Re: Biometric authentication for intranet websites?

From: Anne & Lynn Wheeler (lynn@garlic.com)
Date: 05/22/02


From: Anne & Lynn Wheeler <lynn@garlic.com>
Date: Wed, 22 May 2002 19:08:58 GMT


"Scott Bussinger" <scottb@nospam.com> writes:
> Actually, it'd be much easier for a variety of reasons (there are bound to
> be some people that can never get the knack of using the fingerprint device
> for instance). The problem is that the users will get lazy and just leave
> the token inserted into the machine the entire time (and probably walk away
> from it periodically since these are generally shared-access machines).
>
> The idea with using fingerprints is that they won't leave their fingers in
> the sensors all the time. Another possibility is using a cardswipe system
> and make them swipe the card each time. I'm just trying to figure out what
> will work best.

many of the current hardware tokens have "personalities" and/or at
least their applications have personalities. financial transactions
require that PIN/biometric re-entry is required for every operation
... not only from the stand-point of authentication but from the
standpoint that the re-entry of the PIN/biometric re-entry implies
"approval" or "intention" with respect to the specific operation.

Many access-card personalities just require that the PIN/biometric has
been entered since the token was powered on (as opposed to every
time).

In one of the standards meetings there was some consideration to the
design of hardware tokens for laptops ... that it was not possible to
leave the token connected when the laptop was closed. One of the
suggested advantages for dongles on a keyring ... was that you would
take the keyring with you when you closed the laptop ... also you
wouldn't leave it in your office PC overnight. Other suggestions that
it served dual-purpose as door-badge access to get out of the building ...
again addressing the issue of leaving it plugged in when you
left. Requiring that you use your dongle to visit the restroom wasn't
an issue of wanting to know when you were visiting the restroom but
addressing the human nature problem of people leaving their hardware
tokens connected when they got up for some reason.

-- 
Anne & Lynn Wheeler   | lynn@garlic.com -  http://www.garlic.com/~lynn/ 



Relevant Pages

  • Re: Biometric authentication for intranet websites?
    ... it'd be much easier for a variety of reasons (there are bound to ... require that PIN/biometric re-entry is required for every operation ... design of hardware tokens for laptops ... ... take the keyring with you when you closed the laptop ... ...
    (comp.security.misc)
  • Re: A Cyber-Attack on an American City
    ... laptop, connect to any share on my corporate network, use my ... I then forward the print job from my laptop ... The tokens may go away soon. ... Heh, you guys reminded me...I still have one, from a client. ...
    (alt.2600)
  • Re: A Cyber-Attack on an American City
    ... If passwords are all you have, then you need to have damn good ones. ... It is nice how I can run - for example - Outlook on my local laptop, connect to any share on my corporate network, use my web-based apps on the WAN and even remote into my three desktops in my office. ... I then forward the print job from my laptop connected via the vpn to my laptop using SSH and then my print job comes out. ... The tokens may go away soon. ...
    (alt.2600)
  • RE: USB Tokens
    ... but if someone is able to grab your laptop the USB ... is forces smart card authentication make sure you ... Subject: USB Tokens ...
    (Focus-Microsoft)
  • Re: Firewall question
    ... hotspots, but not unknown ones. ... Hotspots will almost invariably use NAT, so the IP address of the laptop ... something like a vnc connection - but since I don't have the basics, ... These can also work over SSH using either tokens or passwords. ...
    (Fedora)