Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mouse Scans Palms to Verify ID

Posted by CmdrTaco on from the logs-you-in-and-reads-your-future dept.

p00kiethebear writes "'Fujitsu is eyeing a variation on the centuries-old art of palmistry as the latest biometric weapon against unauthorized access to computer systems and facilities. The company has developed a computer mouse that will scan the palm of the user and deliver not a look into the future but verify the identity of that person.', With a .5% error rate I wouldn't be surprised if we saw this in offices within the next few years."

9 of 145 comments (clear)

  1. Re:.5%? by The+Whinger · · Score: 2, Insightful

    Or it means that it gets it wrong 5000 times in 1 million. If it locked me out, and I retried and got in ... then there is no problem with a 0.5% error.

  2. .5% Error Rate by Anonymous Coward · · Score: 1, Insightful

    So once every 28 weeks, Mallet in the next cubicle is able to use my PC without authorization because the mouse mistook him for me. Or once every 28 weeks, my PC won't let me log on. Either way, I'm not terribly compelled to choose this product over a screensaver password.

  3. I wouldn't be surprised by uberstool · · Score: 2, Insightful

    If we saw people eating Jello in offices

  4. Why? by gleffler · · Score: 2, Insightful

    When other 2-factor systems are much cheaper and more portable (think "This system doesn't have your palm, you can't use it"), why would someone WANT a biometric, palm-scanning whizbang mouse? RSA SecurID (keychain with a changing number, synchronized to a login controller) is a much better solution because it's got client software for many OSes, you can login to any machine that's set up properly just with the fob, and it doesn't freak people out like a palm-scanning mouse will, IMO.

  5. Re:Slashvertisement? by boskone · · Score: 2, Insightful

    Best practices in security would dictate that this is just part of a strong authentication scheme. I would require users to still use login/password. The chances of the reader misreading and having someone's user/pass is very remote.

    Theoritically, someone could record someone's palm print inline on the ps/2 port, and watch them type their user/pass, then come back later with the spoofing device containing the correct responses to hook inline to the ps/2 port again and log in as that person. But you're talking about a BIG operation to pull this off, plus a lot of chances of getting caught. (you have to physically access their computer twice, PLUS somehow get their user/pass).

    I think it could have a use, but it will need to be integrated into NDS/AD elegantly for it to catch on in the enterprise. And it must be low hassle to implement.

  6. Solving the wrong problem by Anonymous Coward · · Score: 2, Insightful

    As it stands, the system of using passwords to prove identity is the best-working piece of the whole security puzzle. I'm not defending passwords; they are crappy and easy to "engineer". My point is that the rest of the security situation is worse off than that.

    Most of the security threats people have to worry about in the real world have to do with attacks that bypass authentication entirely (most buffer overflows), or that trick valid users into doing stupid things (most viruses), or that hijack the software valid users run into doing their bidding (most viruses and worms).

    Go over all the high-profile security issues of the past year. How many of them would have been mitigated by using biometric authentication instead of passwords? Few, if any. I'll bet 99% of the Klez E-mail I get has its true origin in a valid, properly authenticated user.

  7. Re:Slashvertisement? by Idarubicin · · Score: 3, Insightful
    Of course, since we have physical access to the machine anyway, we might as well install a keystroke logger as well as record the authentication from the mouse...

    I guess it comes back to what we already knew--as soon as someone has unfettered physical access to a machine, it's security is effectively compromised.

    You want to limit access to a computer? Put it in an office. And lock the door. Know who has keys. Audit those keys.

    --
    ~Idarubicin
  8. Re:Issues with Practicality by JoeBuck · · Score: 4, Insightful

    To paraphrase Schneider: if someone steals your palmprint (for example, by getting a print off a surface that you touched and making a duplicate good enough to fool the scanner), where do you go to be issued a new palm?

    Biometrics are ok if they are only part of what you need to get into the system (e.g. the right fingerprint plus the right password).

  9. 0.5% error rate by Anonymous Coward · · Score: 1, Insightful

    With a 0.5% error rate, a 2000 seat company gets 10 more service calls per day. If each service call takes 30 minutes, that's 10 hours per day, 50 hours per week, 2500 hours per year (allowing for 10 holidays...geeks always lose their vacation before the fairy-tale schedule permits them to use it!). So if you have outside tech support at, say, $75 per hour, how much do these little beasts really cost?