|
|
 |
TouchPass FAQ
Q: What is TouchPass?
Q: How does TouchPass work?
Q: Who do you see using this product?
Q: How does this technology work in the day-to-day environment?
Q: What operating systems are supported?
Q: Can any finger be entered, or only the thumb?
Q: Do you have to insert a User ID or Password when you scan your finger to logon?
Q: How long does it take to login using TouchPass?
Q: How sensitive is the scanner?
Q: What scanners are supported?
Q: Can the scanner be “fooled” by a latent fingerprint image?
Q: How user-friendly is TouchPass?
Q: How long does it take to set up TouchPass?
Q: How are users enrolled and administered?
Q: Can users be registered remotely?
Q: How accurate and reliable is TouchPass? Is it very forgiving when comparing prints?
Q: How does TouchPass work in a mobile environment?
Q: My fingerprints are very personal, and I don’t like having my fingerprints “on file”.
Q: I’ve got a lot of users. What is the typical file size of the finger data?
Q: Does TouchPass compress the minutiae data before being stored?
Q: Are the communications between client and server encrypted? If so, what algorithm is used? Is stored data encrypted also?
Q: Where is the Finger Data stored?
Q: Does TouchPass store events in the NT Event Log?
Q: Is there any control over the matching strictness?
Q: I’d like to add biometric authentication to applications requiring a separate logon.
Q: I’d like to integrate biometric authentication into my custom applications.
Q: OK, so how much does it cost?
Q: What is TouchPass?
A: TouchPass is an enterprise-level biometric user authentication for Windows networks. TouchPass further biometrically secures applications requiring a separate, secondary users authentication. TouchPass is the solution for enterprises concerned with IT system security.
Back to Top
Q: How does TouchPass work?
A: TouchPass allows registered users to gain access to a workstation or to a Windows domain by simply touching a small scanner. The users is authenticated just as if they had entered their User ID and Password. Whether on the network, disconnected, or remotely dialing in, users are authenticated in real time.
Back to Top
Q: Who do you see using this product?
A: Anyone faced with the challenge of limiting IT access to authorized users, and enterprises desiring to reduce the costs and security risks associated with lost, stolen or forgotten passwords.
Back to Top
Q: How does this technology work in the day-to-day environment?
A: TouchPass replaces or supplements Windows’ normal login procedures. Instead of entering a User ID and Password combination, the user merely places his or her finger on the scanner. Scanning and authentication are automatic.
Back to Top
Q: What operating systems are supported?
A: TouchPass server supports Windows NT Server 4.0, Windows 2000 Server and Windows 2000 Advanced Server. Supported client operating systems include Windows 95/98/ME, NT Workstation, 2000 Professional and XP Professional.
Back to Top
Q: Can any finger be entered, or only the thumb?
A: Multiple fingers (up to 10 per user) can be registered, and NEC recommends standardizing on a particular finger (or fingers). Although the thumb may be a natural choice, the index and middle fingers typically have the least amount of wear and often give the most accurate results. However, fingerprint quality varies so it may be necessary to try other fingers for some users.
Back to Top
Q: Do you have to insert a User ID or Password when you scan your finger to logon?
A: No. Unlike some biometric authentication products, TouchPass can perform both 1:1 (verification) and 1:N (identification) matching. Depending on the security and convenience desired, individual users may be flagged as:
- User ID/Password Only (biometric logon not allowed)
- User ID/Password Or Biometric (either allowed)
- User ID/Password And Biometric (both required)
- Biometric Only (User ID/Password not allowed)
TouchPass supports mixed environments of biometric and non-biometric equipped workstations.
Back to Top
Q: How long does it take to login using TouchPass?
A: About the same time it takes to enter a User ID & Password, 1-2 seconds.
Back to Top
Q: How sensitive is the scanner?
A: TouchPass supports a wide variety of scanners and scanner technologies, and the sensitivity set by the scanner manufacturer varies from model to model. NEC offers several scanners to choose from based on your environment and individual requirements, and all are among the highest resolution scanners on the market for this type of application.
Back to Top
Q: What scanners are supported?
A: TouchPass supports numerous scanners from various technologies and connectivity. TouchPass supports optical, capacitive and silicon scanners with parallel port or USB connectivity.
Back to Top
Q: Can the scanner be “fooled” by a latent fingerprint image?
A: All the optical scanners supported by TouchPass include anti-aliasing firmware to eliminate the possibility of a latent print being used to authenticate. Further, TouchPass includes anti-aliasing capabilities in it’s internal code. Silicon and/or capacitive scanners cannot be fooled by a latent image on the platen.
Back to Top
Q: How user-friendly is TouchPass?
A: TouchPass is very user friendly – the scanner starts automatically when the user places their finger on the platen. If a user doesn't properly place their finger on the platen, the user is prompted to adjust their finger placement.
Back to Top
Q: How long does it take to set up TouchPass?
A: TouchPass is simple and easy to install. Software installation and setup requires no more than 5 minutes per server or workstation. After that, finger registration is approximately 2~3 minutes per user.
Back to Top
Q: How are users enrolled and administered?
A: TouchPass is very easy to administer using tools already familiar to the systems administrator. Users are enrolled and maintained via the Windows NT User Manager for Domains or Windows 2000 Active Directory Users and Computers (whichever is applicable). TouchPass can be administered from any server or workstation where the Administrator has logon rights and the TouchPass Administration plug-in has been loaded.
Back to Top
Q: Can users be registered remotely?
A: Yes, TouchPass can register users remotely (see “How are users enrolled and administered”, above). Users cannot enroll themselves. However, TouchPass allows very remote users to capture their own finger data, then email the encrypted file to the administrator for enrollment.
Back to Top
Q: How accurate and reliable is TouchPass? Is it very forgiving when comparing prints?
A: TouchPass is very reliable and accurate. TouchPass’ False Acceptance Ratio (FAR) is extremely low at 0.0002 percent (1 in 500,000 attempts), while the False Rejection Ratio (FRR) is 0.05 percent (1 in 2,000 attempts).
Back to Top
Q: How does TouchPass work in a mobile environment?
A: Using the standard Windows cached logon process, TouchPass will authenticate mobile users not currently connected to the network. For maximum security the cache can be turned off.
Back to Top
Q: My fingerprints are very personal, and I don’t like having my fingerprints “on file”.
A: TouchPass respects individual privacy, and does not store or retain fingerprint images. Instead, TouchPass extracts “minutiae” data points from the scanned image, which are then encrypted and stored in a secure location. The fingerprint cannot be replicated from the stored data, nor can the data be extracted or viewed.
Back to Top
Q: I’ve got a lot of users. What is the typical file size of the finger data?
A: NEC minutiae files can range in size from 2K to 10K. The file size varies with several factors, including the size of the finger image from which the minutiae was generated and the number of minutiae points extracted. A typical minutiae file is approximately 4K.
Back to Top
Q: Does TouchPass compress the minutiae data before being stored?
A: Because performance is vital to biometric authentication TouchPass doesn’t compress the minutiae dat
A: Decompressing the finger data would require increased time to process matches, and the small space required per user is not typically an issue for most enterprises.
Back to Top
Q: Are the communications between client and server encrypted? If so, what algorithm is used? Is stored data encrypted also?
A: Yes. All communication between TouchPass clients and servers is encrypted and uses Microsoft’s Public/Private Key security. Plain text passwords are never communicated nor stored.
Stored data is encrypted using Microsoft’s standard (or enhanced) crypto provider. Customers can therefore choose from 40~128 bit encryption, depending on which level of Microsoft encryption is installed by the system administrator. By using Microsoft’s Crypto API, TouchPass allows customers the flexibility to use their desired encryption level while avoiding compatibility issues associated with proprietary encryption techniques.
Back to Top
Q: Where is the Finger Data stored?
A: TouchPass stores the Finger Data in the Microsoft User Accounts Database. In Windows NT, the data is stored in the System Accounts Management (SAM) database. In Windows 2000, the data is stored in the Active Directory database. There are many advantages to storing the data in the Microsoft database, including:
- The database is encrypted and secured by the operating system.
- The database is automatically replicated.
- Full compatibility with mixed NT/2000 environments is assured.
- No additional database to purchase, install or maintain.
Back to Top
Q: Does TouchPass store events in the NT Event Log?
A: All standard NT events (logon success, failure, etc.) are stored in the NT/2K Event Log. TouchPass does not store any specific additional events.
Back to Top
Q: Is there any control over the matching strictness?
A: The NEC algorithm is the most selective single-finger algorithm available, and TouchPass’ default settings are based on long-term testing using real people in typical environments. The default settings are suitable for the majority of users but advanced administrators can change these settings. NEC will provide documentation explaining how to tailor these values for individual requirements on request.
Back to Top
Q: I’d like to add biometric authentication to applications requiring a separate logon.
A: An optionally installed module in TouchPass adds biometric authentication capability for a wide range of applications requiring secondary authentication. When the application is started, TouchPass prompts for a finger scan to authenticate the user. Optionally, TouchPass can be implemented to provide users with single sign-on, giving authorized users access to any applications by a single touch of the finger.
Back to Top
Q: I’d like to integrate biometric authentication into my custom applications.
A: NEC offers a Software Developers Kit (SDK) for those wanting to integrate finger imaging technology directly into their own applications. 2 versions are available, depending on individual requirements.
Back to Top
Q: OK, so how much does it cost?
A: Industry analyst IDC estimates it costs $200 per year, per user, to maintain and administrate passwords. Much of this cost is due to lost, stolen or hacked passwords, and these costs don’t address the possible lost revenues associated with security breaches.
Back to Top
TouchPass is not only affordable but also quickly pays for itself, especially where passwords are frequently changed and/or where Strong Passwords are enabled and easily forgotten. ROI is typically no more than 1 year, and often less than 6 months depending on configuration and usage.
|
|
|
