Biometrics Is Closing in on the Enterprise

Biometric security vendors, which for years have been trying to make the leap from science fiction to the enterprise

Biometric security vendors, which for years have been trying to make the leap from science fiction to the enterprise, may soon reach their goal.

Banks, health care providers and government agencies are increasingly turning to iris scanners, voice recognition software and fingerprint scanners as simple and cost-effective means of securing networks against attackers and forgetful employees.

Hoping to capitalize on this wave of interest, companies such as Keyware Technologies and BioNetrix Systems Corp. are rolling out next-generation biometrics platforms designed to ease the burden of overworked IT staffs while providing increased security and greater convenience for users.

"You have to find the right balance between the level of security and the level of customer service," said Charlie Brenner, senior vice president of Fidelity Investments Center for Applied Technology, in Boston. The company uses fingerprint scanners internally and is considering them for retail customers. "People are frustrated by the number of passwords and PINs they have to carry around," Brenner said. "Theres plenty of latent demand for this."

Keyware this week will announce its CAS (Centralized Authentication Server) SignOn, a centrally managed authentication platform that enables customers to eliminate text passwords altogether or combine passwords with advanced biometrics such as face scanners and voice recognition.

CAS SignOn gives administrators the option of setting different authentication requirements for individual applications or sections of a network, whether intranet or extranet.

For example, a company could require only a password to access a shared corporate calendar but could also demand a voiceprint or facial scan to access back-end applications from companies such as SAP AG or PeopleSoft Inc. And because the platform is managed centrally and not at the user level, the administrator can easily change policies and permission levels. Administrators can also manage existing public-key infrastructure deployments through CAS SignOn.

Biometrics devices have had limited success, with most IT managers and CIOs dismissing them as overkill for the seemingly simple task of user authentication. However, e-commerce means that more outsiders, such as partners and customers, want access to corporate networks. This often translates into a deluge of requests for new passwords, which are often forgotten. As a result, its caused many IT professionals to reconsider their stance on biometrics.

"We want to use the technology thats available and use it to everyones advantage," said Wayne Singer, senior vice president of eMedicalFiles Inc., an Atlanta-based provider of health care applications and a Keyware customer. "Biometrics really take the level of security to the utmost."

BioNetrixs Authentication Suite 4.0, which was launched last week, lets users authenticate themselves over the Internet for Web-based applications. Like CAS SignOn, BioNetrixs platform is centrally managed and enables administrators to push policy changes to users and set levels of authentication for individual applications.

"Passwords arent good enough anymore, but you dont want to make it too difficult for the user, otherwise theyll resist it," said John Ticer, CEO of BioNetrix, in Vienna, Va. "Anything that reduces the difficulty of authentication makes the customers happy."

In anticipation of a big shift to wireless Internet access, BioNetrix and Keyware, based in Brussels, Belgium, and with U.S. headquarters in Woburn, Mass., are working on biometrics for mobile devices. BioNetrix is developing a prototype PDA (personal digital assistant)-based biometric device and talking with mobile phone makers to produce a software agent for their handsets.

The company is working on a signature recognition application that could be used in conjunction with a fingerprint scanner to authenticate a mobile user. "Theres going to be a huge proliferation of network entry points in the near future, and youre going to need stronger authentication," Ticer said.

Keyware is working on a voice recognition application for mobile phones and a fingerprint scanner for PDAs. Officials at both companies said the inherently unsecure nature of portable devices makes them a natural fit for high-level security measures such as biometrics. "Security-conscious customers like banks and government agencies will certainly have a need for these kinds of things," said Ray Desrochers, vice president of engineering at Keyware.

"Being able to define user-authentication policies at the domain level or even down to the user level is our strength."