Combine biometrics and token technologies for more secure laptops

* Combined fingerprint/token authentication

How would you like to be the corporate security officer awakened in the middle of the night with news that laptops containing your company's critical information were stolen? One way to keep your stomach from turning (and to hang on to your job) is to use good endpoint security to make sure the data isn't vulnerable. Now there's a new twist on how to secure your laptops.

It happened again. Laptops containing critical information were stolen. In this case, the PCs were taken from a company hired to provide services to Petrobras, Brazil’s state-run oil firm. Petrobras disclosed that the data pertained to the location of new oil discoveries and that the information affects Brazil’s national interests. Uh oh.

How would you like to be the corporate security officer awakened in the middle of the night with news that laptops containing your company’s critical information were stolen? One way to keep your stomach from turning (and to hang on to your job) is to use good endpoint security to make sure the data isn’t vulnerable. Now there’s a new twist on how to secure your laptops (Compare Data Leak Protection products).

Secure biometrics company UPEK and authentication solution provider RSA, The Security Division of EMC, have collaborated to deliver a strong yet easy-to-use endpoint security solution that can be used to authenticate an employee remotely accessing corporate networks. In early February, UPEK announced the availability of several products that form the basis for biometrics-based multifactor authentication using embedded RSA SecurID technology. Here’s what’s new from UPEK:

* The Protector Suite QL software has been updated and certified as RSA SecurID Ready.

* The Eikon Digital Privacy Manager USB peripheral is now embedded with RSA SecurID technology.

* Millions of notebook PCs with embedded UPEK fingerprint sensors are now RSA SecurID Ready.

What this all means is that you can have one device that reads a user’s fingerprint and validates that person’s identity and then issues a tokencode that is sent to an RSA Authentication Manager server to fully authenticate the person. That device can be the new USB peripheral or a fingerprint reader that is built into the laptop PC. This eliminates the need for a second, separate security token (Compare Identity Management products).

It works like this. An administrator issues a SecurID token seed to an end user. The seed gets provisioned into the UPEK Digital Identity Engine and then forms a biometric token. After import, the SecurID token is protected by the UPEK Digital Identity Engine for use in Protector Suite QL, which locks the token to the specific user and is tied to his unique fingerprint. To authenticate, the user swipes his finger on the reader, and upon a successful fingerprint match, a tokencode is generated for use with an RSA Authentication Manager server.

In addition to this new combination of biometrics and token passwords, a user’s fingerprint can be used as an additional authentication factor to secure access to devices, networks and Web-based applications and portals. It can be used to log in to Windows (XP, 2000, 2003 and Vista); log in to portals and applications; lock the workstation; encrypt files and folders; and do pre-boot authentication for notebook PCs. It also strengthens your compliance posture for FFIEC, Sarbanes-Oxley, HIPAA, GLBA and other directives.

If you’ve already deployed a fleet of laptops that have UPEK’s biometric scanner embedded in the PC, there’s no need to replace the hardware or buy new USB fingerprint readers. The new solution can take advantage of pre-existing hardware with a software update. The following laptop manufacturers use UPEK fingerprint readers in their hardware: Amoi, ASUS, Gateway, IBM/Lenovo, Itronix, MPC, Samsung, Sony and Toshiba. See how to update your laptops here. If your laptops don't already have an embedded fingerprint reader, UPEK has USB-based products that can be added to your configuration.

With laptop theft on the rise and the consequences of exposed data growing more severe, this combined fingerprint/token authentication is just one more way to keep from becoming a statistic.

Learn more about this topic

 
Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2008 IDG Communications, Inc.

IT Salary Survey: The results are in