The age of anonymous gadgets may be over. Whether for security reasons or for digital rights management, many embedded system builders are considering ways to identify or authenticate the users of their equipment-a task that's increasingly complex. Passwords are proving both inconvenient and easily cracked. For real authentication, embedded designers are turning to sterner stuff like biometric identification.
Biometric authentication technology typically works by identifying a user's fingerprints or eyes. The processing power required to authenticate fingerprints or generate iris scans is significant. All the OEM biometric units therefore come bundled with their own embedded processors and software. All the customer sees is a familiar USB or serial port, and a documented set of software interfaces. Even so, the software work is not trivial.
To lighten the load, one industry group is developing de facto standards for biometric sensors and integration. The BioAPI Consortium lists more than a dozen BioAPI-compliant products on the market from various vendors. The group's goal is to encourage an API that is independent of the operating system or type of biometric device.
Clearly, most current design activity in the biometric space is focused on fingerprint-identification units available from a number of vendors, including Authentec. The company sees cell phones, for one, as ripe for fingerprint-identification applications for "asset protection, password replacement and data protection," said Scott Moody, president and CEO of Authentec, Melbourne, Fla. "2005 will be a bang-up year for us."
Cell phones are so price-sensitive, however, that not everyone sees the need for them to be biometrically secure at this juncture. Derrick Robinson, senior analyst at IMS Research, Wellingborough, United Kingdom, said, "You don't have a market unless there is a lot of valuable data stored in mobile phones."
On the other hand, one area where biometrics is already coming into play involves solutions for access control at places like hotels. Most rooms already use plastic ID cards as keys; they're inexpensive and easily replaced and reprogrammed. Adding biometric fingerprint identification to the card key or to the door provides another level of security that travelers may value, an application that STM, a French-Italian firm, is pursuing with its TouchChip module.
STM's technology is already being used on notebook computers, including the ThinkPad series from IBM, some models of which include biometrics alongside the touchpad mouse. Cell phones notwithstanding, mobile devices obviously store a lot of sensitive information, so this is where many biometric vendors see the biggest opening in the short term.
"All of a sudden this becomes viable. When you get down below $10, a lot of companies get interested," said Stacy Cannady, security product manager for IBM's PC division, Somers, N.Y.
When it comes to design, laptops have a distinct size advantage over cell phones, which are notoriously space-constrained. Although the fingerprint sensor itself is small and flat-about 1mm thick-the electronics that control it require more room than many handset manufacturers are willing to give up.
Hotels, laptops and cell phones are all relatively benign environments for biometrics. What's an integrator to do when the going gets tougher, such as for an outdoor kiosk? Currently, none of the biometric sensors are weatherproof. In fact, they're fairly delicate and need to be protected from sharp shocks, scratches and moisture. To be used in an embedded solution for locking outdoor gates or securing buildings, the biometric unit would have to be protected from the elements.