Fujitsu PalmSecure in Mice

Fingerprint scanners are common on laptops, particularly in the business sector, but PC users have traditionally been required to buy a separate USB biometric device to achieve the same level of security. Fujitsu's PalmSecure takes a different approach: it's a USB mouse with a biometric scanner built in.

It doesn't work with fingerprints, though. As the name suggests it works by scanning your palm, or more specifically, the deoxidised haemoglobin in the veins running beneath the surface of the skin on your palm. This haemoglobin absorbs infra-red light from the scanner, producing an image with the unique vein pattern clearly visible.

Scanning is also contactless. This is primarily so the scanners can be used hygienically in medical institutions; elsewhere, the only benefit is that it keeps the scanner's surface clean of smudges. To register a palm you use the supplied wrist rest to position your hand at the perfect scanning height, and from then on you can have it read your palm by merely hovering a hand a couple of inches above the scanner.

And the scanner works very well. After a bit of practice to learn the best hand position we were logging into Windows in an instant. Fujitsu says it works to a false acceptance rate of less than 0.00007%, and all sorts of applications for the technology are detailed on the website.

This mouse, though, is for single users and it's here that the flaws in the bundled OmniPass control software become evident. For a start it relies on the use of multiple Windows accounts for multiple palm readings; if two people use the same PC without their own individual accounts, only the first will be able to use the PalmSecure.

And then there's the implementation of password saving, likely to be the most commonly used feature once you're logged in. In theory, you should be able to enter a website's login details, choose OmniPass's Remember Password option, then tell it which box is the login box. But we didn't find a single website that worked successfully in any of the main browsers.

Instead, we had to run the unwieldy Password Wizard every time we visited a new site. This requires you to enter your username then drag an icon to the relevant entry field, then repeat for your password, then show it where the submit button is.

Only then did the automatic authentication work, and it does so by filling in the login fields, character-by-character, in front of your eyes, which makes it not a great deal quicker than simply typing in the username and password yourself.

The PalmSecure mouse can also be used to encrypt any files on your PC, but as with all authentications the fact that you can circumvent the palm security by using a master password means it's only as secure as the password you choose.

There is an option to switch off the use of passwords completely, so the PalmSecure is used exclusively to log in, unlock encrypted files and access stored passwords, but the risk of losing or breaking the device makes us very wary of that.

The scanner technology on its own - on a hospital door, for example - would make a great contactless security device for those institutions that require it, but integrating it into a mouse makes it more of a password-saving convenience than a genuine security tool.

Add the fact that you're also then tied to an unattractive and weighty wired mouse - a dear one at that - and the Fujitsu PalmSecure mouse holds little appeal over any other USB fingerprint reader.

Author: David Bayon