Bdrive secures files in the cloud with fingerprints and fragmentation

Bundesdruckerei's Bdrive cloud file storage service uses erasure coding to increase redundancy and security



Maximum privacy seems to be the goal for the new enterprise authentication and cloud storage services Bundesdruckerei is showing at Cebit this week.

The 250-year-old state printer has moved far beyond its origins as a printer of banknotes and, later, passports, offering all sorts of secure digital authentication services.

At the exhibition in Hanover, Germany, this week it's showing Bdrive, a way for businesses to securely and reliably store important files in the cloud.

Unlike services such as Dropbox, Bdrive doesn't store the files themselves, just metadata about them. The task of storing the files is left to other public cloud storage services.

Those services don't have access to the files either, though: Bdrive's Windows client software encrypts the files and fragments them across several storage services, in such a way that no one store holds all the data; It uses erasure coding to reconstruct a file even when some of its fragments are missing, said Bundesdruckerei's Maxim Schnjakin.

Bdrive records which public cloud services are holding which fragments of the file, which user it belongs to, who has been granted access to it and on what terms. Customers can choose what level of redundancy they would like in the system, said Schnjakin: They pay a subscription fee to Bundesdruckerei, which then takes care of the storage fees for the various cloud services used.

The company isn't ready to name its storage partners, but Amazon Web Services' Simple Storage Service (S3) is an example of the kind of service it might use.

Access to the files is controlled by client software embedded in Windows 10. Bdrive appears as another location alongside Desktop, Downloads and Documents in the Windows File Explorer, and tasks such as sending download links or sharing access rights are accessed from a contextual menu with a right-click.

People invited to download a file receive an email containing a link to it. If a password is required, this must be sent via another secure channel. Clicking on the download link launches some JavaScript from Bdrive, which downloads the necessary file fragments from the various stores, reassembles them and decrypts the file.

For maximum security, control of the Bdrive files is closely tied to an authorized device and to the identity of the file's owner.

To provide stronger security than basic passwords allow, Bundesdruckerei is also showing a privacy-friendly smartcard-based fingerprint authentication system called GoID.

One problem with many biometric authentication systems is that they involve central storage and comparison of users' biometric details, putting them at risk of theft or disclosure.

Not so with GoID, in which the fingerprints are read, stored and compared entirely on the smartcard. The only information that leaves the card is a digitally signed message saying whether the authentication succeeded.

GoID cards are somewhat thicker than a credit card, but would still fit in most wallets. They have a built-in fingerprint reader like that found in high-end smartphones -- not the swipe type found on some PCs -- and are powered and communicate via an RFID interface. In most cases that will mean plugging an external reader into a PC's USB port.

To authenticate, users drop their card on the reader when requested, then place their fingertip on the card. The card also has a built-in numerical keypad for authentication in cases where a fingerprint has not been registered.

Enrollment is performed using the same card and reader: Software on the PC directs the process, but the fingerprint data never leaves the card, said Bundesdruckerei's Eric Stange.

Bundesdruckerei is already using the cards internally, and offers them to customers as part of broader identity management and authentication, said Stange. He wouldn't put a price on the cards, saying it depended on the services sold with them.

In addition to Windows log-on and authentication for Bdrive users, the cards can also be used for building access control. Because users' biometric information never leaves the cards, it's much easier to gain the support of trade unions for their use, especially in privacy-conscious countries such as Germany, Stange said.

Join the PC World newsletter!

Error: Please check your email address.

Tags Cebit 2017

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Peter Sayer

IDG News Service
Show Comments

Most Popular Reviews

Latest News Articles


PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?