Thin clients secure with bumps
Tom Shelley looks at some of the latest ways in which collaboration
may be undertaken without providing entries for hackers
Thin clients secure with bumps
.
.
The Latest software for collaborative engineering can avoid sending an iota more information than is absolutely necessary. Not only does it reduce bandwidth loading on the Internet, it prevents the risk of collaborating clients passing on design information they should not have access to, either intentionally or unintentionally.
For added security, users can add encryption, which, in the latest developments, requires only a ‘Bump in the wire’ and no conscious thought or action by users.
Concern about security is one of the biggest obstacles to the general expansion of collaborative engineering design, especially when it extends over the whole supply chain.
Who can you trust with your most intimate data?
One approach, gaining favour, is to minimise the amount of data that is shared. SGI is promoting what it calls, Visual Area Networking. Vizserver 2.0 allows users to access any OpenGL API-based application. All the client machine has to do is to decompress and display bitmap images. Client support includes Windows XP, Windows 2000, Windows NT, Linux, Solaris and Irix. Jan Silverman, SGI’s senior vice president marketing, told Eureka, “A designer of pistons gets to view the engine model but can’t get access to the data. He can’t save the model to disk, because he is only seeing images, so he can’t pass the model on to any other company he might also happen to be working with.”
The graphics processing is handled by the server which processes the images — an Onyx visualisation system in the case of SGI. The next stage in development, according to Silverman, will be to extend the facility to even lighter clients such as PDAs. Encryption can be added if required. Security is such that the company says that an army sergeant could safely use a wireless tablet PC to view photographic details of enemies the other side of a hill via data gathered by an unmanned aerial vehicle and processed by an Onyx family system back at a command post.
Collaboration by web browser
The thin-client approach offered by Cimmetry Systems is similar in theory but different in execution. Its AutoVue Release 16 supports EAI/HP DirectModel, .JT format, MicroStation V8, Catia, Pro/E, Unigraphics, Inventor, SolidWorks, Solid Edge, and SolidDesigner plus a selection of electronic industry EDA formats. A Markup Navigation Tree lists all markup entities in a redline file.
AutoVue SolidModel for Java is written in Java 1.1. Users can view and collaborate on their 3D CAD designs directly from their web browsers. Server based rendering is available as an option. After the initial viewing session, AutoVue generates a 3D metafile called 3D CMF. This is streamed from server to client but is interruptible for user interface feedback. Thus the user can begin interacting with the assembly or even request a different one before the file has fully arrived. The CMF is 5 to 15% of the original CAD design file and is stored in a cache that can be integrated into EDM, PDM and ERP systems. CMFs can be created on-line or off-line. Server based metafile rendering is now also available for 2D CAD files.
The human factor
Mike Todd, head of security technologies at BT Exact says that the biggest risk of theft or misuse of data arises not from hacking into communications but from human frailties around since long before the invention of computers.
The key to secure electronic working, he adds, is working with people who can trust each other. Before entering into negotiations with potential suppliers or customers, it is, as always, essential to ensure that their company really exists, and does what it says it does. If you don’t know them well yourself, consult somebody of unimpeachable integrity who does. Where this is impractical, it is necessary to turn to registration authorities, whose responsibility it is to check the credentials of the person or persons involved. On the basis of this successful registration, digital certificates can be issued as the basis for on-line authentication and secure exchange of documents.
Procedures for exchanging information securely over networks are based on security algorithms and standards. The best known are RSA, DES and IPSec. RSA stands for the surnames of Ron Rivest, Adi Sharmir and Lend Adleman of MIT, who were responsible for developing one of the most used cryptosystems. DES stands for Data Encryption Standard and IPSec for Internet Protocol Security.
Because of the fast changing nature of the Internet and Information Technology generally, it is not possible to wait for international or national official bodies to discuss and agree on standards in the traditional way. In contrast, standards such as IPSec have been developed quickly using a structure of open peer review. Reference to the Internet and other open sources can quickly establish the point they have reached, and Todd says that BT is a strong supporter of them.
BT has developed the means of setting up virtual private networks and operating them in a secure way. However, in these days, it is expected to become increasingly necessary to extend the secure perimeter outside hard wired networks to the mobile world. It is then especially necessary to provide encryption and securely manage the necessary exchange of digital signatures and crypto keys.
If it is to remain secure, the security solution needs to be both easy to deploy and transparent to the user.
To this end, BT Exact is bringing out a ‘Bump in the wire concept’, which is integrated into a network interface card. This goes into a PC network slot. All processing for encryption and decryption is carried out on the card. Mike Todd says that if there is any doubt about any unauthorised user getting hold of a card or laptop equipped with a card, all permissions can quickly be removed via the network administered security regime.
The device is a BT own design, and is expected to go on sale in summer or autumn of this year.
The only weaknesses remaining are human susceptibilities to flattery and greed. Without these, the Nigerian Fax scam and its electronic derivatives would cease to claim victims. For these problems, there is no electronic solution, only common sense.