Valid Tech Assimilates Biometric Authentication Into the Enterprise

February 13, 2007 Alex Woodie

The brave new world of biometric authentication may be closer than you thought. As organizations struggle with identity management and password headaches, the promise of a simple way to authenticate users through a practically unspoofable tactic–reading their fingerprints–holds great possibility. And one vendor helping to drive the uptake of biometric authentication, Valid Technologies, just expanded its reach.

Valid Tech’s biometric offering, called Valid Secure System Authentication (VSSA), is designed to be the backbone of an enterprise-wide, two-factor authentication system that simplifies user log-ons by eliminating reliance on passwords, and decreases help desk cost due to forgotten passwords.

The product itself is composed of a development tool for directly embedding the VSSA calls into business applications written in RPG, COBOL, C++, Java, or Visual Basic, and a server component that runs under OS/400. Valid Tech recommends customers run VSSA on an iSeries, which its leaders consider to be the most secure business computer on the market, but that doesn’t stop VSSA from authenticating users who are logging onto applications running on other platforms.

Once the software and devices have been installed, and users and their fingerprints (not the actual image, but a binary rendering of the image) have been enrolled into the system, people can start using the USB-based fingerprint readers, instead of passwords, to authenticate their log-ins. If the fingerprint data taken from fingerprint readers matches the data gathered during the initial enrollment period, the user is granted access. If it doesn’t, the user is denied access, and the event is noted in the log.

Last week, Valid Tech announced several new ways that VSSA can be implemented into customers’ IT infrastructure and integrated with their current access control systems, including those from Microsoft.

First, VSSA was validated by IBM to work with Tivoli Access Manager, giving the company and the product an edge at the large companies using Tovoli to control access to a variety of applications and platforms. “The combination of Tivoli best-of-breed enterprise security and management control with VSSA best-of-breed biometric authentication provides customers with tremendous competitive advantages,” says Greg Faust, Valid Tech’s CEO.

Secondly, Valid Tech announced better integration with Windows machines through two new integration options: the VSSA Managed Domain Signon for Windows Active Directory and the VSSA Password Automation Service.

According to Valid Tech, both solutions integrate at the domain controller level to deliver biometric authentication from a secure iSeries server–not a PC or AD domain server. People can use VSSA technology to authenticate from practically anywhere, using Virtual Private Network (VPN) or other Windows remote desktop technologies, Valid Tech says.

The final bit of news out of Boca Raton, Florida, where Valid Tech keeps its headquarters, involves service oriented architecture (SOA) technology. The reception of the “Ready for IBM SOA” certification from IBM shows that VSSA has a central role in securing next-generation SOA architectures.

“The IBM SOA principles of business resiliency and efficiencies are strongly supported in VSSA,” Faust says. “A secure, consistent, and manageable foundation for user authentication is essential if the enterprise is to stay compliant and competitive.”