Fingerprint ID devices are ready to make their mark
Fingerprint ID devices are ready to make their mark<@VM>Fingerprint scanners bypass the cost and workload of passwords
Two types of fingerprint scans can work on their own or with passwordsBY MARK A. KELLNER | SPECIAL TO GCN
This year's edition of the FBI's annual computer security survey, conducted with the Computer Security Institute of San Francisco, revealed some cold, hard facts about cybercrime.
Of the 538 agencies, corporations and other enterprises surveyed, '85 percent of respondents'primarily large corporations and government agencies'detected computer security breaches within the last 12 months,' the FBI and the institute said in announcing the results. 'Sixty-four percent acknowledged financial losses due to computer breaches.'
The Internet, of course, is the primary avenue people take to enter a computer system without authorization. But walking up to a computer they're not authorized to use remains a threat.
Even without an apparent threat of computer crime, the notion that you, and only you, should work at your PC is an appealing thought. But what's the best way to ensure this?
An increasingly popular method of securing a PC or workstation is a fingerprint reader. Once a user has been enrolled with a full image or details of the fingerprints, a simple fingerprint scan can authenticate the user and unlock the system.
Readers use one of two methods for enrollment and verification: taking an image of the actual fingerprint and then comparing scans; or using minutiae, or unique details of a given fingerprint, which are then converted into a digital code that is stored and matched on future scans.
Each method has advantages. A full scan of a fingerprint is the most detailed method and ensures a high degree of accuracy. But a scanned image, at about 120K, is larger than the 8 bytes of digital code produced by the minutiae method. Detractors of full scanning point out that it takes longer to do an image match than a minutiae match, which can add up to network traffic hassles in a large installation.
Critics say that both methods, at present, could be defeated by a very good image of a fingerprint'or, in a grisly scenario more suited to HBO's 'The Sopranos' than to real life, the severed digit of a user.
Assuming you'll keep all your fingers, and that the classification of your work isn't likely to inspire high-tech fingerprint forgery, fingerprint readers could be a viable choice for access control.
Prices and sizes shrinkingPrices and sizes of devices have dropped dramatically. A few years ago, readers cost roughly $1,000 per seat and were the size of a shoebox; today, they cost about $100 and are about the size of a PC Card.
SecuGen Corp.'s EyeD Mouse, EyeD Keyboard and EyeD Hamster for notebooks comprise several options for capturing fingerprint scans at different points. They connect to common ports and are priced from $119 to $129. |
'Device sales will grow tenfold over the next three to four years [and] we will start to see it on a majority of new desktop systems,' said Samir Nanavati, a partner with the International Biometric Group LLC, a New York consulting and research firm (
www.finger-scan.com).
Nanavati said better and cheaper devices are fueling their popularity.
'Five years ago, the devices did not perform well for most wide-scale deployments,' he said. 'Our testing shows that devices now, as a rule, are significantly better. That includes a number of metrics, but the most basic is the ability to identify the right person and keep the wrong person out. They now also fit inside a keyboard or a mouse.'
Nanavati said the entry into the field of larger firms such as Sony Corp. of America enhances the credibility of the devices with users and developers.
'The presence of a number of large players, such as Sony, lends to the maturity of the industry,' he said. It's not just small niche players making the equipment anymore. The emergence of standards also makes it easier for developers to write programs, he said.
The security needs of large organizations are adding an imperative to move toward fingerprint identification, said Hal Tipton, a security consultant in Villa Park, Calif., and a veteran at federal contractor Rockwell International Corp.
'It's only going to take a few big losses from poor access control before everybody wakes up and realizes what they have to do,' he said. 'People have been sitting back fat, dumb and happy thinking authentication by passwords is just enough; soon they'll wake up and see it's not good at all. Smart cards and tokens have been coming along, but they haven't really taken off here.'
| The Lowdown |
' What is it? A fingerprint reader scans users' fingerprints, which are used to control access to a PC or network. Fingerprint ID technology can be used instead of passwords or in addition to them. And they can be used both at log-on, and to turn off a screen-saver program and regain access to a computer left unattended.
' How does it work? There are two methods for enrollment and verification. The first uses a full scan of a fingerprint. The other scans and records unique details, or minutiae, of a given fingerprint. Readers come with enabling software.
' Is one method superior? Each has its champions. A full scan has more detail, but it also produces a digital image of about 120K, which can slow things down. Minutiae images consist of about 8 bytes but don't have nearly the same level of detail.
' Price? Prices have fallen significantly in the last few years, from about $1,000 for a reader to, in most cases, between $100 and $200. The size of devices also has shrunk. Both should continue to get smaller.
' Must-know info? Among biometric verification technologies, fingerprint scanning has probably the best combination of price and performance. Iris scanning is the most accurate, but it's difficult and expensive. Fingerprint scanning is affordable for most organizations and has very high accuracy rates in closed systems in which it is matching known prints. Unfortunately, no such security system is foolproof.
|
Advocates of fingerprint technology say the devices' return on investment is a contributing factor to their success.
'What you have to take a look at in cost of hardware is cost savings by implementing biometrics,' said Tom Pak, vice president of sales for SecuGen Corp. in Milpitas, Calif.
He cited a study by Gartner Inc. of Stamford, Conn., 'that says password issues cost a 2,500-user network $340 per employee per year in terms of help desk costs, downtime [and the] cost of lost business. By implementing biometric software, you're looking at a cost of $150 to $160 per user. You get a return on investment in six months.'
Manufacturers are trying to develop devices that are even smaller and less expensive than they are now. Bob Bradford, director of engineering for SecuGen, said the company also wants to find ways to make the technology usable in personal digital assistants, mobile phones and other devices.
Beyond access control On the software side, Rolf Boegli of I/O Software Inc. in Riverside, Calif., which makes software fingerprint devices, said the aim is to extend fingerprint identification beyond access control.
'We envision a wider range of functionality, beyond just log-on ... such as application launch control, and file and folder encryption. There are a number of ideas and projects in the making for Internet and e-mail. Wherever you have any kind of password, you can replace it with a biometric measure, that is, a fingerprint,' he said.
In evaluating fingerprint devices, analyst Nanavati said, it's important to understand what measure of performance should be used.
'One of the critical things is an understanding of what performance means. Everyone talks about performance; very rarely do they have all of the components. To summarize it most simply: False acceptance is the wrong person getting in, and a false rejection means the customer will be dissatisfied with the equipment. One of the components is failure-to-enroll rate. How is five to 10 percent, or sub-1 percent?'
Nanavati said his group is developing objective testing to rank the devices. The Financial Services Technology Consortium of Chicago, the automated teller network Star System, Lockheed Martin Corp. and Electronic Data Systems Corp. are working with the International Biometric Group on the project.
Mark A. Kellner is a free-lance technology writer in Marina del Rey, Calif. E-mail him at mark@kellner2000.com.
Vendor |
Product |
Description |
Features |
Price |
Compaq Computer Corp.
Houston
281-370-0670
www.compaq.com |
Compaq Biometrics
PC Card |
Fingerprint scanner |
Works in Type II PC Card slot |
$179 |
Digital Persona Inc.
Redwood City, Calif.
650-261-6070
www.digitalpersona.com |
U.are.U Pro |
Fingerprint scanner hardware
and software |
USB connection; one-touch authentication
for access, Internet connection, integrates
with screen saver for unlock |
$155 |
U.are.U Pro |
Server software |
Recognizes user roaming across network,
systemwide administration, adheres to NT
security standards |
$1,149 |
Identix Inc.
Sunnyvale, Calif.
408-731-2000
www.identix.com |
BioLogon for
Windows 2000 |
Client software for Win 2000 |
Network management and user
authentication integrated with Active Directory |
$40 |
BioLogon 2.0 Server
Application for
Windows NT |
Server software for network
authentication of 25+ users |
Centralized network management and
policies; user and workstation security
policies; event log for audit trail, local and
remote management, remote user enrollment and access |
$1,000 |
Identix BioTouch PC Card
Fingerprint Reader |
PC Card fingerprint reader |
Fully functional optical fingerprint reader
in Type II PC Card format |
$180 |
Key Tronic Corp.
Spokane, Wash.
509-928-8000
www.keytronic.com |
Finger Scanner with software |
Fingerprint scanner |
PS/2 connector |
$120 |
Finger Scanner with software,
parallel pass-through port |
Fingerprint scanner |
Parallel pass-through port |
$145 |
Fingerprint Scanner Keyboard |
Keyboard with built-in scanner |
Win9x and Win 2000 versions |
$150 |
PPT Fingerprint Scanner
Keyboard |
Keyboard with built-in scanner |
Parallel pass-through port |
$180 |
Combo Smart Card/
Fingerprint Scanner Keyboard |
Keyboard with finger scanner
and smart-card reader |
104 Windows keys, fingerprint scanner and
smart-card reader keyboard with parallel pass-
through and software for Win9x and NT 4.0 |
$200 |
NEC Technologies Inc.
Itasca, Ill.
800-777-2347
www.nectech.com |
TouchPass Client
for Windows |
Client software for fingerprint
scan identification |
Works with Microsoft Windows |
$200 |
TouchPass Server Software |
For NT Server only |
Replaces Windows NT GINA module
with fingerprint imaging element, captures
full image of fingerprint |
$1,000 |
SCM Microsystems Inc.
Fremont, Calif.
510-360-2300
www.scmmicro.com |
SCM MT Digit
Biometric Reader |
Standalone fingerprint scanner |
Works with BioLogon software |
$130 |
SecuGen Corp.
Milpitas, Calif.
408-942-3400
www.secugen.com |
EyeD Hamster |
Notebook fingerprint scanner |
USB or parallel connector |
$109 |
EyeD Keyboard |
Keyboard with integrated scanner |
USB or parallel connector |
$129 |
EyeD Mouse |
Three-button scrolling mouse |
PS/2 or parallel connector |
$119 |
EyeD OptiMouse |
Three-button scrolling mouse
with optical pointer |
USB connector |
$129 |
Sony Corp. of America
Park Ridge, N.J.
201-358-4169
www.sel.sony.com |
Sony FIU-710 |
USB standalone reader |
Live finger detection, fingerprint verification via reference templates |
$299 |