Months ago, InstantMessagingPlanet.com profiled a startup developing enterprise-class instant messaging that could be housed entirely on portable, removable "flash" media, like a USB keychain. Add biometric authentication to the mix -- say, fingerprint identification -- and you've got one seriously secure IM system.

At least, that's the thinking behind efforts by Validian -- the startup -- and Sony Electronics, maker of the new FIU-810 "Puppy" Fingerprint Identity Token, a USB storage device with advanced biometric security features. Starting this week, Sony has been showing off its device at the RSA Conference in a bundled configuration with Validian's Flash Communicator IM application.

The Puppy enables only users with authorized fingerprints to access its encrypted files. Those protections can be extended to onboard applications like Flash Communicator, which stores all of its data locally, including conversation logs.

As a result, enterprise users equipped with a Flash Communicator-enabled Puppy can access their corporate IM from almost any computer with a USB port -- including public computer terminals or home PCs -- without leaving a trace of their communications when they later unplug and log off. The device is supported on Windows 2000/XP, Mac OS X and Linux-based PCs without the need for drivers.

The solution is designed to be secure on both the hardware and software sides. The Puppy uses fingerprint authentication combined with PKI digital certificate functions. Fingerprint templates are stored on the device, and matched to a submitted thumbprint.

"That's important for user privacy, so fingerprints aren't being sent across the Web," said John Harris, marketing manager for biometrics with Sony's Media and Application Solutions division. Also, "if fingerprints aren't leaving the device, you don't have to worry about them being stolen or taken by someone with nefarious purposes. Nor do you have to worry about them being stored in a centralized database and that database being hacked. It makes for a good, secure architecture on which to build this."

The device's built-in RSA engine supports up to 2048-bit keys, and is compatible with major certificate authorities. Once keys are generated and certificates received, the FIPS 140-2 Level 2-compliant token can authenticate onboard applications, like IM, as well.

"Not only can we obviously store software securely on the device, we can also tie it in to the fingerprint functionality on the device," Harris said. "You can use your fingerprint to guarantee to the person on the other end that it's your hand. It's about having that much more assurance that persons on that IM system are who they say they are."

For its part, Ottawa-based Validian's Flash Communicator provides end-to-end encryption between IM users, who must be first be logged in to the client, then validated against Validian's Domain Controller product -- which is deployed within corporations. After IM users are approved by the corporate system, text conversations and file transfers are handled point-to-point. All transferred files or chat logs remain on the device.

"The whole chain is secure and authenticated from end-user side to end-user side," said Andre Maisonneuve, Validian's chief executive officer. "That chain is very difficult to break at any point."

That level of authentication and security is made far more user-friendly thanks to the Puppy's biometrics support.

"Basically, there are several layers of security you have to come down through," Harris said. "It's very convenient -- it's not like you're having to enter five passwords."

The Sony FIU-810 "Puppy" is slated to begin shipping in bundles with Flash Communicator and other software during second quarter.

Christopher Saunders is managing editor of InstantMessagingPlanet.com.

How can your business tackle IM security and management issues? Join us at the Instant Messaging Planet Spring Conference and Expo, March 3 and 4 in Boston. Sessions include: "IM and the Law: Compliance, Privacy and Security" and "HR + IM = Corporate Social Policies for IM Usage."