|
||
|
|
|
              |
|
 |
 |
|||||||||||
|
 |
|
|||||||||
By William Van Winkle |
|||||||||||
Smart Printing Perhaps you noted that RSA’s smart cards ship out white and blank. Smart card printers don’t exactly fill shelves at Best Buy, but the need for them is scaling upward right alongside the rising global demand for smart cards. Fargo Electronics (www.fargo.com) is one big name in this space, and the company’s new HDP5000 reverse image, single-sided smart card printer currently lists for $3,995. Fargo definitely has its place in the market, but SMB resellers may prefer Zebra’s line of smart card printers (www.zebracard.com). Going up against the HDP5000 is Zebra’s P430i, which delivers faster speeds and dual-sided printing at the same price point. The P430i can handle contact and contactless smart cards, ISO 7811 magnetic stripe cards, hologram varnishes, and much more. Printing in 300 dpi full color on both card sides, the P430i can crank out 102 cards per hour. Zebra makes the point that smart card adoption doesn’t only apply to enterprises. Rock Falls Township High School stands roughly 100 miles west of Chicago, serving about 750 students. The school purchased Zebra’s prior dual-sided smart card printer, the P420i, in order to issue ID cards to every staff and faculty member. These cards accomplished several functions, including library book checkout, school bus access, permission to be on campus, sports event access, and freshman status since freshmen aren’t allowed to leave the school premises during the day. A photo, bar code, and other data, including a lunch program code, appears on the card front while emergency contact info appears on the back. In choosing the P420i, the high school left itself room to grow in its applications. For instance, the P420i supports the ISO 7816-2 contact smart card standard (the P430i adds contactless support), but the school’s applications don’t currently make use of the feature. Here’s the cool part for SMB resellers: The truth is that something like Zebra’s new P120i could have done the same job for a savings of well over $1,000. The P120i is a compact (9.6 lb.) contact smart card printer complete with 300 dpi, dye sublimation output on both card sides, able to print a two-sided, full color card in 40 seconds. With an MSRP of $2,895, this is an unprecedented price point for modest smart card deployments. “Large enterprises have already deployed ID cards,” says Zebra’s Ramaprasad. “At one time, these card printers were in excess of $10,000—very expensive machinery. Today, you can get card printers down as low as $1,500 to $2,000. A dry cleaner may not care about a card printer, but a high-tech startup would. The big play is probably in retail stores, like for printing gift cards. And that dry cleaner? Maybe they could print loyalty cards. SMBs need ID badges, access control into lab areas or conference rooms. Resellers might not get into selling readers immediately, but they can do the cards now.” Ramaprasad notes that his own daughter goes to a college that issues smart cards enabling different layers of access and capabilities. The school has its system set up to only allow certain people inside the science lab. The card also enables physical security by way of dorm access, plus it serves as a library card and a campus money card, as for buying things at the school’s bookstore. Zebra bundles its printers with drivers and is working on its own client application. For now, though, resellers may want to bundle the printers with the very prevalent ID Flow app from Jolly, Inc. (www.jollytech.com). Alternatively, Zebra provides an SDK for those who want to customize their own card apps from scratch. While it’s a tangent to the physical security discussion, keep an eye on how you can use the same smart cards suited to physical security in areas like customer loyalty programs. As stored value devices, these cards are ideal for gift certificates, but don’t ignore things like membership cards and loyalty program cards. All of these applications involve software integration and, potentially, the sale of new PCs to run the apps. Moreover, sufficiently robust software packages can perform multiple security-related tasks. Not only can a smart card allow or deny a person into a building, but the software behind the smart card system can perform tasks such as proximity management. In many companies, a “swipe badge” is only for visual identification and logging into a computer. Making it work for door access is the next step. But software can add another level such that if a user swipes his card in Building 1 and tries to log into a computer in Building 2, the system will plant a big red flag in front of the administrator and/or his back-up security contact. This is where partnering with a software developer able to adapt a vendor’s SDK can pay off.
Basics of Biometrics Hollywood would have us believe that most people keep the keys to their parked beater cars tucked above the driver’s side sun visor. (Hasta la vista, beater car.) We’re pretty sure this doesn’t happen much in the real world. What Hollywood hasn’t shown us is that the number one place to find someone’s corporate login password is under his keyboard or inside his desk drawer. We’ve interviewed real-world hackers, and one of the best security busters ever devised is donning a utility belt stocked with phone repair gear, showing up at the front desk with a clipboard, and saying that line noise on the phones needs to be checked out. In walks the hacker, who, while digging around with the phone jacks, unearths half a dozen passwords at different desks. Why do users commit these nearly priceless tidbits to paper and leave them in easy reach? For the same reason so many of us use only one or two passwords for all of our online wanderings: We just can’t keep anything more complex in our heads. This is why half of all passwords can be cracked with a simple dictionary attack, a software tool that cycles through common names and dictionary entries until a match is found. Lest you think that mixing letters with numbers solves the problem, Swiss security researchers in 2003 found a way to drop the average time needed to crack an alphanumeric Windows XP password from 101 seconds down to only 13.6 seconds. Far from needing a supercomputer, the exploit ran on an AMD Athlon 2500+ processor with 1.5GB of RAM. Note that while Vista no longer suffers from XP’s old password loopholes, new tools have emerged to enable similar results under the new OS. (See www.irongeek.com for some interesting info on cracking.) In theory, a strong alpha-numeric password with mixed casing and a symbol character or two is all but bulletproof. In reality, most people with a choice will shun such inscrutable text strings, and those without a choice will leave themselves a written reminder rather than risk the humiliation of calling IT staff for help. When hackers exploit such weaknesses and find only an inside sales rep’s daily call logs, the financial impact of poor security may be minimal (assuming a competitor wouldn’t profit from having those logs). When such leaks contribute to the theft of credit card databases, the story changes. Currently, the Federal Trade Commission places annual losses from such database theft at $680 million, a number that keeps climbing every year.
This is only one facet of the much larger problem of identity theft. In 2001, back when there were only 85,000 victims, the FTC pegged identity theft as the most common consumer complaint. Only four years later, the victim count had skyrocketed to 685,000. The solution to identity theft and password snafus would seem to be biometrics, the field dealing with the measurement of physical and behavioral characteristics. Unlike PINs and passwords, biometric attributes can’t be forgotten or jotted on a scrap of paper. They cover behavioral traits, such as voiceprint, written signature, and keystroke patterns, as well as physical traits, including hand geometry, facial feature geometry, iris patterns, DNA, and the most prevalent member of the category, fingerprint. Odder approaches continue to float through the market too. For example, only last year in India and Southeast Asia, Fujitsu launched a USB-based device for notebooks that senses and records the pattern of veins in a person’s palm. Skeptics will point out that biometric technologies have been around for many years and still seem to be floundering in obscurity. Moreover, biometrics, despite their blockbuster film sexiness, are often distrusted. Some view them as intrusive, as with retina scanning, and many worry about privacy issues. Go to the Electronic Frontier Foundation’s site on biometrics (www.eff.org/Privacy/Surveillance/biometrics) and you’ll find an extensive list of concerns ranging from Big Brother-ish surveillance to minority discrimination. This isn’t the place to render an opinion on such things, but we will say that, in the private sector, the negative privacy stigma surrounding biometrics seems largely inapplicable.
“Biometrics is not an invasion of privacy,” notes Robert Gailing, OEM business development manager for Panasonic System Solutions Company. “It’s really an additional layer of security protecting the information you have already provided. I think the general misconception is that you’re giving up something else, but the truth is that you’ve given up everything already. Your credit card, other personal information—it’s already out there for people to obtain. Biometrics provide positive user ID and an irrefutable audit trail. Your information is there in the mag stripe on the back of your cards. Adding biometric authentication to access that data adds security; it doesn’t take away privacy.” Finger It Out There is also the issue of dependability. Fingerprint biometrics have taken several well-publicized hits over the years, but most of these revolve around cheap optical sensors and trailing-edge analysis software. For years, fingerprint naysayers have pointed out that the biometric cannot enroll the entire population and thus is inherently limited. Children, Asians, and females tend to have thinner skin than other groups, and so a young Asian girl in particular is doomed to trouble with fingerprint enrollment. Then again, that hasn’t stopped the United Kingdom from deploying fingerprinting technology in about 3,500 schools, according to one BBC news story from last March. One of the most prominent blows to fingerprint biometrics was made last year on the Discovery Channel’s Mythbusters show, Episode 59, when the show’s brainiacs tried three different (successful) methods for defeating a fingerprint scanning door lock, one of which involved a simple photocopy of the source print. What the show didn’t point out was that most biometric systems not only require a second authentication factor (the Mythbusters already knew the requisite PIN) but also have the ability to set a sensitivity threshold in the verification application, and no mention was made of this device’s sensitivity setting. Note also that the PC-based fingerprint scanner required casting a latex fingerprint mold, much like what was done in the Charlie’s Angels movie. Note that more advanced fingerprint scanners, such as the Lumidigm (www.lumidigm.com) J-Series, use multiple light wavelengths to read both the finger surface as well as it’s sub-surface. Yet despite skepticism, slowly but surely, biometrics are gaining traction in the business world. Last month, Global Industry Analysts, Inc. issued a report stating that the world biometrics market will sustain over 33% compound annual growth through 2010, and the U.S. will emerge with over 37% of that share, which will total nearly $6.5 billion in revenue in that year. The firm states that the “AFIS [Automated Fingerprint Identification Systems] market, with an estimated share of 33.69% in 2006, will continue to be the largest segment over the analysis period.” According to a new report titled “World Silicon Chip Fingerprint Markets” from Frost & Sullivan, the fingerprint market earned $113.6 million in 2006. But by 2013, the industry analysis house expects these revenues to skyrocket to $1.9 billion.
“This exceptional growth in the silicon fingerprint market is primarily due to the growing popularity of biometric-enabled laptops and PC peripherals,” says Frost & Sullivan research analyst Imran F. Khan in the report’s press release. “Also, increasing security concerns drive manufacturers from vertical markets toward a relatively safe and convenient security solution such as silicon fingerprint sensors.” Khan cites significant recent interest in fingerprint technology from cell phone manufacturers, and one doesn’t have to think too far beyond the corporate data applications for Blackberry and Nokia to imagine how this might popularize fingerprint ID in the mainstream. No longer would the biometric harbor its criminal associations; instead, it would become a new “it” feature for those who have information worth protecting. Today, physical security on mobile devices is usually little more than a keypad lock and a PIN. HP, Dell, Lenovo, Sony, Fujitsu, Toshiba, and others all offer notebooks with integrated fingerprint scanners. This is still a tough feature to find in whitebooks, but you can always add on a PC Card fingerprint scanner, such as Silex’s FIC-200 or APC’s Biometric Password Manager PC Card 4000. Fingerprint peripherals are in ready supply from names like IOGEAR, Microsoft, and DigitalPersona, which actually sold its U.are.U consumer reader line to Microsoft a few years ago so it could focus on corporate applications. “Security has meant anything from antivirus to an RSA token, but biometrics and fingerprint has a different dimension,” says George Skaff, vice president of marketing at DigitalPersona. “Just recently, we’re starting to see the change in the tide and people realizing there are benefits to biometrics. They’re finding out what biometrics can do for them, and they’re starting to ask for it. We’re working very fast, very hard to bring channel partners onboard and train them correctly to understand the level of questions they need to ask and the products they can sell.” When we first tried the U.are.U system way back when it was under DigitalPersona’s roof, what grabbed us wasn’t the encrypted logon aspect of the reader and its client app. Rather, it was the ability to substitute a fingertip touch for every login/password query encountered online. Instead of the disaster-in-the-making approach of having one simple password for every site, U.are.U lets users correlate a fingerprint with an URL combined with that site’s username/password set. Not only is this more secure, but it also eliminates the problem of users letting their browsers automatically plug in login info for the added convenience. DigitalPersona now calls this feature One Touch Internet. “Who needs biometrics?” muses Skaff. “Every company that wants to prevent unauthorized access to its network. Every company that wants to reduce IT support costs by not having to reset passwords for users every so often. Every company out there that, either by law or desire, wants to keep an audit trail of all the people accessing corporate data, accessing the network, and using different applications. We’ve got a system that’s very simple to use, and it’s a great user experience. Your fingerprint is always with you. You don’t forget your token or your password. That fingerprint can replace every entry point where there is a login and password.” DigitalPersona’s client (“Workstation”) software plus either a standalone fingerprint reader or the company’s keyboard with integrated reader lists for $150. Many companies will want to link this with DigitalPersona Pro Server Software, which integrates into Active Directory under Windows Server 2000/2003 Standard and Enterprise as well as Small Business Server 2003 R2. The Server Software with support for 200 users costs $1,500, which can actually look quite reasonable given that the package provides biometrically airtight event logs for heightened regulatory compliance. The DigitalPersona Pro product is comparatively simple to install and all but brainless from the workstation user’s standpoint, and both of these points mean fewer support calls for system integrators. Resellers can also take the biometric installation as an opportunity to provide a more secure network infrastructure for clients, greatly expanding the revenue opportunity. ...more |
|||||||||||
 Back to top
|
|||||||||||
Copyright © 2007 RAM Magazine. All rights reserved.
Do not duplicate or redistribute in any form. |
|||||||||||
