[vpn] Fingerprint biometric

[Rick Smith at Secure Computing]

Another relatively ancient posting I should have commented on:

>May i know if anyone comes across fingerprint 
>biometric authentication system that works with 
>Windows IPSec VPN ?
>
>I need a solution where a few clients with fingerprint 
>hardware device are fitted. These client machine can 
>then logged into the VPN server, that has aready 
>stored their fingerprint in a database.

I don't know of a good solution if all you have are plain Jane fingerprint readers. IPsec and L2TP use either public keys or shared secrets for authentication, and those work by playing a role in the crypto functions. The fingerprint data can't take the place of a private key, a public key, or a shared secret. Moreover, the protocols aren't designed to carry raw authentication data (like a reusable password or a fingerprint reading) across the network.

If, however, the fingerprint readers can use the fingerprints locally to control access to a to a private key (as in the Sony Puppy) then you should be able to plug it in to the Crypto API and make it work. 


Rick.
smith at securecomputing.com            roseville, minnesota
"Authentication" in bookstores http://www.visi.com/crypto/


VPN is sponsored by SecurityFocus.com