Pocket-sized, portable, private: the plusID Personal Biometric Token

and recording capability. People can have biometrically assured access to all the restricted areas in a building — without having to do a lot of rip-and-replace — overnight. You tell security managers familiar only with the screw-it-to-the-wall solutions that their entire population can be biometrically verified tomorrow. They think you’re joking. But it’s true.”

Another major perceived hindrance to exploiting that middle ground is, of course, expense: for design, engineering, the product itself, electrical permits for pulling wiring and power and network to every location, product management, etc. Petze says, plausibly, “That’s a lot of friction.” With the plusID, however, management simply issues a specialized type of credential. Instead of a conventional white-plastic access card — which can be shared or misused or stolen or lost — the authorized employee receives a personal biometric token; an item not much bigger than a car key; something that only the rightful owner can “turn on.”

To this point, Petze has been talking about physical access control. A question about the effectiveness of the plusID for IT security brings up user-name-and-password, a method that almost any practitioner will acknowledge is a very weak means of identity verification. The organization that dictates a password change every 45, 60, or 90 days for access to secure networks may not appreciate the annoyance, even difficulty, of password management. In addition to those for use with home computers, employees may have as many as ten work-related passwords. As a universal security solution, this breaks down the first time an employee — requiring an aide-mémoire — commits a password to a notebook. The same plusID that gets a company’s people in the door also gets them onto their computers. Once a fingerprint match is established, communication between device and computer is by means of a number of standards — Microsoft Certificate Services perhaps the best-known. The computer’s operating system and applications already support the use of smart cards for a log-me-on credential. The plusID, when it’s talking to a computer instead of a door, mimics a smart card. Petze said, “When Windows recognizes a smart card, it takes the user to that log-in process. But our ‘smart card’ won’t release its key — its digital certificate - until the user slides the finger over it to demonstrate precisely who is there at the keyboard. It talks to the computer over a USB cable, as with