Slashdot Mirror
Acer Laptop W/Fingerprint Recognition System
Dekaner writes "Acer has announced the TravelMate 740 with a built-in fingerprint recognition security system. The fingerprint sensor is part of the notebook? s palm rest. Users must train the recognition system, which is then used to boot the machine or to decrypt files stored on the hard disk. The TravelMate has a 1.2 GHz Pentium III processor, a 15-inch screen with a resolution of 1400 by 1050 pixels, built in 56K modem and Ethernet connection, and it can be supplied with either 128 or 256 MB of memory. It can be configured with a second hard disk, CD-ROM, DVD, or a DVD-CD-RW drive. It will go on sale in October."
Finger Print!
This
If there is one thing I learned from 'Demoliton Man' with Rocky^H^H^H^H^HSylvester Stallone is that Wesley Snipes will come and cut parts of your body off if he needs them badly enough.
Don't keep data on this thing that's worth dismemberment, because scary terrorist-types will cut your fingers off.
The next Slashdot story will be ready soon, but subscribers can beat the rush and slashdot the links early!
Yeah, but according to the new crypto laws you'll have to cut off your pinkies and give 'em to the FBI to keep in "finger escrow."
These small, integrated fingerprinter scanners have been in the works for a while now. It's good to see that they're finally being put to use. What's next? Fingerprint ID car-starters? Cell-phones? so many possibilities...
10 cents says you can boot into the bios and reset it, or use a paperclip.
If not, how could you ever sell it, or let anyone else use it?
"Would it kill you to put down the toilet seat?" -- Maya Angelou
What stops you from reformatting the hd to get rid of this thing?
-
ping -f 255.255.255.255 # if only
Now I will have to use both hands to run the laptop. No more Pr0n surfing for me. :(
There are 01 kinds of cars in the world. The General Lee, and everything else.
The article is short on details but it seems not to be very reliable. In corporations, the IT department usually has a master key so that even when the employee leaves, the company can still retrieve the data. What about this fingerprint-recognition system?
Second, this article makes me wonder if Slashdot will consider inserting text ads like Google by masquerading as submissions. I think it is a great way to get income to maintain this heavyly used site (banners at the top are no longer very effective), given the financial conditions of the parent company VA Linux.
¦ ©® ±
Simply because it's made by Acer. Everything with that brand name turns to crap, a' la the old Packard Bell.
Curb CO2 emissions: Kill yourself today!
I knew someone would eventually find a way to make all those fancy CEO's give their laptop the finger.
Btw: for all the l337 hackers suggesting cutting off fingers: proper finger recognition systems can sense whether the finger being scanned is attached to a living body by checking for temperature, pulse etc. So instead of just stealing your thumb and laptop, they will have to steal you as well.
I intend to live forever, so far so good.
Gives new meaning to the phrase "three-finger salute," doesn't it?
Ctrl-Alt-middle finger, indeed.
In Soviet Russia, Jesus asks: "What Would You Do?"
this article mentions java-based smart card readers that work with Linux. Does anyone know of a similar biometric product?
"Weapons should be hardy rather than decorative" - Miyamoto Musashi
I think that goes for OS's too
and cuming up with a suitable source of DNA samples should not be difficult...
This should be very popular with companies - problem #1 with giving managers/execs laptops is they'll lose them or have them stolen, which, when combined with the lack of (transparently) easy security means that a lot of important data can be compromised very easily.
For the same reasons it should be popular with MI6 who last year seemed to be losing a laptop a month.
So long as it's implemented sensibley, I think Acer are on a winner here.
I've heard of systems that have technology to make them NOT work unless a full body is behind the hand. I believe it detects body tempurature as well. Any idea if this technology exists on this machine?
There's no "I" in Linux.. err..
What I am wondering is when is the verification done? Is it completely seperate than the OS, or does the OS load up some program? I would hope it does it immediately after you turn it on, that way it would be much hard to bypass. Still, though, when things like this usually come out, it normally only keeps Normal Joe User out, and it a gifted person that knew what they were doing (the type that would probably steal the laptop to begin with), they could probably access the data somehow. None the less, though, some security is better than none!
Moon Macrosystems. Sun's biggest competitor.
This sort of biometric authentication is not really all that vital for most of us, and the effort required to keep it functional, in this case at least, outweighs any advantage gained.
Don't get me wrong -- I can see this being very useful for corporations and governments who have valuable information to keep encrypted. For those applications, this is a good idea.
The problem I see is that fingerprint sensors require maintenance. The human fingertip exudes oil, used to increase the traction of the fingertip. This is not good for a sensing surface, and will necessitate regular cleaning. Anyone who has owned a trackball can tell you that anything the finger touches regularly, builds up gunk quickly.
Another problem is susceptibility to damage -- scratches in particular. I wouldn't want to be locked out of my files due to clumsiness. Also, damage to the recognition system through any form of clumsiness will keep you out of your encrypted files. Using an ordinary encryption method, you'd just hook the HD up to a different machine and be back in business.
I'll assume that the device is good enough to detect your print accurately. I wouldn't think the company would willingly release a half-engineered product in such an important area as authentication.
Denial isn't just a river in Italy
The only problem with finger-print recognition that I've seen so far is that if the pads of your fingers are scuffed or damaged you'll get an incorrect read. Could you imagine being an executive trying to get to his files after a weekend of fishing/boating/gardening or whatever, just to find out your thumb pad had been scratched up a bit? Whups.
I'm not positive, but I think they only take a read from one finger too... So you couldn't store say 3-4 prints just incase one finger gets scratched up.
"Stop saying 'Don't quote me' because if no one quotes you, you probably haven't said a thing worth saying" -KMFDM
Data Glove That Turns Gestures Into Commands
and
Body Powered Batteries -- Thermoelectrics
and you have total wearible personalized computer!
this will only keep out your friends. Your enemies would just steal your notebook and then take it apart and eventually get the stuff off your hard drive from another machine.
At least this is a step in the right direction.
This should definitely add to the FUD-factor at your local Best Buy, though...i can see it now:
Salesman: But if you don't have fingerprint recognition, ANYONE can get into your private personal super-top-secretest files!!! Even TERRORISTS!!!!
Customer: I'll take fifteen of 'em!!!
I'd hope that they've tested this thing 9 ways from Sunday. Hate to be 6-12 months into my ownership of one of these, and suddenly have the scanner stop working. Let's hope it's a rugged, fail resistent (IE, SIMPLY made), piece of hardware, that can be overridden by some alternate means.
I like the idea of a backup password to allow you to still boot the machine should fingerprint ID not work. It's not quite as secure as the standard "Have something, know something" protocol, but it'd at least let you check your email until the scanner could be replaced.
And here I left my hand in my other pants. I really have to get those files to the Boss!
"No one will smell that."
BTW, what if I scorch my finger?(I guess it could work but I would like to be sure)
Finally, some more details are given just a click deeper...
Trolling using another account since 2005.
When the laptop is stolen, if the thief tries to log in, perhaps it could let them continue a bit while it sends the fingerprint to the police for identification.
Damn, I should've patented this instead of releasing it to public domain by posting in a public forum!
McFly777
- - -
"What do people mean when they say the computer went down on them?" -Marilyn Pittman
Office Max (and I am sure others) sell a $50 USB finger print reader. I have always thought it would be cool to make a driver for this in Linux. It could also be used to loggin, protecte files, etc.
Anyone wanna help?
What happens if something goes wrong with the
finger print reader?
"as plurdled gabbleblotchits on a lurgid bee" - Prostetnic Vogon Jeltz. (One man's humorous is another mans flamebait)
Acer already produces a laptop with a built-in fingerprint scanner--and earlier version of the same travelmate line. We reviewed their laptop for use at my school, and found that the fingerprint ID could not be configured to work with a bios password, and the machine they supplied us with had the worst password validation program (complete with James Bond style voice prompts). In short, my school actually specified that they didn't want the "integrated" fingerprint scanner when they purchased this year's laptops.
We'll get Passport integration, too? Once the DNA readers come along we can keep our genetic code on file in Redmond. {feelings of unsettle}
Ok, does anyone remember acer desktop machines?
Is there any reason that we would want to buy a piece of malfunctioning junk like that again, even if it does have it's own paranoia system installed?
Perhaps if it were a company that didn't make utter junk, I would consider it. But then again, I'm not stupid enough to put data that sensitive on a bloody laptop!
My guess is that it's only intended to protect the data, and that you could still use the laptop itself if you formatted or something. If you want real security on your laptop, install lo-jack. Or go retro and just handcuff it to yourself like those guys with the briefcases.
I've had an old older model travelmate with fingerprint recognition for over 6 months now.
I don't use it because I'm worried I won't be able to get back in. (apparently even different levels of grease on your fingers can throw off the sensor)
If you use it for you hard drive, and you get locked out, you have to ship the drive back to the manufacturer so they can physically reset it.
I'll stick to passwords for now.
Is a thief more likely to:
a) Read the warning label before taking it, or;
b) Take it and see what he's got later?
If b), you've lost it anyway...
http://www.blitzbasic.com/
Graphics3D 640, 480
In corporations, the IT department usually has a master key so that even when the employee leaves, the company can still retrieve the data. What about this fingerprint-recognition system?
You leave. Your finger stays.
You can have my laptop when you pry it out of my cold-dead-er-nevermind.
"Draco dormiens nunquam titillandus."
"...a 15-inch screen with a resolution of 1400 by 1050 pixels..."
When will these types of screens be available in standard laptops??? I'm not interested in the finger print technology, I just want that display!!!
---
Programming is like sex... Make one mistake and support it the rest of your life.
Forget the finger print, how about that resolution!?
1400 by 1050 pixels? That's better than my desktop's!
This would be a great way to both improve ese of use, and security at the same time. no more repeaded logins to do simple maintenace.
The article fails to give a technical explanation on exactly how the fingerprints enhance security. Does anyone here really believe that this laptop can protect its data when it is stolen? In order to do that it must encrypt the data on the disk.
:-)
Using what encryption key? Your fingerprint? Does anyone believe that your fingerprints are secret? You are putting thousands of copies of your prints on various objects every day. You probably have several fingerprints on your laptop! And once your secret encryption key becomes known, how do you change your key?
The key (sorry) to good encryption security is to change your keys often.
Until a good technical description on the security is provided I will regard this laptop as techno-babble trying to impress PHB types.
)9TSS
This sounds great, except for the fact that it's an Acer.
After doing some research, I recommended to my girlfriend that she buy an Acer laptop. The reasons were simple - it had a modem, ethernet, and wireless ethernet built in, it had a large 14" screen, and it was only 5.2 pounds with the dvd drive installed, 4.5 without, and came installed with Windows 2000.
I looked at a variety of other laptops, especially Dell and Compaq, and none could build in everything (she wanted wireless ethernet for use at college and in the future) at such a low weight. The price wasn't too bad either, for last June - about $2100 including Windows 2000 and Office 2000 from CDW.
When it arrived, there was a feature I sort of brushed over - a smart card reader. Its primary purpose in this laptop is to restrict access if the card is not installed. It looks like a credit card, and is easily removable. By default, the security settings are such that the smart card must be installed for the computer to boot. Of course, this isn't perfect protection against things like theft, but it is more convenient than a boot password to prevent people from simply using the laptop.
So I am not surprised to see that Acer is leading the way with more laptop security features. I absolutely hate the many old desktops that I have had to fix over the years, but the quality of the laptops is quite nice. They fit a lot of features, including some pioneering ones, into a laptop that is comparable in price to Toshiba and Dell with less weight.
"The universe seems neither benign nor hostile, merely indifferent." --Carl Sagan
Linux users beware. I was the proud owner of a AcerNote 370. What can I say, it was cheap. Not only were the PC card slots sunk in to the case (sorry folks, no x-jack) but all of the nifty "features" like 0-power sleep mode, were Windoze drivers, i.e. wiping the hard drive and installing Slackware wiped out all those options. You get what you pay for I guess. I wrote Acer, hoping to maybe get some specs on the BIOS hooks so I could hack my own... no go. I would imagine this laptop is the same, with all the features meshed into W2k
I've got my Vaio now, life is much better.
Indeed, if we don't know how it works internally, how do we know that Acer hasn't built a huge backdoor into it (like how their CEO's fingerprints or an easily reproducable pattern will always work)?
I expect it uses some system to "hash" fingerprints into simpler indentifiers, but how do we know that this function is unique? I've already dealt with iris-identification products that, given a large enough input sample, start incorrectly identifying people since the hashing function didn't produce unique hashes.
Pretty simple. This technique has proven itself at cash machines. Biometrics may marginally help prevent someone from stealing a machine outright when you're not there. So if someone really needs the data, it just means they're going to wait for the owner/key to arrive. Yoink.
Risking getting modded down for flaming...
You're dumb.
Someone can hold a gun to your head and demand your password too.
If you are dead, the fingerprint wont work. If you'd do any research and actually think you'd realize this. Using a fingerprint actually requires that the pirate keep you alive.
In conclusion, you're dumb, and fingerprints are an order of magnitude more secure and safe for people to use.
you lose all the important information that needed the fingerprint to begin with.
Only the State obtains its revenue by coercion. - Murray Rothbard
"No, no, no, Lisa. If adults don't like their jobs, they don't go on strike. They just go in every day and do it really half-assed." -- Homer Simpson
"The best laid plans of mice and men gang oft agley..." - ROBERT BURNS
Now all we need is breathalyzers for email!
Clearly a cheap ripoff of thier iFinger security system. They invented everything, you know?
We tried registering all of my fingers to no avail. In the end, I got a magnetic card to get in.
I had tried one of those systems where you sign for authentication, too. But it turns out that I can't write my own signature the same twice. I haven't had much luck in having biometric authentication figure out who I am.
I'm not so sure that biometrics are really a good idea. People have already pointed out various means to thwart the system, i.e. chop off your finger, put a gun to your head. Facial recognition systems have proven so far to be less than reliable. I don't understand how biometrics will make any information more secure than already well established best practices for security.
This trend towards biometrics just seems like a way to make security somewhat brainless. The big problem is that security that is brainless isn't security.
So pop your severed finger in the microwave for a few secs and give it a healthy sqeeze every so often during the logon...
I guess it might take some trial and error to get the microwave times right.
Logon failed... you should see a doctor.
Dear employee:
Take the day off today! You'll be glad to know that we, Company X, will now be providing you with a virtually unlimited amount of vacation and personal days. Acceptance of this policy is mandatory and paychecks will stop being deposited in your bank account starting today.
Please stop by your vacation advisor's desk on your way out so that we may guillotine your finger off in case we need to retrieve any of your files and documents.
Thanks, and have a great vacation!
-management
-Company X
what about some silly people who touch their screens all the time as though they have a point to prove when they try and squish out the LCD showing some PPT.
if the print remains you could dust it off and possibly use that to auth.
also did acer remove all clear plastic surfaces from the device?? (logo tags etc?)
... good thing it doesn't use a built-in willyprint recognition security system!
This thing is probably the same way. "Oh no, I can't make it boot without the fingerprint". "Okay, let's take out the hard drive and put it in a different computer"
Gimmick, yes.
"Encrypting the hard drive or portions of it as with PGPDisk is still the most secure."
"Users must train the recognition system, which is then used to boot the machine or to decrypt files stored on the hard disk."
This sig is xenon coated, and will glow red when in the presence of aliens
Does this mean my clone can boot my laptop? Hope it's not my evil twin...
Give me my freedom, and I'll take care of my own security, thank you.
Until it spills out into the air via the "optional Acer InviLink IEEE802.11b wireless LAN PC Card." ;)
This sig is xenon coated, and will glow red when in the presence of aliens
This needs saying again:
IF YOU HAVE PHYSICAL ACCSESS TO A COMPUTER, THAT COMPUTER IS INSECURE.... fingerprints or not
Why not just rely on the far cheaper system of text passwords?
Lost my index finger in a freak accident, and had to reset the laptop to use another finger.
But WinXP logged it as a complete system change and told me to call M$ Customer Support for a re-activation.
Upon calling M$ and going through 3 levels of management, I was finally told that I would need to buy a new license of WinXP, and that I should remember even though I lost a finger, Microsoft requires giving an Arm and a Leg in order to get a version of XP without the activation feature.
Me and my nine fingers are installing Linux right now !!
"Nah - these things can tell a dead finger - blood, pulse, rigor mortis etc. You need to have it attached to you when you use it. Of course, this presents a problem if you do something disfiguring to your finger (don't joke, it happens!), and you can't get at your files. What's more, someone can just hold a gun to your head until you put your finger on the pad...so it's by no means foolproof."
I would love to know of a system that gets rid of this limitation. Perhaps an AI of sorts.
The death of one man is a tragedy; the death of a million is a statistic --Joseph Stalin
how is the information on the fingerprint stored on the system? If its just kept in a generic file (encrypted of course) what happens if a virus gets on the system and screws up the data on the fingerprint? If there any way of resetting the FP information? But hold on now, if there was a way of resetting the information on the FP's then what would be the point of having it in the first place? Maybe you would have to send the notebook back to acer for them to reset the information... or am i just way out there on this... anyone else have any ideas or links to more specific information on the security system for the notebook?
Universal Source of Power? GREAT IDEA! I'm in....except I have to go get my batlath polished for the convention as well... KAPLAH!
"If you are dead, the fingerprint wont work. If you'd do any research and actually think you'd realize this. Using a fingerprint actually requires that the pirate keep you alive. "
simple solution get some industrial strength sodium pentathol and it's all over even sleeping pills.
The death of one man is a tragedy; the death of a million is a statistic --Joseph Stalin
*unless JonKatz is writing a book about geek attitudes in a post-Colu^H^H^H^WTC world.[1]
1nobody likes a smartass, son...
Hmm, so if you got in a car accident, and lost your hands - all your data would be totally and permanently unrecoverable?
Will this drive up the incidence of finger mutilation as people could potentially try to hijack your computer?
- passion
"Lost my index finger in a freak accident, and had to reset the laptop to use another finger."
So how'd the plastic surgery on your nose work out?
"In corporations, the IT department usually has a master key so that even when the employee leaves, the company can still retrieve the data"
I'd think about adding your senior IT staff to laptops when they're checked out. I think that with the lifespan of hardware, your turnaround on senior IT staff is usally not as fast as the replacement cycle on hardware.
Thoughts from Cubeland....
If I can't see it in Lynx I'm not interested.
"Some information you may be willing to die to protect. For example, giving information that a terrorist could use to kill thousands. Where are the nukes, and how do you launch them? I'm not sure how well I could take turture, but I'm pretty sure I could deal with a bullet in the head."
That's why you try to kill him and hopefully you are armed.
The death of one man is a tragedy; the death of a million is a statistic --Joseph Stalin
I doubt Red Dwarf was the first show to use it, but they were much funnier about it....
They come upon a door.
KRYTEN: Uh-oh, a door. We'd better use an air vent.
LISTER: No need.
KRYTEN: Sir?
LISTER: Look, I'm gonna do something now, Kryten, that's totally, totally
gross. I don't want you to look. Turn around.
KRYTEN: What?
LISTER: Trust me, you don't wanna know!
KRYTEN reluctantly turns around. LISTER pulls the object he picked up
earlier out of his jacket: it's a hand. He presses the severed hand to
the palm-print device, and the door opens. He puts the hand back in his
jacket and turns around. KRYTEN has a sick look of realization on his
face.
KRYTEN: Logically, sir, there is only one way you could have possibly
have opened that door. I feel quite nauseous. Where is it?
LISTER: Where's what?
KRYTEN: Oh, sir!! You've got it in your jacket!!
LISTER: I got us out of the hold, didn't I?
KRYTEN: Sir, you are sick! You are a sick, sick person! How can you
possibly even conceive of such an idea?
LISTER: Cheer up! Or I'll beat you to death with the wet end!
KRYTEN: Sir, if mechanoids could barf, I'd be onto my fifth bag by now.
You're a sick person! Sick! Sick!
Build it, and they will come^Hplain.
Geez... Shortly after I started playing around with Apple's Voice Recognition login, I lost my voice. That kind of thing always happens to me... I don't even want to think of what would happen if I started using one of these...
Damn Mods, this is FUNNY
It also has Fingerprint recognition to boot/decrypt files. The 740 isn't the first notebook that has that technology.
I think it works as a theft deterent (with me going to school and all), but there are problems with it.
The software to input and change your fingerprints will only run on windows 2000. (I haven't tried WINE though).
the software writes the fingerprints it "ok's" to the BIOS (or firmware somewhere) and then checks your prints against that on boot. so if you use win2000 (preinstalled) to input your prints, and then format install another OS, you can't change the fingerprints without reinstalling Win2k.
it looks cool though.
This is a great little technical toy - offers peace of mind to management and such - but that's really about it. There are several things that aren't mentioned, and one thing (for a biometric system of this sort) that is glaringly absent.
First, how easily can the device be damaged? Scratched? Can you register more than one finger (in case you get a cut or scratch on the one registered)?
Finally, there are plenty of companies who would find a laptop like this useful. But there are several organizations that would not only find this neat, but would demand that this level of security be mandatory. For this crowd, the device is next to useless without an included heat sensor. And don't forget one of the most important things: for decent security, it should be a combination of what you have (a finger) and what you know (password/phrase/etc). Unless you use them in combination, having just one isn't much better that just having the other.
--
Welcome to the land of the easily amused...
It's probably about the same security-wise to those little locks they used to put on the front of PC cases to disable the keyboard. Once you have physical access to anything, it's just a matter of time until you can compromise it.
AC's cheerfully ignored
How many bits worth of unpredictable information, exactly, is in a fingerprint? I know it's "a lot", but is it enough? 48 bits is "a lot" too, but it has been demonstrated to be not enough for protection against a simple brute-force attack.
Ultimately, it's all just bits. This fingerprint-recognition device ultimately must convert your fingerprint into a binary key, and use that key to perform the encryption/decryption. If someone can get a copy of your encrypted data, they could run it through software which tried binary keys until it found the right one. If the adversary could lift your fingerprint from something you've touched, that might give them information which helps them narrow down the search.
Until I found out just how many keys they'd have to try before exhausting the keyspace, I wouldn't trust this to be secure. A good mixed-case/numbers password with a - or ! (et al) thrown in can easily have 67**8 > 48-bit strength. A 5-word english passphrase can have up to 38619 ** 5 > 76-bit strength (38619 words in
Seriously, though, does anyone know the strength of a key generated by Acer's gizmo? And how much it might be narrowed down with a sample fingerprint to work from?
-- TTK
if he'd have used one of these instead of the cryptography system he did use? he couldn't have claimed that he forgot the password, that's for sure. and he'd probably still be in jail. i think i'll stick to standard cryptography, screw all the biometric stuff.
As far I am aware - there is not a company out there that has figured out a way to generate a secure and reliable encryption key based upon a scanned fingerprint. Everytime your finger is scanned, the scan is different and the authentication is done using an algorithm that checks a certain number of minutae points. If the match is with a certain percentage, it authenticates. Multiple scans cannot produce the same binary result, so fingerprint scans cannot be used to generate a reliabel encryption key.
So, how do they encrypt files??? Usually, a hard coded key is built (or defined by the user at installation) into the system and fingerprint authentication merely unlocks the key. Most systems also have an override password - which makes this system as secure as the user defined override password.
Biometrics should not be used for high security. They are good at identifiying, but not good in a single token authentication system when encryption is involved. For me, biometrics is a cool convience tool.
My favorite use for fingerprint scanners is simply for the convience. The software remembers all my passwords and I just use my fingerprint to log in to Slashdot.
You may also continue insulting me and just get your precious argumentation wasted.
Trolling using another account since 2005.
It's easier to detect the authenticity of a finger than one might think.
After being unable to activate my touchpad with anything other than my finger, my curiosity had been captured. After a great deal of experimentation, and actually getting 5 other engineers running around looking for something to fool the touchpad, we finally resorted to technical support. Here was my letter:
I have a prosthetic limb which I am unable to use
the synaptics touchpad with. I am unaware of the type of touch sensing it uses, and have been unsuccessful in my attempts to 'simulate' a fingertip on my prosthesis.
I even bought a rubber hand and cut the finger off
and stuck it to my prosthesis, but to no avail.
I have also tried heating the prosthesis to my body temperature.
The pad works fine for the other engineers in the
group with real fingers, so I don't believe there is a problem with the pad itself.
Do you have any suggestions for a tip I can use to
properly activate the touchpad?
If not, do you plan on releasing something I would
be able to activate
with a prosthesis?
And their reply was:
Hi Chris,
Unfortunately, as you have discovered, our touchpad uses finger-sensing technology. Basically, the touchpad determines that a touch is made through the capacitance of the human body.
I'm very sorry to say that we cannot recommend a
product you can use to activate it at this time.
Best regards,
So what have we learned other than how fun messing with tech support can be? Even a heated pulsing finger isn't going to work if the electrical properties aren't right. Capacitance is a tough thing to trick. Try putting probe leads on two parts of a finger, and plot the voltage / current patterns. Very, very difficult to duplicate.
Of course, medical science will always find a way to stick severed fingers on hands, and we know that your average bin Laden follower won't scoff at the replacement of one of his fingers with a victims...
I apparently forgot that sig != uptime...
Old info... Acer had this same technology in their old TravelMate 739 which has been out since last year or very early this year.
A co-worker of mine got one of these Acer laptops with fingerprint recognition several months back, perhaps around April.
The fingerprint recognition was OK for one person, but as soon as we tried to configure it to recognize two people, we had horrible problems. It seemed like there were differences between the BIOS level recognition and the software OS level recognition. We were eventually both locked out and just sent the laptop in to be reset.
One scheme I saw for making the system a bit more secure (i.e., you can't just clear the CMOS settings or pop out the BIOS FLASH chip to circumvent the security settings) was to install a custom keyboard controller chip.
On many motherboards, the keyboard controller is a Hitachi H8 uP, with mask-programmed ROM code. *It* can process the fingerprint startup and basically disable the rest of the motherboard through a new "enable" output unless the right code/fingerprint is provided. Only way to circumvent this is to replace the keyboard controller, which requires SMT reworking.
.. adds your fingerprint to a global FBI like database, that is used with MS passport and knows all the porn sites you visit... once it knows who you are it does not let you out of its site..
Only 'flamers' flame!
This seems like an frighteningly easy way for the Feds to gather evidence linking individuals to certain anti-social computer-based actions; for example, "Sorry, Mister Gates, but those incriminating emails REALLY WERE written by you - we've got your fingerprints on your keyboard, and at the time the mail was sent, to boot!"
I'd be more worried about the fact that with the new "call home" systems, "they" can pin YOU down as the guy they're after for downloading MP3s or playing with crypto or using warez or whatever you're into. Having your prints kinda kills plausible deniability...
...and god forbid any of our *wives* should ever get their hands on these records... (*shudder*)
Yeah right. You're really just worried because your fingerprints might be hard to read after those late nights reading playboy.com
Got Rhinos?
After all, if you struggle at all, it will be unable to get a good fix. Even twitching the muscles in your finger violently should be enough, and if $BADGUY hold your finger down hard enough to stop that, you'll get a screwy reading anyway
Can the same sort of recognition be able to apply to files that I save on the laptop?
If so, I'm all over it!
Then I can save all the porn I want and not worry about my wife getting into the files!
It's good bye doghouse and hello bedroom!
-Goran
Carpe Scrotum - The only way to deal with your competition.
Locked out, standing in the cold, your hands getting dryer and less likely to work the next day. Oh my!
We use a hand and plastic card system here for entry. It seems to work well. Key numbers work where there is no card reader or if you forget your card. The hand readers themselves tollerate changes in my hands from exercising, but not gloves, and are speedy. This might not work for a laptop, but it's tops for building entry.
Friends don't help friends install M$ junk.
Train it to recognize your toe prints. They change less than your finger prints, and anyone who would steal your foot will have to smell it all day.
Friends don't help friends install M$ junk.
They will take my fingers from my cold dead hands.
__
Men with no respect for life must never be allowed to control the ultimate instruments of death.
GW Bu
Knowing the high quality of Acer products, the finger print recognition will probably work fine for about 1 week, after that, it will work every other week, then less and less. You'll have to send the laptop back to Acer to have them reset it, which will probably cost $500 per reset. My suggestion, buy a nice toshiba, install linux on it and use a nice hard bios password.
it's a sig, wtf?
What is the intended application?
If it's just to protect my machine from snooping employees or cleaning staff, then proper use of NTFS and a dilligent password is more then suffecient.
If it's supposed to protect a companies trade secrets kept on a travelling sales person's laptop, the maintenance would be a nightmare. How does a company recover the data if the employee is let go? A corporate spy would simply use the same technique.
If it's supposed to keep top secret documents related to national security safe from well funded agencies, I wonder (again), why wouldn't a secure file system and well managed password work?
In short, this seems like the wrong tool for the job. Finger prints should be used to verify the id of a person entering / leaving a secure area where there is a guard watching to ensure it is a live hand being used.
On the otherhand, there was a cool (if in concept only) technology demonstrated years ago that used a PC mounted camera and some trivial face recognition software to activate / deactivate a screen saver. This would be perfect in cubicle farms where you want to make a quick trip to get coffee / get rid of coffee. I remember to lock up my station at night when I go home, but not always for those spontaneous flights of fancy.
I'm in my right mind and I have the answer to everything!
I forgot something... (see subject)
Kidnap you and use your thumbprint to open it
Spray some kind of latex onto their hand and high-five or shake hands with you to get your prints
Get a really, REALLY good camera and take a picture of your fingertips...
The success of this technology is going to depend on what type of fingerprint image is being scanned.
Is it photographic ? That is, the mechanism captures a photo of the fingerprint using lighting differences to create a pattern. If so, then what happens when I get the errant pen mark or paper cut across my finger ?
Is it geographic ? There are some nifty technologies out there that either through sonographic or similar means create a viritual image of the fingerprint pattern. These are far more accomodating in ignoring things like dust, dirt, pen marks, paper cuts, chaffing/sluffed skin, boogers and other stuff that sticks to our hands.
Does anyone know which type is being used on this laptop ?
healyourchurchwebsite.com - WWJB?
How long before you have to employ your fingerprint to register software? : /
maybe redundant, but I didn't see it yet while scanning over the comments. This article says "As a backup, both systems let you use a password to get in." If you can use a password to get in..... what's the point of the fingerprint in the first place? Is it really more convenient to try to hold your finger in the same place every time than it is to type in your password? The article also has some info on how "error-free" (or not) these systems are... seems to me it still needs a little work.
Place sig here.
I'm not a fan of the whole key rhythm thing as far as passwords go. It seems tremendously weak once you figure out what the "password" part is (the fact that its rhythm not keys), and humans would pick this up after watching only a few times.
And that SSH thing... like I dont slam the password into the keyboard in a blinding flurry of keys and fingers anyways.
I can now sleep happy knowning that I have educated at least one person. It seems that explaining convinces people better than saying they're dumb.
cut off your finger accidentally and you won't be able to access your files. :-)
"I love my job, but I hate talking to people like you" (Freddie Mercury)
Since Mac OS9, people have been able to login with a voiceprint - saying a specific phrase, where the phrase and the voice has to be matched. Evidently, it works decently accurate. People have tested it with twins, and it can tell the difference, but at the same time, a guy with a cold can log in, though it takes a couple of tries for the stuffed up person.
According to the Acer site the chip is made by Authentec, Inc. (based in Florida); here are some more tech specs: Products; and some other details are in their Media Coverage Archive.
#include "disclaim.h"
"All the best people in life seem to like LINUX." - Steve Wozniak
From what I can gather from your postings, you most certainly like a bit of cock in your tail.
Wingnut
i can understand the reason behind the fingerprinting authentication scheme for encryption /decryption purposes, but what about down and out theft??
'oh', you say, 'the thief won't be able to use the laptop without my fingerprint'.
yes, but if your laptop is stolen, then you won't be able to use it either...
most thieves don't know anything at all about computers anyways -otherwise they probably wouldn't be thieves in the first place.
1: "Please *don't* use your penis for authentication."
2: "This fingerprint is way too simple. Use one of your more complex fingers."
3: "Your fingerprint expires today. Please change it immediately."
As soon as you log in to the internet with a fingerprint set it sends the fingerprint to the FBI, their systems search their databases, and soon agents are at your door holding a glove for you to try on.
--- What?
I have had a 739TLV from Acer since last December. It has the built in Veridicom finger print scanner as well - right on the palm rest like the 740. One problem with it : The crappy bundled software that Acer provides.. The software has not been maintained and the only version that exists pops up a "DUMMY" dialog box (It actually says 'dummy') during login as a remnant that they must have needed for development. There are also hotkeys for the software that offer very limited selection. The hotkeys cannot be turned off. The wide range of choices are Shift End, Ctrl End (Can't write code now.. I depend on those !), and the F11 key.. Oh, and I can't forget the Registration Nag screen that forces you to go to the makers web site to register it. The nag screen can't be turned off with out the registration, and they don't even have an automated web based registration - just a page that tells you to CALL them or send them an email.. ...And no specs available to try and make it work under Linux..
So, after one year "Living with it" I wish they had left it out and made the unit cheaper...
Time travel is possible. We are quickly heading for 1984.
Does this fingerprint recognition system prevent anyone from opening the case, taking the disk out and installing it in another laptop/PC somewhere?
This sounds great for concealing porn or plans
to kill lots of people but not much else. Very useful!!!!
Imagine a Beowolf Cluster of THESE!!!
I have two holes to punch into Acer's new notebook:
(1) Their illustration of a Pentium III-M processor is good for a laugh. Check out the lower-right corner of the second page of the brochure, and tell me that isn't an FCPGA Coppermine Pentium III sitting on top of a circuit board.
(2) More than likely, they've implemented the hard drive protection using an IBM Travelstar hard drive, which has a password-protection option (although this is very rarely used in the real world). Why am I poopooing this? Keep reading.
Section 11.8 of the Travelstar 48GH Specifications (page 87, PDF page 101) details IBM's security system. I would imagine this can be circumvented in one of two ways, the first being in the hard drive itself and the second being part of the notebook's security implementation.
First, there's a Master Password in addition to the normal User Password. If you don't know what the Master Password is, and don't know that only you know both passwords, anyone with access to the Master Password (quite likely any high-level Acer technician) can send a Device Unlock command to the drive along with the Master Password and voilà, the oyster opens to reveal the pearls inside. (No, you can't read the passwords out of the drive's EEPROM; it's stored in a non-externally-addressable area of the disk. Even if you know and control both passwords, though, I'd imagine there are undocumented commands to reset the password or unlock the drive regardless of the password. If you're thinking that IBM would need to be able to unlock drives to refurbish/repair them, they wouldn't, because there's a command which will write zeroes to every externally-addressable sector on the drive then unlock the drive and erase the password. No hard drive maker that I know of guarantees the integrity of the data on any hard drive that's sent to them.)
Second, I'd be very surprised if they had gone any further than storing the Travelstar's access password in CMOS or an EEPROM part, and sending it to the drive if the fingerprint matches what's stored there as well. (They couldn't store a one-way hash of the drive password, because any obfuscation would have to be reversable to be able to feed the password to the drive.) Therefore, anyone with an SMD rework station and an EEPROM reader could probably extract the password from the CMOS/EEPROM.
In summary, I wouldn't trust state secrets to this. I would recommend PGP Corporate Desktop instead as the closest thing a mortal can get to decent data security. (An interesting aside: You know how the government erases drives holding classified information before they're resold? They don't. The drives are physically destroyed. For good reason.)
Only the Canadian 'spy' agency goes leaving important data lying around. You all heard about the briefcase fully of documents that were stolen from a spymaster at the parking lot of a hockey game? Seems some bums were scrounging for booze money and broke into her car. Not thinking the documents were valuable, they emptied them into a dumpster and sold the case.
Fingerprint recognition won't stop people from stealing things.
-AD
That was a great post, we need a site that like the "It was a dark and stormy night" Bulwer-Lytton site that lets us post our favorite title-synopsis skits for Seinfeld.
To get around this, just do it the way MacGyver did! Take a glass that the subject touched, heat some wax, put the wax on your finger, press your finger to the print on the glass, go press that to the reader and viola' you're in!
What this would be good for is _supplemental_ security. So you would need a valid password AND a print to get in. Or you could use the print to access semi-private data while you would still need the password to get to the really sensitive stuff. It's not like we need one security level for everything.
Travis