A one-stop shop for authentication?
- By William Jackson
- Jul 12, 2007
A Charlottesville, Va., company has announced the beta release of a biometric-enabled token that it hopes will become a single alternative for multiple-access control systems.
Privaris calls its plusID a universal biometric device. It eventually will provide three factors of authentication. The physical key fob can present digital certificates and other credentials, and it also contains a fingerprint scanner and a processor to match the scan with a print template stored on the device. The company plans soon to incorporate RSA SecurID, a one-time password generator that will provide a third factor of authentication.
What could make the multifactor device especially attractive is that it supports a variety of protocols for presenting credentials for access, emulating proximity cards often used for physical access as well as contact and contactless smart cards. The aim is to make the token work with existing systems, adding additional authentication factors without additional infrastructure or middleware, said Privaris Chief Executive Officer John Petze.
'The cost of installing infrastructure is one of the reasons biometrics has not been adopted to the level that people thought it would be,' Petze said. 'Biometrics doesn't have to be a part of a capital installation project.'
In the federal market, however, physical and logical access functions have been assigned by presidential mandate to the Personal Identity Verification card and, in the Defense Department, to the Common Access Card. These cards require smart-card readers because they contain biometric templates but no scanner for matching. To address this market, Privaris plans to announce this fall a smart-card holder to house PIV and CAC cards. The holder will contain the scanner and functionality of the plusID token so the cards can be used with existing physical and logical access control systems.
The communication standards supported by plusID are:
- 125kHz RFID proximity card.
- 13.56mHz RF contactless smart card.
- USB for network logon and battery charging.
- IEEE 802.15.4 for long-range gate access from moving vehicles.
This means the token can be presented to wireless readers like an access card or plugged into a computer to emulate a smart card. When the fingerprint scan or one-time password is matched, the appropriate credential is presented to the access control system.
Putting all of this into a single key fob presented a number of challenges, Petze said.
'The first was emulating [radio frequency identification] signals,' he said. These are usually generated by a coiled antenna within an access card. PlusID uses a modulator with a much smaller antenna to replicate the signal. 'That's not trivial.'
The next challenge was fitting everything into a small package. It uses the Broadcom BCM5890 processor for cryptographic operations and fingerprint matching. It supports key generation for public-key infrastructure, encryption with a variety of algorithms, hashing using SHA-1 and SHA-256, and x.509 digital certificates. It uses the AES2510 fingerprint scanner from AuthenTec. The scanner uses radio frequency to read the print rather than optical or thermal imaging.
The processor has been submitted by Broadcom for Federal Information Processing Standard 140-2 evaluation, and Privaris plans to submit the plusID for evaluation later this year, Petze said.
The product is expected to be available later this month, but will not come cheap. List price for the tokens will start at $115.
William Jackson is a Maryland-based freelance writer.