One of the best solutions that is both scalable and standards based is biometrics over Trusted Platform module. As a disclaimer, I am the ceo of acompany that supplies dell's, gateway's, and Intel motherboard solutions but other vendors offer the same. Here is how it works. You use your biometric only locally to unlock the certificates that are held on the embedded TPM. This can easily support multiple users and provides very strong authentication as the actual domain authetication is using PKI. These details are invisible to the user who only needs to swipe or use a backup PIN number. If you couple this solution with industry standard 802.1x you get a standards based approach that will grow with the organization and will not become obsolete. If you have purchased Laptops in the past year they most likely already have the TPM in them as it has been shipping across all Business PCs for the last 6 - 12 months. For more information on this technology contact your OEM and or their TPM software vendor.
My experience with the biometrics daily as part of login are okay. It is very good if you are consistantly positioned in front of the PC (like sitting at your desk) not so good if you are doing a presentation on a conference table and are at a bad angle to swipe. I would say about 2% of the time I fail 3 tries and have to resort to a pin number to authenticate.
If you have win 2003 server and active directory then you already own all the parts to set this up. You need a PC with a TPM and either integrated or seperate biometrics.
one of the best solution is to use a laptop that has a TPM like the thinkpad. This technology provides the strong key protection that is state of the art and most machines come with File and folder encryption that can use these keys. A pin or Biometric is used to release the use of the keys that are then used to decrypt or encrypt the data. The newer thinkpads have both the Sensor and the TPM.
Slashdot Mirror
One of the best solutions that is both scalable and standards based is biometrics over Trusted Platform module. As a disclaimer, I am the ceo of acompany that supplies dell's, gateway's, and Intel motherboard solutions but other vendors offer the same. Here is how it works. You use your biometric only locally to unlock the certificates that are held on the embedded TPM. This can easily support multiple users and provides very strong authentication as the actual domain authetication is using PKI. These details are invisible to the user who only needs to swipe or use a backup PIN number. If you couple this solution with industry standard 802.1x you get a standards based approach that will grow with the organization and will not become obsolete. If you have purchased Laptops in the past year they most likely already have the TPM in them as it has been shipping across all Business PCs for the last 6 - 12 months. For more information on this technology contact your OEM and or their TPM software vendor.
My experience with the biometrics daily as part of login are okay. It is very good if you are consistantly positioned in front of the PC (like sitting at your desk) not so good if you are doing a presentation on a conference table and are at a bad angle to swipe. I would say about 2% of the time I fail 3 tries and have to resort to a pin number to authenticate.
If you have win 2003 server and active directory then you already own all the parts to set this up. You need a PC with a TPM and either integrated or seperate biometrics.
Good luck
Steven Sprague
CEO
Wave Systems Corp.
one of the best solution is to use a laptop that has a TPM like the thinkpad. This technology provides the strong key protection that is state of the art and most machines come with File and folder encryption that can use these keys. A pin or Biometric is used to release the use of the keys that are then used to decrypt or encrypt the data. The newer thinkpads have both the Sensor and the TPM.