Biometrics make user authentication convenient and secure – at the same time!

* Biometrics is now a mainstream enterprise technology

There’s usually an inverse relationship between enterprise security and end user convenience. When you tighten security, it often means more hoops for users to jump through – more complex passwords to remember, more sign-ons to endure, more tokens or cards to carry. That’s when you end up with passwords on Post-its, completely defeating your attempts at stronger security.

Forget all that. Biometrics as a means of authentication has gotten so reliable and easy to implement that it is now a mainstream enterprise technology. This week I attended the Digital Identity Showcase hosted by UPEK and Pay By Touch, and I was able to put my finger on some interesting biometric solutions that are both convenient for the end user and highly secure.

UPEK is the developer of the biometric technology that uses a fingerprint to identify an individual. Pay By Touch is a partner company that has embedded UPEK’s technology into devices used in retail settings. In today’s article, I’ll focus on the state of the technology and next week, I’ll cover some of the myriad uses, including the Pay By Touch solution and several others.

Up until about a decade ago, fingerprint scanning technology was based on optics. This meant the scanners were large and the results of a scan were sometimes distorted, making the use of a solution based on optical scanning somewhat clumsy and unreliable. In the late 1990’s, a real breakthrough in technology took place. Silicon chip companies began to explore capturing fingerprint images on silicon. This technology uses capacitive sensing instead of light (optics), yielding high resolution and density in a fingerprint scan and resulting in a much more reliable and accurate identification of the individual. In addition, the size of the scanners shrunk to something small enough to fit on a cell phone or a USB thumb drive, and that’s where we are today.

Most if not all major notebook PC manufacturers now have models with embedded fingerprint scanners. Gateway, Dell, Toshiba, ASUS and Lenovo all use UPEK’s technology to add another layer of security to their notebooks, or to replace passwords all together.

The UPEK module includes the fingerprint sensor plus a separate security chip embedded in the notebook hardware. Together they can be used to do pre-boot authentication of the user. For example, before Windows will boot, the user has to swipe an enrolled finger across the sensor. The “template” of his fingerprint is compared to the master template stored in the security chip. If there is a match, the user is authenticated.

Taking this a step further, the authentication can be passed to the Windows logon as a single sign-on (SSO), automatically signing the user into his Windows account.

If you want to carry this to the next level, you can use this authentication to allow the user to sign on to your network. UPEK has a number of partners who can help you integrate the biometric authentication into your Active Directory system, or into specific applications. Imprivata is one such vendor that delivers a complete SSO solution.

What if you don’t have a company full of notebooks with embedded fingerprint scanners? No problem – get an add-on device. UPEK has a number of products that can plug into the USB port. Like the devices embedded in the notebook, these devices have the scanner and the security chip to store and process the fingerprint templates.

The layers of security you can build around biometric authentication can help you secure a client device, your network, or an application or service. It’s important to note that the solutions can be designed to fit into what you already have in place, so there’s no “rip and replace” necessary. And the benefits are real. At the device level, you get simpler security procedures, theft deterrent, and protection of sensitive data. At the network level, there’s simplified VPN and Wi-Fi access, reduced help desk costs and a strong audit trail. And at the service or application level, you can eliminate phishing, provide transaction tracking and have hardware-based security.

Next week, we’ll look at some innovative ways that companies have deployed biometric authentication in schools, in retail applications, in healthcare facilities and more.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2007 IDG Communications, Inc.