Cryptolex Launches Biometric Single Sign-On Device

The company's Mobio device offers the ability for companies to integrate network and enterprise systems access technologies using a handheld thumb reader with cryptographic back-end software.

Download the authoritative guide: The Ultimate Guide to IT Security Vendors

Cryptolex introduced its new Mobio systems authentication device Oct. 23 with the aim of convincing enterprises to replace and unify their existing password sign-on technologies with the handheld biometric gadget.

Roughly the size of a pager, yet thin enough to fit into traditional ID badge holders, the Mobio carries a thumb-print reader and LED screen that is used to produce one-time passwords for gaining entry to enterprise systems.

Once a user has employed the device to log onto their networks, or individual applications, it can also be used as a wireless form of credential that automatically offers people access to software and hardware systems in their immediate area.

Companies are struggling to find methods to make their existing authentication systems work together more intelligently, and to provide a more universal, consistent manner of access for employees to gain entry to everything from enterprise software systems to server room doors, said Cryptolex founder and Chief Executive Clovis Najm.

A device such as the Mobio offers businesses the chance to add a new level of security over those systems, while also offering a centralized point of entry, he said.

"Businesses are becoming frustrated with their ability to use existing single sign-on technologies to create a trail to systems usage," said Najm.

"There are a lot of related process issues out there that exist because these technologies dont work together, and they make it even harder to employ biometrics and behavior-oriented tools; weve tried to address all of this by building all of these technologies into the architecture of a single device."

Using Mobio, Cryptolex maintains that organizations can have employees verify their identities when accessing just about anything.

The device promises to use its onboard biometrics and cryptographic capabilities to convert individuals fingerprints into password numbers, labeled by the vendor as Biocodes.

Those random numbers, which the firm claim never repeat, are only valid for a few seconds and are legally binding digital signatures that can be logged, tracked and audited to associate access to a particular user.

By using the Biocodes, a range of authentication systems circumvention techniques are prevented, including so-called spyware and man-in-the-middle attacks which attempt to intercept passwords as they are being used in the name of committing fraud, Cryptolex says.

Unlike biometrics built into laptop and other devices, the device can be taken anywhere and used for many more applications, such as gaining access to corporate buildings, according to the company.

Cryptolex also claims that the devices offer no threat of identity theft or fraud because when and if a Mobio is lost or stolen, it cannot be unlocked or misused by an unauthorized user and will only generate a Biocode based on its owners unique fingerprint.

/zimages/2/28571.gifClick here to read more about opposition to biometrics.

The device is supported by Cryptolex UID (Universal ID System), a combination of authentication hardware and software.

In addition to allowing companies to integrate and replace their existing authentication systems for employees, Cryptolex is pitching the Mobio as an ideal application for companies that employ many business partners, and must offer network or applications access to customers, consultants and other outside entities.

With temporary access technologies and less-protected shared IT systems becoming a popular point of attack from outsiders, Najm said, the devices can be distributed to any outside individual needing to gain access to buildings or systems, without handing over something that could potentially be misused or attacked by attackers.

"If you look at a sector such as the government where you really run into serious problems with the need to identify people from many different organizations that are working on the same systems, or in a share setting, thats when you really start to see why this is a much better alternative than single sign-on software," Najm said.

"Once someone has one of these devices, they can easily have access rights granted or revoked, and there is no chance that a password is going to help someone commit fraud, because its a one-time Biocode driven by biometrics."

Among the organizations already using the devices in pilot tests is the U.S. Navy, which has provided some startup funding for the company, which was founded in 2003.

Another potential use for the military for the Mobio is for helping informants in Iraq to communicate with the coalition forces without giving up information over the phone that could be used to identify them, Cryptolex executives said.

Pricing information for the individual devices has not yet been made available by Cryptolex.

/zimages/2/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.