Tom Secreto, chief technology officer at Valid Technologies, an IBM software partner based in Boca Raton, Fla., saw the way data center managers viewed security and figured there had to be a better way.
The prevalent mentality with iSeries shops, according to Secreto, is to put their money into securing the perimeter. But Secreto believes the perimeter will never be 100% secure, which led him to think that a new method of securing the data was in order.
Out of this belief, Valid Secure System Authentication (VSSA) was born. Launched last month, VSSA is a biometric application native to the iSeries.
Biometric technology measures and analyzes human body characteristics, such as fingerprints, eye retinas and irises, voice patterns, facial patterns, and hand measurements, for authentication purposes to help companies avoid security breaches.
The theory is quite simple -- add fingerprint authentication to standard user ID and password authentication. The application has made serious inroads with IBM, which has worked extensively with Valid on product development and has installed VSSA into its executive center in Rochester, Minn., in March.
"Nobody was addressing the problem [of perimeter security].That left me to research biometrics," Secreto said. "We're seeing that this could be very large."
The hardware that makes VSSA tick is a fingerprint sensor "biopod," designed by Melbourne, Fla.-based Authentec and built by West Kingston, R.I.-based American Power Conversion. The biopod, which costs about $35, plugs into a USB port. The user then types in his ID and password , plops a finger into the sensor and he's ready to go.
The key to ensuring user privacy, Secreto said, is extensive data encryption and the fact that VSSA never stores a user's image. Even if a potential hacker had a licensed copy of its VSSA software, Valid designed the tool to make sure any personal third-party information would come up as unreadable.
"We absolutely maintain the consumer's privacy," Secreto said. "It's encrypted in such a crazy way that even if you decrypted it, it would have no relevant data."
Valid is thinking big with VSSA, seeing possible implementation in organizations such as major financial institutions, for example, and other companies where advanced security measures are essential. The philosophy Valid has taken to market is equally ambitious -- start at the top and work its way down.
Secreto figures that if Valid can solve the potential kinks of its biggest potential clients first, execution should be much easier for smaller customers, especially considering the fact that no customer, no matter how large, will need no more than one iSeries box to run VSSA on.
It's also easy to install from a programming perspective. Valid claims VSSA can, in some cases, be installed in five minutes or less.
"Our sole purpose was to produce a best-of-breed product, and do a top-down design that can handle the biggest customer, but make it simple enough so a small company can use it," Secreto said.
To that end, the plan seems to be working. Though Valid has signed on just two early adopters, both of which are currently beta testing the product, it has signed on four business partners and has the strong backing of Big Blue, which, in the iSeries community, is pretty much everything.
"No longer is the excuse, 'Well, someone else must have my password,'" Secreto said. "That's all over now."
Let us know what you think about the story; e-mail: Luke Meredith, News Writer