IBM Introduces Biometric Thinkpad 195
An anonymous reader writes "IBM has added biometric security to its thinkpad notebooks. The next generation of T series thinkpads will have an integrated fingerprint scanner for added security. The latest machines will also include some pretty cool encryption software, that will keep your hard disk safe, but still let you backup and restore images. This guy managed to get his hands on an early prototype T42 with the new security features integrated."
Micron has biometric support (Score:5, Informative)
Some models of Micron laptops have had this feature [mpccorp.com] for a while.
Bloomberg keyboards have had biometrics for a whil (Score:0, Informative)
I realize IBM is a mainstream notebook company... (Score:4, Informative)
http://ruggedpower.motorola.com/ [motorola.com] Our local PD has them for detectives. Heavy, but nice feature set.
Hype Factor 9 (Score:5, Informative)
For an IT manager, biometric security will make life much easier. Gone will be all those phone calls from users who've forgotten their passwords. And there will be no more worries about insecure passwords, or even keystroke loggers, trapping passwords and passing them onto hackers and fraudsters.
Gone may be phone calls for forgotten passwords but there'll be plenty of new calls as to why their fingerprints aren't scanning. The function of accuracy for fingerprint scanners varies according to things such as the skin's elasticity. This changes with age, humidity, cuts, etc. So biometrics aren't a 100% fix. There will always be "goats," the people for whom biometrics just doesn't work well, including the biometrics professor around here who's missing a fingertips (not due to any experiment mishap, mind you). I'd also worry about the security of your stored biometric data. Hopefully it'd be a hash and not the raw data, which could be harvested and used. Then again, I wonder what the incidence of collisions in a hash that uses biometric data is?
Re:Remember your friends (Score:5, Informative)
No, you can't. From the article:
"Of course since the Power On security layer is something that occurs well before Windows has started up, the fingerprint data can't be stored in a Windows file or folder. Instead, the fingerprint scanner itself stores the fingerprint data and retrieves it when the Power On security request is made. You can store a total of 21 profiles in the scanner, which should be more than enough, unless you share one notebook between a score of users. If you're worried about someone extracting the fingerprint data from the scanner and breaking your security, dont be. The scanner only stores a tiny amount of data for each fingerprint, just enough to ensure an accurate match, and nowhere near enough to recreate a complete fingerprint."
Re:Can't Access My Computer Please Help!!! (Score:5, Informative)
Re:swipe scan (Score:5, Informative)
That is a great idea. Such an elegant solution to what could have been a big problem.
Actually, the swipe scanner is cheaper, consumes less power, and has a smaller footprint than the original designs. So it's really best suited for devices such as cell phones, PDAs, etc.
Re:False security (Score:3, Informative)
Are you aware that:
If you don't want an IBM... (Score:2, Informative)
My friend bought one a while back and used it rather successfully on his Dell D800 before he had to give the computer back to his employer. It was pretty accurate in scanning his fingerprint. He never got locked out of his machine.
I can't remember if the machine would NOT allow a login without the reader or not. If it would, then that sort of defeats the purpose of the reader if you were able to steal the laptop without the reader attached.
IronChefMorimoto
Re:Hype Factor 9 (Score:3, Informative)
Biometrics stored for authentication are stored in a reduced, non-reversable format. Its designed to be searched and matched, but not extracted.
L
Re:Yes, but... (Score:3, Informative)
Re:But what happens... (Score:3, Informative)
Re:But... (Score:3, Informative)
And yet, the ThinkPad configurator (at least on their Canadian site) has options for Windows XP Home or Professional, but no Linux distributions (nor BSD) and no "no operating system" option.
Re:fingerprints are everywhere (Score:3, Informative)
Re:False security (Score:4, Informative)
RTFM.
Do you know how password protection and data encryption works on laptops? No, you don't.
There are several layers of security involved. First, the BIOS and the HDD both have password authentication mechanism. The BIOS stores its passwords on a custom chip which scrambles its I/O. Resetting the BIOS master password is possible, but it requires a highly modified chip programmator and a skillful person.
The HDD stores its password on the platter and requires it before it will allow access to any data. To bypass this mechanism, you must engineer your own HDD controller chip which will skip the authentication and the PCB for it and transplant it in place of the one on the HDD. This is virtually impossible unless you have very good friends in the HDD manufacturer company.
Finally, after the HDD allows access, the software encrypts selected files using strong encryption and stores the keys on the secure (TCPA) chip. The secure chip requires a passphrase before it will allow access to the keystore. It is virtually impossible to bypass this and retrieve the keys from the secure chip without knowing the passphrase.
Therefore, to retrieve the data from the stolen laptop's HDD, you must first possess either extreme competence in electronics or extremely good illicit connections in the industry, and second, brute-force industrial-strength encryption on the files. Good luck.
Re:Yes, but... (Score:3, Informative)
Biometric measurements are attractive candidates for the "something you have" part because they are unique, in most cases easy to read and convenient... i.e. never left behind. On there own though they do not provide a strong authentication solution... but even then, a large bit-length key on a USB or serial device does not provide strong authentication on its own as the key can always be stolen or compromised.
A finger print tied to a password on the other hand renders the entire system much, much more secure. It is up for debate if this is more secure in general than a key/password solution though... the trade off is something that is easier to use, more convenient for the user in hopes that it is used and used correctly vs a solution that is inherently stronger but more cumbersome for the user and more likely to be abused (leaving the key plugged in all the time for instance).
Comparing fingerprints to a USB key as a solution to the "something you have" challenge in a security response:
Fingerprint:
+ Impractical to steal
+ Always with you
+ Standard format
- Relatively easy to forge for optical scanners
- May change over time
USB Key:
+ Hard to forge
+ Stable format
- Not always on hand, could be left behind, lost, forgotten
- Can be stolen
- More difficult to provide a standard interface
One of the reasons I personally favor keys, while they can be stolen the effort required to secure a key based token is much easier than the effort required to prevent leaving fingerprints around (unless you want to start wearing gloves all the time). Also if your key based token is stolen (or lost) you know it is gone, until you detect a break-in after the fact you will not know if a print has been forged... you would probably be aware if someone stole a print by removing a finger though
In my own (non-expert opinion) I would rank various authentication techniques as follows from most secure to least:
Long bit-length token + Strong Password
Strong Biometric measurement + Strong Password
Weak Biometric measurement + Strong Password
Long bit-length token
Strong Biometric measurement
Strong Password
Weak Biometric measurement
Not going even bother including weak passwords and not counting improper use/storage of tokens and devices (I consider weak passwords improper use btw). Weak Biometric measurements would be something like optical scanning, strong measurements are stuff like eye prints and thermal scanning/imaging.
Re:the fujitsu lifebook P7010 already has fp scann (Score:3, Informative)
http://www.electrovaya.com/product/scribbler_pr