Fingerprint ID devices are ready to make their mark

Fingerprint ID devices are ready to make their mark<@VM>Fingerprint scanners bypass the cost and workload of passwords

Two types of fingerprint scans can work on their own or with passwords

BY MARK A. KELLNER | SPECIAL TO GCN

This year's edition of the FBI's annual computer security survey, conducted with the Computer Security Institute of San Francisco, revealed some cold, hard facts about cybercrime.

Fingerprints
Of the 538 agencies, corporations and other enterprises surveyed, '85 percent of respondents'primarily large corporations and government agencies'detected computer security breaches within the last 12 months,' the FBI and the institute said in announcing the results. 'Sixty-four percent acknowledged financial losses due to computer breaches.'

The Internet, of course, is the primary avenue people take to enter a computer system without authorization. But walking up to a computer they're not authorized to use remains a threat.

Even without an apparent threat of computer crime, the notion that you, and only you, should work at your PC is an appealing thought. But what's the best way to ensure this?

An increasingly popular method of securing a PC or workstation is a fingerprint reader. Once a user has been enrolled with a full image or details of the fingerprints, a simple fingerprint scan can authenticate the user and unlock the system.

Readers use one of two methods for enrollment and verification: taking an image of the actual fingerprint and then comparing scans; or using minutiae, or unique details of a given fingerprint, which are then converted into a digital code that is stored and matched on future scans.

Each method has advantages. A full scan of a fingerprint is the most detailed method and ensures a high degree of accuracy. But a scanned image, at about 120K, is larger than the 8 bytes of digital code produced by the minutiae method. Detractors of full scanning point out that it takes longer to do an image match than a minutiae match, which can add up to network traffic hassles in a large installation.

Critics say that both methods, at present, could be defeated by a very good image of a fingerprint'or, in a grisly scenario more suited to HBO's 'The Sopranos' than to real life, the severed digit of a user.

Assuming you'll keep all your fingers, and that the classification of your work isn't likely to inspire high-tech fingerprint forgery, fingerprint readers could be a viable choice for access control.

Prices and sizes shrinking

Prices and sizes of devices have dropped dramatically. A few years ago, readers cost roughly $1,000 per seat and were the size of a shoebox; today, they cost about $100 and are about the size of a PC Card.

EyeD Products
SecuGen Corp.'s EyeD Mouse, EyeD Keyboard and EyeD Hamster for notebooks comprise several options for capturing fingerprint scans at different points. They connect to common ports and are priced from $119 to $129.
'Device sales will grow tenfold over the next three to four years [and] we will start to see it on a majority of new desktop systems,' said Samir Nanavati, a partner with the International Biometric Group LLC, a New York consulting and research firm (www.finger-scan.com).

Nanavati said better and cheaper devices are fueling their popularity.

'Five years ago, the devices did not perform well for most wide-scale deployments,' he said. 'Our testing shows that devices now, as a rule, are significantly better. That includes a number of metrics, but the most basic is the ability to identify the right person and keep the wrong person out. They now also fit inside a keyboard or a mouse.'

Nanavati said the entry into the field of larger firms such as Sony Corp. of America enhances the credibility of the devices with users and developers.

'The presence of a number of large players, such as Sony, lends to the maturity of the industry,' he said. It's not just small niche players making the equipment anymore. The emergence of standards also makes it easier for developers to write programs, he said.

The security needs of large organizations are adding an imperative to move toward fingerprint identification, said Hal Tipton, a security consultant in Villa Park, Calif., and a veteran at federal contractor Rockwell International Corp.

'It's only going to take a few big losses from poor access control before everybody wakes up and realizes what they have to do,' he said. 'People have been sitting back fat, dumb and happy thinking authentication by passwords is just enough; soon they'll wake up and see it's not good at all. Smart cards and tokens have been coming along, but they haven't really taken off here.'


The Lowdown

' What is it? A fingerprint reader scans users' fingerprints, which are used to control access to a PC or network. Fingerprint ID technology can be used instead of passwords or in addition to them. And they can be used both at log-on, and to turn off a screen-saver program and regain access to a computer left unattended.


' How does it work? There are two methods for enrollment and verification. The first uses a full scan of a fingerprint. The other scans and records unique details, or minutiae, of a given fingerprint. Readers come with enabling software.


' Is one method superior? Each has its champions. A full scan has more detail, but it also produces a digital image of about 120K, which can slow things down. Minutiae images consist of about 8 bytes but don't have nearly the same level of detail.


' Price? Prices have fallen significantly in the last few years, from about $1,000 for a reader to, in most cases, between $100 and $200. The size of devices also has shrunk. Both should continue to get smaller.


' Must-know info? Among biometric verification technologies, fingerprint scanning has probably the best combination of price and performance. Iris scanning is the most accurate, but it's difficult and expensive. Fingerprint scanning is affordable for most organizations and has very high accuracy rates in closed systems in which it is matching known prints. Unfortunately, no such security system is foolproof.

Advocates of fingerprint technology say the devices' return on investment is a contributing factor to their success.

'What you have to take a look at in cost of hardware is cost savings by implementing biometrics,' said Tom Pak, vice president of sales for SecuGen Corp. in Milpitas, Calif.

He cited a study by Gartner Inc. of Stamford, Conn., 'that says password issues cost a 2,500-user network $340 per employee per year in terms of help desk costs, downtime [and the] cost of lost business. By implementing biometric software, you're looking at a cost of $150 to $160 per user. You get a return on investment in six months.'

Manufacturers are trying to develop devices that are even smaller and less expensive than they are now. Bob Bradford, director of engineering for SecuGen, said the company also wants to find ways to make the technology usable in personal digital assistants, mobile phones and other devices.

Beyond access control

On the software side, Rolf Boegli of I/O Software Inc. in Riverside, Calif., which makes software fingerprint devices, said the aim is to extend fingerprint identification beyond access control.

'We envision a wider range of functionality, beyond just log-on ... such as application launch control, and file and folder encryption. There are a number of ideas and projects in the making for Internet and e-mail. Wherever you have any kind of password, you can replace it with a biometric measure, that is, a fingerprint,' he said.

In evaluating fingerprint devices, analyst Nanavati said, it's important to understand what measure of performance should be used.

'One of the critical things is an understanding of what performance means. Everyone talks about performance; very rarely do they have all of the components. To summarize it most simply: False acceptance is the wrong person getting in, and a false rejection means the customer will be dissatisfied with the equipment. One of the components is failure-to-enroll rate. How is five to 10 percent, or sub-1 percent?'

Nanavati said his group is developing objective testing to rank the devices. The Financial Services Technology Consortium of Chicago, the automated teller network Star System, Lockheed Martin Corp. and Electronic Data Systems Corp. are working with the International Biometric Group on the project.

Mark A. Kellner is a free-lance technology writer in Marina del Rey, Calif. E-mail him at mark@kellner2000.com.


































































































































Vendor Product Description Features Price
Compaq Computer Corp.

Houston

281-370-0670

www.compaq.com
Compaq Biometrics
PC Card
Fingerprint scanner Works in Type II PC Card slot $179
Digital Persona Inc.

Redwood City, Calif.

650-261-6070

www.digitalpersona.com
U.are.U Pro Fingerprint scanner hardware
and software
USB connection; one-touch authentication
for access, Internet connection, integrates
with screen saver for unlock
$155
U.are.U Pro Server software Recognizes user roaming across network,
systemwide administration, adheres to NT
security standards
$1,149
Identix Inc.

Sunnyvale, Calif.

408-731-2000

www.identix.com
BioLogon for
Windows 2000
Client software for Win 2000 Network management and user
authentication integrated with Active Directory
$40
BioLogon 2.0 Server
Application for
Windows NT
Server software for network
authentication of 25+ users
Centralized network management and
policies; user and workstation security
policies; event log for audit trail, local and
remote management, remote user enrollment and access
$1,000
Identix BioTouch PC Card
Fingerprint Reader
PC Card fingerprint reader Fully functional optical fingerprint reader
in Type II PC Card format
$180
Key Tronic Corp.

Spokane, Wash.

509-928-8000

www.keytronic.com
Finger Scanner with software Fingerprint scanner PS/2 connector $120
Finger Scanner with software,
parallel pass-through port
Fingerprint scanner Parallel pass-through port $145
Fingerprint Scanner Keyboard Keyboard with built-in scanner Win9x and Win 2000 versions $150
PPT Fingerprint Scanner
Keyboard
Keyboard with built-in scanner Parallel pass-through port $180
Combo Smart Card/
Fingerprint Scanner Keyboard
Keyboard with finger scanner
and smart-card reader
104 Windows keys, fingerprint scanner and
smart-card reader keyboard with parallel pass-
through and software for Win9x and NT 4.0
$200
NEC Technologies Inc.

Itasca, Ill.

800-777-2347

www.nectech.com
TouchPass Client
for Windows
Client software for fingerprint
scan identification
Works with Microsoft Windows $200
TouchPass Server Software For NT Server only Replaces Windows NT GINA module
with fingerprint imaging element, captures
full image of fingerprint
$1,000
SCM Microsystems Inc.

Fremont, Calif.

510-360-2300

www.scmmicro.com
SCM MT Digit
Biometric Reader
Standalone fingerprint scanner Works with BioLogon software $130
SecuGen Corp.

Milpitas, Calif.

408-942-3400

www.secugen.com
EyeD Hamster Notebook fingerprint scanner USB or parallel connector $109
EyeD Keyboard Keyboard with integrated scanner USB or parallel connector $129
EyeD Mouse Three-button scrolling mouse PS/2 or parallel connector $119
EyeD OptiMouse Three-button scrolling mouse
with optical pointer
USB connector $129
Sony Corp. of America

Park Ridge, N.J.

201-358-4169

www.sel.sony.com
Sony FIU-710 USB standalone reader Live finger detection, fingerprint verification via reference templates $299

inside gcn

  • How technology can help first responders save lives

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group