Slashdot Mirror


IBM Introduces Biometric Thinkpad

An anonymous reader writes "IBM has added biometric security to its thinkpad notebooks. The next generation of T series thinkpads will have an integrated fingerprint scanner for added security. The latest machines will also include some pretty cool encryption software, that will keep your hard disk safe, but still let you backup and restore images. This guy managed to get his hands on an early prototype T42 with the new security features integrated."

17 of 195 comments (clear)

  1. swipe scan by dirvish · · Score: 4, Interesting

    "IBM has chosen to go with a swipe-scanner rather than a touch-scanner, for a number of reasons. First and foremost is that a swipe-scanner provides better security. Because you have to drag your fingertip across the scanner, there is no way to "lift" a fingerprint from the surface."

    That is a great idea. Such an elegant solution to what could have been a big problem.

    1. Re:swipe scan by saderax · · Score: 5, Insightful

      ...except for the multitude of partial prints left all over the keyboard and the touchpad...

    2. Re:swipe scan by cynic10508 · · Score: 4, Informative

      That is a great idea. Such an elegant solution to what could have been a big problem.

      Actually, the swipe scanner is cheaper, consumes less power, and has a smaller footprint than the original designs. So it's really best suited for devices such as cell phones, PDAs, etc.

  2. hal by TedCheshireAcad · · Score: 5, Funny

    I tried one of these laptops for a while, took me weeks to get the thing to stop calling me Dave.

  3. Micron has biometric support by CyberSlugGump · · Score: 5, Informative


    Some models of Micron laptops have had this feature for a while.

  4. But... by Sensible+Clod · · Score: 5, Interesting

    will IBM include linux support?

    --

    The difference between spam and poop is that you don't have to dig through septic tanks looking for real food. -- Me
  5. Safe... but from whom? by Tackhead · · Score: 5, Interesting

    If they designed it in such a way that the LEA backdoor is secure (say, it's got an LEA public key on it, and the private key is kept in the forensics labs), I'll buy one tomorrow. I don't have a need to defend against .gov adversaries - I just want to know that the data on my drives remains secure even after someone steals 'em to get his or her crack fix.

    If, however, they designed it in such a way that the backdoor is not secure (say, a default password stored in cleartext on a serial EEPROM), that's another story. I'll download the crack when it comes out next week, and my soldering iron and I will have an endless supply of cheap entertainment when the machines start showing up at the surplus stores in 2009.

  6. Yes, but... by ProudClod · · Score: 4, Insightful

    Can it be fooled simply and easily by a piece of jelly, like most fingerprint scanners on the market. Surely you can drag the jelly across.

    --
    Gamers Europe - Gaming News. Reviews.
  7. Can't Access My Computer Please Help!!! by PetoskeyGuy · · Score: 4, Funny

    I can't wait to see all the support websites.

    "Cut my finger slicing tomoatoes, can't access my Thinkpad, HELP!!"

    1. Re:Can't Access My Computer Please Help!!! by jormurgandr · · Score: 4, Informative

      That would be the reason why it allows you to store multiple profiles, and actively encourages users to store more than one finger, and on more than one hand (just look at the screenshots).

  8. The Mafia loves it already! by Schreckgestalt · · Score: 5, Funny

    Now the Mafia have finally got another reason to cut your fingers off! And they can shoot you before you talk, as you don't have to talk.

  9. I realize IBM is a mainstream notebook company... by Infinite93 · · Score: 4, Informative
    But Motorola has sold a laptop with this for law enforcement for over a year now.

    http://ruggedpower.motorola.com/ Our local PD has them for detectives. Heavy, but nice feature set.

  10. Hype Factor 9 by cynic10508 · · Score: 4, Informative

    For an IT manager, biometric security will make life much easier. Gone will be all those phone calls from users who've forgotten their passwords. And there will be no more worries about insecure passwords, or even keystroke loggers, trapping passwords and passing them onto hackers and fraudsters.

    Gone may be phone calls for forgotten passwords but there'll be plenty of new calls as to why their fingerprints aren't scanning. The function of accuracy for fingerprint scanners varies according to things such as the skin's elasticity. This changes with age, humidity, cuts, etc. So biometrics aren't a 100% fix. There will always be "goats," the people for whom biometrics just doesn't work well, including the biometrics professor around here who's missing a fingertips (not due to any experiment mishap, mind you). I'd also worry about the security of your stored biometric data. Hopefully it'd be a hash and not the raw data, which could be harvested and used. Then again, I wonder what the incidence of collisions in a hash that uses biometric data is?

  11. False security by GraWil · · Score: 4, Insightful
    This is nothing more than false security for pointy haired induhviduals. A clueful cracker with console access can usually get access to data. If the laptop is stolen, so is the data and no fingerprint widget will prevent it.
    But what makes SafeGuard Easy so special is that it works with IBM's own Rescue and Recovery utility. The problem with encrypted data is that when you try to restore an image of an encrypted hard drive, all the data, including the boot records just look like garbage to the restore program. But with SafeGuard Easy, you can keep the entire contents of your drive encrypted, and still be safe in the knowledge that should your hard disk crash, you can restore all your data to a new drive despite the fact that it's encrypted.
    Has anyone here used or admined IBM's lotus notes? I feel real good about trusting IBM with my encrypted HD.
  12. Re:Remember your friends by tanguyr · · Score: 5, Informative

    Does this mean you can hack it to record your friends' (or co-workers') fingerprints? Sounds fun and scary.

    No, you can't. From the article:
    "Of course since the Power On security layer is something that occurs well before Windows has started up, the fingerprint data can't be stored in a Windows file or folder. Instead, the fingerprint scanner itself stores the fingerprint data and retrieves it when the Power On security request is made. You can store a total of 21 profiles in the scanner, which should be more than enough, unless you share one notebook between a score of users. If you're worried about someone extracting the fingerprint data from the scanner and breaking your security, dont be. The scanner only stores a tiny amount of data for each fingerprint, just enough to ensure an accurate match, and nowhere near enough to recreate a complete fingerprint."

    --
    #!/usr/bin/english
  13. I feel sorry for someone who loses a finger. by CyberLord+Seven · · Score: 4, Interesting
    This is cool though. I like how IBM put the fingerprint ID tech in front of Windows. That means Linux based OSs can also take advantage of this when these machines are being sold as refurbished in a few years.

    I'm a little disappointed that the encryption stuff may not transfer well to non-Windows OSs.

    Now what happens when someones finger is damaged to due fire, electrical shock, or blunt trauma? I had this problem with an old Compaq laptop that had a system password at the BIOS level. It made the laptop permanently mine since I didn't want to disclose my password to anyone else.

    I know there's room for 21 different fingerprints, but I wonder how many end users are going to think to register more than one of their fingers...just in case.

    --
    We have always been at war with Eurasia!
  14. So many critics... by nunley · · Score: 4, Insightful

    I am the guy they quoted in the original press release. I have one of these babies in my hands and let me tell you... pretty cool stuff.

    My 2 cents...

    The fingerprint reader is of a type that has not been 'fooled' yet. Yes, contact readers are easy to fool. This is not a contact reader. It reads the capacitive properties of the ridges and valleys that make up your finger print. This is actually quite cool since a severed finger does not have the same capacitive properties, and the reading is of live tissue *under* the skin, not your dead skin at the surface. So, a minor injury isn't going to be a big deal and the mafia cannot cut your finger off and use it. Furthermore, the extra small footprint of the reader is nice because there is less opportunity to damage the reader with scratches.

    The idea is to register more than one finger and fingers from both hands. Of course, nothing is foolproof, but the idea here was to include a low cost yet effective way to provide biometric access control to the laptop. The embedded security system (ESS) protects a lot of things including a password vault. Password vaults have their drawbacks, the most obvious of which is if you have the 'master' password, you now have *all* of the passwords that user has stored in the vault. Average users tend to use simple master passwords, making the password vault a huge risk. This is a way to provide the functional equivalent of a strong password to unlock the vault without making the user have to remember a complicated password or some hardware key.

    I am very impressed with the entire package. I think it will make it much simpler for IT to deploy things like ESS without destroying all of the value in ESS because users choose crappy passwords. There are a number of add-ons that make it very appropriate for enterprise deployment, including centralized key storage and disaster recovery software.

    My biggest problem to date with this kind of software was it hasn't been real reliable in the recovery category. I could make it very secure, but God help me if I had a hard drive crash or an OS go belly up. The 'backups' of this data were often times 'too secure' to be recovered. This latest package of hardware/software has many of the previous holes filled in and I am happy to report success in all of the tests I have conducted so far.

    Of course, anybody can implement this poorly. However, IBM has done a stellar job with it this time. I feel privileged to get to play with stuff like this.

    -Shawn