Midrange Stuff, OS/400 Edition

Biometric security technology, which involves scanning fingers, voices, eyeballs, and faces, holds great promise for strong authentication purposes at corporations and government sites. That's the word emanating from Key Information Systems, a Southern California iSeries reseller, and its Irish partner, software developer Daon. The two have teamed up on a series of recent Webinars that explore the potential of biometric technologies, especially fingerprint scanning, as a replacement for the ubiquitous and less-than-secure combination of a user name and password.

Daon sells a Java-based identity management system called the DaonEngine, which works with all kinds of authentication techniques. With the DaonEngine, organizations can set up and enforce policies that use biometric devices to control access to physical assets (like buildings) as well as logical assets (like ERP systems). The software is compatible with a range of identification devices and techniques, ranging from traditional ones, such as user names and passwords and smart cards, to more advanced biometric systems, such as fingerprint and iris scanners.

Of all the authentication techniques supported by DaonEngine, fingerprint scanning offers the most immediate benefits, says Mark Wade, a vice president with Daon based in the company's New York City office. Fingerprint scanning was an immature technology just a few years ago but has made great strides since. "Fingerprint scanning was clunky and didn't work properly three to four years ago," he says. "It was over-promised and didn't deliver. It was hugely expensive."

However, the price of low-end fingerprint scanners has come down considerably, and today companies like ST Microelectronics are selling fingerprint scanners that plug into the USB port on a PC for as little as $50 each, which makes them affordable enough to install en masse on the desktop. (Click here for an introduction to ST Micro's TouchChip line of silicon fingerprint scanners, the brand that Daon uses and recommends.) Daon is device-agnostic when it comes to fingerprint scanners, however.

Wade says fingerprint scanners are beginning to replace the combination of user name and password in many industries, such as healthcare. "HIPAA (the Health Insurance Portability and Accountability Act) precludes anybody but doctors and their staff from accessing patient data," he says. "But people at the nurse's station are sharing passwords."

In addition to healthcare, fingerprint scanning is finding application in the pharmaceutical and life sciences industry, where drug companies are struggling with the FDA's 21 CFR Part 11 regulation, which requires electronic signatures in applications used for drug-lot tracking. The technology is also being considered by other security-conscious industries, including banking and gambling, where access to large sums of money makes identity authentication very important.

Wade cites numerous studies that show password sharing is rampant, which prevents an organization from being able to say for sure who is accessing certain systems. "Why do we accept this?" he asks. "For years we accepted PINs and passwords as the paradigm. We need to say that's not good enough."

In addition to being far less accurate, passwords may also be more expensive than fingerprint scanners for identity authentication. Wade cites a recent Gartner study that shows password management--including fixing lost or forgotten passwords--costs the typical company $280 per user per year. Compared with password management, companies will achieve a return on their investment in fingerprint scanning technology within 18 months, Wade says.

Daon already has OS/400 customers using the DaonEngine to authenticate user access to iSeries applications, Wade says. There are a couple of ways that the DaonEngine can be connected to an iSeries, including placing an xSeries in front of the iSeries, or using a "partner agent" for connectivity, he says. Although, technically, it should run on the iSeries, Daon recommends that customers put the DaonEngine on a Windows machine using WebSphere Application Server for load balancing and failover.

Daon is currently looking to get its DaonEngine and accompanying suite of software validated for the iSeries. Together with its partner, Key Information Systems, the company hopes to sell the biometric authentication software to OS/400 shops in the financial services, pharmaceutical, and gaming industries.

Wade could not say how many clients Daon currently has. One of its clients, London City Airport, is deploying DaonEngine and fingerprint scanners to control access to sensitive areas. Wade says European airports are far more advanced than their U.S. counterparts in terms of using biometric security to restrict access.