Operating systems are looking toward better and more secure methods of authentication, and biometric identity is becoming a key player in the field. Biometrics refers primarily to something that is part of a person, such as fingerprints or retinal patterns, and which can be used for identification purposes. Many PCs, laptops, and servers are coming with biometric identification devices as options, and corporate server-side software systems are now available to manage biometrics from the smallest to the largest of corporate networks.

Into this field, Sony Electronics has begun to offer entry-level products with the Puppy line of Fingerprint Identification Devices (FIU’s). Puppy devices are small fingerprint readers that are designed to work with PCs and come in a variety of models for desktops and laptops. The readers and software are primarily the same for both desktops and laptops, but the slightly more expensive laptop-centric version is much more easily portable than its desktop counterpart. I tested the Puppy FIU-710 device for this article, which was designed to be a portable laptop device, though it performs just as admirably on the desktop.

Initial setup
The device itself is a small, metallic rectangle with a USB cable that attaches to its back (with a standard 4-pin USB A-B cable) and to the USB port of your computer. Download this brochure to see a picture of the device and get a look at the specs.

The installation of the device and the included software, SecureSuite XS Workstation, worked easily on both Windows 2000 Professional and Windows XP Professional with both the software and the Puppy designed to run on most Windows and Mac OS systems. After the installation was complete, I had to go through a simple fingerprint registration process that scanned the fingers I specified into the device’s on-board memory. I then ran through the easy process to register logins, Web site information, and other data into the SecureSuite software so that I could log into programs and Web sites using the Puppy device. I also set up a few applications within the SecureSuite software so that no one could run them without passing a fingerprint scan. Any executable can be locked down in this method, so you can pick and choose who has access to both the desktop itself, and any software installed on that desktop.

How it performed
All in all, the device performed quite well for what SecureSuite said it would do. However, Sony and its technical support left a great deal to be desired. When attempting to go beyond the basic install, I had trouble getting the device to do everything the Web site claimed. For example, I attempted to get the SecureSuite software (the only software that comes with the device) to store my password data on the Puppy instead of on my PC. The Sony Web site originally noted that security information was stored on the device for an added level of protection.

After speaking with representatives at Sony, it turns out that the device stores fingerprint data only, at the current time. According to Sony, the Puppy is more than capable of storing password and other security data, but no software exists in the U.S. market that can take advantage of that capability. While the language used was confusing, they were technically correct. It’s interesting to note that Sony has since changed the language on its Puppy Web site to more closely match the abilities of the device.

In addition, the Web site for the Puppy currently says that you can use it to “interoperate with any PKI on the market today via standard interfaces like PKCS#11, PKCS#12, and CryptoAPI.” As Sony is a reputable company, I have no doubt this is true. I also have no idea how you can actually do this.

I called the tech support line to ask how to integrate PKI and was told I needed to contact SecureSuite. SecureSuite stated clearly on its Web site that I needed to contact Sony. Sony’s instruction manual for the Puppy (which is available in PDF form only) also clearly states that Sony is to be contacted to obtain the PKI software. Finally, a representative at Sony explained that it is offered only by special request, and that the tech support teams were unaware that the PKI software—which, again, is explicitly mentioned on both the Web site and in the manual—existed.

Eventually, I did receive a copy of the PKI software from a technician at Sony, with the caveat that I was pretty much on my own as far as figuring out how to get it to work with anything but the Puppy itself. The device was able to store a standard PKI certificate from Verisign, but I was extremely hard-pressed to get the device to do anything but store it for me. The response from Sony’s technician was that he was aware that the PKI software utilized one of the forms of interoperability mentioned on its Web site, but that he didn’t “know how to take advantage of it.”

Final analysis
Sony should get Kudos for creating a device that’s perfect for the SOHO market. Locking applications and even entire computers from the prying eyes of children and unauthorized users is admirable, and the systems even come with the ability to connect into NetNanny and other kid-safe software. However, Sony has not produced a device that’s ready for the corporate market by a long shot. There is no interoperability support, limited authentication support, and poorly trained technical support staff. All of these factors can make using the Puppy in the corporate world a logistical nightmare.