Sony token takes on smart card
- By Susan M. Menke
- Apr 30, 2004
The smart card, dating to the mid-1980s, and the USB key-chain storage device that appeared around 2002 have converged in the Puppy fingerprint identity token from Sony Electronics Inc.
The Puppy fingerprint reader has been around for more than a year (Click for May 5, 2003 GCN Lab review)
but in a larger, flat-form factor. Then as now, the Puppy had its own processor and storage.
The current USB token format, about 3.5 inches long, stores 64M in flash memory, about 2M of which is reserved for storing up to 10 fingerprints at 564 bytes each, plus digital certificates and private keys. The user can switch the rest of the storage between public files and encrypted private areas.
'You match your print inside the device,' saving compute cycles on a PC or network, said John B. Harris, Sony's biometrics marketing manager.
The Puppy works with the international PKCS 11 and 12 cryptographic token interface standards and with Microsoft Corp.'s cryptographic application programming interface. The device's Data Encryption Standard and Triple DES encryption protect the stored files.
The Puppy has a covered silicon print reader as well as a USB interface cover that unsnaps for connecting to a port. Sony, of Park Ridge, N.J., supplies a separate cable for a jiggleproof connection to a notebook PC.
'It's not a badge replacement,' Harris said. The target user is someone who often carries files back and forth, digitally signs documents, and likes the convenience of signing on to multiple networks and portals with a single fingerprint.
Sony sells the token for about $199 with Puppy Suite Personal registration software for Microsoft Windows 2000 and XP. A separate administrator version, as yet unpriced, will allow registration of multiple users and management of certificate levels.
The 62M of storage is cross-platform, Harris said, allowing access through a USB port on any Windows, Linux or Mac OS X system.
'We see biometrics as private, convenient and secure,' Harris said, 'but it's one layer of the security puzzle.' If the Puppy key is lost, no one else can use it, but the owner must revoke all the stored certificates, buy another device and re-register everything.