×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

IBM Introduces Biometric Thinkpad

CmdrTaco posted more than 9 years ago | from the good-'cuz-i-forgot-my-password dept.

Portables 195

An anonymous reader writes "IBM has added biometric security to its thinkpad notebooks. The next generation of T series thinkpads will have an integrated fingerprint scanner for added security. The latest machines will also include some pretty cool encryption software, that will keep your hard disk safe, but still let you backup and restore images. This guy managed to get his hands on an early prototype T42 with the new security features integrated."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

195 comments

Biometric? (-1, Troll)

Anonymous Coward | more than 9 years ago | (#10430227)

More like Bio-detric.

Re:Biometric? (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#10430238)

Does it have anal probe link up?

Re:Biometric? (0)

Anonymous Coward | more than 9 years ago | (#10430291)

No, IBM had to wait for MS to finish longhorn first...

swipe scan (4, Interesting)

dirvish (574948) | more than 9 years ago | (#10430231)

"IBM has chosen to go with a swipe-scanner rather than a touch-scanner, for a number of reasons. First and foremost is that a swipe-scanner provides better security. Because you have to drag your fingertip across the scanner, there is no way to "lift" a fingerprint from the surface."

That is a great idea. Such an elegant solution to what could have been a big problem.

Re:swipe scan (5, Insightful)

saderax (718814) | more than 9 years ago | (#10430251)

...except for the multitude of partial prints left all over the keyboard and the touchpad...

Re:swipe scan (1)

cynic10508 (785816) | more than 9 years ago | (#10430774)

...except for the multitude of partial prints left all over the keyboard and the touchpad...

Hmm. I guess the question then becomes: How accurate of a digital recreation can we make from partials? If it's enough to pass biometric verification then there's no need to waste money/time on a fingerprint scanner.

Re:swipe scan (4, Informative)

cynic10508 (785816) | more than 9 years ago | (#10430333)

That is a great idea. Such an elegant solution to what could have been a big problem.

Actually, the swipe scanner is cheaper, consumes less power, and has a smaller footprint than the original designs. So it's really best suited for devices such as cell phones, PDAs, etc.

Re:swipe scan (2, Interesting)

Dman33 (110217) | more than 9 years ago | (#10430802)

I love the swipe scanner that I have been using on my Ipaq H5450 for the past few years.

(I always wondered why this was not common on laptops when it has been common on my PDA for so long...)

Re:swipe scan (2, Interesting)

Anne Thwacks (531696) | more than 9 years ago | (#10430815)

That is a great idea. Such an elegant solution to what could have been a big problem.

Or maybe not - what is wrong with a lock and key to open the laptop?

Not only would it protect the data, it would prevent the HD and DVD combo from being stolen from the laptop while its sitting on the desk (happened to two colleagues lately).

And stop the keyboard from being damaged by children and small animals.

Given that the T series have titanium cases, a lot of force would be needed to open them and they would probably be wrecked if forced open (assuming a suitably strong lock.) This is the feature I want most next time I buy a T series (I have an IPaq with fingerprint recognition, and its great, but I would still prefer a lock and key for the laptop (I have a T series - they are great too).

yeah, but... (-1, Troll)

Anonymous Coward | more than 9 years ago | (#10430233)

does it run Linux?

Re:yeah, but... (1)

tindur (658483) | more than 9 years ago | (#10430292)

I would really like to know whether it will be possible to use fingerprint based encryption with Linux. TFA says it steps in before Windows.

Re:yeah, but... (1)

mr_z_beeblebrox (591077) | more than 9 years ago | (#10430441)

Typically posed as a trollish question, this author may or may not have had trolling in mind. I for one would like to know if there are any plans for the T42 Biometric laptops to have Linux run on them.

Re:yeah, but... (0)

Anonymous Coward | more than 9 years ago | (#10430935)

I for one...
This sounds like an other trollish comment...

Remember your friends (3, Interesting)

lifeblender (806214) | more than 9 years ago | (#10430236)

Does this mean you can hack it to record your friends' (or co-workers') fingerprints? Sounds fun and scary.

Re:Remember your friends (5, Informative)

tanguyr (468371) | more than 9 years ago | (#10430326)

Does this mean you can hack it to record your friends' (or co-workers') fingerprints? Sounds fun and scary.

No, you can't. From the article:
"Of course since the Power On security layer is something that occurs well before Windows has started up, the fingerprint data can't be stored in a Windows file or folder. Instead, the fingerprint scanner itself stores the fingerprint data and retrieves it when the Power On security request is made. You can store a total of 21 profiles in the scanner, which should be more than enough, unless you share one notebook between a score of users. If you're worried about someone extracting the fingerprint data from the scanner and breaking your security, dont be. The scanner only stores a tiny amount of data for each fingerprint, just enough to ensure an accurate match, and nowhere near enough to recreate a complete fingerprint."

Re:Remember your friends (1, Redundant)

adelord (816991) | more than 9 years ago | (#10430479)

so there isn't a data file containing compleate fingerprints. great. you will just have to lift one off of the case or keys. esp with the added sense of security, other users in the office will be much more likely to let someone borrow the computer, and how much extra encryption do you the average user would use? none. with my skill set it would be much easier to make a fake finger from a lifted print than attemt to crack a password, and you can bet that most users will have the biometric reading take the place of a password.

Re:Remember your friends (1)

tanguyr (468371) | more than 9 years ago | (#10430657)

actually, it's very easy: if people are willing to let you borrow the computer, they will be willing to log you onto it (unless they're lending it to you to use as a doorstop or something) or even add your fingerprint to the list of authorized fingerprints.

"...make a fake finger from a lifted print..." - don't make me laugh. You watch too much tv mate: the first thing to try when you want somebody's password is asking them for it.

Re:Remember your friends (2, Funny)

swordboy (472941) | more than 9 years ago | (#10430494)

A new definition for "hacking":

Pronunciation: 'hak-ing
Function: verb
The process of removing someone's finger so that you can gain access to their Thinkpad.

I'm just glad it isn't retina scanning. Ouch!

hal (5, Funny)

TedCheshireAcad (311748) | more than 9 years ago | (#10430239)

I tried one of these laptops for a while, took me weeks to get the thing to stop calling me Dave.

Re:hal (1)

jpetts (208163) | more than 9 years ago | (#10430296)

For those fans of "Only Fools and Horses," does anybody else think that Trig must be a re-incarnation of HAL-9000, since he keeps on calling Rodney "Dave"?

Micron has biometric support (5, Informative)

CyberSlugGump (609485) | more than 9 years ago | (#10430240)


Some models of Micron laptops have had this feature [mpccorp.com] for a while.

Re:Micron has biometric support (1, Funny)

Anonymous Coward | more than 9 years ago | (#10430380)

Then why didn't they post this on slashdot earlier? You are a shameless liar! If it's not on slashdot, it doesn't exist.

Bloomberg keyboards have had biometrics for a whil (0, Informative)

Anonymous Coward | more than 9 years ago | (#10430241)

Just saying IBM is fanot first to embed biometrics with their standard hardware.

But... (5, Interesting)

Sensible Clod (771142) | more than 9 years ago | (#10430242)

will IBM include linux support?

Re:But... (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#10430256)

Noone cares, not like you could afford one fattie.

Re:But... (1)

wolftone (609476) | more than 9 years ago | (#10430305)

Seems likely given the bluecurve roots of the fingerprint software window. The proof is in the pudding (or, rather, the networking cards), though.

Re:But... (0)

Anonymous Coward | more than 9 years ago | (#10430612)

OMG u are teh funniez!!!!11

Obviously flamebait as IBM is a major supporter of linux.

IBM is pretty cool (2, Insightful)

zoloto (586738) | more than 9 years ago | (#10430243)

I was just at their website configuring a laptop for a business purchace. While I have to say their range of laptops are pretty slick their UI designer should be shot.

Back on topic now, this laptop is nifty in itself. EArlier on another /. article, the hordes were in an uproar about the data security module in laptops. After seeing one on the website and with technical information, both the prior articles mentioning and this new biometric feature are for the purpose of protecting the users data from theft and not for "corporations" protection against "us". It wasn't engineered that way. Maybe in a few years that will happen, but to appease the paranoid crowd here - this is _FOR_ us. not against.

=) happy /.ing

Safe... but from whom? (5, Interesting)

Tackhead (54550) | more than 9 years ago | (#10430246)

If they designed it in such a way that the LEA backdoor is secure (say, it's got an LEA public key on it, and the private key is kept in the forensics labs), I'll buy one tomorrow. I don't have a need to defend against .gov adversaries - I just want to know that the data on my drives remains secure even after someone steals 'em to get his or her crack fix.

If, however, they designed it in such a way that the backdoor is not secure (say, a default password stored in cleartext on a serial EEPROM), that's another story. I'll download the crack when it comes out next week, and my soldering iron and I will have an endless supply of cheap entertainment when the machines start showing up at the surplus stores in 2009.

Re:Safe... but from whom? (1)

mr_z_beeblebrox (591077) | more than 9 years ago | (#10430485)

I'll download the crack when it comes out next week, and my soldering iron and I will have an endless supply of cheap entertainment when the machines start showing up at the surplus stores in 2009.br>
Good thinking, you will need something to do in the evenings anyway...since Conan O Brien is taking the tonight show.

For those not familiar w/ the term 'LEA'... (1)

sczimme (603413) | more than 9 years ago | (#10430871)


If they designed it in such a way that the LEA backdoor is secure (say, it's got an LEA public key on it, and the private key is kept in the forensics labs), I'll buy one tomorrow. I don't have a need to defend against .gov adversaries

LEA means Law Enforcement Access. Some crypto and other security tokens [as in hardware, not Kerberos] have what is called LEAF - the Law Enforcement Access Field. The tokens themselves can be referenced as 'non-LEAF' and 'LEAF-enabled'.

I feel sorry for... (1, Funny)

cbw82 (700178) | more than 9 years ago | (#10430254)

...John Doe from Se7en. If he buys one of these how in the world will he ever get past the added security?

Yes, but... (4, Insightful)

ProudClod (752352) | more than 9 years ago | (#10430258)

Can it be fooled simply and easily by a piece of jelly [puttyworld.com], like most fingerprint scanners on the market. Surely you can drag the jelly across.

Re:Yes, but... (1)

avalys (221114) | more than 9 years ago | (#10430426)

The difference though, is that you can't lift a fingerprint from a swipe scanner, like you can with an ordinary flat one.

Re:Yes, but... (1)

WillAdams (45638) | more than 9 years ago | (#10430451)

The weird thing is, this sort of fakery has been well-covered in fiction,[1,2] so one would think that manufacturers would be concerned with it.

William

[1] Steve Perry's Matador series has instances of people using fake palm prints to open doors secured by a palm lock --- for that matter, Frank Herbert's _Dune_ has the Bene Gesserit ``witch'' Jessica opening a palm lock w/o any tools / fake print.

[2] more disturbingly, Timothy Zahn's _Blackcollar_ has mention of instances (in the past) where a person's head and hands are severed so as to allow access to an area secured by retinal and fingerprint scanners --- in the book, mention of said instances is used as a threat to force a captive's cooperation.

Re:Yes, but... (0)

Anonymous Coward | more than 9 years ago | (#10430572)

In the great game System Shock, the player needs to find a severed head that is in good shape in order to get past a retina scanner. Fun for the whole family.

(Abe Ghiran's head on maintenance level is the usual one, but there's also another head hidden in a sort of cubbyhole on hospital level.)

Re:Yes, but... (2, Informative)

Anne Thwacks (531696) | more than 9 years ago | (#10430853)

Probably not ... the I-paq one allegedy uses the thermal imprint and not optical, so you would need jelly with suitable infrastructure of arteries and veins.

Linux? (0, Redundant)

IroNuckles (798377) | more than 9 years ago | (#10430259)

The model in this review is running WinXP. I wonder if the fingerprinting software is available for Linux?

Can't Access My Computer Please Help!!! (4, Funny)

PetoskeyGuy (648788) | more than 9 years ago | (#10430264)

I can't wait to see all the support websites.

"Cut my finger slicing tomoatoes, can't access my Thinkpad, HELP!!"

Re:Can't Access My Computer Please Help!!! (4, Informative)

jormurgandr (128408) | more than 9 years ago | (#10430330)

That would be the reason why it allows you to store multiple profiles, and actively encourages users to store more than one finger, and on more than one hand (just look at the screenshots).

Re:Can't Access My Computer Please Help!!! (1)

cynic10508 (785816) | more than 9 years ago | (#10430836)

and actively encourages users to store more than one finger

This goes back to the same problem as strong passwords. You can encourage users to make strong passwords, but they (or a significant portion) won't unless you require them to.

But what happens... (2, Insightful)

DHalcyon (804389) | more than 9 years ago | (#10430266)

When I break my Finger? I need my files, you know...

Re:But what happens... (3, Informative)

mobby_6kl (668092) | more than 9 years ago | (#10430976)

You can set it up to use more than one finger, so if you break one you can use the one on the other hand, in case all fingers on the first hand are broken/cut off/missing.

Re:But what happens... (2, Insightful)

dr_dank (472072) | more than 9 years ago | (#10430983)

When I break my Finger? I need my files, you know...

Sounds like a good pretense for Social Engineering ones way into such a system.

Interface like iPAQ (1)

grunt107 (739510) | more than 9 years ago | (#10430268)

The fingerprint setup software looks identical to the iPAQ that has the bioscan feature. That was a PktPC app, tho, so the real issue is whether someone will develop a Linux bio-encrypter for this laptop.

Otherwise it would remain a Win-only feature and useless to the converts.

The Mafia loves it already! (5, Funny)

Schreckgestalt (692027) | more than 9 years ago | (#10430274)

Now the Mafia have finally got another reason to cut your fingers off! And they can shoot you before you talk, as you don't have to talk.

A bit of false security. (1)

grub (11606) | more than 9 years ago | (#10430275)


If Bad Guys really want your data, they'll take you along with your laptop and say "Unlock your machine or we'll cut off fingers until we find the one that works. Starting with your toes."

Re:A bit of false security. (1)

ggvaidya (747058) | more than 9 years ago | (#10430445)

Yes, but if your data is worth *that* much, I suppose you'll have a better way of protecting it, won't you? For most of the stuff on my computer, I'd just laugh and give them my password if it came to that ...

Re:A bit of false security. (2, Interesting)

avalys (221114) | more than 9 years ago | (#10430522)

Under threat of physical violence, most security systems that involve humans tend to break down.

I'd give up my PGP private key to someone who put a gun to my head - that doesn't mean that PGP itself is insecure.

What about those without fingerprints? (-1, Troll)

Anonymous Coward | more than 9 years ago | (#10430277)

Suppose yuo've burned both your hands and don't have them?

Maybe there should be another biometric system the Thinkpad supports. That way, the Goatse-man can use a new T42 as well!

Hype Factor 9 (4, Informative)

cynic10508 (785816) | more than 9 years ago | (#10430282)

For an IT manager, biometric security will make life much easier. Gone will be all those phone calls from users who've forgotten their passwords. And there will be no more worries about insecure passwords, or even keystroke loggers, trapping passwords and passing them onto hackers and fraudsters.

Gone may be phone calls for forgotten passwords but there'll be plenty of new calls as to why their fingerprints aren't scanning. The function of accuracy for fingerprint scanners varies according to things such as the skin's elasticity. This changes with age, humidity, cuts, etc. So biometrics aren't a 100% fix. There will always be "goats," the people for whom biometrics just doesn't work well, including the biometrics professor around here who's missing a fingertips (not due to any experiment mishap, mind you). I'd also worry about the security of your stored biometric data. Hopefully it'd be a hash and not the raw data, which could be harvested and used. Then again, I wonder what the incidence of collisions in a hash that uses biometric data is?

Re:Hype Factor 9 (1)

JimBobJoe (2758) | more than 9 years ago | (#10430465)

Well you beat me to revealing the PR hype. In addition, if the fingerprint suddenly stops working for some reason (let's say our employee was bricklaying the last weekend, or doing an intensive Vitamin C exfoliation) is there a way of getting the computer to boot? And if there is, what's the point? It's just expensive snake oil.

Re:Hype Factor 9 (1)

Slak (40625) | more than 9 years ago | (#10430498)

But an increase in calls to helpdesk along the lines of: "I forgot my fingerprint, could you reset it please?"

Re:Hype Factor 9 (3, Informative)

lesinator (459276) | more than 9 years ago | (#10430652)

Not only easier, but also more secure. A common username and password is only 1-factor authentication (they're both something you can know). Using a username and biometric is 2-factor authentication (in this case, someting you are and something you know). For 3 factor authentication you need to cover: something you know, something you have, and something you are.

Biometrics stored for authentication are stored in a reduced, non-reversable format. Its designed to be searched and matched, but not extracted.

L

False security (4, Insightful)

GraWil (571101) | more than 9 years ago | (#10430283)

This is nothing more than false security for pointy haired induhviduals. A clueful cracker with console access can usually get access to data. If the laptop is stolen, so is the data and no fingerprint widget will prevent it.
But what makes SafeGuard Easy so special is that it works with IBM's own Rescue and Recovery utility. The problem with encrypted data is that when you try to restore an image of an encrypted hard drive, all the data, including the boot records just look like garbage to the restore program. But with SafeGuard Easy, you can keep the entire contents of your drive encrypted, and still be safe in the knowledge that should your hard disk crash, you can restore all your data to a new drive despite the fact that it's encrypted.
Has anyone here used or admined IBM's lotus notes? I feel real good about trusting IBM with my encrypted HD.

Re:False security (0)

Kenja (541830) | more than 9 years ago | (#10430340)

"Has anyone here used or admined IBM's lotus notes? I feel real good about trusting IBM with my encrypted HD."

<Lotus Domino Joke>It can only encrypt 64k of data.</Lotus Domino Joke>

Re:False security (4, Informative)

browncs (447083) | more than 9 years ago | (#10430454)

Has anyone here used or admined IBM's lotus notes? I feel real good about trusting IBM with my encrypted HD.

Are you aware that:

  • Lotus Notes had the first commercial implementation of a Public Key Infrastructure (PKI), and it's still by far the largest commercial deployment of a PKI.
  • Lotus Notes has never had a security incident where a virus or worm successfully attacked it via Notes native interfaces or e-mail. (There have been some security patches required in the Internet-compatible interfaces.)

Re:False security (1)

mr_z_beeblebrox (591077) | more than 9 years ago | (#10430573)

Lotus Notes has never had a security incident where a virus or worm successfully attacked it via Notes native interfaces or e-mail. (There have been some security patches required in the Internet-compatible interfaces.)

Would that be because it runs on a popular OS that has a security model based on Swiss cheese, thus eliminating the need to crack the app? I am actually asking not trolling, I do not know what Notes runs on.

Why is this useful? (1, Insightful)

Anonymous Coward | more than 9 years ago | (#10430290)

To stop the casual snooper? Screensaver passwords do that already.

If the thief has physical access to the machine, nothing short of encryption is going to prevent him or her from getting at your data.

Re:Why is this useful? (1)

lamber45 (658956) | more than 9 years ago | (#10430903)

If the thief has physical access to the machine, nothing short of encryption is going to prevent him or her from getting at your data.

If you had read the article, you would have seen that this device can protect the BIOS password, Windows passwords and a hard-drive encryption suite. It sounds like a substantial obstacle to the typical thief. Of course, you should probably still be careful with really-sensitive data; PGP and daily virus scanning would be a good idea...

Notebook Nirvana... (2, Interesting)

NetJunkie (56134) | more than 9 years ago | (#10430300)

I love my Thinkpad. I had a T30 before that stayed on 24/7 for over a year. The only time it was turned off was to/from vacation. The rest of the time it was a workhorse. Now I have a T42P and love it as much or more. Functional and VERY stable. Sure, it doesn't have some super new gizmos like others, but it works every time.

Every time someone asks me about a notebook I recommend IBM. They go out to Best Buy and get some other brand with 20 other options they don't need and then get mad when it breaks or isn't stable. Thanks IBM!

OT: How good are Thinkpads? (1)

ggvaidya (747058) | more than 9 years ago | (#10430496)

How good are Thinkpads when it comes to reliability? A friend of mine had a Toshiba, and got pissed when it broke down after three years. He's gotten an iBook now, after another friend convinced him they were much hardied. I've got a Toshiba; if it breaks down next year (three years!), should I go for a Thinkpad?

Re:OT: How good are Thinkpads? (0)

Anonymous Coward | more than 9 years ago | (#10430928)

Everyone in my office (about 15 people) has one of these (mostly T40s) and almost everyone has experienced a failure of some sort. On the other hand, IBM has been pretty good about fixing/replacing them.

YOUR RIGHTS ONLINE - IBM is bad news (1, Insightful)

stratjakt (596332) | more than 9 years ago | (#10430317)

Yesterday when mikey announced IBM would be shipping more computers with "trusted" technologies, you all cried and threw a fit about it.

Now some of that hardware is reviewed and you can't get over how neato it is.

What about "your rights online" people!?

Are genitals unique? (2, Funny)

Anonymous Coward | more than 9 years ago | (#10430324)

"Please push your scrotum on the biometric sensor to login."

what about women? (0)

Anonymous Coward | more than 9 years ago | (#10430660)

I don't have a scrotum you insensitive clod!

Hmm...You Disappoint me.. (1)

Ramsey-07 (737166) | more than 9 years ago | (#10430371)

I suppose then no one has considered the benefits of having an extra finger on each hand... One to login, and one to stick up infront of all the early posters... Where do I sign up! Only now when you get your laptop stolen, your fingerprint is still all over the laptop/screen/keyboard so theres no point!?!

I feel sorry for someone who loses a finger. (4, Interesting)

CyberLord Seven (525173) | more than 9 years ago | (#10430402)

This is cool though. I like how IBM put the fingerprint ID tech in front of Windows. That means Linux based OSs can also take advantage of this when these machines are being sold as refurbished in a few years.

I'm a little disappointed that the encryption stuff may not transfer well to non-Windows OSs.

Now what happens when someones finger is damaged to due fire, electrical shock, or blunt trauma? I had this problem with an old Compaq laptop that had a system password at the BIOS level. It made the laptop permanently mine since I didn't want to disclose my password to anyone else.

I know there's room for 21 different fingerprints, but I wonder how many end users are going to think to register more than one of their fingers...just in case.

Re:I feel sorry for someone who loses a finger. (1)

hng_rval (631871) | more than 9 years ago | (#10430571)

I would be very surprised if IBM didn't create a Linux version of this encryption software themselves . They are very Linux friendly and are always making strides to port their software for their hardware to Linux.

Re:I feel sorry for someone who loses a finger. (2, Funny)

BeBoxer (14448) | more than 9 years ago | (#10430600)

I know there's room for 21 different fingerprints, but I wonder how many end users are going to think to register more than one of their fingers...just in case.

21 fingerprint slots, eh? That's enough for all my fingers and all my toes with one leftover. What's the 21st one for?

Ugh.. this could go wrong.. (1, Insightful)

trisight (306703) | more than 9 years ago | (#10430446)

Am I the only one that sees where this can lead? How long will it take to condition people to use these things before they come mandatory in computers and have to be used.. most especially what if they become mandatory for internet connections.. I'm sure the RIAA and the MPAA would just love that..

This is what happens.. they give you a wolf in sheeps clothing.. and for awhile that wolf stays dorment and you like it and you pet .. it's naughty.. it's a naughty little sheep.. and then all of a sudden .. oh my GOD WE'VE BEEN SUED.. WE'VE BEEN SUED AND THROWN INTO JAIL.. ahem.. maybe not.. but still.. I worry about companies doing things like this.

If you don't want an IBM... (2, Informative)

IronChefMorimoto (691038) | more than 9 years ago | (#10430472)

If you don't want an IBM Thinkpad for the fingerprint scanner, the APC fingerprint scanner/biometric reader seems to work pretty well. I saw it for $29 or so at Fry's yesterday.

My friend bought one a while back and used it rather successfully on his Dell D800 before he had to give the computer back to his employer. It was pretty accurate in scanning his fingerprint. He never got locked out of his machine.

I can't remember if the machine would NOT allow a login without the reader or not. If it would, then that sort of defeats the purpose of the reader if you were able to steal the laptop without the reader attached.

IronChefMorimoto

Nice until... (0)

DroopyStonx (683090) | more than 9 years ago | (#10430483)

...you take the HD out and slap it into a Linux box and read the contents anyway, totally overstepping the added security.

Makes it kinda pointless.

Re:Nice until... (1)

Halo- (175936) | more than 9 years ago | (#10430720)

No, that's just the point. The encryption is done by the HD firmware, not the OS. It's just like the present IBM (now Fujitsu) drives which have a BIOS password. It doesn't matter where to install the drive, the chips that say: "move the head here" don't do anything until provided with the password. It used to be you had to do a platter transplant to get around this, but I think there is some way to recover now, but it still requires a factory tech and isn't something like a backdoor password.

A linux box will get the same encrypted stuff as the windows box without the fingerprint. (Of course, I doubt their will be Linux drivers, so even with the fingerprint you may be hosed...)

Re:Nice until... (1)

Eccles (932) | more than 9 years ago | (#10430721)

If you had read the article (I know, I make funny joke), you would know that the hard drive is also encrypted.

Good for security, annoying for everything else (2, Insightful)

dreadfire (781564) | more than 9 years ago | (#10430486)

In theory and from what I have read on the article, it will be a great device for security. But I don't think people will really realize how annoying this feature will become. If it gets damaged, no more using computer. If you get a nice little scare on the finger you choose to scan, no more using comptuer (unless of course you add more than one finger, but still). I guess this is one of those things that the government should use, I don't know how easy or useful it would be used for a personal use computer.

Re:Good for security, annoying for everything else (1)

xtermin8 (719661) | more than 9 years ago | (#10430962)

Of course IBM's major demographic is companies, not individuals. Your average consumer will go to Dell, or one of the many cheaper brands. IBM is able to sell at a premium to large corporations/companies because of the Brand and company reputation. I think the security focus is also different. The disgruntled person in the next cubicle may be more of a concern than an Expert Hacker decrypting large amounts of data from a stolen hard drive.

All nice and good (0)

Anonymous Coward | more than 9 years ago | (#10430492)

This guy managed to get his hands on an early prototype T42 with the new security features integrated."
... until someone manages to get your hand on your computer, not necessarily still attached to your body.

for the _appearance_ of security (1)

PureFiction (10256) | more than 9 years ago | (#10430499)

fingerprint biometrics are notoriously spoofable [securityfocus.com]. only 1 in 1000 even mention "liveness detection" with an adequate threat model.

vascular scan biometrics are the only adequate security solution to date (with the possible exception of facial geometry). even iris scanners are susceptible to spoofing.

vascual ! always = retinal scan; many foreign banks are using hand vascular scans for banking transactions. facial vascular scans can also be less intrusive than retinal scans.

fingerprints are everywhere (0, Troll)

porkface (562081) | more than 9 years ago | (#10430545)

If someone gets your laptop, odds are they'll have no trouble reproducing your fingerprints.

Somebody please tell me how this isn't just a waste of time.

Since when are fingerprint scanners news? (0)

Anonymous Coward | more than 9 years ago | (#10430553)

MPC laptops have had these for a while.

Oh wait, it's a Thinkpad. I forgot that when Thinkpads change, its news because they're normally 2 years behind. How about that sleek design?

Rumor has it... (1)

QuiK_ChaoS (190208) | more than 9 years ago | (#10430582)

Rumor has it that when an invalid finger print scan is detected, Windows Media Player goes into a full screen loop of old Care Bears episodes.

Now, come on! (1)

jellisky (211018) | more than 9 years ago | (#10430754)

IBM isn't THAT evil. That's what would happen if someone like Sun made those.

IBM's would go into a full screen loop of George Carlin standup routines. Uncensored, of course. :-D

-Jellisky

Official Press Release (1)

Oliver Aaltonen (606410) | more than 9 years ago | (#10430587)

IBM Unveils First Biometric ThinkPad, Offering Security at Your Fingertips

IBM Integrates Fingerprint Reader with Embedded Security Subsystem; Tougher ThinkVantage Technology Strengthens IBM Security Architecture

RESEARCH TRIANGLE PARK, N.C. -- Oct. 4, 2004 -- IBM is taking computing security and data protection to the next level today with the introduction of the first ThinkPad with an integrated fingerprint reader. ThinkPad, already the industry's most secure notebook PC (1), now features a model that delivers simplified access to password-protected personal and financial information, web sites, documents and e-mail while offering an unmatched level of data protection through its new biometric capability and embedded security subsystem.

"Today we raised the bar on security for the entire PC industry," said Fran O'Sullivan, general manager, IBM Personal Computing Division. "What was once considered science fiction is now available to all enterprises, large and small, in the notebook of choice for everyday business. The first biometric ThinkPad combines a fingerprint reader with an Embedded Security Subsystem, providing a layer of security that is built in, not bolted on. We take our customers' security into account in every aspect of our business solutions, from PCs to servers to middleware to wireless networks."

The fingerprint reader is built into select models of the ThinkPad T42. With the new reader, located on the wrist rest below the arrow keys, users swipe their finger across a small horizontally oriented sensor to log-on to their systems, software applications, web sites, or databases. The scanning process takes only seconds, combining convenience with the strongest notebook security available as a standard feature. This type of fingerprint reader captures more data than a traditional "picture" capture window because it scans more of the fingertip's surface area, helping to prevent misidentification.

"We place a huge priority on security and deployed IBM ThinkPad more than a year ago because they were the only notebooks to offer an integrated hardware and software security solution," said Shawn Nunley, director of technology development, NetScaler Inc., a networking systems company headquartered in Santa Clara, Calif. "IBM's new ThinkPad with integrated fingerprint reader offers yet another level of security for us that is easy to deploy."

IBM On Demand Security Architecture and ThinkVantage Technologies
IBM also enhanced its hardware- and software-based Embedded Security Subsystem by releasing a new level of Client Security Software, Version 5.4, with a secure Password Manager, simplified ease-of-use and installation, and available by preload for the first time. The new version allows fingerprint identification and complex passphrases to be used interchangeably or in combination. The new software and the embedded security chip are seamlessly integrated with the fingerprint reader, protecting vital security information, such as encryption keys, electronic credentials and passphrases, and guarding against unauthorized user access.

The Embedded Security Subsystem is a key component of IBM ThinkVantage Technologies, a suite of tools that make ThinkPad notebooks and ThinkCentre desktops easier to deploy, connect, protect and support. The fingerprint reader represents only one level in a concentric set of IBM security solutions. They include servers, operating systems, identity management, middleware, web-based privacy, network access, storage, systems management and consulting solutions. These protect information in the face of external hacker threats, costly viruses and worms, e-mail spam, new wireless technologies, and the demands of government compliance.

Additionally, IBM and Utimaco Safeware today announced that IBM is authorized to resell Utimaco software to give users the ability to fully encrypt their entire hard drive. This protects against unauthorized access, should a notebook get stolen or lost. Utimaco Safeguard Easy is the first full drive-encryption product tested for full compatibility with IBM Rescue and Recovery, a ThinkVantage Technology that can automatically archive and restore an entire hard drive to protect against data loss or operating system failure.

Ultimate Connectivity and Portability
Available in a thin and light platform, the ThinkPad T42 starts at 1 inch thin and has a travel weight as little as 4.5 pounds. It also offers IBM's unique battery configuration, capable of providing all day computing, up to 7.5 hours on select models with the nine-cell extended battery. Mobile business users who take their notebooks with them everywhere will benefit from the power of the Intel Pentium M processor, long battery life and multiple options for wireless connectivity. It is available with an Intel 745 Pentium M 1.8 GHz processor.

IBM provides flexibility so users of the ThinkPad T42 can take advantage of wireless technology with a range of 11b, 11 b/g, and 11 a/b/g solutions and available Bluetooth Wireless Technology. In addition, all T42 models come standard with a modem, Gigabit Ethernet and Infrared port.

Equipped with IBM's patented hard drive protection technology to help protect people's data, the ThinkPad T42 is designed for greater durability among business travelers. The IBM Active Protection System, similar to the technology used in automobiles to deploy airbags, uses a microchip on the system board to detect system acceleration (such as in a fall) and responds by temporarily parking the drive's read/write head. This rapid response can help prevent some hard drive crashes that occur in some falls, helping to prevent total data loss and ultimately reduce downtime and warranty costs.

Price and Availability
The ThinkPad T42 notebook will be available on October 19 through www.ibm.com and select business partners. Prices for ThinkPad T42 models with a fingerprint reader start at $1,699. For more information, see www.ibm.com/think.

Is there a workaround to the fingerprint scanner? (1)

peragropax (806306) | more than 9 years ago | (#10430597)

What happens if one injurs the finger he uses as his biometric passcode (such that his fingerprint is unreadable)? Perhaps one scans each of his fingers, figuring that the chances of injuring all ten digits is so low. Incidentally, does anyone know if small injuries, such as papercuts, throw off the fingerprint scanners?

Passwords (1)

Antony-Kyre (807195) | more than 9 years ago | (#10430618)

Passwords won't be obsolete until people can't pick up your fingerprints from let's say a coffee mug, and then make a mold.

If I lose a finger... (1, Redundant)

Ironsides (739422) | more than 9 years ago | (#10430768)

So what happens if I get a papercut, lose a finger, lose a hand, somehow wind up with a scar over my finger or something? Is there any way to get at the data or is it lost forever unless I brute force the keys?

Student's Thesis makes this feature useless! (2, Interesting)

xanthines-R-yummy (635710) | more than 9 years ago | (#10430832)

A la this article [slashdot.org].

I didn't RTFA, admittedly, but did IBM take her results into consideration before designing/implementing this feature?

IBM - DRM? (1)

mefus (34481) | more than 9 years ago | (#10430864)

Is it still possible to get IBM laptops without the DRM? I would like a new laptop, and I like the fact that IBM's are not Dells, but I don't want to fork out any cash for DRM harboring kit.

But but but... what about the Leenooks! (1, Interesting)

hacker (14635) | more than 9 years ago | (#10430877)

Sure, thats all well and good, but is the API to the hardware scanner components exposed in such a way that allows Linux developers such as myself to poke at it, and write a compatible AES encryption layer to interface with it?

Encrypting a Windows machine prior to login is nice, but in the rest of the world, the GUI is the last thing we run, not the first.

In Windows, you run the GUI, and execute the shell.

In Linux (and most Unixes), you run the shell, and execute the GUI. Its a very different paradigm.

You need to encrypt the data (AND swap!) at the bootloader level, otherwise the whole point of it is irrelevant.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...