Many USB tokens have a cryptographic chip/engine which can perform data encryption. These USB
tokens can therefore naturally integrate with PKI deployments in a corporation and provide
functionality such as email signing and data encryption. Note: In addition to PKI support, HP
ProtectTools also provides the means to more securely store user authentication credentials like
passwords and therefore does not require additional PKI infrastructure elements.
Pros Cons
Utilizes two personal traits, possession and knowledge to
provide a higher level of security
Most USB token implementations are vendor unique
Lower cost deployment compared to Biometrics and smart
cards
Lost USB tokens result in manageability costs
Strong cryptographic capabilities, enables PKI integration.
General implementation requires expensive PKI
infrastructure.
Mobile user authentication
Biometric fingerprint authentication
Biometric devices utilize a physical characteristic in order to authenticate a person. The most
commonly available biometric technology currently in use is the biometric fingerprint reader. Biometric
fingerprint authentication provides convenient, easy to use authentication that is more secure than
passwords alone.
Biometric fingerprint technology continues to improve; however, unlike cryptographic authentication
which is extremely precise, Biometric authentication has to be approximated. This inherent attribute of
Biometric technology requires a constant tradeoff between false positives and false negatives. Taking
into consideration that a person’s biometric characteristics are not secrets, as long as the probability
of false positives exists, biometric characteristics can be faked, resulting in a security vulnerability.
For best results, biometric devices should be used in combination with other authentication
technologies.
Biometric technology is also susceptible to unavoidable external factors such as cuts, dry fingers, high
humidity, etc. These can result in a high incident of false negatives causing user dissatisfaction.
Enterprises should also take into account that fingerprint authentication is suited primarily for client
authentication, and has limited network authentication capabilities
3
. Large scale deployment of
fingerprint readers requires some infrastructure considerations and can place limits on functionality
and flexibility.
Pros Cons
Convenient alternative to passwords and tokens Uses mathematical approximations, requiring
tradeoffs between false positives and false negatives
Easy to use Susceptible to unavoidable external factors (cuts,
dryness, humidity)
A person’s biometric characteristics are not secrets,
and should be used in combination with other
technologies.
3
While network authentication for biometrics can be implemented, the flexibility would be limited and the solution would require all deployed
biometric devices to be from the same manufacturer.
6
To Next Page
Loading...
Need help?
General