1. Introduction
Effective security is a critical component of any viable enterprise handheld implementation. An increase in enterprise workforce mobility is driving an aggressive transition to increased usage of handheld computing solutions.
Successful IT organizations will build handheld computing security into their overall corporate IT strategy.
This paper provides an overview of the issues surrounding handheld computing security, discusses current capabilities, provides a recommended strategy, and offers a view into the future of handheld security capabilities.
2. Security in an Insecure World
Security is not a new issue for IT organizations. Most enterprises have long-standing security policies designed to protect access to the organization’s network and desktop computing resources. This protection is critical to ensuring not only the integrity of the organization’s data, but also its confidentiality.
Laptop and notebook computing represented an important wave in the evolution of mobile computing. And yet, there are a number of circumstances where it’s not reasonable to sit down and power up a notebook, for example, during a lunch meeting, at a patient’s bedside, or on a shipping and receiving dock. That’s where handheld computing solutions come in. Adequately addressing the unique requirements of handheld computing security requires a multidimensional approach.
3. Controlled User Access
As more and more mission-critical information is stored on handhelds, the need to secure that information has become a top-priority IT challenge. Data security begins with basic password protection for locking access to a handheld computer and hiding records. These capabilities are inherent in the operating system of Palm OS handhelds.
At the PalmSource 2000 conference, Palm announced that version 4.0 of the Palm OS will support enhancements to the built-in security application, such as various ways to enable automatic device locking (“Never,” “On power off,” “At a preset time,” “After a preset delay”).
Palm OS 4.0 also offers new encryption, integration with the Palm Desktop software, and password hinting for unlocking sensitive data. For example, when users set up passwords, they can enter a short hint that only the user would know to help in case of forgotten passwords. The Palm OS 4.0 upgrade will be available in the summer of 2001 for the Palm III, IIIx, IIIxe, IIIc, V and Vx. These administrative capabilities of the Palm OS reduce IT organization’s support burden and increase the overall productivity of the enterprise.
A number of vendors are capitalizing on the momentum in the handheld market by providing enhanced password protection that offers a wide range of capabilities. For example, one option requires pressing a specific combination of buttons, another requires the use of a stylus to write a unique character on the handheld screen, and yet another requires tapping a unique ID on an ATM-style keypad on the handheld screen before access is given. Some excellent solutions from Palm OS developers for protecting data from unauthorized access are provided below.
3.1. Password Protection
OnlyMe from Tranzoa (www.tranzoa.com) automatically locks a Palm OS handheld whenever the device is turned off and will ensure that no one can read the information on the device without entering the right password.
Sign On
from Communication Intelligence Corporation
(www.cic.com) offers log-on/password security utility for Palm OS handhelds
that uses signature verification to limit data access. To unlock the handheld
a user simply signs any memorable word or name and the software verifies the
unique signature before unlocking the device.
Both Only Me and Sign On can survive a warm reset as well, so even sophisticated hackers will be restricted.
GoAti (www.goati.com) offers PDASecure that provide Palm security software for handheld devices. PDASecure enables secure password and data encryption for Palm devices. In the event that a Palm device is stolen, PDASecure will restrict unauthorized synchronization. PDASecure allows selection from six different security algorithms, including the Rjindael algorithm to be described in the section “Developing Secure Applications.”
3.2. On-Device Encryption
Limiting access to the device using password
protection is an excellent starting point, but may not go far enough for
certain security-sensitive applications. Often it is necessary to provide a
redundant level of protection by encrypting particular databases or
applications. For the Palm OS, on-device data protection and encryption
generally takes one of four forms:
· Encryption of private records
· Encryption of the entire Memo Pad
· Organization and encryption of the user’s passwords or other confidential bits of information
· Encryption of databases.
Some very sophisticated algorithms for data protection on the device have been developed, using well-known standards throughout the cryptographic community such as Blowfish, IDEA, SAFER-SK, and 3DES.
The Palm OS supports private records, which involves a special flag which can be set for individual entries in the Address Book, Calendar, Memo Pad, and Tasks/ToDo. The user can then assign a password and enable record hiding within the Security application, which ships with every Palm OS device. This prevents an unauthorized user from seeing records marked as private on the device.
For encryption of the entire Memo Pad, the MemoSafe product from DeepNet (www.deepnettech.com) is a $7 product which uses a SAFER-SK public domain block-cipher to encrypt Memo Pad records while not changing its functionality. Encrypted memos are shown with a lock symbol.
For protecting collections of passwords, you can use a product such as Portable Projects’ CryptBox (www.portableprojects.com), which uses the Blowfish algorithm and can also encrypt other confidential information like PIN numbers, logins, and URLs.
For encrypting databases on the
device, there are products like
JawzDataGator from Jawz Inc.
(www.jawzinc.com). Jawz also makes a Memo Pad encryption product
(JawzMemo).
3.3. Using Profiles to Limit Access to Specific Data
Another level of security can be provided by
offerings such as Restrictor
by ISComplete (www.iscomplete.com) for the Palm OS. This software
application allows an administrator to create profile categories for different
users as well as a default profile, on a single handheld. These profiles limit
the applications to which an individual user has access through another layer
of password protection. Restrictor offers important capabilities such
as enabling an administrator to push a program to a user, and after the user
completes a HotSync their device is locked down. Next, Restrictor
offers a lock delay to password protect the device as well as private records.
When the handheld is shut off it is automatically locked. Finally,
Restrictor allows an administrator to enforce data avoidance by
configuring device to disable IR and Hot Sync capabilities.
This application can be used to provide two-tier device control access. Profiles can be created for the user and for the IT administrator who can be given greater access to facilitate IT support.
In addition, an IT manager can lock down Palm applications such as network settings and Palm preference panels. This keeps users from inadvertently compromising important settings for remote access and more.
3.4. Minimizing Loss & Theft
Companies such as Kensington Technology Group (www.kensington.com) offer PDA Saver™, which uses a galvanized steel cable and a lock to secure handheld to the desktop environment. Several innovative companies are applying new technologies such as motion detection and proximity alarms to the handheld world. The personal nature of handhelds has led to some stylish interpretations of restraint devices such as the Palm V neck strap from Force Technology (www.force.com) that offers a bond product and neck chain to attach handhelds to a users body. Another concept is a holster/vest (www.eholster.com) which can fit under a coat, and is designed to hold a PDA and other electronics such as a cell phone or modem.
Expect to see the evolution of physical security products to mirror those that have been established for notebook computing.
4. Securing Handheld Communications
A recent Computerworld.com article discussed the essential questions that any computing security system must answer: “Who are you? Do you belong here? What rights do you have? How do I know you are who you say you are?”
The successful operation of an enterprise relies heavily on concealing confidential information and ensuring the integrity of data. Prohibiting unauthorized handheld access —in either wireline or wireless mode —to corporate databases, and information contained in intranets or extranets, is vital to an effective security strategy. Palm and its partners in the Palm economy offer solutions that address security issues involving Remote Access Service (RAS), Virtual Private Network (VPN) access, client-level authentication, and Palm VII wireless solutions.
4.1. Remote Access Service
Palm
OS based handhelds offer password authentication and challenge-response
security protocols including Microsoft Challenge Handshake Authentication
Protocol (CHAP), all out of the box. CHAP is type of authentication in which
the authentication agent (typically the network server) sends the client
program a key to be used to encrypt the username and password. This enables
the username and password to be transmitted in an encrypted form to protect
them against eavesdroppers.
4.2. VPN Access
Many corporations are migrating from RAS to VPN to provide better security.
VPNs are used to provide secure access to intranet and extranet resources and data. It is common practice today for mobile laptops and home office desktops to gain remote access to corporate data using VPNs.
Certicom (www.certicom.com) and V-One (www.v-one.com) offer VPN access for the Palm OS via clip-on CDPD modem, attached ricochet modem, an attached cell phone, or a clip-on telephone modem to dial in to an ISP and create a VPN tunnel to the corporate router.
4.3. Client-Level Authentication
Unique device identification is an important component for authorizing network access via a handheld computer. Handhelds based on the Palm OS can take advantage of several methods to identify a unique handheld including flash ID, Mobile Access Number (MAN), device ID, and Electronic Serial Number (ESN).
Any of these unique device IDs can be used to authenticate the handheld for network access and can allow Palm handhelds to be used as a physical token for two-factor authentication. Cedars-Sinai Health System uses two –factor authentication using the MAN and ESN.
Another form of client-level authentication involves the use of software tokens such as RSA Security’s (www.rsasecurity.com) SecureID solution for the Palm OS. In this case the device itself essentially becomes the authenticator.
4.4. Palm VII Wireless Security
The Palm VII was designed with strong security features from the beginning.
Each Palm VII has a customized Elliptical Curve Cryptography (ECC) library, developed by Certicom, which fits in only 29K of memory. Using this library, the Palm VII executes a 163-bit elliptic curve Diffie-Hellman key exchange. This key is roughly the equivalent of an RSA 1024 bit key. This solution uses the public half of a Palm.net private key pair, the private key being held at the Palm.net server facility.
An encrypted session key allows the Palm VII to fall back to a 184-bit DESX encryption. The Palm VII derives added security via a stored server key that is updated occasionally by a special administrative key that is also stored on the handheld. To increase efficiency, special one-pass protocol was designed to cut down the number of handshake exchanges needed to establish identity over the low-bandwidth connections.
5. Server-Side Security
Enterprises are rapidly embracing server synchronization to extend information on corporate servers to a community of handheld users. Server synchronization also addresses a number of security-related issues, such as:
- Leaving desktop workstations on and unprotected when out of the office.
- Centralized backup and restore of mission-critical data restricting access to particular types of data based on being job function.
- Establishing an electronic “paper trail” (audit feature) detailing which data was retrieved and by whom.
A server-based synchronization server, such as Palm’s HotSync Server, can address all of these security issues and at the same time the management of the handhelds in the enterprise. Server synchronization solutions allow IT organizations to restrict access to corporate data by requiring that each user have a unique ID and password before synchronization can initiate (this is stored in the user’s profile on the server).
The server can be accessed using a proxy agent via the standard desktop cradle, but also can be accessed in many other ways not requiring a workstation to be on, such as with a snap-on modem (e.g., the Palm modem), wireless sled (e.g., the. 7 Novatel Minstrel modem), cell phone connection (cabled or infrared modem), infrared to Ethernet adapter (e.g., EthIR LAN by Clarinet Systems), or the Palm Ethernet cradle, which is ideal for providing server-based data access from a conference room, hallway or other remote location where Ethernet is present.
With Palm HotSync Server software, user is able to check email, calendars, or enterprise data residing in back-end databases while traveling, with their desktop workstation off. When the user is authenticated and successfully synchronizes to the server, their activities are audited in the server’s relational database, and the server can push software updates and backup or restore the contents of their device. The data they receive can be keyed to their membership in one or more groups defined at the server level. An administrator can generate reports off any information stored regarding users and their activities on the server, using a standard report writer capable of interfacing with a relational database.
6. Developing Secure Applications
A large number of Palm OS developers use the Certicom (www.certicom.com) Security Builder (TrustPoint tool set) to create application-specific cryptographic solutions. TrustPoint conforms to Internet Engineering Task Force (IETF) guidelines. Certicom also offers the MobileTrust managed PKI service, for companies preferring to outsource handheld digital certificate management rather than building the capabilities in-house.
Other Palm OS developers have alternatively built their own cryptographic solutions. One example is NTRU (www.ntru.com), whose Security Toolkit for PalmOS uses the Rjindael encryption algorithm, which was recently approved by the National Institute of Standards and Technology (NIST) as the next Advanced Encryption Standard (AES). A new Federal Information Processing Standard (FIPS) regulation is expected to be written by summer 2001, to incorporate the AES including NTRU’s Rjindael toolkit. This is particularly significant for Federal customers requiring FIPS compliance in the encryption-related products they purchase.
FIPS compliance is already present in other products used on the Palm platform, including Certicom’s ECC used on the Palm VII and the V-One SmartPass VPN client for the Palm (www.v-one.com).
7. Security & Enterprise Management
Many of Palm’s key enterprise software partners extend their security solutions to the Palm OS and offer management solutions to easily inventory Palm OS handhelds to enforce security policy. These tools are in addition to Palm HotSync Server software discussed previously here.
- Computer Associates (www.ca.com) offers eTrust, suite of solutions that address encryption of traffic, user authentication, and access control. eTrust enables eBusiness by safeguarding all mission-critical resources, from the browser to the mainframe. eTrust solutions offer risk assessment, attack detection, loss prevention, and more.
- Aether Systems (www.aethersystems.com) offers a complete set of software tools and technologies enabling enterprises to rapidly build, deploy and manage mobile and wireless solutions. Two important software solutions include ScoutIT and ScoutSync. ScoutIT provides tools IT professionals need to extend their information infrastructures to the new mobile computing generation. Key features of ScoutIT related to security include real-time activity logging and database storage of ll utilization activity, local or remote monitoring, flexible device-state alert system for both users and administrators, administrator choice of level of security from three levels of encryption.
- Extended Systems (www.extendedsystems.com) XTNDConnect Server enables IT departments to integrate and manage mobile devices. This solution synchronizes Palm, Windows CE, and Symbian EPOC mobile devices with corporate groupware servers including Microsoft Exchange, Lotus Domino, IMAP4, SMTP, WCAP/iCAL, and any ODBC-compliant database. XTNDConnect manages data and applications on mobile devices with backup/restore, installation, configuration and reporting capabilities and ensures secure data transfer with ECC, DES-X, and 128-bit ARC4 encryption. As discussed earlier in this paper, Palm announced its intention to acquire Extended Systems in March 2001.
- Critical Devices (www.criticaldevices.com) Asset Services Management (ASM) suite allows enterprises to gather and monitor vital information on all handheld devices without having to physically touch each one. The ASM suite supports any wired or wireless connection, such as infrared, Ethernet, and analog or wireless modems. ASM employs one-way communications that are sent via Certicom-encrypted data packets over the Internet. This ensures the information sent over the Internet cannot be easily intercepted or read. ASM makes it affordable to identify, track, monitor and manage IT assets —including handhelds.
- Tivoli (www.tivoli.com) Smart Handheld Device Manager extends the Tivoli management environment, enabling administrators to centrally discover existing handheld devices, install and remove applications, receive real-time inventory information, maintain high availability, and perform various configuration management functions.
- Xcellenets (www.xcellenet.com) Afaria offers an enterprise-wide solution for managing all mobile devices including laptop computers, Palm OS handhelds, smart phones, and interactive pagers. Afaria's technology enables enterprises to securely deploy and manage mobile device-based business solutions by tracking hardware and software assets, deploying and maintaining software, monitoring device and wireless network performance and availability, securing backup of copies of critical data. Afaria employs rigorous security measures that include user authentication, data encryption, configuration management, and data security.
- On Technology On Command CCM (www.on.com) offers a unique information database that tracks all installation and configuration changes on a real-time basis. On Command makes it easy to rebuild devices to previous configurations in case of system hangs, virus corruption, or end-user misconfiguration.
8. The Anti-Virus Issue
The handheld industry experienced its first virus in 2000. Patches were posted within hours by a variety of vendors that create anti-viral software. Virus attacks are nothing new. Any electronic platform can be susceptible to hackers who create viruses, and IT organizations need to be prepared. But just as the usage model for a PC is very different from that of handheld, so is the operating system and the potential impact of viruses, worms, and Trojan horses.
The Palm OS has to date been relatively safe from attack, despite considerable coverage in the media. Safeguards built into the Palm OS protect user data on many levels, making Palm handhelds by nature very secure from these kinds of attacks. In contrast, handhelds based on Windows CE are exposed or vulnerable to the thousands of viruses that currently permeate the Windows world.
In addition, infrared beaming is by nature secure since it requires close physical proximity (4 feet or less)to the beaming device, and the recipient is prompted and must tap on the screen to accept all incoming beams (there are no unsolicited beams). Palm OS devices also have built-in “sleep” thresholds (typically 1-3 minutes), and when sleeping the device cannot accept an incoming infrared beam.
The user also has the option to disable beam receive altogether through the system preferences on the device.
In addition, Palm handheld computers are not susceptible to viruses developed for the Windows platform (email attachment-based or otherwise), and also cannot be used to stage viruses passed to the device then back to the desktop. Third-party products developed for Palm OS, such as DocumentsToGo from DataViz, Inc. (www.dataviz.com) and QuickOffice from Cutting Edge Software (www.cesinc.com), remove macros from Microsoft Word and Excel files upon transmission to the device.
Even though to date there have been no true replicating viruses, Palm takes this threat very seriously and is working with the best in class anti-virus software vendors such as Symantec, McAfee, and Computer Associates to ensure protection against potential hacker threats.
Computer Associates recently announced the availability of InoculateIT (www.ca.com) for the Palm OS platform. InoculateIT offers virus detection for PalmOS v3.0 or greater devices. InoculateIT for Palm OS Platform is specifically designed to provide immediate and complete protection against all current known malicious attacks targeted at the Palm OS platform.
Symantec (www.symantec.com) has a product called Antivirus 2001 for Palm OS, which scans Palm files looking for signatures of viruses, Trojan horses, and worms, and prompts the user before deletion. They provide a live update feature during each HotSync.
Network Associates/McAfee
(www.networkassociates.com) offers
VirusScan Wireless, which is deployed to users through an email link,
provides
automatic updates based on a schedule individual users set, and scans files
during synchronization operations.
F-Secure (www.f-secure.com) developed the F-Secure Antivirus for Palm, specifically to target the “Phage” code, which was discovered in September of 2000. Phage is capable of overwriting executables but does not harm databases. The symptom of its presence is the screen going blank when running an application.
Finally, Blue Nomads BackupBuddy (www.bluenomad.com), popular back-up/restore program for Palm handheld computers, also has a built-in virus scanner for Palm files.
Palm recommends that, as with any operating system, users of Palm OS should follow certain procedures in order to maximize the safety of your data. These include:
- Perform a full backup of the contents of your device on a regular schedule, and especially before adding new applications. HotSync the most critical data (e.g., schedules, addresses) even more frequently.
- Obtain software from reputable software providers, such as those listed in this paper.
- If you have access to the Palm OS Emulator, you can load applications into it and run them from a Windows, Mac, or UNIX environment, before loading to your device. The Palm OS Emulator can be downloaded from www.palmos.com/dev/tech/tools/emulator.
9. The Future of Handheld Security
A number of new security solutions for handheld computers are well on their way including smart cards, biometrics capabilities, motion detection solutions, and secure digital and multimedia cards.
Smart cards are another level of security that can be added by requiring users to physically have something, such as a smart card —a credit-card-size device that can contain identifying information and a decryption key. Smart cards can be used to authorize activation of a handheld computer. It is expected that this identification method will soon become a component of handheld authentication.
Early products have already been released, such as the SmartClip sled for the Palm III and V series, from Sunderland Technologies (www.sunland-group.com).
Biometrics and motion detection are emerging technologies that are just beginning to gain popularity in the notebook world. The term biometrics refers to capabilities that identify users by their fingerprints, irises, or even handwriting.
Motion detection security systems require users to program a series of movements such as lifting one side of the device a certain number of degrees and then back again to enable access to the device. Expect to see these capabilities expand to the handheld world.
Palm’s
Expansion Standard
Secure Digital (SD) and multimedia (MMC) cards are part of Palm’s expansion strategy, allowing Palm handheld users to carry secure credentials in a very small removable card the size of a postage stamp. These cards currently store up to 64 MB of data as RAM, with capacities in the hundreds of MB expected within year, and also allow for the development of I/O applications such as cameras, GPS, etc. These secure credentials can be removed from the device, which makes it impossible for any unauthorized person to engage in a transaction or to unlock the data in the device.
Palm believes SD is by far the most appealing standard for expansion on a handheld platform, given its widespread industry adoption, relatively low cost, fast I/O speeds (up to 12 megabits/sec.), superior small form factor, and advanced security including check in and check out. Each SD card features a physical write. protect tab, much like with floppy disks, to prevent accidental overwriting. In addition, MMC allows for the storage of applications and data in ROM. This is the same technology used to secure copyrighted digital music.
Although Palm has chosen SD as the standard for its next-generation devices, the Palm OS 4.0 and beyond will support not only SD, but the expansion standards chosen by Palm licensees including Handspring, Sony, and TRG Products. This gives our Palm OS developers the widest array of output choices, as well as potential market, for their applications.
10. Handheld Security Checklist
A valid security policy for handheld solutions will:
- Control user access to data resident on the device through the use of password protection and user profiles to restrict access to specific data and administrative resources.
- Minimize the risk of loss or theft through a variety of physical security products.
- Secure handheld communications in wireless and wireline modes
- Offer authentication and encryption capabilities via RAS and VPN access methods.
- Ensure client-level authentication by uniquely identifying handheld computers.
- Offer server-side security solutions that provide greater control and monitoring of handheld security aspects.
- Provide an opportunity to develop unique security solutions.
- Leverage enterprise application system management solutions to enforce security policy and enhance handheld security.
- Take advantage of anti-virus measures to protect handheld data.
Palm and its partners provide solutions that address all the critical security issues for handheld computing.
11. Palm Software Download Sites
http://www.handango.com
http://www.palmgear.com
http://pda.tucows.com
http://www.memoware.com
http://www.zdnet.com/downloads/pilotsoftware
http://www.download.com
12. Real-World Solutions
Handheld devices have made their mark in companies and industries around the world. The issue of security is ubiquitous.
Not only do these companies and industries require a strategy to protect their own corporate data, but many are strictly governed by regulatory agencies that mandate additional levels of security.
One organization where security has played fundamental role in the successful deployment of handhelds is Cedars-Sinai Medical Center (CSMC) in Los Angeles.
At CSMC, security and confidentiality has always been a high priority. CSMC implemented a wireless interface to clinical information for physicians based on the Palm VII, wireless digital network, encrypted data transmission, secure web servers, and a clinical data repository.
The CSMC application supported the organization’s security needs in a variety of ways:
- Random and patient-specific confidentiality warnings to users
- Detailed logging of all user accesses or attempted accesses to patient data
- Automatic daily audit reports for accesses to sensitive patient accounts or test results and employee medical records
- Interactive applications to support ad-hoc audits on either per-user or per-patient basis
Some security issues that are specific to the Palm VII implementation are as follows:
- Firewall traffic control and alerts —the firewall performs protocol-level filtering, exposing secure web servers and other selected machines to non-campus users for approved types of connections, while blocking and logging all other connection attempts from the Internet
- Data encryption — Wireless data transmission and land-based traffic over BellSouth’s Mobitex network are encrypted with Certicom’s proprietary Elliptical Curve Cryptography technology.
- Client-level authentication —The Palm VII ’s unique device ID, which is transmitted in each data packet to the secure web server, allows the Palm VII to be used as a physical token for “two-factor authentication. ”The server side of the Palm application tracks the physical ID of all Palm VII devices used by physicians and, if a Palm VII is lost, can be configured to lock out attempted access by that specific device. To prevent subversion of the Palm application by someone using an ordinary web browser, the web server’s virtual directory for the Palm application is configured to only accept incoming connections from the known IP addresses of the Palm and Omnisky proxy servers.
- Application-Level Authentication — The Palm user must supply a valid login and password. The system enforces a password change at least every 90 days. Each Palm access to clinical data is logged with the user’s name, patient name, medical record number, the date and time, and specifics of the data viewed.
Bibliography
· Palm Inc. (2000). Palm OS 4.0 Software, [Online]. Available at http://www.palm.com/software/palmos4.html [July 18, 2001].
· Tranzoa, Co. (June 2, 2001). OnlyMe™ For Palm Compatible Devices, [Online]. Available at http://www.tranzoa.com/onlyme/onlyme.htm [July 18, 2001].
· Communication Intelligence Corporation (2001). Sign-On™ True Verification comes to the handheld, [Online]. Available at http://www.cic.com/products/signon/ [July 20, 2001].
· Applied Technologies, Inc. (August 9, 2001). PDASecure, [Online]. Available at http://www.goati.com/pdasecure.shtml [August 9, 2001].
· DeepNet Technologies. (2001). Memo Safe from DeepNet Technologies, [Online]. Available at http://www.deepnettech.com/memosafe.html [August 9, 2001].
· Portable Projects. (2001). CrypBox for Palm OS, [Online]. Available at http://www.portableprojects.com/crypbox.html [July 23, 2001].
· Jawz Inc. (2001). Jawz DataGator, [Online]. Available at http://www.jawzinc.com/datagator/productinfo/producthold.htm [July 27, 2001].
· IS/Complete, Inc. (2001). Restrictor, [Online]. Available at http://www.iscomplete.org/Restrictor/restrictorf3.htm [July 27, 2001].
· Kensington Technology Group. (2001). PDA Saver™, [Online]. Available at http://www.kensington.com/products/pro_sec_d1305.html [July 27, 2001].
· Force Technology Corporation. (2001). The Bond™ latch, [Online]. Available at http://www.force.com/products.htm [August 2, 2001].
· Personal Electronics Concealment, LLC. (2001). e-Holster - Accessories and cases that allow you to comfortably wear your cellular and wireless phone, PDA, handheld personal computer and pager, [Online]. Available at http://www.eholster.com [August 2, 2001].
· Certicom. (2001). Extend Your VPN to the Wireless World, [Online]. Available at http://www.certicom.com/products/movian/movianvpn.html [August 3, 2001]
· V-ONE Corporation (2001). Security for a Connected World, [Online]. Available at http://www.v-one.com [August 4, 2001].
· RSA Security Inc. (2001). RSA SecureID Tokens, [Online]. Available at http://www.rsasecurity.com/products/securid/tokens.html [August 5, 2001].
· Certicom. (2001). Security Builder and Benefits, [Online]. Available at http://www.certicom.com/products/securitybuilder/securitybuilder_feat.htm [August 6, 2001].
· Certicom. (2001). MobileTrust Managed PKI Services, [Online]. Available at http://www.certicom.com/products/mobiletrust/mobiletrust_pki.html [August 6, 2001].
· NTRU Cryptosystems Inc. (2001). NTRU's security toolkit NERI (NTRU Embedded Reference Implementation), [Online]. Available at http://www.ntru.com/technology/tech.product.htm [August 7, 2001].
· Computer Associates International Inc. (2001). eTrust, [Online]. Available at http://www3.ca.com/Solutions/ProductFamily.asp?ID=124 [August 8, 2001].
· Aether Systems Inc. (2001). ScoutIT [Online]. Available at http://www.aethersystems.com/software/software_template.asp?PAGE=ssvc_sft_scoutit_main [August 9, 2001].
· Aether Systems Inc. (2001). ScoutSync [Online]. Available at http://www.aethersystems.com/software/software_template.asp?PAGE=ssvc_sft_scoutsync_main [August 9, 2001].
· Extended Systems (2001). Server-based Synchronizations, [Online]. Available at http://www.extendedsystems.com/ESI/Products/Mobile+Data+Management+Products/Server-Based+Synchronization/default.htm [August 10, 2001].
· Critical Devices Inc. (2001). Asset Services Management, [Online]. Available at http://www.criticaldevices.com/services_alert_notify.html [August 11, 2001]
· Tivoli Systems Inc. (2001). Smart Handheld Manager, [Online]. Available at http://www.tivoli.com/products/index/handheld [August 12, 2001].
· XcelleNet Inc. (2001). What is Afaria? [Online]. Available at http://www.xcellenet.com/public/products/afaria/afaria.asp [August 13, 2001].
· On Technology Corporation. (2001). OnCommand CCM, [Online]. Available at http://www.on.com/Product/ccm/default.htm [August 14, 2001].
· DataViz Inc. (2001). Documents To Go, [Online]. Available at http://www.dataviz.com/products/documentstogo/index.html [August 15, 2001].
· Cutting Edge Software Inc. (2001) QuickOffice, [Online]. Available at http://www.cesinc.com/quickoffice/index.html [August 15, 2001].
· Computer Associates International Inc. (2001). InoculateIT for Palm OS, [Online]. Available at http://www3.ca.com/Solutions/Product.asp?ID=171 [August 16, 2001].
· Symantec Corporation. (2001). AntiVirus 2001 for Palm OS, [Online]. Available at http://www.symantec.com/sav [August 16, 2001].
· Network Associates Technology Inc. (2001). VirusScan Wireless, [Online]. Available at http://www.mcafeeb2b.com/products/virusscan-wireless/default.asp [August 16, 2001].
· F-Secure. (2001). F-Secure Wireless Solutions, [Online]. Available at http://www.f-secure.com/wireless/palm/av4palm [August 16, 2001].
- Blue Nomand LLC. BackupBuddy, [Online]. Available at http://www.bluenomad.com/bb/prod_backupbuddy_details.html [August 16, 2001]