Biometrics for System Builders
Identity theft last year was one of the fastest growing crimes in America, according to the National Crime Prevention Council. Amazingly, the majority of ID theft takes places in the work-place. But the market for prevention of ID theft is growing fast as well—as banks, credit-card companies, e-commerce businesses, and any other company entrusted with protecting their customers& identities, passwords and other confidential information, are clamoring for solutions to thwart ID theft.
Because ID theft security is still a fairly new market, there's opportunity for system builders to compete effectively with the major PC and device manufacturers. To do so, you must offer what the tier-one vendors don&t, namely, complete biometric security solutions.
This TechBuilder Recipe will show you how to get started in this market. After a brief primer, I&ll provide a prime example of how to install and configure a simple biometric fingerprint scanner at a reasonable price. I'll also show what to look for when selecting a biometric scanner. This will ensure that you offer your customers a system that offers the greatest possible security, reliability and ease of use.
Biometrics: Not Just for Spies and Sci-Fi Anymore
Biometrics refers to the process by which a computer peripheral can identify one person from another by using a unique metric of their body. Eye retinas, irises, voice characteristics and fingerprints are among the unique body features used by biometrics systems.
You may have seen biometric scanners in spy and science fiction movies, but in the real world, biometric technology has today become an affordable reality. Real-world IT shops commonly use fingerprint recognition, hand/palm scanners, retina scanners, voice recognition, and signature recognition systems.
While affordable consumer-based fingerprint biometric devices began appearing in late 1999, the technology initially left much to be desired. Issues with finger pressure and pigment sensitivity made the devices difficult for many to use, and the accompanying software was often difficult to use, unreliable and offered limited security features.
But now in its third generation, biometric technology has greatly matured. Reliable fingerprint scanning devices (the focus of this Recipe) are now available from several manufacturers. These devices range in price from less than $40 to more than $175.
A Fingerprint Scanner Primer
Fingerprint scanning is near bullet-proof. Given the physiological fact that everyone has unique fingerprints (even identical twins), the likelihood of someone having a fingerprint similar enough to yours to trick a fingerprint scanner is very close to impossible.
Since 1999, when the first fingerprint systems appeared, the technology has gone through three generations. With each generation have come improvements in accuracy, reliability, ease of use, and ease of installation. The older generations, still available, are cheaper than the newer ones, but they are also less effective.
Generation 1: Optical Scanning: This method works by literally taking a photograph of the user's fingerprint with a small CCD (charge-coupled device) similarly to those found in digital cameras and camcorders. The system then compares specific elements of the photo with specific elements of photos it has on file to determine if any match.
For a detailed technical description on how fingerprint scanners work, there&s a terrific primer on the How Stuff Works site.
This generation has at least two serious shortcomings. First, in theory at least, you could have an actual-size grey-scale or color picture of a fingerprint and place it into the scanner as you would an actual finger—which could fool the scanner into thinking you are the system's authorized user. Second, people who have dark skin on the pads of their fingers may find that this type of fingerprint scanner cannot take accurate photos of their fingerprints, which could lead to the system denying them access, even if they are an authorized user.
Generation 2: Capacitance Scanning: This method calls for a small electrical current to measure and determine where the ridges and valleys exist on the pad of the user's finger. In essence, it's a tiny radar system.
Because pictures are flat, (they have no depth, or ridges, like an actual fingerprint) the capacitance across the surface will have no changes and therefore, a photograph of a fingerprint will not work with this type of fingerprint scanner.
Second-generation systems have their pluses and minuses. On the plus side, they tend to be smaller and less obtrusive than optical devices. That's because they use semiconductors instead of a CCD device. On the minus side, second-generation systems can still be fooled. Thieves can use a gelatin mold of an authorized user's fingerprint (much harder to produce than a photo) to trick a capacitance-based fingerprint scanner.
Generation 3: E-Field Technology: Electric Field, or E-Field technology, looks beyond the easily obscured outer surface of the skin to the living layer below, where the unique ridge and valley patterns of the fingerprint originate. This allows proper image acquisition of dirty and difficult finger types while, at the same time, ensuring the image supplied is not a photocopy or replica of a finger.
The advantage to this system is that even if the user doesn't have fingerprints because of some bizarre accident or birth defect, the system will still be able to uniquely recognize the user's actual fingerprint which resides behind the outer layer of the skin.
An E-Field system uses a signal generator on-chip that applies a small RF signal between the finger and the adjacent semiconductor. The signal is coupled into the live conductive layer of the skin by a conductive surface (called the finger drive ring) positioned around the outside of the active imaging region of the sensor. A field is then created between the finger and the semiconductor that mimics the shape of the finger&s epidermal layer. Sensors then operate together to glean an image that accurately corresponds to the pattern of the fingerprint, which results in a more precise image than both optical or capacitance-based scanners produce. Installing and Configuring a Fingerprint Scanner
Since I had never used a biometric fingerprint scanner before writing this Recipe, I was the perfect candidate to discover just how easy (or difficult) they are to actually install and use. The scanners are readily available through many manufacturers as a single add-on USB device, or if desk space is at a minimum, already embedded into keyboards and mice.
For this particular TechBuilder Recipe, I&m recommending Zvetco Biometrics. The vendor, besides offering a quality keyboard with a built-in fingerprint scanner, also offers a quality and robust biometric fingerprint scanner that comes complete as a single add-on USB device. Here's a photo of Zvetco's K4000 Biometric keyboard, which has a fingerprint scanner already built-in:
I found Zvetco&s Verifi FingerTouch Security Professional USB E-Field scanner easy to install and even easier to use. Here's a photo of the package:
After removing the device from the box, the first thing I noticed was that it&s built to withstand some abuse. It&s solidly constructed and remarkably dense for its small size. The scanner, which uses E-Field fingerprint detection technology contains an aluminum housing, a scratch-resistant sensor, and features what Zvetco says is "commercial grade stress relief"—which means, in plain English, it can withstand a lot of abuse. All this sturdiness comes at a price; the scanner costs about $100, or nearly twice as much as others on the market.
As you can imagine, scratching the sensor would severely limit or hinder the scanner&s functionality. For this reason, scratch-resistance is a vital feature. Be sure to look for scratch-resistance when purchasing a biometric fingerprint scanner. Here&s a photo of the device:
Working With the Bundled Software
The software included with the Zvetco scanner is compatible with Windows XP and 2000. Of course, security with Windows 95, 98 or Millennium is an oxymoron, so a device like this wouldn&t be of much help to these older systems.
The software can log you in to a domain as well as in to a local Windows logon with a brief press of your finger. It also supports Windows XP&s Fast User Switching, although that&s not recommended for those that are extremely security conscious.
The software also encourages the use of nonsensical and unbelievably long and difficult to memorize passwords. Because the bundled software remembers passwords for you, utilizing it in this manner results in more secure passwords that are less likely to be cracked.
In addition, the bundled software can also remember information for forms, such as name, address, city, state, zip code, phone number and credit number(s) that are required each time you make an online purchase. It also comes with software called Secure Disk and Direct File Encrypt.
Secure Disk enables an entire portion of the hard drive to be encrypted. Any data saved to that area is automatically encrypted. Direct File Encrypt permits the end-user to encrypt specific files regardless of their location on the drive, with the option to compress them as well. If, for example, someone were to boot to a Knoppix CD to bypass the Windows logon of a PC using a biometric fingerprint scanner, with Secure Disk and/or Direct File Encrypt, the data would still be unavailable to the would-be thief or hacker.
Installation and Configuration
The installation of both the hardware and software are painless and straightforward, and the entire process can be completed in less than 10 minutes.
As with most USB devices, the first step is to install the software before plugging the fingerprint scanner into the USB port. Once the software is installed, it immediately requests a reboot of the system, which should be permitted. A new icon will appear on the desktop called Verifi ID, which can be double-clicked on. The next step is to plug the fingerprint scanner into an open USB port. Assuming it is detected correctly, one can then accept the offer to utilize the log-on wizard, which is shown in a screenshot below:
Next, the software will ask which one of the user's fingers to use. It then shows a picture of two open hands, palms down. The system will instruct the user to click on the finger to be scanned first. The user will be asked to lift and reinsert the finger six times, to allow the system to get a good sampling of the fingerprint from several positions. Each time the user places the pad of a finger on the sensor, an image of the scanned fingerprint will appear on the screen between the images of the two hands, as depicted above.
The system then asks for this process to be repeated with a different finger of choice. If, in the future, the user happens to be wearing a band-aid on one of the fingers scanned, they can use the other finger they registered as a backup means of logging on and getting to their data. Biometrics in the Real World
Here's an example of how fingerprint security works in the real, online world. Once I registered my own fingerprints, I went to eBay. As I was entering my name and password, the Zvetco fingerprint-scanner software interface popped up to ask me if I&d like it to remember the information I was entering. I did. Then the software asked me whether I wanted it to request a scan of my fingerprint before submitting the information automatically to the website on future visits. It did the same when I visited PayPal.com.
On my next visit to eBay, once I clicked the account login button, the name and password dialog box appeared as usual. But this time, a new pop-up appeared almost instantly, asking me to scan one of the two fingers I had registered with the scanner. I did, and the system immediately submitted my name and password to eBay, and then logged me into my account on eBay.
My next visit to PayPal.com went similarly. Only this time, the fingerprint system submitted the unique name and password that I use only for PayPal. Also, the bundled software allows and encourages users to back up their stored personal data (passwords, credit card numbers, etc.) as it pertains to the biometric device. Should the hard disk drive crash, the user can easily restore their personal information and configuration of the biometric bundled software--but only if they made a backup beforehand!
Inherent Dangers of Fingerprint Security
In the unlikely event that someone steals a mold or a copy of the user's fingerprints to gain access to areas protected with biometric fingerprint technology, the user will need to change the ‘locks& entirely. In other words, if the user forgets a password, or if a password is compromised, a new one can be assigned to the user. Alas, fingerprints cannot be reassigned. If all of a user's fingerprints should ever become compromised, they would no longer be able to use fingerprint scanners as a secure means to protect their data and identity. If this is a concern for your clients, remember that E-Field fingerprint scanners are immune to these types of fingerprint theft.
Alternately, while a biometric fingerprint scanner may work great for your clients, it is possible that, as with any electronic device, someday it will fail and need repair or replacement. For this reason, I recommend that you use more than just one method of logon for the Administrator account of a PC. The software included with the Zvetco fingerprint scanner stores data using RSA 168-bit three key triple DES cipher. Should the backup be lost or stolen, the data within it will be practically impenetrable.
Nothing is Completely Foolproof
There&s an old adage in the security world: While there&s no such thing as a lock that can&t be picked, some locks are harder to pick than others. Ditto for biometrics. While biometric fingerprint scanning is an effective and affordable way to secure computers and data, it isn't foolproof. However, the technology makes it much more difficult to crack than old-school methods of guessing at or war-dialing passwords.
Another factor is the software bundled with the biometric device. Keeping unauthorized users out of a PC is only half the battle. The other half is securing the data in the PC, should an invader boot an alternate OS or use other means to gain access to the files on the drive itself.
CAREY HOLZMAN is a freelance writer, instructor at Glendale Community College, co-host of the nationally syndicated radio talk show Computer America, owner of a computer-repair business, and author of two books, The Healthy PC (McGraw-Hill/Osborne, 2003) and the forthcoming Home Networking: Right the First Time (Que, 2006). In his free time, Carey enjoys sleeping.
