Slashdot Mirror
Mouse Scans Palms to Verify ID
p00kiethebear writes "'Fujitsu is eyeing a variation on the centuries-old art of palmistry as the latest biometric weapon against unauthorized access to computer systems and facilities. The company has developed a computer mouse that will scan the palm of the user and deliver not a look into the future but verify the identity of that person.', With a .5% error rate I wouldn't be surprised if we saw this in offices within the next few years."
There've been thumb-reading mice for a while now. google: thumb biometric mouse This isn't news, it's another slashvertisement.
Yawn.
[
A lot of good that does from keeping someone from typing 'rm -rf *'. :)
-brain
Now you'll eventually have a reason to wash your hands : if you don't, you won't have access to the computer !
...
Mom's gonna be happy
theefer
In the office can't you just have security guards and tell the employees to lock the door's.
Well, why not? Most mice are optical now anyway, this certainly gives that term a whole new meaning...
... 1 small scratch, Security scan failed calling security drones.
People like me that manage to get cuts and scrapes on their hands all the time are toast.
Nothing worse than forgetting your password and not knowing what email address you gave with your account.
Well I would just switch out the mouse with one of my own =)
if you execute every desktop action using keyboard shortcuts only? I imagine after 10 minutes a popop window appearing: "the computer mouse feels lonely, please pet the mouse a little".
.5% Error Rate means if 1 million people use it, 5000 are going to have errors. That makes it pretty significant. If that half a percent get locked out completlely or half a percent get can get onto other computers without being the right person, then there are still issues to be worked out before it's used widespread.
Why use a mouse? I mean, mouses are subject to so much wear and tear that the sensors and lenses have to be real beaten on. I don't see a reason not to have a palm-checking USB device instead.
.5% error rate when clean, but what about when six months old, sweaty, covered in coke, chips, and bodily fluids and has been used for 8 hours a day for the last half year?
Something just used for recognition would seem to be a bit more practical. Cheaper because size wouldn't be a significant factor, and also it'd be easier to lock down against theft.
But a mouse is just asking for trouble. Its got a
A mouse is a bad idea.
Comment removed based on user account deletion
I do not know about you but I never place rest my palm on the mouse. To do so I find is inconvenient, annoying and impedes my work. Hell even on by ball mouse only 4 finger usually touch it.
I wonder how the workplace environment affects that 99.5% accuracy rating. I don't know about anyone else, but most computer mice I've seen seem to be dirt magnets.
.. from the description, it sounds expensive!
They didn't seem to mention price
So once every 28 weeks, Mallet in the next cubicle is able to use my PC without authorization because the mouse mistook him for me. Or once every 28 weeks, my PC won't let me log on. Either way, I'm not terribly compelled to choose this product over a screensaver password.
A wild take on some of the coming comments: "privacy inavsion", "Like the movie Gattica", "trating people as criminals" ...
In a society that believes in nothing, fear becomes the only agenda ~ Bill Durodié
Seriously, any person who really wants to access the computer, would just use keyboard shortcuts. All this will do is keep Joe schmoe 133t h4x0r script kiddie from gaining access. ...however if they implemented it into the tab key, I think that might do a little better.
Of course, this tells us nothing about how easily fooled the system is. Considering the recent success of a Japanese researcher in breaking fingerprint systems, I wouldn't trust this for a second.
If we saw people eating Jello in offices
In the article it states that Fujitsu conducted an experiment identifying a number of palms out of 700 palms and the system had an error rate of 0.5 percent.
It does not state what kind of errors were made. Failing to identify a palm or, confusing two palms. In the latter case, the error rate goes up dramatically with the number of palms in the database.
-- (:> jms cs.vu.nl (_) --"---
When other 2-factor systems are much cheaper and more portable (think "This system doesn't have your palm, you can't use it"), why would someone WANT a biometric, palm-scanning whizbang mouse? RSA SecurID (keychain with a changing number, synchronized to a login controller) is a much better solution because it's got client software for many OSes, you can login to any machine that's set up properly just with the fob, and it doesn't freak people out like a palm-scanning mouse will, IMO.
My palm doesn't touch the mouse. I use my thumb and pinky to grip the sides with my fingers resting on the buttons. My palm is a good inch off of the top. I use to rest it on the mouse but discovered I hate that sweaty feeling. I changed my form to that more like a pianist would use. Works wonders for those long gaming sessions.
Some days I get the sinking feeling Orwell was an optimist.
There is no one way to hold a mouse, besides having at least one finger on a button. How would this accomodate for the many and different ways to hold mice? backwards, forwards, upsidedown, sidewase, two fingers on the buttons only etc....
As traditional "gripped" mice are the most dangerous instrument for repetitive stress syndrome, most people will flat out refuse to use a device that slowly cripples you over time.
Better come up with a trackball version, stat.
from having to help every person that I come across that can't figure something in Microsoft Word or Internet Explorer.
"Sorry, my palm won't work the mouse..."
Anybody think this'll actually get used very often? IN a wolrd that values simplicty of security, I doubt I'll ever work in a place that uses these. Not because I don't value security, but because I doubt the comapany would enough to employ these.
Mod point free since 2001
I personally am not in favor of biometric protection devices. Even if they are 100% effective and never make mistakes reading, I do not feel that they are a wise choice.
Bruce Schneider wrote a good column about biometrics here. I don't like the fact that some biometrics are very easy to steal. This means that once someone discovers your biometric "password" they can use it anywhere because you can't change your password.
So I personally would be wary about having too much faith in such a device. /p
neurostar
As several people have pointed out, locking the mouse would still leave us with keyboard access.
Of course, the keyboard could also be locked, but who the hell would want to type with one hand on the mouse?
Since neither of those options are good, the only thing left is to use it for authentication at the beginning of a session. So if I'm only going to use it as a fancy password (which is stupid anyway, considering the error rate), what benefit is there to having it on the mouse? None.
And I believe we can all see the negative side-effects of sticking even more stuff on something we move rather aggressively all the time...
My Sig: SEGV
If the mouse scans your veins every time you let go and grab it again, and it has a 0.5% error rate, wouldn't it just keep locking you out at random intervals?
A palm scanner to get into some secret lab isn't a bad idea -- but a mouse that does scans your palm? It's like (approximate Simpsons quote) nuts and gum -- together at last!
This gelatin fake finger fools fingerprint detectors about 80% of the time.
I like anyone else can see the benefit of such technology in the workplace or in the general enviroment of our lives, but has anyone thought about the downside to the technology at the same time?
Criminals will have a slightly easier time getting access to systems they might not have been able to get to with the old personal ID number system. Unless you're of vulcan descent getting a PIN from someone's brain required some beating, but with the scanning technology all they'd have to do is chop a hand or gouge an eye and they'll have access to everything you did.
Be you Admins? nay, we are but lusers!
wow, I now have full access!
Let's hope they don't try and use this for verifying your age on porn sites. "SCANNING... *BZZT* ERROR. PALMS TOO HAIRY TO SCAN." :)
"Destroy science and religion. Science would re-emerge exactly the same; but not religion." - Penn Jillette, paraphrased
What ever happened to the SmartChair that reads ass-prints?
Table-ized A.I.
Dan's Data did an interesting review of fingerprint scanners. Apparently they (well, that particular one anyway) are remarkably easy to fool - using jelly.
Personally, I'm happy with passwords - you can change those...
Gosh, why don't they just embed a smart card under the skin in or around the palm area. I mean, what is to prevent me from beating up the guy with the palm this mouse system wants to use, and then forcing his hand ont he mouse to circumvent the security system? Besides, who uses a mouse in VI anyways. Real men just yank and paste lines with YY/P commands. Oh wait, thats right... the drivers for this only work in Windoze!
It isn't a lie if you belive it.
Will someone write an application for this mouse to read your palm? That would be a nice touch each morning when checking the 'ol inbox.
"Quoting famous computer scientists out of context is the root of all evil (or at least most of it) in programming." - K
'The company has developed a computer mouse that will scan the palm of the user and deliver not a look into the future but verify the identity of that person.'
Well, if someone were to rewrite fortune for this, you would have a customized one every time you logged on!
I'm the Devil the Windows users warned you about.
I'm using a Microsoft Optical mouse on my main computer - I've been using this thing for about three years and where my thumb and pointer fingers rest against the plastic the silver paint has been completely worn away. The amount of wear and tear a security mouse would take in an office, especially with 'floating seating' like alot of call centers and programming cube farms have these days, would make this absolutely pointless.
As it stands, the system of using passwords to prove identity is the best-working piece of the whole security puzzle. I'm not defending passwords; they are crappy and easy to "engineer". My point is that the rest of the security situation is worse off than that.
Most of the security threats people have to worry about in the real world have to do with attacks that bypass authentication entirely (most buffer overflows), or that trick valid users into doing stupid things (most viruses), or that hijack the software valid users run into doing their bidding (most viruses and worms).
Go over all the high-profile security issues of the past year. How many of them would have been mitigated by using biometric authentication instead of passwords? Few, if any. I'll bet 99% of the Klez E-mail I get has its true origin in a valid, properly authenticated user.
Hairy palms will interfere with the scanner.
Hey Bob, can you show me how to use this new app? Oh wait, I guess you'll have to tell me how to use it. Actually, this sucks... let's just go to your computer.
I wonder if what they'll do about my laptop mouse.
-a
How to rationalize theft.
5% means that if I put my hand on the mouse and it doesn't work, I just remove my hand for a moment, and then put it back on the mouse. Chances are that I'd be in after 20 times.
How do you log in if you just broke your wrist, or got a tatto on you hand?
Almost all computer users look at monitors. So put thoses inexpensie LCD cameras in monitors and do a face scan. Less engineering than a mouse.
So now a visible percentage of the population are now going to be intermittently locked out of their computers by a stress-related illness. Isn't technology great?
That may prevent me from chopping off your hand in order to gain access to your machine. Just a thought.
The press releases for new identification technologies are so slick and appealing (in general), but all the "new" technologies suffer the same basic flaw: the determined individual can not be stopped whether that individual is set on stealing your files or crashing an airliner into a skyscraper.
"I think all foreigners should stop interfering in the internal affairs of Iraq"
-- Paul Wolfowitz, 7/21/2003
Dont worry about it...well forgive you eventually.
"Yah! uh-huh...no. It's not contagious...sure... no, yes - yes I'll meet you there. The Bawls bar on 2nd right? uh-huh... yah! lemme just check my email"
*click*
Please identify!
"Christ! I just went to the bathroom!"
Place your palm in full contact with the mouse
Stupid! {places palm on mouse}
Identification incomplete
"What?"
Please state your name
Rob
full name
Robert Malda
Please state supplementary identifier
"Which one?"
Orientation
"Lesbian!"
OS Orientation
"Linux"
bzzzt!
"BSD"
bzzzt!
"Oh for Christ's sake! -- OSX!"
ding! Access granted.
Cake or Death? Cake Please!
1. *click* remove mouse
2. *click* plug in new mouse
3. PROFIT!
So how long before someone writes a linux driver for it?
moto411.com
As flawed as this possibly is, imagine if in an airliner, the pilots and co-pilots stations only responded to authorized palms... otherwise it'd go into autopilot. Of course, control could be released by insertion of a secret code into a keypad that only certain ground security people would know and could tell the someone on the plane via radio in a pinch...
Cake or Death? Cake Please!
Seems like a halfway decent idea, until, of course, you ask, does my palm actually touch the mouse. At least for me, my palm doesn't touch the mouse at all. If I wanted my palm to touch the mouse, my fingers would be dragging along in front of the mouse and my arm would have to be in a poor ergonomic position. Maybe they should check how people actually hold a mouse before they start doing things like this with it.
There's no sig like SIGSEG
probability will indicate this scheme will fail at the rate of about 1.2 times a year on average -- assuming 250 working days and you only authenticate once per day. however -- if this was really implemented, people will probabbly time out after 15 minutes / out to lunch / in meeting / whatever; so it will fsck up probabbly every month or so. i dunno -- just seem like passwords are so much more reliable.
My life in the land of the rising sun.
all other numbers are okay
My life in the land of the rising sun.
An article in c't (www.heise.de) a while back really opened my eyes as to how immature biometric testing still is. They managed to fool every system they tested (fingerprints and irisscan).
The companies selling this stuff are really pushing this as 'secure' and the way the media are raving about this, I imagine a lot of ppl are fooled by this.
Even when the system itself wouldn't be easily fooled I would hate to see what happens if people start bypassing this in hard/software. You would have to have physical protection of the hardware to avoid bypassing the scanner and have very ingenious software to make this secure.
beauty is only a light switch away
So we are going to start seeing thieves pack their own PS/2 or USB mice with them to circumvent this "security"?
:P
Right.
See this Counterpane article from May.
Seems to me the sOme common gelatin trick would work here as well...you just need more of it.
Another issue that this may create - the chopping off of hands. Think about this...in the early 90's insurance companies tried to reduce their car theft losses by encouraging the use of car alarms and passive security measures (eg, only your key will unlock the steering column). The result...lower incidence of car theft..sort of. While noone now breaks into and steals a car parked on the street, the incidence of "car jacking" or the violent theft of a running car from the owner at gun point. More often than not this results in serious physical harm or evenb death to the car owner. That almost never happened in the "old days" before car alarms.....
So this may, for access to the right kind of data, encourage the kidnapping of perwsons, the "removal" of a hand, and the making or a "hand cast" as in the article (a whole hand print is much harder to come across than a single fingerprint)to use to circumvent this "cool" mouse...
So, be careful what you wish for....
Never by hatred has hatred been appeased, only by kindness - the Buddha
I wonder if the jello finger trick works against it?
Is that 0.5% rate the "false positive" or "false negative" error rate? If it is a false positive rate, then that means 1 in 200 times, the wrong person will be allowed access. That is much worse than the false negative, i.e., 1 in 200 times the correct person will have his authentication fail.
My other first post is car post.
[i]With a .5% error rate I wouldn't be surprised if we saw this in offices within the next few years[/i] A 1/2% error rate is a 1 in 200 error rate. That's not very good. That means you could walk through a large office and have a fair chance of being falsely recognized by the id system.
ShoutingMan.com
A second angel followed and said, "Fallen! Fallen is Babylon the Great, which made all the nations drink the maddening wine of her adulteries."
9A third angel followed them and said in a loud voice: "If anyone worships the beast and his image and receives his mark on the forehead or on the hand, 10he, too, will drink of the wine of God's fury, which has been poured full strength into the cup of his wrath. He will be tormented with burning sulfur in the presence of the holy angels and of the Lamb
Will it verify if the hand is still connected to the person's body?
With really hairy palms?
I'd much rather have keycards or an embedded watch-keycard. Combined with a 128 digit pin number of course.
| - | - |
Everytime I think of things like this, I think of two awful things. The bank exec whose loses his hands in an accident and cannot access my account and the Mobster who cuts the bank exec's hands off to steal the money in my account. Body parts should not be used for ID unless you are willing to lose them.
Remember that hoax a couple of years ago about a company that was going to implant ID chips in the palm of everyone's right hand, readable by the mouse to authenticate online purchases... ...intentionally recalling the passage in the Book of Revelations, "And he causeth all, both small and great, rich and poor, free and bond, to receive a mark in their right hand, or in their foreheads: And that no man might buy or sell, save he that had the mark, or the name of the beast, or the number of his name?"
"How to Do Nothing," kids activities, back in print!
I use BSD. My programs do not employ a mouse. This technology is useless for my purposes.
Not only does it scan your palm to verify your identity, it can also predict that a mysterious stranger will enter your life.
Although this is a very clever idea, I don't want one. I often spend weekends working on cars and sometimes burn my fingers working with hot stuff.
Usually these types of burns involve only my index finger, but as I type this my left index finger and thumb are barely healed up from burns last weekend.
My boss doesn't like hearing excuses, so how do I explain that I can't login? I bet that under the right circumstances, I could potentially claim workman's compensation for not being able to work.
Just don't eat too many gummi bears before demoing this thing.
I know that the makers of the device claim it goes beneath the skin, but...
t y/ present/s5p4.pdf
http://www.itu.int/itudoc/itu-t/workshop/securi
Either that, or simply hack off some M.B.A. marketing weenie's hand to log in.
__ Someday, but not this morning, I'll finally learn to use the preview button.
Is the mouse able to tell if you've been slagging the sausage to the latest Angelina Jolie pics? Would the company using this technology fire you for being a sick little monkey spanking it while visiting Easy Pic?
There are lies, damn lies..... and advertised error rates in biometrics, as most people who have been reading the most recent issue of C`t know (english article). When normal people start doing practical test fooling biometric devices.... they get it done 99.999% percent of the time in only 0.47 seconds!!!
Okey so I made thos numbers up, but they make more sense to base you security related dicisions on then the false negative and theoratical "chance of same fingerprint on humans" numers the biometrics industry uses.... Sugestions for those who already ordered the device, try blowing on the sensor after it has been used, a lot of fingerprint scanners react to the fingerprint left on the sensor by the authorized user.
Combine technology for great security! I don't see how there is any security improvement in this invention, and it runs the risk of irritating the user it claims to protect. Further, it doesn't sound that reliable or tolerant to real world abuse and attrition. This sounds more like a warning to dump your investments in the company than a promising new innovation.
Will excessive hair growth interfere with the readings?
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
Well yeah.
Finally, there's a convenience involved in various devices on the USB tree not being able to communicate with each other without relaying through the computer.
What's this Submit thingy do?
With a 0.5% error rate, a 2000 seat company gets 10 more service calls per day. If each service call takes 30 minutes, that's 10 hours per day, 50 hours per week, 2500 hours per year (allowing for 10 holidays...geeks always lose their vacation before the fairy-tale schedule permits them to use it!). So if you have outside tech support at, say, $75 per hour, how much do these little beasts really cost?
Well I guess the cat is out of the hat now, time to put him in a box
I have mod points and I am not afraid to use them