Give digital the finger

August 2012 Access Control & Identity Management

Regular readers will have read countless articles in Hi-Tech Security Solutions dealing with access control and the dangers of traditional means of access, in other words, cards, passwords, tokens and PINs. We have also carried a few articles of logical access control, where we look at the current ease with which people can log into corporate computers and access sensitive applications, such as accounting systems, for their own nefarious purposes.

You will also have read some articles expounding how useless passwords and PINs are as an identification and authentication mechanism. In fact, in this issue we have an article highlighting the enormous amounts stolen, seemingly with ease, by insiders in companies globally. One of the startling facts in the article is that more than half of the stolen money is never recovered – so much for insurance.

SuperVision Biometric Systems has come up with a solution to this problem that costs about R100 per user per month. The solution, SuperSign, is a biometric logon application that works with most biometric readers. The software, developed by SuperVision, streamlines the process of registering users and authorising applications and transactions via a fingerprint.

In the demonstration Hi-Tech Security Solutions attended, SuperVision’s partner, BCX put SuperSign through its paces. The biometric device used was the MorphoSmart 1300 fingerprint reader which can be easily attached to a computer via a USB port.

BCX’s Alexander Botha explains that the system works with the normal directories companies use, such as Active Directory or Novell’s eDirectory. To keep these corporate assets safe, the SuperSign software handles the capturing of users’ biometrics and the assignment of permissions. Everything is controlled by biometric scans to ensure the accuracy of the process.

Biometric verification

Assigning permissions and access to specific digital assets is done via a drag and drop process, or users can be assigned the same permissions as other users with a click. Additionally, when a user needs to be loaded onto the system, two additional, authorised employees will have to verify the process.

For example, when the user is enrolled, someone will need to authorise the process and permissions assigned to the individual and capture their biometrics, while a third party will act as a witness, again via biometrics, before the process is complete.

When the user logs on for the first time, the system changes his default password to ensure that nobody knows what it is, preventing criminals from bypassing the biometric logon. Naturally, the administrators have overall control as usual, but also through their own biometrics. This process ensures there are no passwords written on Post-It notes or pasted under keyboards where they can be easily accessed.

SuperSign goes further in that it will also apply the same logon process to any applications the user opens that need an additional password, such as the accounting system. Once again the initial password assigned to the user is changed to ensure nobody can use his/her credentials to access the system as that user. All these logon processes are controlled from the SuperSign software.

In addition, companies can also apply these processes to Web applications, such as Internet banking or even social media sites like Facebook if they feel the need to track who uses these applications.

Clear audit trail

Botha says the system not only ensures that passwords cannot be copied, stolen or given to someone else, but by using fingerprints, a clear identity trail is created and stored in case it is needed. When using passwords, tokens, PINS or cards to log onto applications and authorise transactions, users verify the traditional ‘something you have’ and/or ‘something you know’ (both for two-factor authentication), but they do not verify who they are.

SuperVision’s Mark Eardley notes that when people are called onto the carpet after fraud has been committed with their password or card credentials, they can simply say they didn’t do it and there are few ways to prove they were there when the credentials were entered.

With biometric logon processes, the person can’t claim innocence as it is impossible to steal someone’s finger. In extreme cases where people may do so, the better biometric readers can detect if a finger is not attached to a living person. This leaves an indisputable identity chain, showing everything the user did on the system, time and date stamped.

The software is also tiered, meaning the user must first logon to Windows before they can access an application if the company so desires. This will prevent someone leaning over a colleague’s shoulder to authorise a transaction or other activities that have stringent security protocols.

When linked to physical access control systems, security is even tighter. The system can be extended to ensure that people can’t logon to their workstation if they haven’t entered the building and it can even automatically log them out when they leave the building.

As noted, the system can be leased at around R100 per month per user. This includes the full service of software, hardware, installation, training and maintenance. The SuperSign software is light on resources meaning a laptop attached to the server will suffice for medium-sized organisations.

SuperSign has already been installed in a few organisations, such as the Department of Agriculture and Fisheries, as well as the Department of Rural Development and Land Reform.

Given that a 2009 survey found that 62% of economic crime in South Africa was committed by insiders, Eardley advises that the cost of the system should not be compared to free password authorisation, but against potential losses. Some of the areas in which biometric logons can prevent losses are:

* Fraudulent EFT payments,

* Modifying billing and procurement data,

* Theft of sensitive information,

* Corruption and deletion of data, and

* Costs of downtime, recovery and restoration.


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

What to do in the face of growing ransomware attacks
Technews Publishing Cyber Security Security Services & Risk Management
Ransomware attacks are proliferating, with attackers becoming more sophisticated and aggressive, and often hitting the same victims more than once, in more than one way.

Texecom launches the Midnight Black Collection
Technews Publishing Perimeter Security, Alarms & Intruder Detection Products
Working in harmony with darker environments, the Midnight Black Collection has been created for businesses and sites that require or prefer a security solution which offers discreet protection that compliments their surroundings.

SAN market set for growth
Technews Publishing News IT infrastructure
Storage-area network (SAN) market to hit US$ 26,86 billion in revenue by the end of 2029 due to factors like widespread adoption of Hybrid SAN-NAS solutions.

Optimising remote technical support
Technews Publishing Asset Management, EAS, RFID Products
Sanden Intercool Kenya improves efficiency, removes manual processes with FIELDForce from MACmobile, making its technical backup and support staff more productive, while also optimising record keeping.

Free-to-use solar score for South African homes
Technews Publishing Editor's Choice
The LookSee Solar Score is one of the first of its kind to provide insight into the potential of solar power for South Africa’s residential properties.

CA Southern Africa unmasks container security
Technews Publishing IT infrastructure Cyber Security
Adoption of software containers has risen dramatically as more organisations realise the benefits of this virtualised technology.

Gallagher to showcase new Controller 7000 single door
Technews Publishing Access Control & Identity Management Products
Gallagher will be showcasing its latest access control innovation, the Controller 7000 Single Door on its stand at Intersec Dubai from 17-19 January 2023.

Fast, reliable and secure cloud services
Technews Publishing Editor's Choice Cyber Security IT infrastructure
Security and speed are critical components of today’s cloud-based services infrastructure. Cloudflare offers a range of services supporting these goals beyond what most people think it does.

Healthcare and the edge
Technews Publishing Healthcare (Industry)
With the proliferation of IoT devices in healthcare, more data is generated which drives the need to distribute it efficiently and keep it closer to the user.

Sasol ensures Zero Trust for SAP financials with bioLock
Technews Publishing Editor's Choice Cyber Security Security Services & Risk Management
Multi-factor authentication, including biometrics, for SAP Financials from realtime North America prevents financial compliance avoidance for Sasol.