Sony launches new fingerprint scanner

A new fingerprint reader from Sony Electronics Inc. that can store, match and export fingerprint images is tailored to organizations trying to meet stringent IT security requirements in the areas of health care and homeland security, according to information published on Sony’s Web site.

The new device, called the FIU-600, is a slimmed-down version of the company’s FIU-710 fingerprint reader and will sell for approximately US$135.

Like the FIU-710, which sells for around US$180, the FIU-600 is a Windows-compatible hardware device that uses a USB (universal serial bus) connector, and contains a 16-bit CPU and 1MB of flash memory, according to John Harris, product planning manager for biometrics at Sony.

The 600, like the 710 model, is capable of storing and matching user fingerprints locally, with a capacity of 1,000 prints. However, the 600 contains more advanced matching technology than the 710, the result of two years of continued development, Harris said.

Unlike the 710, which was designed to be carried around by a single user, the new 600 model does not contain a cryptographic processor that allows the FIU-710 to act like a fingerprint-enabled smart card that can generate RSA key pairs, encrypt files using the DES (data encryption standard) algorithm or store password lists and other secure data.

Instead, the 600 is capable of synchronizing with a centrally-managed database of fingerprint images and exporting images to the database where they can be analyzed by third party security applications, something that the 710 was not designed to do.

“The philosophy of the 710 was that it was a biometric token, like a smart card, but with more security. The 600 is designed with an eye towards the central storage of biometric data to comply with regulations like HIPAA,” said Harris referring to the U.S. federal Health Insurance Portability and Accountability Act of 1996 that covers the handling of confidential patient information.

For large organizations with thousands of employees, that capability would allow fingerprints scanned at a local workstation to be matched against a centralized database containing fingerprint images for each employee. Fingerprints could then be used to determine data, application and network privileges, according to Harris.

“We thought it would be asking a bit much for people working in hospitals to have to carry a biometric peripheral around with them. The 600 can do matching on board, but at the same time we recognize that there are applications that require biometrics to go beyond that,” said Harris.

Sony is promoting the FIU-600 as suitable for organizations that want to eliminate passwords and deploy a single sign-on technology, but that does not intend to use the public key infrastructure for sign-on authentication.

However, the FIU-600 device is not foolproof and could possibly be tricked by sophisticated molds of a valid user’s thumb or finger that contained the print, according to Harris.

“We employ a variety of techniques to test for the liveness of the print in as much as is possible in an affordable device. (The FIU-600) provides more than adequate security for the types of applications it is intended to secure, but biometric devices shouldn’t be the single point of access control for very sensitive applications,” Harris said.

The FIU-600 is available now and can also be purchased from the company in a bundled package that contains I/O Software Inc.’s SecureSuite program. Sony also has a number of pilots under way that integrate the FIU-600 in larger, enterprise settings. Beta customers include Fortune 500 companies in the field of financial services and health care, according to Harris.