- Is the Cisco MARS mission going to abort?
- First iPhone worm spreads Rick Astley wallpaper
- 10 stunning 3D buildings made with Google SketchUp
- Open source software ready for big business
- Four reasons to buy (and one reason to avoid) the Droid
Dave Kearns provides the information you need to evaluate, install and maintain your corporate identity management system.
And now for something completely different. I promise nothing about provisioning and/or federation this week. In this issue, and the next, it's straight-forward, clear-cut authentication we'll discuss, but with a twist.
First, a review. There are generally considered to be three modes of authentication – something you know (username/password); something you have (security token, smartcard, etc.); and something you are (biometric). Passwords can be guessed or stolen. Tokens can be stolen or lost. Biometrics are harder to misplace but haven’t caught on as fast as I thought they might when I first wrote about fingerprint readers over 10 years ago.
People mistrust fingerprint devices, mostly because they associate fingerprinting with criminal activity. The average citizen thinks that the fingerprint registration could be stolen and used to implicate them in a crime. It can't, of course, but that doesn't change their perception. The same problem faces facial scanning/recognition software which has been used (unsuccessfully) to identify wanted criminals at sporting events. Retina scanners simply scare people – they don’t want anything being shined into their eye. So what can we do?
The smart folks at Fujitsu have come up with a new system to read a biometric. It’s non-intrusive, isn’t likely to be featured at a crime scene on a TV series but does provide a unique signature with little effort on the user’s part.
PalmSecure is a system with a reader (and software) which images the veins in your palm via an infrared beam. The best known implementation is in a PC Mouse: simply wave your hand over the mouse and you can be authenticated. Fujitsu claims better than 99.99% accuracy in the read – even through latex gloves (it’s used in health-provider environments).
There’s no need to touch the device, nor to have it touch you. A wall panel, a reader on a vending machine, eventually, maybe, a plate on your car’s dashboard! Just wave your hand in front of it and get authenticated. How easy is that?
It also checks for blood flow in the vein so it can’t be spoofed.
Fujitsu has now released LOGONDIRECTOR, which ties a PalmSecure device to leading SSO implementations (Sun, Passlogix, Oracle, Citrix, etc.) for even better access control.
Dave Kearns is a consultant and editor of IdM, the Journal of Identity Management.
Rss FeedRss Feed
The Leader in Network Knowledge
Comments (3)
BiometricsBy PeterHolbech on March 16, 2009, 2:37 pmI am currently working on a biometric project, and one reason fingerprints are not working is that there are simply too many practical problems. In enrollment you...
Reply | Read entire comment
ALL biometrics are insecureBy Anonymous on March 17, 2009, 2:11 amThere is a major flaw with ALL Biometrics systems that I have investigated. They are all flawed and insecure. I am sure that the rest of the security community will...
Reply | Read entire comment
Biometric authenticationBy Anonymous on March 26, 2009, 2:07 amI agree with you Dave - worth checking out. To Peter Holbech, my experience says your claims are just wrong. There are no "practical problems" if you design the...
Reply | Read entire comment
View all comments