Biometric authentication for the masses

Have you bought a new laptop recently? Was it from one of the major vendors? Well, you will likely have an integrated biometric device, a so-called “finger print reader” built into your system. If you are sort of a geek like me or share at least some technology enthusiasm, you will have found out that the strip readers do look oddly familiar, no matter what brand your laptop comes from. Upek, a STMicroelectronics spin-off did a great job in pushing their technology into the OEM market by providing easy-to-integrate biometric modules for laptop manufacturers. They have been so successful with this approach, that even while I deliberately opted out of having one built into my shiny DELL m1330 (because I did not want one of those “gimmicks”), DELL actually had one built into it anyway. Hm, maybe you should all opt-out - and hope that this trick to get one of the readers for free works for you, too!

Anyway, while I was at it, I “programmed” the reader with a software tool called “Protector Suite QL” and now it supports my laziness quite a bit: instead of typing my Windows password at logon or during UAC prompts (been using Vista ever since…) I simply swipe my finger. Best thing is, you can actually use it as sort of a password safe for many apps and websites also. If you choose to activate the function, a wizard pops up each time you log in to some site, asking if you want to register. One swipe and you´re done, nice! The process is pretty non-intrusive…

 

That way I have been using the software quite a bit before I was asked to do a briefing with the Upek guys on their strategy. My expectations for that briefing where comparably low, as I figured Upek to be more or less a module supplier with strong hardware focus - little did I know… First of all, the supporting software for the client is quiet functional (despite the fact that it regularly crashes on me when my m1330 comes out of hibernate…haven´t seen that on my desktop PC with Vista 64Bit yet) and Upek recently entered the mass-market with some USB readers (called EIKON) to attach to your regular PC and one on USB stick format to take with you (EIKON To Go), supporting PC as well as the growing Mac user community. Now this did not really blew me away, just another way to sell an “security labeled convenience product”. Bext up was the possibility to use the Upek device as a “soft token”, taking the place of the usual RSA SecureID tokens. One could argue that at least the built-in readers decrease the intended security as you now only have to have the laptop for this instead of having token and laptop at hand. On the other hand, if you have to have ones finger to get the OTP, it´s more secure than just obtaining the token… If you go for the USB device, same thing applies – more secure as you need the biometric information. The big thing to come was revealed later during the briefing, while some sort Web 2.0 authentication service was described that should allow any relying party to use the biometric means of authentication by and through Upek technology. To fully understand the extent of this approach one needs to dig a bit deeper into the technology itself. If you are interested to read more, feel free to subscribe to our newsletter for the full version!

top
Services
Pages
Categories
Archives
Subscription

Enter your email address:

Delivered by FeedBurner
© 2009 Sebastian Rohr, Kuppinger Cole + Partner