SanDisk to secure online sales with USB Flash drives

SanDisk will next year bring secure computing to its USB Flash drives in a bid to persuade online banks, auction houses and retailers to use them to minimise unauthorised and fraudulent transactions.

The technology is called TrustedSignins and essentially embeds a "high performance" encryption engine into the Flash drive. SanDisk's pitch to financial and retail institutions is that they will be able to provide customers with drives containing log-in software and highly-secure keys that provides a level of protection above and beyond the user's own password and log-in name.

The first time the user logs on, the website checks for the presence of a TrustedSignins device. If it finds one, it generates a one-time password (OTP) which is stored on the device's secure storage partition in an encrypted form. Later, access is granted only if the user's log-in details are verified and the OTP is too.

SanDisk said the technology would be made available to banks and the like in 2007, for their evaluation. It also said it was working with security companies RSA and Verisign to allow the technology to be supported by websites that already those firms' authentication services, giving anyone who buys and uses a TrustedSignin device added peace of mind. ®