The widespread native support and high bandwidth of the USB mass storage interface enables a digital identity device to be truly portable and accept high level application messages through a protocol that is as simple as reading and writing to a file. Work in developing open specifications to exploit this new direction has already begun. In partnerships with key device manufacturers, Microsoft is currently developing a specification called PSTS (Portable Security Token Service), which will enable file system based communication to USB devices that can be used as portable credential carriers and generators of SAML tokens in response to WS-Trust requests.

This is part of a digital identity metasystem that will enhance privacy and security of digital identity transactions on the web. WS-Trust, along with other WS-* specifications are already submitted to OASIS for standardization. With the adoption of InfoCard in new Microsoft operating systems and popular browsers, it will be possible for you to roam to any machine, say at an Internet café, and perform a digital identity transaction using your USB digital identity device.

There are still challenges to be addressed to make this direction a reality. Device manufacturers need to design for portability. The installation of drivers and middleware to assist in some of the digital identity computation is not an option. The device itself must be able to process high level messages, perform cryptographic operations and handle user authentication internally, otherwise portability will be lost. The development and adoption of standards must continue relentlessly otherwise we will fail to achieve interoperability. Finally, the industry must be assured that these new devices are secure. The same types of security validations that are being applied to smart cards and other security modules will be needed.

Now that we have seen the new digital identity direction of USB mass storage devices and what it could mean for portability and interoperability, organizations should rethink their decisions to disable USB mass storage. There are good solutions appearing on the market that can control the use of USB mass storage without disabling them completely. For example, many offerings allow you to prevent any unwanted devices from being used except those that are issued or approved by the corporation, and you can even monitor the files that move on and off a device.

Digital identities play a key role in many security applications from single sign-on, to PKI, to the emerging systems of federated identity. By keeping USB mass storage enabled, corporations can leverage the new breed of USB mass storage based digital identity devices to enhance and simplify their deployments of digital identity security solutions.

New Portable Security Devices will not only offer biometric and password two-factor authentication for portable secure storage, but will securely carry and assert digital identities, and be the hardware token for such security applications as remote access, PKI, and single sign-on. . Driverless USB secure flash drives will be transformed into the next revolutionary hardware device for portable security.

From my research on this topic I have come across the Stealth MXP that I purchased from MXI Security and has surpassed my expectations.