Security with Convenience – the next Killer App?

December 18, 2008

The History of the Killer Application

What is a “killer app”? A Killer Application is something that changes the way people do business. So what was the first killer Application? (Take your time, I’ll wait……)

It was Word Processing. Think about it, do you remember type writers and correction tape or white out? If not you should visit the Smithsonian 🙂 Word Processing changed the office for ever, no more typing pools, carbon paper, or re typing a page because it had too many errors on it. It was word processing that put the original DOS based PCs on the desk in our Offices.

What was the next Killer app? It was email! For better or worse it changed the way we all communicate. Can you image business today without email? I can’t. And while it has not yet completely replaced faxing (which was its own killer app in its day) it has clearly supplanted faxing as the communication method of choice for transferring documents between offices, clients, or customers.

An aside note, the killer app that got girls and young women into computing? IM (Instant Messaging) and social networking. For boys it was gaming.

So what’s next?

There has been a convergence of technologies that has finally allows us to have security with convenience. These two words have always been mutually exclusive, but not anymore. Most networks have matured and stabilized to the point of predictability. TCP\IP has won the protocol wars, even MACs and Novell use this as their main protocol now (remember Appletalk & IPX?). PDFs has all but won the format wars. And the percentage of networks that now run a Microsoft Active Directory is extremely high. And this has led us to leverage the AD for security purposes other than the Company Servers & email. Using the Active Directory to authenticate users on an MFD is not particularly new, nor is it without its problems. End users HATE to type thier logon credentials on a little virtual keyboard on a little touch screen twelve times a day (or more) just to use the ****ing copier!!!! They often become frustrated, they may even revolt at the idea of having to type their user name and password 20 times a day on a virtual keyboard (painful experience). Many of the Manufacturers are now offering a real QWERTY keyboard that can be added or even mounted to their newest MFDs.

A savvy Network Admin knows not to harass their end user community unnecessarily. But for some companies security is non negotiable! It is just too important and a complaining body of end users won’t change that. But wouldn’t it be great if their was a way to allow your end users to easily log in to your Active Directory at the MFD. That would be a real WIN WIN! Well, you need not put it on your Christmas list because it is already here. Here are two ways to accomplish it.

Biometric Readers on your MFD.

A biometric reader reads something that you are (a thumb print, a vein pattern, your eyes retina), and if you associate that physical attribute that is unique to you with your Microsoft Active directory account you can easily and quickly log in to an MFD while maintaining the needed security.

RFID (or magnetic swipe) cards on your MFD.

So many companies are already using RFID security cards to allow or deny access to the physical security of their buildings. Why not tie those same cards into the end users Microsoft AD log in. End users then simply walk up to the MFD and tap their RFID card on an RFID reader and they are now an authenticated user.

Current Products

EFI SendMe has a terrific Biometric Thumb reader. This product is a Scan Station that works with an MFD and allows both Secure Scanning & Secure (local) printing. You can even tie it in to their Internet PrintMe application.

Canon’s UniFLOW solution allows you to currently tie your RFID security cards into your MFDs or eCopy Scan Station for not only secure print & scan but true “Follow Me Printing”. An End User who is logged on to your Active directory prints to one of two available Canon UniFLOW Print Queues (Color or B&W). Then they walk to the nearest Canon MFD (and if that one is down or busy they walk to another) tap their RFID card on the MFD’s RFID card reader and release their secure print job. We are being told that the Biometric (Thumb Reader) will be available Q1 of 2009. This UniFLOW solution will even allow your end users to access BOTH the Canon MFD and the eCopy (embedded SSOP) or external stand alone eCopy Scan Station with the same RFID login, no need to authenticate separately to the MFD and eCopy Sharescan app. What does this mean to your organization? You have achieved security with convenience! And they said it couldn’t be done 🙂 UniFLOW is a Canon only solution. They own 70% of this company, I guess they learned their lessson with eCopy. 🙂

Konica Minolta’s Biometric (Vein Pattern) Reader mounts directly to their MFDs. I have not yet seen this tied into the Active Directory (only to the local MFD authentication) but I am told it can be done with PageScope. I hope to see and test this in the near future. The original firmware on the KM MFD had less than perfect results with certain people reading their finger (vein Pattern), but we recently updated the Konica Minolta MFD’s firmware and this has improved the recognition greatly. If you tried it and were unimpressed you may want to look at it again with the new firmware.

The Benefits to your IT dept.

When you use your existing Active Directory user list as authentication for your MFDs you no longer have to create and manage a separate list (like you did on the MFD or with eCopy Scan to Desktop). This significantly reduces the effort that the IT Department spends on supporting the MFDs. If you delete or lock an AD account then that user no longer has secure print or scan capabilities. With no extra effort on your part.

With the EFI Sendme Scan Stations that I set up for one customer if an end user had not used it before when they first placed their thumb in the Biometric reader it would say that it didn’t recognize them and present them with a standard windows type login screen, and ask them to log in. The end user would login, and then be asked to place their thumb on the Biometric Reader 4 more times. At that pointb they were set up and could from that point on use it (as their selves) just by placing the thumb in the reader, with NO IT INTERVENTION! The IT support guys we were working with were giving each other high fives in the hall way.

Benefits to your End Users

As long as an end user has active AD credentials and either an RFID card or a Thumb. They can easily set themselves up without having to bother, or wait for IT to do it for them! We had end users stop us in the hall to tell us how much they loved the EFI Sendme. It is rare that you can provide a solution that makes both the IT dept and the end user community extremely happy all the while maintaining security and convenience. This only happems when technology converges as it has here.

Technology or science usually makes its greatest jumps when their is a convergence of technology or ideas. Sir Issac Newton made the statement “If I have seen further than others, it is because I have stood on the shoulders of giants”. Microsoft’s Active Directory is not new. RFID cards and Biometric Readers are not new, Multifunction Digital copiers are not new, but bringing these three separate technolgies together have equalled, for the end user security with convenience and that is new!

That’s my $0.02
Vince McHugh


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: