Main Menu
· Home
· Topics
· Search

Other Resources
· Downloads
· FAQ
· Top Ten
· Web Links
Login
 



 


 Log in Problems?
 New User? Sign Up!
News by Category



Theme from THEMES.crossworlds.ru

Other: Nevermind passwords, time for fingerprint recognition
Posted on Jun 08, 2004 - 08:41 AM by zmcnulty
Email to a friend Send this story to someone | Print this article Printer-friendly page
NTT
Topic: NTT
Category: Other
Technorati: Linking Blogs

Every time I think of fingerprint recognition, though, I recall that part in...that o­ne movie, where the bad guy cuts off some dude's finger to use it o­n the fingerprint recognition gate.

But guess what? Apparently certain fingerprint recognition devices have protection against this sort of thing.

NTT and NTT Electronics have developed a small USB device that can store up to 120 passwords, 63 characters long - and will output them to a PC when o­ne uses its fingerprint recognition function.



NTT Corporation and NTT Electronics Corporation (hereafter, NEL) announced o­n the 8th that they have developed the "FingerQuick," a fingerprint recognition token, and that NEL will begin selling it o­n the 10th. Two products, the standard "FQB-10," and the o­ne-time password "FQO-10" will be made available o­n not o­nly directly from NEL, but the former from Touwa Coporation, and the latter from Marubeni Solutions Corporation. Although they are Open Price, indicators suggest that o­ne token should cost around 20,000 yen; also, volume discounts are planned to be made. Supported operating systems are Windows 98 SE, ME, 2000, and XP.

The FingerQuick is a fingerprint recognition token that connects via USB. Passwords are recorded into it beforehand, and it will output them to the PC - but since it is recognized as a USB keyboard by the PC, no special device drivers are needed. Passwords up to 63 characters long can be saved, so o­ne could retain a high level of security by simply setting a long password almost impossible for humans to remember. If biometric technology such as this fingerprint recognition is used, there won't be worries about losing something, theft, or borrowing/lending commonly associated with using o­nly a password or IC cards, making for reliable security.

On the data retention side, passwords stored inside of the FingerQuick are encrypted, and can o­nly be decrypted with a fingerprint comparison. In addition, since fingerprint comparisons are carried out inside the FingerQuick itself, the fingerprint data can be used without outputting it to the PC or system side.

The FQB-10 can stored up to 12 passwords for each finger, and the device supports operation in such a fashion that the index finger is for Windows login, the middle finger is for opening up encrypted Word files, etc.

The FQO-10 is a USB token containing a o­ne-time password generation algorithm that supports Secure Computing Corporation's fingerprint verification server. When this algorithm is used with the FQO-10, it makes for a solution consisting of both fingerprint verification and a o­ne-time password. The o­ne time password is assigned to o­ne finger in particular, and the remaining 9 fingers can be assigned fixed passwords in the same way as the FQB-10, meaning that the o­ne-time password can be used for o­ne device, and the fixed passwords can be used for other things.

NEL is releasing this device in accordance with their recent focus o­n strengthening security, and including the NTT group, plans sales of 30,000 units in a year, or 600,000,000 yen.



Inspired by:
http://enterprise.watch.impress.co.jp/cda/security/2004/06/08/2523.html

Press Release:
http://www.nel.co.jp/new/information/2004_06_08.html


Also in Other:

Also in NTT:



Comments (must be registered to post)
zmcnulty
08.06.04, 08:49
I like the idea of not having to remember passwords or worry about losing an IC card, but this thing has no protection against loss of itself.

If you were to really set all these passwords so that they couldn't be remembered by humans, that means you wouldn't be able to remember them either. And since the passwords are stored in the device itself, well what happens if you lose it? You're hosed.

NTT needs to think about their network model a little harder. If it were me, I'd use the "one-time password" model to create a system that allowed users to access their old passwords in the event that they lost their device. This would require them getting *another* fingerprint recognition device so that the server could recognize them, but it would be better than being out on a limb.



For example, when you buy a device for the first time, you setup an account on the NEL server. You store your fingerprint, as well as your passwords for backup purposes. You go on with your daily life, using your fingerprint recognition. But then one day, you lose your device.

So what do you do? You go buy a new one. When you input your fingerprint into it, the server recognizes that you've already registered, and will automatically load your new device with your old passwords.



The second device, the FQO, is a step in the right direction with the one-time password from Secure Computing Corporation. But it's only one password that's generated in this manner. Perhaps if they made it so that this one password could let you access your other ones too?

Yes, I admit that there are a couple of security holes in my idea, but it's better than running the risk of simply losing this thing.