Fujitsu, IBM Integrate Palm Vein Biometrics in SSO Solution

| 0 Comments | 0 TrackBacks
Solution Combines Physical/Logical Elements for Password-Free Security

IBM and Fujitsu Frontech North America Inc. today announced a single sign on solution that incorporates Fujitsu's PalmSecure LOGONDIRECTOR with IBM Tivoli Access Manager for Single Sign On. The solution eliminates the need for employees to remember even a single password: instead, they will hold their hand over a small, mouse-like scanning device attached to their computer or laptop via a common USB cord.
The device reads the vein pattern in the user's palm, matching it against a pre-registered palm vein pattern, before granting access to applications.

(Watch Steve Titch's video of the PalmSecure reader being demonstrated by Jim Preasmyer, director of sales and business development, Advanced Technology Group, Fujitsu Frontech, at ASIS in September 2009.)

The scanning device is purely mechanical: it takes a picture, but doesn't store that or any user data, Preasmyer told Security Squared in a pre-release briefing. If one were stolen, it would be useless even if the miscreant stole an active user name, too, because the unique palm vein scan must match the user name.

The palm vein-to-user id match also makes it easy for IT to ensure a terminated employee no longer has access to any applications or data, Preasmyer said. "With PalmSecure, they eliminate that one credential, and the person wouldn't have access to anything."

The palm scanner can be used with any USB-compatible computing device, so the solution could be used for greater data security with telecommuting workers or employees on the road.

We find the announcement interesting for several reasons. First, IBM Tivoli  and Tivoli Access Manager are powerful logical identity management tools that enable enterprises to define roles for their employees and then base logical--and potentially, physical--access rights on those roles. As roles-based access becomes broader, it's important to verify the physical identity of the person accessing assets matches the digital persona.

Similarly, as cloud-computing increases, it will be critical to ensure the logical identity accessing the cloud is physically who the enterprise thinks it is. Robust biometrics solutions seem an obvious way to correlate physical and logical identities. Fujitsu and IBM say the independent International Biometric Group has found palm vein recognition comparable to iris-scanning technology in accuracy while being less intrusive. Further, it is difficult to spoof, say the vendors, because it uses no trace technology and leaves virtually no biometric footprint.

Using a palm vein scan for physical access control as well as for logical access control "would be a very powerful solution set," Preasmyer told us. A palm scan could be double verification of a person's physical presence at particular place and then again at a specific PC, such as first at the door of a control room and then at a console inside. The technology could be linked to applications, such as time and attendance systems. It could also address compliance issues when data must be accessed remotely, such as a physician writing an order from home.

"We're looking to the next step of integrating with physical access control," said Preasmyer. "That would be very appealing to the marketplace."
 
 # # #
Solution Combines Physical/Logical Elements for Password-Free Security

IBM and Fujitsu Frontech North America Inc. today announced a single sign on solution that incorporates Fujitsu's PalmSecure LOGONDIRECTOR with IBM Tivoli Access Manager for Single Sign On. The solution eliminates the need for employees to remember even a single password: instead, they will hold their hand over a small, mouse-like scanning device attached to their computer or laptop via a common USB cord.
The device reads the vein pattern in the user's palm, matching it against a pre-registered palm vein pattern, before granting access to applications.

(Watch Steve Titch's video of the PalmSecure reader being demonstrated by Jim Preasmyer, director of sales and business development, Advanced Technology Group, Fujitsu Frontech, at ASIS in September 2009.)

The scanning device is purely mechanical: it takes a picture, but doesn't store that or any user data, Preasmyer told Security Squared in a pre-release briefing. If one were stolen, it would be useless even if the miscreant stole an active user name, too, because the unique palm vein scan must match the user name.

The palm vein-to-user id match also makes it easy for IT to ensure a terminated employee no longer has access to any applications or data, Preasmyer said. "With PalmSecure, they eliminate that one credential, and the person wouldn't have access to anything."

The palm scanner can be used with any USB-compatible computing device, so the solution could be used for greater data security with telecommuting workers or employees on the road.

We find the announcement interesting for several reasons. First, IBM Tivoli  and Tivoli Access Manager are powerful logical identity management tools that enable enterprises to define roles for their employees and then base logical--and potentially, physical--access rights on those roles. As roles-based access becomes broader, it's important to verify the physical identity of the person accessing assets matches the digital persona.

Similarly, as cloud-computing increases, it will be critical to ensure the logical identity accessing the cloud is physically who the enterprise thinks it is. Robust biometrics solutions seem an obvious way to correlate physical and logical identities. Fujitsu and IBM say the independent International Biometric Group has found palm vein recognition comparable to iris-scanning technology in accuracy while being less intrusive. Further, it is difficult to spoof, say the vendors, because it uses no trace technology and leaves virtually no biometric footprint.

Using a palm vein scan for physical access control as well as for logical access control "would be a very powerful solution set," Preasmyer told us. A palm scan could be double verification of a person's physical presence at particular place and then again at a specific PC, such as first at the door of a control room and then at a console inside. The technology could be linked to applications, such as time and attendance systems. It could also address compliance issues when data must be accessed remotely, such as a physician writing an order from home.

"We're looking to the next step of integrating with physical access control," said Preasmyer. "That would be very appealing to the marketplace."
 
 # # #

No TrackBacks

TrackBack URL: http://www.securitysquared.com/cgi-bin/mt/mt-tb.cgi/150

Leave a comment