server does not authenticate the client," he said. "If you want to authenticate the client you have to go through the PKI environment, which is a very highly secure level of communication and is proven, but is costly and complex. And you need to have a significant amount of resources to implement and maintain it -- everybody needs to have their own identification, and when your start having people moving around the country, it becomes difficult to maintain because a network manager has to take care of all the changes and so on. It's not very well suited for a distributed application. That's the idea behind generating a more secure instant messenger and more secure network."
Maisonneuve also said the threat of unwanted IM spam would be nearly eliminated.
"Nobody can have a rogue user or communications or on our system," he said. "After all, each user has to be authenticated by the receiving party. If you have not authorized a user to communicate with you, it's impossible for him to get into our system."
Christopher Saunders is managing editor of InstantMessagingPlanet.com.
Loading Comments...