The future of authentication
Other sectors move faster than government on new tools; printable circuits and palm scanning are getting attention
- By William Jackson
- Jul 27, 2006
Fingerprints alone are not a very secure method.'
' Klaus Schroeter, Nanoident Technologies AG
Courtesy of Nanoident Technologies AG
If you want to know where authentication technology is going, take a look at what vendors are offering to the health care and financial-services industries.
These heavily regulated sectors often are the first markets approached by companies developing new tools for strong authentication and controlling access to sensitive data.
'The American government really pushes the use of biometrics,' said Klaus G. Schroeter, CEO of the Austrian company Nanoident Technologies AG, which is developing a new multifactor biometric platform.
But the expense of entering the government market and the long acquisition lead time makes the private sector a more attractive area for entry, said Jared Hufferd, vice president of business development for Apere Inc. of San Jose, Calif., which is introducing a new access-control appliance.
'That's more of a long-term investment,' Hufferd said of the government market. 'That won't be our first target.'
Still, agencies should monitor some of these new technologies being introduced to manage identity and control access.Organic photonics
Nanoident Technologies specializes in printable organic semiconductors that can produce thin, flexible, inexpensive and integrated circuit devices in large formats. The company recently announced the launch of a new biometrics division and the introduction of a Photonic Solutions Platform.
Conductive organic materials could make the technology small enough and inexpensive enough so that biometrics could be integrated into small devices such has handhelds and smart cards, Schroeter said.
'The material can be produced in liquid form,' he said. 'That means we can print semiconductors on almost any surface.'
The printable circuits are built up in layers using ink-jet printers and are not limited to wafer size, as traditional silicon chips are. The new biometric platform incorporates photo emitters and detectors with read-outs for authentication. Nan- oident's first biometric offering will be an optical fingerprint detector.
But, 'fingerprints alone are not a very secure method,' Schroeter said. 'We have developed a new multimodel biometric center,' that detects underlying tissue structures as well. 'It increases the recognition accuracy' from about 97 percent for prints alone to about 99 percent.
Schroeter said the first application of the fingerprint-only technology probably would be in European cell phones that will appear by the end of the year. Smart-card applications will come when interfaces in the chips are created for the platform. The multifactor platform will be available later.
The price of the technology will play a big part in its acceptance, Schroeter said. A 32K card today sells for around $5.
'A $10 sensor wouldn't fit into that market,' he said. But with a printable sensor starting at less than $1, it becomes feasible.Palm scanning
Fujitsu Computer Products of America Inc. is coming out with a new version of its PalmSecure scanner featuring a smaller form factor with improved speed and accuracy.
The Sunnyvale, Calif., company introduced PalmSecure in 2005. It uses a proprietary algorithm to recognize vein structures within a palm. It touts the technology as non-invasive, hygienic and more accurate than fingerprints, although not as accurate as an iris scan.
The first version had a standalone reader about 2.5 inches square that connects with a device by a USB port.
'It was a little bulky for a laptop or PC log-in,' said business development manager Hiroko Naito. It was better suited for embedding in larger devices such as automatic teller machines.
The new version has a higher-performance camera, improved recognition algorithms and the size has been reduced by 25 percent.
'It takes a little more time to do the matching,' than on a typical fingerprint reader, 'but it is more sophisticated and more accurate,' Naito said.
The company claims false-positive and false-negative rates of less than one-millionth of a percent. It also has almost no failures to enroll, Naito said. The device uses near-infrared light to detect blood flow in a palm held above the sensor and matches vein patterns. The technique is more robust than fingerprint detection, she said.
'Asian females are a nightmare for fingerprints,' Naito said, because they tend to have thin ridges, lower body temperatures and drier hands. Medical environments, where users are often washing hands and using moisturizers, also can be difficult for fingerprints.Access gateways
Even when a user has been identified through authentication, controlling access is complicated by the fact that access rights are defined in a variety of directories scattered across an enterprise.
'No enterprise has consolidated its directories to a single source,' Hufferd said. Directories often are maintained for separate applications and managed by the application owners.
Apere is announcing this month its Identity Management Access Gateway, an identity firewall that creates a central store of user access rights and can block unauthorized access to applications and resources.
IMAG's advantage is its 'ability to learn where the ID stores are by watching the traffic and then request administrative access to it,' Hufferd said. The device then builds an authoritative database of all access rights.
How long does it take to build a workable database?
'That depends on the complexity of the network,' Hufferd said. After about a week of observing traffic and 'learning,' it is pretty accurate. Then fine-tuning is done. 'The whole process is a couple of weeks.'
The gateway has a throughput of 600 Mbps and can handle 2,000 concurrent users and a database of 20,000 identities. Placed at the edge of a network, it will manage only access from outside connections. Placed immediately in front of an application, it will manage all access to that app.
IMAG can be run in learn and report-only mode for as long as necessary until managers are comfortable turning on blocking features.
'Any time you put something in line that can stop traffic, the IT manager has to have confidence in it,' Hufferd said.