Product Reviews

Biometric Security Products: Panasonic Authenticam, Iridian PrivateID and SecureSuite

The eyes have it—affordable iris scanning from Panasonic and Iridian

• By Roberta Bragg
• 04/01/2002

Most biometrics surveys agree: Iris scanning is the most accurate biometric process. The iris, of course, is the colored circle around the dark pupil of your eye. Each eye has a unique set of irises. To use iris scanning a specialized camera is required. In the past that meant iris scanning was too expensive for most networks and was, it was thought, more suited to access control than for authentication on the network. Like most other devices, iris-scanning cameras are no longer just for high security situations. Still, the cost is twice that of other biometric devices. A good iris-scanning camera costs about $300, while fingerprint scanning devices are available for less than $100.

StrikeforceTechnologies Inc., www.strikeforcetech.com, a Panasonic iris scanning camera dealer and integrator provided the camera and software for this review. The camera is small (about the size of a pack of cigarettes) and comes with its own stand. Setting the camera on top of the monitor and tilting it helps to line it up with your eyes and obtain the best capture.

Product Information Panasonic Authenticam Camera, $199.99 Iridian PrivateID and SecureSuite software Provided by StrikeforceTechnologies West Orange, New Jersey (866) 787-4542 www.strikeforcetech.com

Installation and Registration
Unlike some of the other products tested, this one comes with a small insert that provides all of the information necessary to get up and running. I was reminded of the instructions I got with my two-line, fancy-smantz answering machine/telephone combo last week. (Funny, the iris-scanning camera works, and the phone doesn't, but that may say more about which technology I have more interest in.) It is however, extraordinarily easy to lock yourself out of your computer if you're not the kind to follow instructions. If you install all the software before the camera, the game is over.

The proper process requires that you install the camera between the installation of the two software products. So first I loaded the Private ID software. This controls the camera. After I rebooted and plugged in the camera, I tested its functioning using the provided utilities. This is not a bad idea; because installing the authentication control software (SecureSuite) on a system with a malfunctioning camera would be another way to lock yourself out. To test system operation, you run a utility that tests the video functions, illumination system, alignment, and that can perform an iris capture. You can also use these utilities for user practice.

Next, during the install of the SecureSuite software (this configures authentication) I was prompted to create a user account to administer the suite. Interestingly I could not pick the built-in Administrator account, nor could I later make that account a SecureSuite administrator. What's more, after product installation I couldn't use the built-in administrator account to login. Fortunately the new account identified as the SecureSuite administrator was given membership in the local Administrators group.

After logging on as the SecureSuite Administrator, I opened the SecureSuite user manager. This utility allowed me to add Windows 2000 users and select an authentication method for them. In my case, only password and iris were available. If I had also installed a smart card reader, that would also have been a choice. Each choice must be configured. Password entry is, well, password entry—you type it and then type it again for confirmation. A wizard is provided to help the recording of iris information. It turns on the camera and waits for the user to line up his eye with the lens. Once this is accomplished, a small orange circle of light just inside the lens turns green and a sound like a camera click can be heard. The user does not need to touch the camera. Four good shots are needed in order to create a template (see figure). Once both methods are complete you can either require password and iris scanning, one or the other, or insist on a single method. When only iris scanning is used, the user password is changed every time the user authenticates. Knowing a password will not allow access to the system.

Capturing iris scans to authenticate a user. (Click image to view larger version.)

My enrollment process was, I understand, typical for a new user. At first I had trouble lining up my eye with the camera—it won't snap the picture until you're properly aligned. Next, I managed to get four shots, but SecureSuite thought they were a little bit borderline and wouldn't record them. Finally, I managed to obtain a good set. After logging off, I used the three finger salute and was given the SecureSuite logon window. Again, it took some false steps to manage logon as well. A short practice time made my attempts more polished and more successful.

Best Practices and Issues
This product moves iris-scanning into a viable product for many businesses. However, to enforce policy, and provide better security for the network, you should either remove the use of a password or ensure that users must use both iris scanning and a password to access any station. In the former case you'll lose the use of RunAs, in the later you may find more problems with user acceptance.