Feb 26, 2003Feb. 27, 2003 - As viewers of the film "Catch Me If You Can" know, identity theft can be tough to stop. Access Denied Systems, located in St. Louis, Missouri, has come out with an RFID security system that could verify that only authorized users get access to a company's computer terminals.
Access Denied's Bio Proximity Security System, which sells for $329 per unit, comes with a fingerprint scanner, RF receiver, software and one credit card-size badge with an 916 MHz RFID transponder that is powered by a 3-volt lithium battery. Additional badges cost $45 each. A version of the badge is available with a passive RFID tag from HID, a leading maker of access control systems, so the badge could be also used to unlock doors secured with an HID card reader and controller.
"We like the RF badge primarily because it's reliable," says Access Denied president Sydney Furst. "It's pretty rugged, and we haven't had problems with interference."
The Bio Proximity unit can be installed on a PC running Windows 2000 or XP. When the unit picks up the signal from a person's RFID badge, it verifies that the person assigned to that badge is an authorized user and prompts the person to log in by placing a finger on the computer's fingerprint scanner. If the fingerprint matches the fingerprint assigned to that badge, the computer instantly becomes accessible.
As soon as the logged-in user steps outside a preselected proximity range (between 1 to 30 feet, as determined by the system administrator), the keyboard and mouse immediately cease to function and the monitor goes blank. To resume the session, the user submits to another fingerprint scan. If another authorized user wants to access the same PC, the Bio Proximity software will log off the previous user and log on the next one.
Similar products on the market may use RF proximity badges, according to Sidney Furst, but they don't provide the high level of authentication that a fingerprint scan offers. With Accessed Denied's system, businesses know that only authorized users can access a terminal ("unless somebody cuts your finger off and sticks it on there, and that's not going to happen" says Furst), and not an individual who happens to borrow or steal an RFID badge and a log-in password.
In addition to its RF-based device, Access Denied makes a security system that uses a sonar transceiver instead of an RF receiver to determine if users leave the vicinity of their work stations. Furst acknowledges that because buying multiple RFID badges can be expensive, the sonar-based system is simpler and less costly for companies with many users sharing a small number of PCs.
On the other hand, the sonar system is a little slower. That's because the RFID badge identifies an individual and the system only has to match the fingerprint on the scanner with that person's fingerprint stored on the PC. Sonar doesn't identify the individual, so the software may have to scan several hundred fingerprints of people authorized to use a PC in order to find a match with the live fingerprint scan. That could take a couple of seconds, compared with a third of a second with the badge.
Bio Proximity provides more than security and speed, but accountability as well. For example, at a hospital's nursing station, where a lot people access the same computer, you need to know exactly who typed what information into a medical record. But to do this, a nurse must first log in to the computer system, something most people would rather not be bothered with.
"People just don't log in and out -- they're not that disciplined," says Furst. "With our system, if somebody else comes in who's authorized, then you're logged out and they're logged in automatically."
Bio Proxity customers include BMW of North America, which installed five units, and Washington University's department of electrical engineering, which installed 10 stations for its computer lab, which tests security products for the U.S. Department for Homeland Security.
