Fingerprint Scanners

Discussion in 'other software & services' started by dallen, May 1, 2006.

Thread Status:
Not open for further replies.
  1. dallen

    dallen Registered Member

    Joined:
    May 11, 2003
    Posts:
    824
    Location:
    United States
    I have been pondering the idea of incorporating a fingerprint scanner into my systems. My desire would be to have the capability of using my fingerprint in place of every password. In other words, I would like a device that would work for both Windows XP logon and every website that uses a username/password. Are there any thoughts and/or recommendations?
     
  2. bktII

    bktII Registered Member

    Joined:
    Apr 12, 2006
    Posts:
    224
    dallen,

    I have absolutely no experience in this area, but created a bookmark to this web site not long ago from some security-related newsletter I get via email, can't remember which one. Not because of biometric devices, but because they have a USB solution I found interesting. That said, have a look at the following link:

    http://www.dekart.com/support/supported_devices/#Biometric_devices

    It may, at least, be a start.

    Good luck.

    bktII
     
  3. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Hehe, I have been looking for the same thing recently. Unfortunately the choices are pretty slim. There's the cheapy ones that aren't really secure, and the ones that are secure seem to be pretty pricey (over $100). I'll let you know if I find anything, hopfully others will do the same.
     
  4. dallen

    dallen Registered Member

    Joined:
    May 11, 2003
    Posts:
    824
    Location:
    United States
    Notok,
    I do not mind spending over $100, have you seen any of the more expensive models that seem to be the best?
     
  5. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
  6. bktII

    bktII Registered Member

    Joined:
    Apr 12, 2006
    Posts:
    224
    As I am also interested in this topic, I spent some time on it. Please consider this a sampling of information only.

    First some background information on biometric authentication (please note that this is not targeted at you notok and dallen, but may be helpful to others like me who are at a VERY early stage of learning):

    "The State of Biometric Authentication" here:
    http://redmondmag.com/columns/article.asp?EditorialsID=1042

    "Biometrics Comes of Age" here:
    http://www.actmagazine.com/appliedc...rticleDetail.jsp?id=261632&pageID=1&sk=&date=

    Interesting:

    "Put Your Finger on Proper Security" (a bit dated, but includes a favorable description/mini-review of OmniPass under the heading "Targus DEFCON Authenticator") here:
    http://redmondmag.com/features/article.asp?EditorialsID=425

    A note on my prior post regarding Dekart. It was listed in an email I recently received from securityfocus.com as a new MS Windows app, nothing more. The 3 primary apps of interest from Dekart are Logon, Password Manager and Secrets Keeper and they all support biometric devices. However, Dekart apps require the use of a Smart card/USB.

    Dekart Logon http://www.dekart.com/products/access_control/logon/

    Dekart Password Manager http://www.dekart.com/products/access_control/password_manager/

    Dekart Secrets Keeper http://www.dekart.com/products/encryption/secrets_keeper/

    Dekart Password Manager supports only MS Internet Explorer at the present time. OmniPass with 123UMS Retail Client login solution as posted by notok supports both IE and Firefox. Three apps are required for Dekart vs. one for OmniPass. I don't know how tightly integrated the Dekart apps are, but certainly an admin issue. Both OmniPass and Dekart are geared towards MS Windows OS. Again, Dekart apps require the use of a Smart card/USB. Both Dekart Logon and Password Manager are $39 each, while Secrets Manager is $19 totaling $97. With a 40% discount currently, OmniPass software looks VERY good at $59 ($100 normally).

    Next is CE-Infosys whose biometric authentication products include both MS Windows and Linux (Red Hat and SuSe only, clearly looking toward the corporate world) support. I don't know anything about Fedora compatibility. Also, it appears that Linux support is currently a work in progress.

    CompuSec Security Suite is free for both Windows and Linux here:

    http://www.ce-infosys.com.sg/CeiNews_FreeCompuSec.asp

    Interesting:

    The following important components are not free:

    CompuSec Bio http://www.ce-infosys.com.sg/CeiProducts_CompuSecBIO.asp

    CompuSec e-Identity http://www.ce-infosys.com.sg/CeiProducts_eIdentity.asp
    (I don't know if the full version of e-Identity is included in the free downloads.)

    Finally, an open-source (except for the hardware) solution for FreeBSD, NetBSD, OpenBSD and Linux (some of the linux downloads look to be significantly out of date, but not all) on the Intel x86-based hardware platform here:

    http://biomark.org.ru/en/index.html

    Hope this is helpful. It was a worthwhile exercise for me.

    bktII
     
  7. sosaiso

    sosaiso Registered Member

    Joined:
    Nov 12, 2005
    Posts:
    601
    I recently read in the Wallstreet Journal that Sony had a laptop with this built in feature for a corporate line. I'll pop back if I can find the online version of this article.
     
  8. bktII

    bktII Registered Member

    Joined:
    Apr 12, 2006
    Posts:
    224
    I missed a *BIG* one that I could not let slide.

    Microsoft and DigitalPersona here:

    http://www.tmcnet.com/usubmit/2004/Feb/1023995.htm

    Microsoft Fingerprint Reader Products here:

    http://www.microsoft.com/hardware/mouseandkeyboard/productlist.aspx?type=Fingerprint

    Microsoft Fingerprint Reader Firefox Extension here:

    http://www.gizmodo.com/gadgets/software/microsoft-fingerprint-reader-firefox-extension-170449.php

    Microsoft and RSA Security here:

    http://www.pcworld.com/howto/article/0,aid,116989,00.asp

    RSA SecurID® solution here (looks corporate right now):

    http://www.rsasecurity.com/node.asp?id=1157

    bktII
     
  9. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Just keep in mind that the Firefox one is not meant to be secure. It's basically a password manager that sends the right password according to whose fingerprint is used. The package also mentions this, it's just for convenience.
     
  10. bktII

    bktII Registered Member

    Joined:
    Apr 12, 2006
    Posts:
    224
    notok,

    You raise an excellent point. Even Microsoft, independent of the Firefox Plugin, says:

    http://www.microsoft.com/hardware/mouseandkeyboard/productlist.aspx?type=Fingerprint

    This is repeated here:

    http://redmondmag.com/columns/article.asp?EditorialsID=1042

    Summarizing from the informational articles, the two most important reasons for using biometrics are (1) convenience, and (2) security.

    With regard to Microsoft's Fingerprite Reader, the following link says:

    http://redmondmag.com/columns/article.asp?EditorialsID=1042

    More on this here:

    http://www.actmagazine.com/appliedclinicaltrials/article/articleDetail.jsp?id=261632&pageID=2

    Clearly, some consumer products are meant for convenience, while others offer, hopefully, offer both convenience and security. What are the differentiators we can use to discriminate one from the other? I can only ask questions and provide some very simple analysis on this.

    The software design/implementation for communication between the biometric device and the "bio device" software and between the "bio device" software and the OS or application software is clearly important.

    With regard to single-factor authentication using biometrics, are there "fingerprint readers" and "fingerprint readers"? In other words, are some more secure than others to the point where single-factor authentication is truly secure? If so, are the more secure readers affordable to consumers? Depends on what you are protecting. You can always use a fingerprint reader designed for convenience with a file/folder encryption utility and a password encryption utility, as the Firefox and Opera browsers have.

    This leads back to the informational articles discussion of multi-factor authentication.

    I will repeat from above:

    http://www.actmagazine.com/appliedclinicaltrials/article/articleDetail.jsp?id=261632&pageID=2

    This reference to the FP (false-positive) rate clearly addresses biometric device (and associated software) "quality".

    Some two-factor authentication examples
    biometrics + n-digit PIN (or a strong password password)
    biometrics + using a USB memory stick
    using a USB memory stick + n-digit PIN

    A three-factor authentication example
    biometrics + using a USB memory stick + n-digit PIN

    Affordable multi-factor authentication for the home user does appear to exist in the marketplace.

    Finally it appears that all of the present solutions assume a single operating system on a PC. No surprise, only a small fraction of users multi-boot. I dual-boot MS Windows XP Pro and Ubuntu on my desktop PC and currently triple-boot MS Windows Home, Ubuntu and Fedora Core on my laptop PC.

    Regards,

    bktII
     
  11. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I have 10 fingers, like most people. How many different fingerprints are allowed to be stored, in case one of my fingers is burned or cut off accidently by an axe ?
     
  12. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Depends on the scanner, but most allow at least 2, if not all 10. I did get a USB flash drive that has a fingerprint scanner for accessing the data on the key, and it lets you scan all 11.
     
  13. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    LOL @ #11 (not for females)
     
  14. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
  15. dallen

    dallen Registered Member

    Joined:
    May 11, 2003
    Posts:
    824
    Location:
    United States
    bktII,
    First, I would like to commend and thank you for your extremely thorough analysis which you've graciously coupled with your vast knowledge of the subject matter.

    Second, regarding the above quote, I may have missed the point in which you specify the affordable multi-factor authentication options available for home users. Can you clarify the specific options for me?

    Third [and completely unrelated], I must say that your username frightened me at first. There was a serial killer who went by the alias BTK, which reflected his modus operandi [Bind, Torcher, Kill]. He was finally captured. At first glance, I thought your username was btkII.:ninja:
     
  16. bktII

    bktII Registered Member

    Joined:
    Apr 12, 2006
    Posts:
    224
    dallen,

    My "vast" knowledge of the subject matter is filled with numerous links and quotes (i.e., there is no vast knowledge, just a bit of quick research that I decided to organize and share). Those with vast knowledge of the subject matter have written the articles I have provided links to and have designed/implemented the software and hardware solutions that exist.

    With regard to affordable multi-factor authentication solutions for home users, I am referring to OmniSoft (mentioned by Notok) and Dekart, which I learned of via securityfocus.com. The price tag for either of these two solutions is less than $100, minus the hardware. Also, my vendor search was not extensive. There may be add'l vendors of interest that have not been identified (yet) in this thread. I would lean towards 123ID OmniSoft as they seem to have been doing this a bit longer than Dekart, as evidenced by their presence in a 2004 review here:

    http://redmondmag.com/features/artic...itorialsID=425.

    Dekart is all over my Google search results on download sites. I have not yet found a review for Dekart Logon or Password Manager to share. If someone finds one I would love to see it. Also, OmniSoft has support for both IE and Firefox, while Dekart only supports IE. (If one does not use Firefox, this is not a differentiator.) Also, Dekart and 123ID both offer an opportunuty to try and buy. Microsoft's current solution is clearly geared towards convenience and they are very clear on this. But beware of purchasing a fingerprint reader from Microsoft and using it for other softwares; Dekart, in their forum, states that they do not support Microsoft's fingerprint reader.

    Finally, my initials are bkt and I am neither dyslexic nor otherwise impaired.

    bktII
     
  17. bktII

    bktII Registered Member

    Joined:
    Apr 12, 2006
    Posts:
    224
    Dallen,

    One last update. My initial, and current, interest in Dekart was their two-factor authentication using a USB jumpdrive device along with an n-digit PIN.

    They recommend using an eToken Pro USB by Aladdin. However, an alternative, although a bit less secure by their measure, is to use Lexar JumpDrive Secure. If one decides that the Dekart software is not ready for prime time or just plain do not like their solution after "driving" it, at least one is left with a usable physical device. 256 and 512 MB Lexar JumpDrive Secure products range from approx $25 to $40. Alternatively, one could at a later date purchase a supported fingerprint reader and have three-factor authentication if the software were found to be suitable.

    As should be clear from my prior posts, I have not invested any time to speak of on fingerprint scanners (please read hardware), the topic of your initial post. However, I thought that a discussion of multi-factor authentication of which there are a variety of implementations would be of general interest. That said, Dekart does support a number of fingerprint scanners listed here:

    http://www.dekart.com/support/supported_devices/

    Best regards,

    bktII
     
  18. bktII

    bktII Registered Member

    Joined:
    Apr 12, 2006
    Posts:
    224
    Just thought I would let anyone interested know that I have successfully installed the current 30-day evaluation version of Dekart Logon on my desktop PC with Win XP Pro. The Dekart processes were added to the ProcessGuard white list. No problems.

    I have successfully added a second user, my restricted user account, with a corresponding key to the Lexar JumpDrive.

    Two-factor authentication, using (1) my Lexar Jumpdrive and (2) my PIN, works flawlessly for log off/on, restart and shutdown/startup. If I try to log in with the Lexar JumpDrive removed from a USB port, I am requested to place it into a USB port and must enter my PIN to successfully log in. If I am logged in either of my two accounts and remove the Lexar Jumpdrive, the machine is immediately locked and I cannot get back in until I place the Lexar JumpDrive back into a USB port and enter my PIN. It can be ANY USB port, not just the port that was used to initially set up the key.

    No ill effects for my dual-boot Ubuntu install either.

    Also, although I do not currently have a fingerprint scanner, it appears easy enough to add one at this point using the Dekart GUI; thus, enabling three-factor authentication.

    bktII

    dallen,

    Did a very quick search of fingerprint scanners compatible with Dekart Login. Here are two (they both cost around $80 each):

    SCR222 PCMCIA Fingerprint Reader

    Sony USM-512FL Micro Vault USB Flash Drive with Fingerprint Access
     
  19. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    I think I saw that one on Froogle.com for a bit cheaper.. might be worth a look :) Thanks for pointing that out, btw. I have Dekart installed, but haven't had a chance to really look at it. It's working perfectly well, though, so it looks like it might be a keeper (for the price).
     
  20. bktII

    bktII Registered Member

    Joined:
    Apr 12, 2006
    Posts:
    224
    Notok,

    Thanks for the info regarding Froogle.com. I'll take a look.

    Have also just installed Dekart Password Manager. Am not completely sure I have installed and configured it correctly. The Password Manager icon is sitting in my task bar; but Internet Explorer is running incredibly slow, esp. typing and the scroll bar. It "feels" like IE is DRAGGING Password Manager along!

    I may try uninstalling Password Manager and installing again.
     
  21. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    lol, I know the "feeling" :D I don't use IE, so won't be much of a concern, but I do wish they'd make a secure biometric password manager for FF.. it would certainly be convenient. Preferably one that generates the password based on your fingerprint and the website name, it wouldn't even need to store the password that way.. as long as it had a way to input a url in case a website moves to another domain.
     
  22. bktII

    bktII Registered Member

    Joined:
    Apr 12, 2006
    Posts:
    224
    I don't normally use MS Intenet Explorer either, except for monthly Windows updates and managing my router. I am presently using it so that I may take the Dekart Password Manager for a "walk in the park". When I start up the app, I get a message window with the following: "30-day evaluation period is over. To continue ... ". Sounds like a problem with their evaluation installer.

    Left a message on their forum on this. I also let them know that the web browsers I use for surfing are Opera and Firefox.
     
  23. bktII

    bktII Registered Member

    Joined:
    Apr 12, 2006
    Posts:
    224
Thread Status:
Not open for further replies.