Fingerprints were first used for positive personal identification more than one hundred years ago, when it was proven that each finger of every individual has a unique arrangement of ridge detail. Today, organizations have growing requirements for positive identification systems resistant to high technology fraud. Combining biometrics with Enterprise Single Sign-On prohibits unauthorized users from getting to private information.

These days, CEOs have a growing awareness of the risks involved in protecting physical and IT-based resources from identity theft, malicious outside attacks or generally inappropriate use at facilities and online. Strict mandates -- Health Insurance Portability and Accountability Act (HIPAA), Sarbanes-Oxley, GLBA, HSPD-12, FIPS 201 and Basel II -- from government and industry regulators that require enterprises to take significant steps to strengthen defenses against these misuses. As a result, many corporations implement strong multi-factor authentication policies much stronger than the card and password schemes that had been so commonplace in the past.

Enterprise Single Sign-On (ESSO) solutions require a company’s employees to remember and provide just one set of credentials -- a user name and password -- to access the full portfolio of applications, data and services for which that user is authorized. While ESSO technology is not new, existing solutions have been expensive and time consuming, and rarely lived up to expectations. However, there are newer, more cost-effective solutions on the market that help organizations benefit from increased user productivity and reduced security management costs by enabling ESSO to all your enterprise applications.

When examining Single Sign-On technology options, look for an affordable, easy-to-implement appliance without needing to modify applications. To maximize the enterprise-wide benefit, an ESSO solution should fully support multiple strong authentication methods and centralized policies to allow companies to implement levels of security that are appropriate for their environments.

Combining the ease-of-use of a quality ESSO solution with the identity exclusivity of biometrics can help organizations improve employee productivity and adhere to better security practices, while strengthening their overall security posture and minimizing the burden on IT to manage such a central security system.

Any finger biometric solution choice should consider such critical factors as usability/convenience, system performance, security/user privacy and cost.

Combining Biometrics with ESSO

A biometric-enabled ESSO solution should adhere to the following key criteria:

Matches each user by correlating against known set of references, taking into account:
  • Variations in pressure and density
  • Aging or dirt induced variations in the print
  • Orientation of finger on the sensor
Utilizes a capture algorithm that:
  • Captures images at higher speeds, resulting in less image blur distortion
  • Normalizes for humidity variations in the finger
  • Is “device neutral,” and not associated with a specific sensor or reader
Credentials are stored centrally, using strong security and privacy safeguards by:
  • Ensuring that each captured fingerprint image is destroyed and cannot be misused
  • Maintaining mathematical descriptions of a print’s landmarks, but not the actual print itself
  • Never shipping a username with the template
  • Storing username in a double-blind alias mechanism on server