This article can also be found in the Premium Editorial Download "Information Security magazine: Compliance vs. security: Prevent an either-or mentality."
Download it now to read this article plus other related content.
DigitalPersona Workstation Pro and Server 4.0
REVIEWED BY BRENT HUSTON
Price: Server, $1,499, plus $50 authentication
Biometric authentication has met considerable market resistance, mostly because of integration issues, accuracy and cost. With improved tech- nology and the introduction of laptops equipped with fingerprint readers, biometrics may be starting to move into the mainstream. DigitalPersona Pro is a robust single sign-on (SSO) software suite that allows an enterprise to replace passwords with biometric fingerprint readers or provide dual-factor authentication.
|Installation and Setup||B+|
Installation is straightforward. The server installation requires a few more steps to integrate with Active Directory, but it's all detailed in the manual. After installation, the workstation software starts a wizard, which records your fingerprint. After a few repetitions, we were able to register a fingerprint in less than 10 seconds. The workstation software automatically detects any Digital-Persona Pro servers on the local network.
Both the server and workstation software can be purchased with or without DigitalPersona's fingerprint reader. The latest version of DigitalPersona Pro offers wide support for third-party readers, such as those becoming popular in new business-class laptops. The DigitalPersona optical reader is quite good; we found it to be accurate, with few false negatives and no false positives.
|Workstation (Single User)||B-|
|Server (Centralized Environment)||B+|
Creating a template is fairly easy. You need to make sure the window title is accurately reflected within the SSO administration tool. You then enter the actions required for login--e.g., entering keystrokes into a field, time delays, or x-y coordinates of a window. Templates can also be created for password-change forms, which can be used to automatically generate passwords. The created templates can be either pushed out to workstations via GPO or copied manually.
The server centrally manages fingerprint data for all users, with tight Active Directory integration. It also provides event logs for fingerprint logins to help with regulatory compliance, but lacks strong reporting capabilities. It also provides a handy query tool to easily discover who has registered fingerprints.
Testing methodology: DigitalPersona Pro Workstation was tested as a standalone product on Windows XP desktops, and in an AD environment with the server component on Windows Server 2003.
This was first published in March 2007