As biometric security goes, fingerprint recognition systems may be less expensive, but the eyes have it. The iris is the most unique identifier on the human body, but it has been the focus of few biometric efforts. The reason: Iris scanning systems have been expensive, slow and often cant work easily in networked environments.
The Panasonic Biometrics Groups $200 Authenticam shows that advanced biometrics are entering the mainstream—and what still needs to be done.
The Authenticams price alone is an eye-opener, bringing the cost of sophisticated iris scanning technology closer to fingerprint recognition systems, which are roughly $100 per system. The price of biometric devices in general should continue to drop over the next few years, becoming a fraction of the cost of implementing single-sign-on authentication necessary for network deployment of biometrics.
However, the target market for the Authenticam package is unclear. The products Web camera capabil- ities, its price and its packaging—part of which focuses on storing user names and passwords for Web sites accessed via Microsoft Corp.s Internet Explorer—make it suitable for consumers. Its rare, however, for consumers to require such tight security on their workstations. A better target would be midsize companies that need absolute security on one or two of their computers or larger companies requiring access to designated locations within their facilities.
Whats Under the Hood
Whats Under the Hood
The authenticam consists of three parts: the camera itself, PrivateID iris scanning technology from Iridian Technologies Inc. and I/O Software Inc.s SecureSuite of security applications. The software portions are loosely integrated, and the camera hardware doubles as a Web camera that can be used as a video capture device thats compatible with any standards-based videoconferencing application.
The most technically significant part of the Authenticam is, of course, the iris recognition technology. The PrivateID software takes four images of a users iris during the enrollment process.
Patterns on the human iris are far more complex than fingerprints and facial patterns. The false-acceptance rate for iris recognition systems is 1 in 1.2 million, statistically better than the average fingerprint recognition system. However, since any biometric device can be coupled with a challenge response system that makes it statistically impossible to break into a system, the false- acceptance-rate advantage isnt critical.
The real benefit of iris recognition is in the false-rejection rate, a measure of authenticated users who are rejected. Fingerprint scanners have a 3 percent false-rejection rate, whereas iris scanning systems boast rates at the 0 percent level.
Iris scanning is more intrusive and requires users to gaze into a camera lens for about 2 seconds. In tests, the Authenticam recognized and authenticated iris patterns in about a second from a distance of about 18 to 24 inches, but this might still be a put-off to some users.
There are also limitations: Every user must be enrolled, each desktop requiring security must be Windows-based and have a Web camera, and things such as dirty glasses and bad lighting can slow authentication. These limitations make the Authenticam usable only on workstations for which administrators need the most intense protection.
The Authenticam is packaged to secure individual workstations, and installation was fairly simple. We set up an Authenticam on a Windows 2000 system with 512MB of RAM and a 1GHz processor. Panasonic recommends a Pentium-class 333MHz or greater system running Windows 98, Windows ME or Windows 2000, with at least 64MB of RAM.
The camera plugs into a Universal Serial Bus port, and the software and drivers should be loaded before installation of the hardware.
The Fit Factor
The Fit Factor
The tough and costly part of implementing biometrics, or any security scheme, centers on how well the authentication database fits into a companys overall security management system. The Authenticam is designed to protect local machines, so it cannot authenticate users across a network without a third-party solution.
For that, Iridian offers the KnowWho database, a separate Windows NT-based solution that accepts iris images from the PrivateID software included with the Authenticam. The KnowWho database (built on either Microsoft SQL Server or Oracle Corp.s namesake database) handles processing and enrollment of all iris images. It features a software development kit that allows the database to connect into single-sign-on authentication systems from other vendors, such as Computer Associates International Inc.s eTrust.
I/O Software SecureSuite in the Authenticam package is a good security suite with only a so-so implementation. The user interface is functional but can be annoying. SecureSuite includes User Manager for adding users, modifying log-in profiles (password, iris recognition or both), and profiles for how users interact with SecureSession applications (SecureSession is a “password vault” for logging into secure Web sites.)
The same User Manager application is both a Control Panel item and an application, and it can be launched from the Windows tool bar.
When enrolling users, SecureSuite required us to create a new administrator account that supposedly supplants the original administrator account. On systems with more than one log-in account, administrators must migrate users into SecureSuite. This is an easy process, and it allows all named users to have access to SecureSuites enhanced log-in functions that include access to the PrivateID iris recognition.
Unfortunately, we were unable to migrate our original administrator account—which may not matter. Applications that replace security settings in an operating system will without fail cause IT administrators to raise their eyebrows.
eWeek Labs Director John Taschek can be reached at john_taschek@ziffdavis.com.
Authenticam
Authenticam
USABILITY |
B |
CAPABILITY |
B |
PERFORMANCE |
B |
INTEROPERABILITY |
C |
MANAGEABILITY |
C |
Iris recognition security is not meant for the masses—or is it? Panasonics $200 Authenticam brings fast, advanced biometrics to a new audience. The Authenticam includes I/O Softwares SecureSuite, which enables users to store passwords, lock applications and fill in passwords using their eyes as the authentication mechanism. However, not many users will need this level of protection on their workstation.
SHORT-TERM BUSINESS IMPACT // Biometric security methods in general are new, and the market is small. The Authenticam shows that advanced security can be implemented inexpensively, although the impact in the near future will be confined to a few departments within corporations and some experimental consumers.
LONG-TERM BUSINESS IMPACT // The outlook is good for biometrics. As corporations tighten security, iris recognition—one of the most accurate kinds of biometric security—should take a healthy chunk of the market over the next three to five years. Iris recognition will, nevertheless, take a secondary role to the more pervasive fingerprint scanning solutions.
PROS: Easy to use and implement; inexpensive when installed on a desktop; camera doubles as a Web cam for videoconferencing; advanced security authentication features; fast response times; easy enrollment process.
CONS: SecureSuite tools could be more tightly integrated; SecureSession log-in manager doesnt work on all Web sites, including sites that use nontraditional log-in fields and those that use applets; cannot authenticate users across a network without third-party help; works only on Windows.
Panasonic Biometrics Group, a division of Panasonic Security & Digital Imaging Co., Secaucus, N.J.; (888) 880- 8474; www.Panasonic.com