Biometrics, the use of human characteristics for identifying a person, offers potential benefits to the IT community. Client and server recognition of a user’s fingerprint, voice, signature, or retinal pattern can replace user IDs and passwords, potentially easing network administration and making systems more secure. Biometric devices, such as the ones you might see at airports, labs, and government offices, are trickling down to small offices. In this Daily Feature, I’ll review one recently marketed device, the Siemens ID Mouse.

The idea behind creating a biometric mouse is simple: Since you need a mouse, incorporating the fingerprint sensor into it saves the bother of purchasing a separate device. As you can see in Figure A, the Siemens ID Mouse looks like a standard wheel mouse, with an indentation, or mold, at the center. Inside the mold is a sensor used for capturing and verifying fingerprint data. The device uses a USB connection. It has the heft of a quality product and a hefty price: $129 (U.S.). Siemens is also planning to release a biometric keyboard and an optical mouse.

Figure A
The Siemens ID Mouse combines a fingerprint sensor with a USB wheel mouse.

You can use the ID Mouse two ways—either as a stand-alone client security device or as part of Siemens’ ID Center, an enterprise solution that verifies and administers fingerprints stored on Windows 2000 and Windows NT servers so that the client is never compromised. The Windows 2000 version is integrated with Active Directory.

The client software proved to be easy to install. Software versions are available for Windows 98, NT Workstation, and 2000 Professional. Since the review software I received was one iteration out of date, I replaced my version 3.0 with version 3.1, available at Siemens’ Web site. According to a Siemens representative, version 4.0 is “in the lab.”

Using the Siemens ID Mouse
Once the software is installed, you need to reboot, attach the mouse’s USB connector, and install the drivers. Thereafter, you can use a User Manager to add users to the client. After you capture your fingerprint data, you can use the biometric mouse to log in.

You must have administration privileges to add a new user. You’ll type in the user’s Windows login ID and password, which verifies that the user account is bona fide. Following capture of the fingerprint data (for security, the program does not store a fingerprint image, but a set of data points), fingerprint security is enabled.

Figure B shows the screen used to capture finger data. You click the radio button corresponding to the finger from which you wish to capture data and then click Start Capture. A green light flashes on the ID Mouse, and a message asks you to place your finger over the sensor. This process is repeated twice more. Storing data from more than one finger ensures that you could log in were you to damage one of your fingerprints.

Figure B
You can store finger data from more than one finger.

The next time you log in, you’ll notice that the Windows login screen has been replaced by a new screen. A message asks you to place your finger on the sensor. If your finger data matches, you’re logged in. If there’s a problem, you can press [Ctrl][Alt][Delete] and log in with your password, as shown in Figure C.

Figure C
If your fingerprint check fails, you can still log in with your Windows password.

Security settings
You can set three levels of security—Low, Medium, and High—with the User Manager. Low checks the least amount of biometric data and can potentially allow someone with a similar fingerprint to gain access to your system. High security checks the most data, is the slowest, and trades off greater security for the increased possibility of rejecting your own fingerprint. Medium is the default setting and represents a balance of security and speed. On my test machine, none of the settings was slow enough to be frustrating. I convinced a crowd of my fellow editors and writers to help me test the Low setting. No one’s fingerprint but mine was given access.

Is it secure?
As a stand-alone client biometric device, an ID mouse is more of a convenience than a true security solution. Should the program fail to log you in, you fall back to your trusty Windows password. If this were not the case, what would you do if your ID mouse were stolen? If you didn’t have another one hidden somewhere, you’d never get in to your computer. On the other hand, having the ID mouse can make security more robust and harder to crack. One reason users set easy passwords is that long passwords are more annoying to type. But if you were using the ID mouse, you could set a very long and difficult-to-crack password. For instance, you could set a Windows 2000 password to its maximum length of 127 characters (provided that you could remember it). Most of the time, you’d never need it. The only exception would be if your mouse failed.

On the network administration side, it would be possible to assign strong passwords on the back end that users would never have to know. If for some reason a user couldn’t gain access via his or her fingerprint, the IT administrator could log in the user. Without all those passwords written down on slips of paper or being given to coworkers, the entire network would be more secure.

A biometric solution wouldn’t be truly secure, however, if the fingerprint data itself weren’t secure. I contacted Siemens but as of this writing, I couldn’t verify the encryption used to secure the data. A high-level cryptographic system such as Triple DES or BlowFish would add a measure of confidence to this system.

A number of quirks need to be addressed by Siemens. On the CD I received, by default, the Windows NT manual was installed. I reviewed several manuals downloaded from the Web site and found several instances of poor translations from the original German. Using the software, I discovered a few warnings or alerts that also had quirky grammar and syntax. Customers often feel that if the manuals are poor, then the hardware and software quality is suspect as well.

On the client side, I recommend the Siemens ID Mouse more as a convenience, but one that opens the door to stronger passwords and therefore tighter security for individual users. However, I don’t imagine this device will be more than an interesting gadget for home- or small-office users. On the other hand, a network secured by biometric devices such as this ID Mouse would be a more secure and user-friendly place to work.
The authors and editors have taken care in preparation of the content contained herein but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for any damages. Always have a verified backup before making any changes.