The end of passwords: Ensure’s approach, Part 1

In the previous articles in this short series, I explained that I have long sought a system for using proximity devices as the basis for identification and authentication, especially in the medical environment where most users are under too much pressure to tolerate logon/logoff procedures. Such applications would benefit from a system that automatically allows session initiation when an authorized user approaches a workstation and then either suspends access or terminates the session when the user needs to – all without any particular human intervention.

Imagine my delight when I received a press release from Ensure Technologies announcing precisely this technology. Within a few seconds (literally) I was on the phone and arranged to interview Tom Xydis, Ensure’s CEO and inventor of the XyLoc proximity devices.

Here is an abbreviated version of that interview. Note: This interview should not be construed as an endorsement of the products discussed. I have not personally evaluated the XyLoc system and I have no financial involvement whatsoever with Ensure.

Q: Tell me about your background.

A: I went to Northwestern University for my B.S. in electrical engineering (EE) and have a M.S. and a Ph.D. in EE from Michigan. I worked on digital radios and other equipment in the 1970s and developed the key-fob keyless entry system for cars; that got me into low-power wireless. After that I was involved in various committees for IEEE 802.3 and .4 and .11, and now Bluetooth.

The genesis of the invention for Ensure was my involvement in a wireless controls company in the 1990s; we built wireless control systems for everything – lights, fans and so on. We had a security breach where the salary information for the executives ended up on a bulletin board. So people said, “Someone must have hacked in.” Actually, somebody used an unattended terminal that was already logged in.

The comptroller tried to use a password-protected screen saver, but it kept interrupting her work, so she started locking her door and moved her administrative assistant in front of her office rather than use the screensaver. It was that incident that made me realize how passwords were getting in the way of productivity. I formed Ensure Technologies, where I invented and patented the XyLoc in 1998. We knew it was a good product and realized that healthcare was the ideal vertical market. They needed security but they couldn’t let security get in the way of their efficiency and workflow.

Q: Tell us what the XyLoc does.

A: Our product automatically senses the presence of an authorized user carrying the badge (called the XyLoc KeyCard). It knows how far away the person is, so it provides identification information to the computer when the person is the “Active Zone,” which is configurable by system managers. The bearer of the key is identified to the system automatically logged on for appropriate access as defined by the organization’s policies. When the person leaves, access is suspended or terminated as required. But when a new person arrives, the system registers the identity of the new user and so the log files are correct and access is appropriate.

For example, if the IT manager arrives, (s)he might be able to access the desktop directly without closing the medical application; if a nurse arrives, the system can open a separate session for the nurse. So if the doctor has left the terminal without completing a critical authorization, the system may alert the next nurse who arrives about the situation and suggest that (s)he find that doctor stat (at once)! This will all depend on the organization’s security policies in general and for particular classes of users.

Next time: How it works.