At RSA, The Tech Herald sat down with a well-known biometrics company called UPEK. The result of the meeting was an interesting look into the future of biometrics and a chance to test the Eikon, one up UPEK’s newer print readers.
The Eikon from UPEK is a small reader that takes up very little space. The device offers security that is focused on IT and the home user. The installation is easy to follow, and the benefits of the device itself, such as automatic login to websites for the home user, or secure remote access when coupled with RSA SecurID manager for business, makes the Eikon a multi-tasker.
For this review, we will look at some of the common features, and rate them against how they benefit the user. The aim is to demonstrate how it can work both at home and in the office. For those of you reading this for research into biotechnology or IT security please note the various sections that list the positives and negatives. As with all reviews done by The Tech Herald on IT related products, even those with strong home applications, comments and questions are welcome.
Installing the Eikon was simple. It was installed on Windows XP Professional, with Service Pack 2 and 3072MB RAM. Later it was tested on Windows Vista Home Premium, on a Toshiba laptop running with 2048MB RAM. In both cases, there is little in the way of resource usage by the software used by Eikon called Protector Suite.
Once the setup is launched, you are reminded to connect the reader only after the installation is complete. The documentation shipped with the reader is compact, with the directions presented in a simple to study fold out guide.
Once the install is complete, you have to reboot the computer. This is where you start using the reader. Pressing CTRL-ALT-DEL to login prompts you with a notice on the taskbar. The notice wants you to enroll your fingerprints to the Eikon device.
Enrollment is where you scan your finger prints and prepare them for the device to use.
Pro: The Enrollment is simple; there is a tutorial to demonstrate exactly how to complete the process. It takes three good swipes of the finger to complete the enrollment task for that finger, and you can enroll all ten digits.
Con: Like all biometric readers, the Eikon is fussy. Learning the right process to swipe your finger takes some getting used to.
Do not be surprised as an IT administrator to hear complaints of broken readers, or in the home, complaints from the family that it isn’t working. The likely reason for errors is that the finger is being scanned (swiped) too fast.
“It takes a little practice to learn how to swipe your finger, but once you get it the Eikon always recognized me…,” one review wrote about Eikon on Amazon.
Once enrollment is complete, you are essentially ready to start using the Eikon.
Unlike most biometric readers, UPEK’s Eikon does not store your print in a database of any type. What happens is the unique features of your print are recorded and using mathematics, the Eikon creates a template of the finger. The template is stored on the device itself, in encrypted form. Only that device can use the templates, and each template is unique to the user.
Using the Eikon is self explanatory. Once you get into the habit of using it, the device is almost second nature. To start using the Eikon you need only to swipe your finger. This launches what is called the “BioMenu”
The BioMenu is the central management of the Eikon. Locking the terminal, registering websites, locking files, and accessing the Control Center are all done from this menu.
Briefly, the Control Center is easily navigated; it offers management of fingerprints, various settings, and program help.
Using the typical settings of the Eikon offers an impressive set of security. Typically, the best usage will come in the shape of account access, and replay of website logins. One of the interesting features is the application assignment.
As you see in the screen, you can assign a finger (left index for example) to launch an application. For this test, I used my left index to launch Firefox and open the iGoogle start page. With a single swipe, I was able to launch the browser and iGoogle appeared. This leads to another feature; web based biometric logins.
Once on a website with a username and password login form, you can enter your information, and swipe an enrolled finger. This will bring up the BioMenu where you click on the “register” icon to allow the Eikon to record the login information.
Pro: The ability to launch applications with the device is huge. Likewise, letting you login to the website of choice is cool too. Once a site is registered, there are configuration options that will allow you to replay your authentication for automatic login.
Con: The steps required to register applications or websites can seem daunting at first. In addition, a dialogue box appears on the first time you use auto login feature. While you can disable it, that will come off as annoying to some people. The notice shown above asking for registration is also a bit tedious for casual surfing. You will want to turn this off. However, after disabling it, on sites where a username and password field appears the pages border will flash alerting you to the registration ability.
Launching applications, logging into websites, and normal computer logins, are some of the features that would appeal to both the home and business user. There are other little gems, like using the reader to scroll a webpage, that are quirky, but useful all the same.
On the business side, there is a lot more to do with Eikon. One of the features I noticed while testing is file encryption. Right-clicking on a file brings up a menu where you can encrypt a file based on your enrolled prints. Once encrypted, the file can only be accessed by you or anyone with the optional password.
You can then keep the original file or delete it after it is encrypted.
Once secured, files will have a little lock icon on the file image to show that it is encrypted.
Pro: The ability to encrypt files is great for someone to use in Human Resources, or on the Development team. Notice you can encrypt the file for more than one user, which is a very convenient option.
Con: None really for this option, but the security is defeated if someone who shouldn’t have access to the archives password gets a hold of it. UPEK recommends setting a backup password just in case there are ever any issues with the reader.
The review of Eikon did not include testing of RSA SecurID. This is because we do not have access to RSA SecurID Manager. However, for research purposes, The Tech Herald will give you a brief overview here.
An RSA SecurID software token seed, which needs to be purchased separately directly from RSA or its channel partners, can be stored securely in the UPEK hardware and be used to generate one-time passwords directly from within the biometric hardware. If you recall the images from RSA, I showed one of the USB devices that feature the RSA technology.
The addition of biometrics into the RSA SecurID adds another layer of security, and the token is one time only. The future of biometrics includes this setup as a way for banks to allow over the internet access to banking and other secured access points.
During my conversation with Brian DeGonia, he explained that the future of biometrics is focusing on the internet. The biometrics you know now are first generation, the next step is to move towards the internet, and combine technologies into layers and offer security from that standpoint.
The Eikon is already setup to use the RSA SecurID protection. You can get more information here: http://www.upek.com/solutions/rsa/
The UPEK Eikon is a great piece of technology. The device works with PC, and there is a Macintosh version as well. (Mac not tested.) The current going rate is $50. Pretty damn cheap for the flexibility that it offered.
For use in the business sector, this would make a great addition. Many business are already using UPEK biometrics and likely do not know it. The company supplies the biometric readers for IBM (Lenovo), Toshiba, HP, and other laptop manufacturers.
For home use, parents can use this to secure and manage a single computer family, or to protect applications or files on several computers. While not designed as a babysitter, when testing I used this to manage access to the computer my kids use, securing files and restricting it when I wanted them offline.
Unlike the reviews with software based security (Norton 360 2.0) there was no sliding scale for UPEK.
Taking into account that all of the features mentioned in this review were tested under various situations, it adapted well to use. Website access to SalesForce.com, and securing a wide range of documents (PDF, DOC, XLS, JPG, TXT, etc.), worked as expected.
Overall, this is a product that I personally would recommend, and continue to use. If there were a rating to give, it would be 8 out of 10. The reason for this is the multi-step process on some of the applications. While many of the suggestion screens were easily disabled, the flashing browser window for example, quickly tried my patience.
That is a minor beef, compared to the overall satisfaction in the product. I would suggest IT shops get a single unit and test it in-house. The home user would be well served with just the basic functionality, which for its cost, the Eikon can easily pay for itself after you stop remembering which password worked for what site.
You can buy the Eikon now on Amazon.com. While there, read the user comments. That would be a great way to get a solid prospective aside from this review. There are some glowing reviews and some down right negative ones. After reading them, the negative ones were one of two things, user error and failure to read documentation, or Amazon making something difficult for someone.