http://www.newsbytes.com/news/02/176325.html By Carlos A Soto, Government Computer News WASHINGTON, D.C., U.S.A., 02 May 2002, 2:05 PM CST Biometrics vendors are doing their best to supplant passwords as the chief form of computer security, but Government Computer News Lab tests indicate that many of their products are not quite ready. Some developers have continued to improve already good devices, but others need to go back to the drawing board. Bad biometric security is worse than no security at all because it can lock out a legitimate user, admit an interloper or - perhaps most dangerous - lull a network administrator into a false sense of safety. For this review we examined six fingerprint-recognition devices and one voice-recognition device. A word of caution: An administrator cannot deploy large numbers of any of those fingerprint devices without third-party administrative software. This year, to test the efficiency of multiple biometrics products on the same computer system, we used the Saf 2000 software suite from SafLink Corp. of Bellevue, Wash. Saf 2000, priced at $49.95 per client, lets the administrator manage multiple biometric devices on a network. I created four accounts on a 1-gigahertz Pentium 4 PC running Microsoft Windows 2000. With the easy-to-use Saf 2000 administrative software, I enrolled a different trait for each account. L&H Speech Verification software from Lernout & Hauspie Speech Products USA Inc. came bundled with the SafLink suite and was by far the weakest link in this review. It was so sensitive to ambient sounds that it sometimes wouldn't let me log in if the air conditioning wasn't on as it had been during enrollment. I had to enroll three times before the software was satisfied with its template of my voice. Each enrollment required saying "my voice is my password" three times, as in the movie "Sneakers." So I had to say the phrase nine times to get a good template. The software made an X-Y graph of my speech patterns, pronunciation and speed. It calculated a mean of these points and converted the pattern into a template for identification. Even so, it couldn't recognize me when I had a cold or spoke too quickly or slowly. Although the software was user-friendly, it demanded perfect conditions and lots of patience, just as face recognition does. Every biometric device forces a user to standardize the entry of the trait that is being recognized. After a time, logging in on the device becomes second nature, like typing a familiar password. But although I've tested voice recognition in the past and used it intensively for a month for this review, I still dreaded logging in each morning. Most of Lernout & Hauspie has been acquired by ScanSoft Inc. of Peabody, Mass., and what remains is having financial difficulties. Neither L&H nor ScanSoft any longer supports the speech-verification software in the SafLink bundle, which SafLink originally licensed from L&H. The SecuGen Mouse from SecuGen Corp. of Milpitas, Calif., also came bundled with the Saf 2000 software. It was the only biometric mouse in the review that connected to the test PC via a combined parallel port and PS/2 cable. SecuGen sells other mice that connect to a universal-serial-bus port. The $119 parallel-port model used a track and ball, not optical tracking, but it had a fast, embedded optical chip for fingerprint recognition. The optical sensor, which recorded a thumbprint only, was on the left side of the device. To enroll other prints, the user would have to pick up the mouse. SecuGen curved the top of the mouse leftward to make placing the thumbprint more natural. That would inconvenience left-handed users. Despite those minor design flaws, the SecuGen mouse did its job well. It never failed at log-in, and I could not get around its security. Like the SecuGen mouse, the ergonomic U-Match Mouse from BioLink Technologies International Inc. used an optical sensor to pick up fingerprints. Because the U-Match mouse was larger than the SecuGen, as well as ergonomically shaped, the fingerprint plate at the left side was clumsier to use. The U-Match had USB connectivity and a scroll wheel. Also, the oxidation and erosion of paint by finger moisture we observed when we reviewed the U-Match a year ago were no longer a problem. We wish the U-Match were optical instead of track and ball; optical innards don't require cleaning and operate more smoothly. But the U-Match seemed too bulky and heavy to glide smoothly even if it were optical. The ID Mouse from Siemens AG used a small, more sophisticated silicon chip to identify fingerprints. It was the only optical laser mouse in the review, and it cost $119. For those reasons, and its USB connection, our Reviewer's Choice and Bang for the Buck designations went to the ID Mouse. Siemens smartly placed the ambidextrous fingerprint sensor at the center of the device so that a user could enroll any finger comfortably. The Microsoft Windows XP operating system has been out for more than six months, and you'd think every biometric product would now be XP-compatible. But only two of our fingerprint devices had drivers for XP when we started reviewing biometric devices in February. Only one of those products had XP-compatible software and was XP-certified: the $130 DFR-200 BioTouch USB fingerprint reader with BioLogon 3 software from Identix Inc. These products were also the easiest to set up and use. The BioTouch USB reader with BioLogon 3 connected at least a minute faster than serial-port devices, which sometimes required rebooting twice. BioTouch installation took just one reboot. Because the BioTouch USB had an optical sensor for fingerprints, it was bulkier than a silicon-chip device. It also had an awkward arrangement for placing a finger on the optical sensor. The BioLogon 3 software converted that data into a log-in algorithm, stored on a server or desktop PC. Users wary of identity theft are increasingly reluctant to put a fingerprint credential on a networked system that could be hacked. Sony Electronics Inc. and a Swedish company, Precise Biometrics, have an answer. Their fingerprint-recognition devices keep the print data in the devices themselves, not on a server or PC, and they have added other security enhancements. Last year we looked at Precise Biometrics's 100 SC. This year, the new USB-connected Precise 100 MC surpassed our expectations, earning a Reviewer's Choice designation. The Precise 100 MC received an A-minus grade for better speed and ease of use in a streamlined hardware design. The 100 MC design abandoned the SC line's silicon sensor, from Veridicom Inc. of Sunnyvale, Calif., in favor of a smaller chip from AuthenTec Inc. of Melbourne, Fla. Another improvement to the $200 Precise 100 MC was the addition of a $10 smart-card token with an 8-MHz mini-processor running Java. Although XP drivers are ready for the MC, the suite isn't yet XP-compatible. Sony Electronics focused on hardware with the FIU-710 Puppy. Known for sleek designs, Sony did a good job of making the $200 USB unit light and easy to handle. The Puppy, which performs the functions of fingerprint reader and smart card, is far smaller and thinner than the Precise 100 MC. Sony manufactured the silicon chip, which performed in our tests perhaps a tenth of a second faster than the speedy 100 MC. It also seemed more durable thanks to a metal sensor cover that retracted when a finger slid onto the chip. The Secure Suite software bundled with the Puppy was easier to install and set up than the Precise suite. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon May 06 2002 - 03:47:00 PDT