Fingerprint ID systems point to increased security

No longer the exclusive domain of science fiction, biometrics - the use of physical traits or characteristics to identify a human being - has entered the real world as a viable security option. Some of the most popular biometric systems today include fingerprint recognition, iris scanning, retina scanning, face identification and voice identification.

Using biometrics for computer security has become popular as government agencies search for more secure, convenient and cost-effective security measures. Biometric security systems solve the problem of forgotten, expired or stolen passwords that can compromise security and increase overall network administration costs.

Fingerprint recognition is one of the most feasible biometrics today for general-market purposes. The technology is inexpensive, and fingerprint scanners can be miniaturized and easily mass-produced. Scanning a fingerprint is quick and easy for users, and data extracted from fingerprints is extremely dense, which makes fingerprints a reliable means of identification. Fingerprint log-ons can take the place of all other system passwords, including screen-saver passwords, both local and networked.

Employees at the U.S. Bankruptcy Court in Cheyenne, Wyo., have been using Digital Persona Inc.'s U.are.U Fingerprint Recognition System for about three months, and the program has been a huge success, according to Tom Chalfant, the systems manager at the court. "Users were complaining that they had to remember different passwords for different programs," Chalfant said. In addition, the passwords for different systems would expire at different times, adding to the burden of managing and remembering them. "Now [users] can use fingerprints" for all those systems, he said. Users are much happier with the new system because of its ease of use and also because they think it's just plain fun.

There are at least half a dozen low-price fingerprint recognition systems on the market today. We looked at two of the most recent entrants to the market: Compaq Computer Corp.'s Fingerprint Identification Technology and Digital Persona's U.are.U Deluxe Fingerprint Recognition System. [For a brief look at three other fingerprint recognition systems, see, February 1998, Page 29.]

Both systems feature optical fingerprint scanners. These scanners use light refracted through a prism to capture the image of a fingerprint placed on the lens. However, the system does not store an image of the entire print. Instead, it converts the image into a mathematical template of the fingerprint's minutiae points, which are the points at which ridges split or end. This data then is encrypted and used as an identifying template, and the image of the fingerprint is discarded. It's important to note that a fingerprint image cannot be re-created from the template of minutia points, so users need not worry about having their fingerprints on file.

While the underlying technology is the same, we found many differences between the two systems. Two key differences concern operating systems and ports. U.are.U is only compatible with Microsoft Corp.'s Windows 95 and Windows 98, while Fingerprint Identification Technology is compatible with Windows NT 4.0 in addition to Windows 95 and 98. On the hardware side, U.are.U requires a Universal Serial Bus port, while Fingerprint Identification Technology uses a parallel port. The USB port makes hardware setup easier, but if your PC doesn't have a USB port, you'll need to use the Compaq system or another non-USB system.

Another notable difference between the systems concerns the fingerprint recognition itself. Fingerprint Identification Technology lets each user register only one fingerprint at a time, while U.are.U lets users register up to all 10 fingerprints and use any one of them to log in. In addition, Fingerprint Identification Technology requires you to place your finger in the exact same orientation on the scanner each time, while U.are.U can read a fingerprint from any angle, including upside down.

Both systems are good, but overall we found U.are.U more convenient and user-friendly. However, if you don't have a USB port or if you're using Windows NT, Fingerprint Identification Technology is for you. Fingerprint Identification Technology sells for $98 per node on the General Services Administration schedule, and U.are.U Deluxe costs $159. That price includes the Private Space application, which lets you create private drives that require a fingerprint or password to access. U.are.U without the Private Space application costs $119.

* * *

Compaq's Fingerprint Identification Technology

Although the cabling that comes with the Fingerprint Identification Technology system looks somewhat daunting at first, Compaq includes a useful Quick Setup guide that contains clear illustrations showing how to connect the system to either a horizontal desktop PC or a minitower machine. There also are written instructions along with illustrations in the user's guide.

In addition to the cable running from the parallel port connector to the fingerprint scanner, there is a cable that ends in a PS/2 port. You must disconnect your mouse or keyboard and plug it into the port on the Fingerprint Identification Technology cable. Another cable that branches off that one connects to the PS/2 port on the PC. The reason for this complexity is that the PS/2 port powers the fingerprint reader.

Even before you connect the cables, however, you must enable and set the mode for the parallel port on the PC. Using the system setup utility, you must set the port for ECP/EPP (extended capabilities port/enhanced parallel port), SPP (standard parallel port) or bi-directional.

All in all, Fingerprint Identification Technology's setup is not difficult, but compared with the U.are.U setup, it seems a bit time-consuming and complex - a difference that would be especially relevant when installing the system to multiple workstations.

Fingerprint Identification Technology's software installation for Windows 95 or 98 also is bulkier than U.are.U's. It's not difficult because wizards guide you through every step, and the user's guide supplies excellent step-by-step instructions and illustrations, but it takes more time and is more complex than the U.are.U installation. (For a Windows NT installation, which we did not test, the steps are about the same as those for the U.are.U system.) In addition to the usual procedure of entering your name and company and choosing file-destination locations, you must access the network configuration utility and manually install the Biometric Client.

Fingerprint enrollment is a quick and easy process. The Fingerprint Enrollment Wizard allows either an administrator or a user to enroll a fingerprint. Take note that users do need a password for identity verification when enrolling fingerprints. A short wizard takes you through the process, which requires two fingerprint impressions.

Fingerprint Identification Technology's management is logical and easy to use. The User Manager displays user groups and accounts, and it allows administrators to enroll new and existing users. Useful status icons indicate users with no enrolled fingerprint, users with an enrolled fingerprint, the current biometrics user and those who are not current biometrics users.

The system also allows some software configuration to fine-tune the recognition process. You can adjust the brightness setting of the fingerprint reader and the fingerprint presence threshold. Optimal brightness renders a fingerprint image that is a soft gray, so if the reader is having trouble recognizing a fingerprint, you can see if the brightness setting is too light or too dark and adjust it accordingly. The presence threshold allows the system to reliably detect a finger when placed on the reader's lens. You only need to adjust this setting if the system is having trouble recognizing a fingerprint, which can happen if a user has dry skin, for example.

While this system was a little bulky to set up and install, it's very easy to use. You can access all of the program's functions from an icon on the Windows system tray. The user interface is logical and intuitive, and it's nice to be able to fine-tune some of the system thresholds. We found the system to be somewhat finicky when it came to reading fingerprints, mostly because you must place your finger on the reader at just the right angle to get an accurate reading.

* * *

Digital Persona's U.are.U Deluxe Fingerprint Recognition System

There are several U.are.U packages available. U.are.U Plus ($119) includes the fingerprint reader and associated software for installation to a PC. U.are.U for System Integrators, VARs and OEMs ($95) is a streamlined package for system integrators. It requires the use of a software development kit (sold separately for $800) for integration into proprietary applications.

We looked at U.are.U Deluxe, which includes an application called the U.are.U Private Space. The Private Space is a dedicated portion of a hard drive, network server, floppy drive or removable drive that requires a fingerprint to access.

Out of the box, the U.are.U system is refreshingly simple. You need only to contend with one piece of hardware (the fingerprint sensor) that connects to a USB port in one easy step. There are two installation CDs: one for the basic fingerprint recognition system and one for the Private Space. Each CD comes with a CD-size manual that is as easy to use as it is to handle.

Installation is a breeze with Windows 95, using a wizard that guides you through all the steps. For Windows 98 installation (which we did not test), you need a Windows 98 program disk because the system requires distribution files. This adds a couple of extra steps, but the process still is simple. The installation wizard tells you when to connect the sensor to the USB port.

An easy-to-use graphical interface makes the process of enrolling fingerprints not only simple but fun as well. A single window contains a picture of two hands and four large ovals so that you can see all four fingerprint images as you register them. Just click on the button next to the finger you wish to enroll or choose the finger's name from a drop-down list. Then place your finger on the sensor four times to enroll it. Each enrolled finger has a check mark next to it. You can repeat the process at any time, and you can enroll up to all 10 fingers. U.are.U also requires you to enter a backup password in case you cannot use a fingerprint. As with the Compaq system, both administrators and users can enroll fingerprints.

U.are.U's management module is called the Control Center, and it is extremely easy to use. From here, administrators can manage user accounts, including updating accounts and fingerprint enrollment, adding new users and deleting users. The administrator also can keep a log file to monitor significant events, such as user log-ins and account modifications. From here, you also can access the Password Bank, which is an encrypted list of users' registered passwords for various applications.

Our favorite part of U.are.U was the Private Space application, which is a useful and clever way for users to keep certain files private, especially on shared PCs. Users without access to a Private Space do not even know it's there because the icon is not visible. You can create an unlimited number of Private Spaces. You must use your fingerprint or backup password to access a Private Space, and all files saved to a Private Space are encrypted automatically. This security extends to files saved on a network drive because files are encrypted before they leave a user's desktop.

Creating a Private Space is simple. First, insert the Private Space CD and follow a few on-screen prompts to install the software. The Private Space Control Center launches automatically. Next, type a name for the Private Space and select a drive letter for it. Then enter a size in megabytes for the Private Space. You can increase this size later, but you cannot reduce it. Finally, select a location for the Private Space, which can reside on a local or remote hard drive, a floppy disk or a removable drive.

Other than requiring a fingerprint image or backup password, the Private Space functions like any other drive when it comes to file management, except that the Private Space must be selected before you can open it. Only selected Private Spaces are visible, and you can unselect a Private Space at any time. Another security feature is that a Private Space will automatically close if it has been idle for a certain amount of time. You can set this time limit anywhere from 15 minutes to four hours. You also can disable this function and set it to manual close.

It seems that Digital Persona thought of just about everything when the company created this system. U.are.U couldn't be easier to install, and using it is a breeze. Unlike Fingerprint Identification Technology, U.are.U lets you place your finger at any angle on the sensor once the fingerprint is registered. It's nice to have a Password Bank in which to store various passwords for different applications, and the ability to register up to 10 fingerprints makes sense in case a finger or hand becomes injured. Finally, the Private Space function makes this the perfect system for environments with shared PCs. If you have a USB port and are not running Windows NT, we think this system is an excellent choice.


Fingerprint Identification TechnologyCompaq Computer Corp.(800)

Price and Availability: Compaq's Fingerprint Identification Technology is available on the GSA schedule for $98 per node (Schedule No. GS-35F-4544G).

Remarks: This is a good system that is easy to use once it is installed. Its shortcomings are: slightly bulky hardware and installation, a fingerprint reader that requires users to place fingertips at exactly the same angle for each log-in and not as much functionality as the U.are.U system. However, you'll like this system if you do not have a USB port or if you're running Windows NT.

Final Score: Good


U.are.U Deluxe Fingerprint Recognition SystemDigital Persona Inc.(877)

Price and Availability: The U.are.U Deluxe Package is available directly from Digital Persona to government buyers for $159. Call to inquire about quantity discounts.

Remarks: We were extremely impressed with this system. It's obvious that a lot of thought went into planning its interface and functionality. We loved the Private Space security function and the fact that a finger can be placed on the scanner at any angle. It would be nice to see a future version that can run under Windows NT.

Final Score: Excellent


  • Management
    shutterstock image By enzozo; photo ID: 319763930

    Where does the TMF Board go from here?

    With a $1 billion cash infusion, relaxed repayment guidelines and a surge in proposals from federal agencies, questions have been raised about whether the board overseeing the Technology Modernization Fund has been scaled to cope with its newfound popularity.

  • IT Modernization
    shutterstock image By enzozo; photo ID: 319763930

    OMB provides key guidance for TMF proposals amid surge in submissions

    Deputy Federal CIO Maria Roat details what makes for a winning Technology Modernization Fund proposal as agencies continue to submit major IT projects for potential funding.

Stay Connected