Sony token takes on smart card

The smart card, dating to the mid-1980s, and the USB key-chain storage device that appeared around 2002 have converged in the Puppy fingerprint identity token from Sony Electronics Inc.

The Puppy fingerprint reader has been around for more than a year (Click for May 5, 2003 GCN Lab review) but in a larger, flat-form factor. Then as now, the Puppy had its own processor and storage.

The current USB token format, about 3.5 inches long, stores 64M in flash memory, about 2M of which is reserved for storing up to 10 fingerprints at 564 bytes each, plus digital certificates and private keys. The user can switch the rest of the storage between public files and encrypted private areas.

'You match your print inside the device,' saving compute cycles on a PC or network, said John B. Harris, Sony's biometrics marketing manager.

The Puppy works with the international PKCS 11 and 12 cryptographic token interface standards and with Microsoft Corp.'s cryptographic application programming interface. The device's Data Encryption Standard and Triple DES encryption protect the stored files.

The Puppy has a covered silicon print reader as well as a USB interface cover that unsnaps for connecting to a port. Sony, of Park Ridge, N.J., supplies a separate cable for a jiggleproof connection to a notebook PC.

'It's not a badge replacement,' Harris said. The target user is someone who often carries files back and forth, digitally signs documents, and likes the convenience of signing on to multiple networks and portals with a single fingerprint.

Sony sells the token for about $199 with Puppy Suite Personal registration software for Microsoft Windows 2000 and XP. A separate administrator version, as yet unpriced, will allow registration of multiple users and management of certificate levels.

The 62M of storage is cross-platform, Harris said, allowing access through a USB port on any Windows, Linux or Mac OS X system.

'We see biometrics as private, convenient and secure,' Harris said, 'but it's one layer of the security puzzle.' If the Puppy key is lost, no one else can use it, but the owner must revoke all the stored certificates, buy another device and re-register everything.


  • automated processes (Nikolay Klimenko/

    How the Army’s DORA bot cuts manual work for contracting professionals

    Thanks to robotic process automation, the time it takes Army contracting professionals to determine whether prospective vendors should receive a contract has been cut from an hour to just five minutes.

  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

Stay Connected