Fingerprint readers enhance notebook security

By Ed Gray

By Ed Gray

|

Ethentica, Identix bring biometrics to the laptop

During the past two years, biometric technology, which confirms a person's identity by scanning a physical characteristic such as a fingerprint, has become increasingly popular among government agencies. The technology, which can be used to permit access to a network or a building, has become an increasingly reliable, convenient and cost-effective means of security. Now a new generation of low-cost yet accurate fingerprint readers is available for notebook computer users.

We tested two of these readers: Ethenticator MS 3000 from Ethentica Inc. and BioTouch from Identix Inc. Both are compact PC Cards that fit into any standard PCMCIA Type II or III slot on a notebook. The actual mechanism that reads fingerprints is tucked away inside the card. After you insert the card, all you need to do is press lightly on the outside part of it to bring out the fingerprint reader.

Both Ethenticator and BioTouch can help systems administrators solve the problem of forgotten, expired or stolen passwords that can compromise security and increase overall network administration costs. Fingerprint log-ons provide a reliable means of user identification and can take the place of all other system passwords, including screen-saver passwords, both local and networked.

For even greater security, you can configure Ethenticator and BioTouch to use fingerprint verification along with password verification. In fact, the Identix laptop unit we tested added a third level of security with the smart card reader it contained in its other PCMCIA slot. You could, for example, require a staff member to insert his or her smart card in addition to providing a registered fingerprint and a password.

Systems administrators can employ additional security features with the software that installs with Ethenticator and BioTouch. Although this software is not reviewed here, Ethentica's SecureSession and the Identix, security Pack (containing BioSafe and Bio-Shield applications) enable administrators to, for example, set up files and directories to be read only by certain users, who must authenticate with a password and/or fingerprint to be allowed to view their files or directories. These features would be especially useful for those who share a notebook but still wish to retain the confidentiality of their own files.

Ethenticator MS 3000

We tested the Ethenticator MS 3000 on a WinBook Corp. notebook with 32M of RAM running Microsoft Corp. Windows 95. Currently, Ethen-ticator only supports the Windows 95 and 98 operating systems. The Ethenticator ran smoothly during our testing, and fingerprint enrollment and identification generally occurred quickly.

Ethenticator uses TactileSense, Ethen-tica's proprietary light-emitting polymer fingerprint verification tech-nology, to gather a fingerprint image. Tactile-Sense generates an image of the fingerprint patterns and identifies their unique characteristics, then transforms the ridges, loops and whorls of the fingerprint into an optical image pattern. This pattern is captured as an image by a sensor and then is transformed into digital code.

SecureSuite is the brains behind Ethenticator's brawn. Administrators use the SecureSuite User Manager to set up accounts for those who will use the Ethenticator-enabled computer. It's easy to set up user accounts and passwords, control user access levels to the system, and enroll and catalog fingerprints. And you can assign any of four levels of access privileges to users: guest, minimum, full and administrator.

A handy Fingerprint Enrollment Wizard helps guide you through enrollment the first time a user is added to the system. The enrollment process is easy to understand, even for the most technically inept user. This is important if a system administrator elects to have users enroll themselves during an Ethenticator deployment. In fact, a big plus of the Ethenticator is that administrators do not have to be present to enroll each user.

We were, however, a bit alarmed when we found that a user granted full privileges could modify the log-in methods necessary to authenticate him or her to the computer. Even if the administrator set up the user so that a password and fingerprint verification were required to log in, a user with full privileges can log in and remove the fingerprint requirement with only a few clicks. That security hole may not appeal to department IT managers.

On the plus side, Ethenticator nearly always read fingerprints in one second or less, the only exception being when the wrong finger was deliberately used to attempt to gain access. In this case, as many as nine seconds passed before we were informed that the fingerprint failed.

Unfortunately, the sensitivity of Ethenticator's fingerprint capture area is not adjustable. Ethenticator requires fingers to be placed on the scanner in almost the identical position in which they were originally read to pass verification tests, and there is no option for administrators to loosen the standard.

Identix BioTouch

We tested the Identix BioTouch on a Dell Computer Corp. Latitude notebook with 128M of RAM running Windows 2000. Conveniently, Bio-Touch supports many operating systems, including Windows 95, 98, Millennium Edition, 2000 and NT. BioLogon, the software that comes with the BioTouch card, is integrated with security and log-on features native to Windows 2000. This means that passwords and biometric information are controlled from a central location.

BioTouch uses an optical scanner, which means light is refracted through a prism to capture the image of a fingerprint placed on the lens. The image is then converted into a mathematical template of the fingerprint's minutiae points, which are the points at which fingerprint ridges split or end. This data is then encrypted and used as an identifying template, and the image of the fingerprint is discarded.

Like Ethenticator, the BioTouch software allows administrators to set up units so that users can enroll their own fingerprints when they first log on to the BioTouch-enabled computer.

Unlike Ethenticator, however, Bio-Touch allows administrators to customize the sensitivity level of the fingerprint reader. This came in especially handy when we were frustrated with BioTouch for not obtaining a successful read of fingerprints during user enrollment. We discovered that the reader sensitivity had been set inordinately high. When it was lowered slightly with a few clicks, the enrollment frustrations vanished.

Also, we were impressed by the fact that BioTouch easily read the same finger when it was placed at different angles on the reader.

The only notable drawback to Bio-Touch is that it's a tad slow in authenticating fingerprints. Although read times were generally under two seconds, they were consistently slower than those of Ethenticator.

Ed Gray is a freelance writer based in Washington, D.C.

REPORT CARD

Score: B

Ethentica Inc.
(877) 660-5353
www.ethentica.com

Price and availability: Ethenticator MS 3000 retails for $199 and comes with SecureSuite software.

Remarks: Ethenticator MS 3000 offers an impressively compact way for users to secure their computers. The device's main drawback is that it currently runs only on Windows 95 and 98. Also, although SecureSuite enables you to customize many settings, it does not allow you to change the fingerprint-read sensitivity, which some organizations may want to do in order to heighten the security on their systems.


REPORT CARD

Score: B+

Indentix Inc.
(408) 731-2000
www.identix.com

Price and availability: BioTouch retails for $159 and comes with BioLogon software. When bought as a part of the federal bundle (which includes BioTouch, a GemPlus Smart Card Reader—a PC Card-sized smart card reader that fits into another PCMCIA slot on a laptop—and BioLogon software), it costs $229. All of these products are available through Identix on the GSA schedule.

Remarks: The Identix BioTouch PC Card fingerprint reader is a solid product that performed admirably during testing. BioTouch runs on a wide variety of Microsoft operating systems (Windows 95, 98, ME, 2000 and NT), as well as the Linux and Unix platforms. We found BioTouch's integration with security features native to Windows 2000 to be a big plus.


NEXT STORY: BLM gains ground on programs

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.