Administrators can require fingerprint authentication in addition to Windows credentials, including smart cards or passwords for their Windows logon policy. If smart cards are required for access, the fingerprint authentication can release the smart card PIN. The device’s software also supports logons to mainframe applications, VPNs and Citrix clients.
Vance Bjorn, vice president and chief technical officer at DigitalPersona, said, “The key to success in using biometric sign-on must be convenience. It cannot be an obstacle to legitimate access, yet it must be secure.”
Bill Spence, director of marketing at Recognition Systems Inc., agreed. “If it doesn’t work, people will find a way around it or stop using it.”
Case in Point
DigitalPersona’s optical ID fingerprint reader found an ideal application in Mexico’s massive Banco Azteca, a subsidiary of Grupo Elektra, Latin America’s leading specialty retailer, consumer finance and banking services company. Banco Azteca offers people with limited incomes in poor and rural communities an opportunity to establish a relationship with a financial institution.
Many people in these communities do not have driver’s licenses or any other secure form of identification. Those who are able to retain some of their earnings often keep their savings in cash either in their homes or in their wallets. This leaves them vulnerable to loss or theft of their life savings. Banco Azteca’s biometric authentication system allows undocumented workers to keep savings secure and earning interest. Workers simply verify identity with the DigitalPersona reader to make deposits or withdraw cash without time-consuming traditional ID verification.
Biometria Aplicada, a major Mexico City reseller, provided a solution using the DigitalPersona fingerprint reader that would work for the broad range of customers including farmers and construction workers, whose fingers are damaged or worn. Currently, Banco Azteca has more than 4 million customers biometrically registered and expects huge increases within the next year. The biometric authentication system makes it possible for 75 percent of its customers in 850 branches to establish savings and credit accounts for the first time.
Secure and Manageable
A fingerprint by itself is not a credential; it is only a gateway. A fingerprint reader records details of a finger to be used for access and converts them through an algorithm to digital data that is used for comparison and verification. This data template must be stored and kept available for comparison and authentication. Template management can be cumbersome, especially when the user must gain access to several machines in different locations.
The smart card offers an alternative to online template management. The typical biometric is 400 bytes or less in size, making it easily stored in smart card memory. When authenticating at a biometric terminal, the cardholder presents his or her smart credential, which transmits the cardholder’s biometric template to the reader for ID verification.
Silex Technology has combined smart card technology and biometrics in a unique product called the COMBO-mini. It combines a fingerprint platen with a UIM smart card reader. UIMs are small smart cards similar to the SIM cards typically used in GSM wireless phones. The portable USB device can be plugged into a computer, printer or other peripheral to ensure authorized access. The smart card is easily replaceable, so the unit can be used by more than one person.
However, should a card holder lose his credential or loan it to others, it is invalid. The user must have both the fingerprint authentication device and the smart card to gain access. Likewise, the peripheral device can be quickly reprogrammed should it be necessary to deny access to a card holder.
Silex’s SecurePrint authentication device allows a computer user to send a document to a printer but will not print the job until the user places his or her pre-enrolled finger on the fingerprint reader at the printer. Printer authentication can be an important tool in complying with HIPAA or Sarbanes-Oxley. It goes beyond preventing the unauthorized sharing of electronic media. Information leaks too often occur by intent or simple oversight at a network printer.