Fingerprint scan brings access control to Windows

I/O Software Inc. late last month introduced an application that lets PC users log on to their workstations using their fingerprints.

The new application, called SecureStart 98, is designed to block unauthorized access to Microsoft Corp.'s Windows 95 and Windows 98 operating systems. The product, which sells for $650, comes bundled with a Sony Corp. fingerprint scanner.

Using the scanner and I/O's software, an agency can scan the fingerprint of a workstation user and store an image of that fingerprint onto the computer. When the user wants to use Windows, he puts his finger on the scanner and— in less than one second— the scanner can confirm his identity and log him on to Windows, the company said.

I/O Software believes SecureStart 98 fills a gap in the fingerprint-based security market. "What we are trying to sell here is a security solution— a real security device— instead of some toy that people sell," said William Saito, president of I/O Software, Riverside, Calif. Even not-so-secret agencies will have a need for the new SecureStart product, Saito said.

"There is a lot of fingerprint technology out there but not a lot of software," said Steven Wong, I/O Software's marketing manager.

The company expects a healthy amount of interest among federal buyers looking to add a layer of desktop security beyond passwords. There is a growing consensus among many in the federal information technology arena that passwords alone simply do not offer the security that agencies need, observers said.

Peter Higgins, a Washington, D.C.-based biometrics consultant, said products such as I/O Software's are likely to appeal to high-security agencies such as the National Security Agency and the Drug Enforcement Administration.

Higgins said products such as SecureStart 98 may have greater appeal than some other computer security measures because the software restricts access to a specific application on a computer, not to the entire computer and all its applications. "It's a clever approach to intercepting people before they get onto the computer and attempt to bypass security," Higgins said.

"The real advantage, I think, is that if you have it so that it's addressable during use of or access to each application, then you can say, 'You're not entitled to see that application,' and you can leave your computer turned on," Higgins said. "And it's safe because people can't get into the applications. But you're still connected to the network."

NSA already is exploring the use of fingerprint technology, as well as other biometrics, for computer-access control, said Jeffrey S. Dunn, chief of identification and authentication research at NSA.

"Government users require robust, reliable security protection that is affordable, easy to use and compatible with commercial [PCs] and software," Dunn said.

"Problems with relying only on passwords for access control have been understood for some time," said Dunn, who cited 1994 guidelines from the National Institute of Standards and Technology.

The guidelines, available at www.08.nist.gov/fips/fip190.txt, maintain that passwords can be easily forgotten by computer users or intercepted by computer "attackers."

Dunn would not say which products the agency is using, but he said agency researchers "have worked with several fingerprint-recognition vendors."

Saito said his company has already seen a fair amount of direct business from federal customers such as the Defense Department and other agencies that are buying existing company products, such as a fingerprint application for logging on to a Windows NT workstation and a software development kit for computer-access control using fingerprints.

Wong said I/O Software is working to make its products available through NASA's Scientific and Engineering Workstation Procurement II contract.

Featured

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.