FaceMail from IdentAlink provides an interesting solution for those wishing to conduct secure email communication between trusted partners. It combines the use of digital certificates (PKI) with biometrics, in this case facial recognition, in order to both encrypt messages and increase the confidence level as to the identity of the participants.

The first step along the road to secure email with FaceMail is to create your own key pair and manage the public keys of others with whom you wish to correspond. A utility named FaceMail Keys is provided for just this purpose. To create your own key pair (public and private keys) the idea is that you capture an image of your own face via a connected video camera, and this data is then used to create the unique key pair. Three images are typically captured and refined into the biometric 'template'.

Having created the key pair, you complete a registration form and your data is then transferred to the IdentAlink certification server, where upon you will pay an annual subscription for maintaining the FaceMail service. The rationale of course, is that you may then access the certification server in order to download the public keys (and images if supplied) of others with whom you may wish to correspond. I could foresee that some users might prefer to handle this privately by sending their public keys directly to trusted partners rather than using the IdentAlink server and paying for the privilege, while others may find value in a centrally-held key repository. On this point, serious users may like to quiz IdentAlink on exactly how this data is stored, protected and maintained.

The FaceMail Keys utility also allows you to import the public keys of others, effectively providing a database of correspondents with whom you may exchange secure, encrypted email. If you use multiple email addresses, then you will need to create your own key pair for each address.

The other main utility supplied is FaceMail Tools. This enables you to manage the encryption and signing of messages as well as the decryption of received messages. This utility may either be fired up as an application in the usual manner or, more conveniently, accessed from a tray icon on your Windows desktop. This works by selecting the contents of the current window, and placing it on the clipboard where it will be encrypted and/or signed according to your instructions.

If you fire up FaceMail Tools separately, you may also do the same with selected files from your hard drive. When encrypting files (or the clipboard contents) you may select the recipients who will be able to access the encrypted file, from your database of certificates. This is all pretty straightforward and intuitive in practice.

When it comes to decrypting and verifying a file (in FaceMail format), you will need to provide your facial image once again via a connected video camera. Assuming your biometric is verified, the message, which was explicitly sent for your attention, will be decrypted and you will be able to view the contents. This works on both selected files and clipboard contents from the current window, such as your email client for example. In general, the decryption process is straightforward enough, although it does add an extra layer and time penalty to viewing your email messages, especially if your biometric is not immediately verified.

In conclusion, whether FaceMail represents an attractive proposition to you as a user, will no doubt depend upon the sensitivity of your email communications and to what extent you wish to be the only person capable of reading messages intended for you.

There are perhaps various layers of protecting such communication between trusted partners, depending on how far you wish to go. You could use your own encryption/decryption methodology between members of your trusted group, managed entirely by yourselves. Alternatively, you could use a proprietary PKI digital certificate methodology with keys managed by a third party, providing encryption and signing in an easily managed form from within your email client. The potential weakness of these methodologies is that, assuming your private key or encryption/decryption algorithm is held on your computer, anyone accessing that computer has the potential to decrypt messages intended for you, or to impersonate you by encrypting messages with your key signature.

You may argue that you could store your keys on a portable token such as a smartcard, and indeed you could, however, this is still only verifying that the token is present at the time of encryption, signing or decryption. It does not verify who is actually using the token. This is where a biometric comes in, as it adds the extra dimension of who is encrypting or decrypting a message, rather than just which key certificate is being used in the process.

Within the framework of this evaluation, it was not practical to test FaceMail for biometric accuracy. The potential for false accepts among similar looking individuals such as family members, or even individuals of similar ethnicity, may be an area that prospective users should explore if they really are concerned about security of access. No performance figures were supplied by IdentAlink, but facial recognition as a biometric methodology in general is not always as secure as fingerprints or iris scans for example. I mention this because, if you are concerned enough about secure email communication that you would consider a biometric/digital certificate approach, then you may like to delve a little deeper into such areas.

Similarly, you may wish to understand exactly how the biometric template is stored and used in relation to the overall process. In this respect, I would like to see IdentAlink provide more information around architecture and independently measured performance. Whether you are happy to pay an annual 'management' fee for the FaceMail service is another area for consideration. It has often been observed that the whole concept of digital certificates has not been embraced as originally envisioned. Part of this may be due to implementation complexity, and part is undoubtedly due to cost. Some users may prefer to manage their own keys, which may be perfectly feasible, or even desirable within a small community of correspondents. Alternatively, others may prefer to go down the 'service provider' route proposed by IdentAlink on an annual subscription basis. At present, the options offered by IdentAlink in this respect are not clear, and I would see this as an area for attention.

Overall, it is good to see the integration of biometrics and digital certificates in this manner, and one must congratulate IdentAlink for producing such a product. Whether you consider the extra complexity of use and associated cost relevant to your own situation, will no doubt depend upon the sensitivity of your particular electronic communications.
   

SC On-Line
SC Magazine
www.scmagazine.com