IBM Introduces Biometric Thinkpad
An anonymous reader writes "IBM has added biometric security to its thinkpad notebooks. The next generation of T series thinkpads will have an integrated fingerprint scanner for added security. The latest machines will also include some pretty cool encryption software, that will keep your hard disk safe, but still let you backup and restore images. This guy managed to get his hands on an early prototype T42 with the new security features integrated."
"IBM has chosen to go with a swipe-scanner rather than a touch-scanner, for a number of reasons. First and foremost is that a swipe-scanner provides better security. Because you have to drag your fingertip across the scanner, there is no way to "lift" a fingerprint from the surface."
That is a great idea. Such an elegant solution to what could have been a big problem.
FoundNews.com - get paid to blog.,
Does this mean you can hack it to record your friends' (or co-workers') fingerprints? Sounds fun and scary.
Playing pornographics games during the day is evil! Play at night!
I tried one of these laptops for a while, took me weeks to get the thing to stop calling me Dave.
Some models of Micron laptops have had this feature for a while.
will IBM include linux support?
The difference between spam and poop is that you don't have to dig through septic tanks looking for real food. -- Me
I was just at their website configuring a laptop for a business purchace. While I have to say their range of laptops are pretty slick their UI designer should be shot.
/. article, the hordes were in an uproar about the data security module in laptops. After seeing one on the website and with technical information, both the prior articles mentioning and this new biometric feature are for the purpose of protecting the users data from theft and not for "corporations" protection against "us". It wasn't engineered that way. Maybe in a few years that will happen, but to appease the paranoid crowd here - this is _FOR_ us. not against.
/.ing
Back on topic now, this laptop is nifty in itself. EArlier on another
=) happy
If they designed it in such a way that the LEA backdoor is secure (say, it's got an LEA public key on it, and the private key is kept in the forensics labs), I'll buy one tomorrow. I don't have a need to defend against .gov adversaries - I just want to know that the data on my drives remains secure even after someone steals 'em to get his or her crack fix.
If, however, they designed it in such a way that the backdoor is not secure (say, a default password stored in cleartext on a serial EEPROM), that's another story. I'll download the crack when it comes out next week, and my soldering iron and I will have an endless supply of cheap entertainment when the machines start showing up at the surplus stores in 2009.
Can it be fooled simply and easily by a piece of jelly, like most fingerprint scanners on the market. Surely you can drag the jelly across.
Gamers Europe - Gaming News. Reviews.
I can't wait to see all the support websites.
"Cut my finger slicing tomoatoes, can't access my Thinkpad, HELP!!"
When I break my Finger? I need my files, you know...
Now the Mafia have finally got another reason to cut your fingers off! And they can shoot you before you talk, as you don't have to talk.
http://ruggedpower.motorola.com/ Our local PD has them for detectives. Heavy, but nice feature set.
For an IT manager, biometric security will make life much easier. Gone will be all those phone calls from users who've forgotten their passwords. And there will be no more worries about insecure passwords, or even keystroke loggers, trapping passwords and passing them onto hackers and fraudsters.
Gone may be phone calls for forgotten passwords but there'll be plenty of new calls as to why their fingerprints aren't scanning. The function of accuracy for fingerprint scanners varies according to things such as the skin's elasticity. This changes with age, humidity, cuts, etc. So biometrics aren't a 100% fix. There will always be "goats," the people for whom biometrics just doesn't work well, including the biometrics professor around here who's missing a fingertips (not due to any experiment mishap, mind you). I'd also worry about the security of your stored biometric data. Hopefully it'd be a hash and not the raw data, which could be harvested and used. Then again, I wonder what the incidence of collisions in a hash that uses biometric data is?
I love my Thinkpad. I had a T30 before that stayed on 24/7 for over a year. The only time it was turned off was to/from vacation. The rest of the time it was a workhorse. Now I have a T42P and love it as much or more. Functional and VERY stable. Sure, it doesn't have some super new gizmos like others, but it works every time.
Every time someone asks me about a notebook I recommend IBM. They go out to Best Buy and get some other brand with 20 other options they don't need and then get mad when it breaks or isn't stable. Thanks IBM!
"Please push your scrotum on the biometric sensor to login."
I'm a little disappointed that the encryption stuff may not transfer well to non-Windows OSs.
Now what happens when someones finger is damaged to due fire, electrical shock, or blunt trauma? I had this problem with an old Compaq laptop that had a system password at the BIOS level. It made the laptop permanently mine since I didn't want to disclose my password to anyone else.
I know there's room for 21 different fingerprints, but I wonder how many end users are going to think to register more than one of their fingers...just in case.
We have always been at war with Eurasia!
If you don't want an IBM Thinkpad for the fingerprint scanner, the APC fingerprint scanner/biometric reader seems to work pretty well. I saw it for $29 or so at Fry's yesterday.
My friend bought one a while back and used it rather successfully on his Dell D800 before he had to give the computer back to his employer. It was pretty accurate in scanning his fingerprint. He never got locked out of his machine.
I can't remember if the machine would NOT allow a login without the reader or not. If it would, then that sort of defeats the purpose of the reader if you were able to steal the laptop without the reader attached.
IronChefMorimoto
In theory and from what I have read on the article, it will be a great device for security. But I don't think people will really realize how annoying this feature will become. If it gets damaged, no more using computer. If you get a nice little scare on the finger you choose to scan, no more using comptuer (unless of course you add more than one finger, but still). I guess this is one of those things that the government should use, I don't know how easy or useful it would be used for a personal use computer.
Under threat of physical violence, most security systems that involve humans tend to break down.
I'd give up my PGP private key to someone who put a gun to my head - that doesn't mean that PGP itself is insecure.
This space intentionally left blank.
I didn't RTFA, admittedly, but did IBM take her results into consideration before designing/implementing this feature?
How the hell does you mind work? ANYONE can steal a laptop. I've seen a 13 year old in an airport try to walk away with one and you're saying that a 13 year old kid could reproduce my fingerprint accurately enough for a scanner to read it? Shut up and read the articles. Maybe even google the technology in the article so you can comment on it intelligently...
"The object of war is not to die for your country, but to make the other bastard die for his." - Patton
If your RSA key is compromised, you can just generate another. You can do this as often as necessary. However, if you fingerprint is compromised, all you can do is switch fingers. Nine compromises later, you're SOL.
Now for ordinary folks who just use this to keep others from messing with their laptops, this isn't an issue. However, if security is critical, biometrics just won't cut it.
And, yes it's fairly easy to fool a finger print scanner. All it takes is some Krazy glue and a Gummi bear.
I know it's lame, but the first thing that came to my mind when I read the number of prints that could be stored in the laptop was that women don't have the 21 "digits" that men do...
Weird on a Monday,
myke
Mimetics Inc. Twitter
I am the guy they quoted in the original press release. I have one of these babies in my hands and let me tell you... pretty cool stuff.
My 2 cents...
The fingerprint reader is of a type that has not been 'fooled' yet. Yes, contact readers are easy to fool. This is not a contact reader. It reads the capacitive properties of the ridges and valleys that make up your finger print. This is actually quite cool since a severed finger does not have the same capacitive properties, and the reading is of live tissue *under* the skin, not your dead skin at the surface. So, a minor injury isn't going to be a big deal and the mafia cannot cut your finger off and use it. Furthermore, the extra small footprint of the reader is nice because there is less opportunity to damage the reader with scratches.
The idea is to register more than one finger and fingers from both hands. Of course, nothing is foolproof, but the idea here was to include a low cost yet effective way to provide biometric access control to the laptop. The embedded security system (ESS) protects a lot of things including a password vault. Password vaults have their drawbacks, the most obvious of which is if you have the 'master' password, you now have *all* of the passwords that user has stored in the vault. Average users tend to use simple master passwords, making the password vault a huge risk. This is a way to provide the functional equivalent of a strong password to unlock the vault without making the user have to remember a complicated password or some hardware key.
I am very impressed with the entire package. I think it will make it much simpler for IT to deploy things like ESS without destroying all of the value in ESS because users choose crappy passwords. There are a number of add-ons that make it very appropriate for enterprise deployment, including centralized key storage and disaster recovery software.
My biggest problem to date with this kind of software was it hasn't been real reliable in the recovery category. I could make it very secure, but God help me if I had a hard drive crash or an OS go belly up. The 'backups' of this data were often times 'too secure' to be recovered. This latest package of hardware/software has many of the previous holes filled in and I am happy to report success in all of the tests I have conducted so far.
Of course, anybody can implement this poorly. However, IBM has done a stellar job with it this time. I feel privileged to get to play with stuff like this.
-Shawn
How is this different than apples FileVault feature in OSX which uses 128bit AES encription on your home directory?
I have a powerbook and I must say that the FileVault works beautifully (and seamlessly)
It used to be Microsoft copying Apple, but I guess IBM can do it to. Granted my powerbook doesn't use a fingerprint as the encryption key.. but still.
There was an interview in Business 2.0 a couple years ago with an individual who claimed she had had a very similar problem: she had just finished a presentation for a conference; the weekend before the conference she had a mishap in the kitchen and burned her finger, so she couldn't use the biometric authentication mechanism on her laptop. Her solution? She got on a plane and went to see her twin sister in Florida. She actually claimed in the article that "twins have identical fingerprints" and her sister was able to log in to her laptop for her and save the day.
The huge, glaring flaw in this scenario is that even identical twins will have fingerprints that look as much alike as the fingerprints of two random strangers on the street. The interview was good for a laugh, but sadly it does not appear to be available on the Business 2.0 site any more.
The individual was Bondra Bchneider, where B==S. She also referred to binary 1010 as "ten-ten"...
I want to drag this out as long as possible. Bring me my protractor.
Both wrong. The data stored is usually some kind of array or matrix of the finger minutiae (relative position, direction, etc). No serious fingerprint identification system compares -images-. Te image of the fingerprint is analyzed, the minutiae are extracted, and that's used to perform the matching against the database. A single fingerprint can contain more than 50 minutiae, while 12 are enough to identify a person.
"Luck is my middle name," said Rincewind, indistinctly. "Mind you, my first name is Bad." -- Terry Pratchett
This article from 2002 claims that most fingerprint readers available to joe user by that time were easy to fool. Easy as in: press a plastic bag filled with warm water on it to replay the last print.
Are we looking at a new, better generation of readers today or are they still as insecure as they used to be?
Also, the Electrovaya Scribbler SC800 and Electrovaya Scribbler SC2100 have finger print scanners as well. [1] They've had them for years. I guess they are just becomming more mainstream.
o du ct.html
http://www.electrovaya.com/product/scribbler_pr