Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mouse Scans Palms to Verify ID

Posted by CmdrTaco on from the logs-you-in-and-reads-your-future dept.

p00kiethebear writes "'Fujitsu is eyeing a variation on the centuries-old art of palmistry as the latest biometric weapon against unauthorized access to computer systems and facilities. The company has developed a computer mouse that will scan the palm of the user and deliver not a look into the future but verify the identity of that person.', With a .5% error rate I wouldn't be surprised if we saw this in offices within the next few years."

14 of 145 comments (clear)

  1. The Switch by espionage_7 · · Score: 3, Interesting

    Well I would just switch out the mouse with one of my own =)

  2. .5%? by Anonymous Coward · · Score: 2, Interesting

    .5% Error Rate means if 1 million people use it, 5000 are going to have errors. That makes it pretty significant. If that half a percent get locked out completlely or half a percent get can get onto other computers without being the right person, then there are still issues to be worked out before it's used widespread.

  3. Why a mouse? by Pyromage · · Score: 3, Interesting

    Why use a mouse? I mean, mouses are subject to so much wear and tear that the sensors and lenses have to be real beaten on. I don't see a reason not to have a palm-checking USB device instead.

    Something just used for recognition would seem to be a bit more practical. Cheaper because size wouldn't be a significant factor, and also it'd be easier to lock down against theft.

    But a mouse is just asking for trouble. Its got a .5% error rate when clean, but what about when six months old, sweaty, covered in coke, chips, and bodily fluids and has been used for 8 hours a day for the last half year?

    A mouse is a bad idea.

    1. Re:Why a mouse? by Calvinhood · · Score: 2, Interesting

      Because using a mouse you can make the scanning process completely transparent to the user. Heck, hide it well enough, and they don't even have to know about it.

      This could be useful because you now have a way to actually catch unauthorized people trying to get into your system instead of simply keeping them away. Consider this scenario: For whatever reason, Joe Evil manages to get to a computer that's logged on to a network that contains sensitive information. Gleefully, he sits down and uses the mouse to open up windows explorer and starts looking for a client list or something. Meanwhile, the mouse has detected that this person isn't authorized to be on the system, so it's notified security and also loaded a system image that contains totally bogus data for Joe to explore. Joe has no idea that he's accessing false data or that two hulking brutes from security are on their way to have a...discussion with him.

  4. According to Fujitsu PR... by jbbernar · · Score: 2, Interesting
    According to Fujitsu's PR, they're guessing that they can achieve a 5% equal error rate -- they actually identified all 700 correctly.

    Of course, this tells us nothing about how easily fooled the system is. Considering the recent success of a Japanese researcher in breaking fingerprint systems, I wouldn't trust this for a second.

  5. Re:Slashvertisement? by Jeremiah+Cornelius · · Score: 3, Interesting
    Here's the good part.

    The thing attaches to an ordinary PS/2-style mouse port. That's a secure channel!

    So anybody who can land a trojan on the box, can easily capture the valid auth dialogue with the device...

    It wouldn't be too tough to have a bogus "print" stored electrically, and rep[lay it either from the actual port, or read from a location in memory.

    --
    "Flyin' in just a sweet place,
    Never been known to fail..."
  6. Re:Slashvertisement? by Jeremiah+Cornelius · · Score: 3, Interesting

    Actually, now I think of it, there is a HUGE contact area on this thing! Must leave a great print on the reading surface! What an opportunity for capturing palm-prints for forging access.

    --
    "Flyin' in just a sweet place,
    Never been known to fail..."
  7. Issues with Practicality by neurostar · · Score: 4, Interesting

    I personally am not in favor of biometric protection devices. Even if they are 100% effective and never make mistakes reading, I do not feel that they are a wise choice.

    Bruce Schneider wrote a good column about biometrics here. I don't like the fact that some biometrics are very easy to steal. This means that once someone discovers your biometric "password" they can use it anywhere because you can't change your password.

    So I personally would be wary about having too much faith in such a device. /p neurostar

  8. Re:Slashvertisement? by Idarubicin · · Score: 3, Interesting
    Must leave a great print on the reading surface! What an opportunity for capturing palm-prints for forging access.

    Actually, that's one improvement that this system has over the easily-fooled fingerprint based systems. Since this system uses reflectance measurements from the palm that are affected by deep structures (veins), the palm print left on the mouse won't do a potential cracker any good.

    That said, I suspect that the system really isn't worth the trouble. Other posters have noted that the mouse connects to an ordinary PS2 port, so there's an opportunity for a spoof right there. And the 0.5% error rate sounds good--but only if those are all false negatives. If the system is misidentifying users 0.5% of the time for a database of 700 users, then there will be a truly embarrassing failure rate in a corporation of, say, ten thousand users.

    --
    ~Idarubicin
  9. Eczema sufferers will love this (not) by charlie · · Score: 3, Interesting
    Like a rather large number of people, I have atopic eczema. This means that patches of my skin get red, sore, and swollen, then subsequently dry out and turn flaky and opaque before falling off. It's unsightly, sometimes painful, and itches like hell -- but it's not infectious. Nor is it curable. (Spot the "opaque" bit. That's important, in the context of this gadget.) The only treatments we've got for it are palliative, and it can be triggered by stress, allergies, or other environmental. factors. Finally, just for fun, one of the commonest parts of the body to be affected is ... the palm of the hand.

    So now a visible percentage of the population are now going to be intermittently locked out of their computers by a stress-related illness. Isn't technology great?

  10. Reliability of biometric testing by _Spirit · · Score: 2, Interesting

    An article in c't (www.heise.de) a while back really opened my eyes as to how immature biometric testing still is. They managed to fool every system they tested (fingerprints and irisscan).

    The companies selling this stuff are really pushing this as 'secure' and the way the media are raving about this, I imagine a lot of ppl are fooled by this.

    Even when the system itself wouldn't be easily fooled I would hate to see what happens if people start bypassing this in hard/software. You would have to have physical protection of the hardware to avoid bypassing the scanner and have very ingenious software to make this secure.

    --

    beauty is only a light switch away

  11. Not really that secure... by JohnnyCannuk · · Score: 2, Interesting

    See this Counterpane article from May.
    Seems to me the sOme common gelatin trick would work here as well...you just need more of it.

    Another issue that this may create - the chopping off of hands. Think about this...in the early 90's insurance companies tried to reduce their car theft losses by encouraging the use of car alarms and passive security measures (eg, only your key will unlock the steering column). The result...lower incidence of car theft..sort of. While noone now breaks into and steals a car parked on the street, the incidence of "car jacking" or the violent theft of a running car from the owner at gun point. More often than not this results in serious physical harm or evenb death to the car owner. That almost never happened in the "old days" before car alarms.....

    So this may, for access to the right kind of data, encourage the kidnapping of perwsons, the "removal" of a hand, and the making or a "hand cast" as in the article (a whole hand print is much harder to come across than a single fingerprint)to use to circumvent this "cool" mouse...

    So, be careful what you wish for....

    --
    Never by hatred has hatred been appeased, only by kindness - the Buddha
  12. 0.5% by Cryptnotic · · Score: 3, Interesting

    Is that 0.5% rate the "false positive" or "false negative" error rate? If it is a false positive rate, then that means 1 in 200 times, the wrong person will be allowed access. That is much worse than the false negative, i.e., 1 in 200 times the correct person will have his authentication fail.

    --
    My other first post is car post.
  13. Hands Cut Off by Anonymous Coward · · Score: 1, Interesting

    Everytime I think of things like this, I think of two awful things. The bank exec whose loses his hands in an accident and cannot access my account and the Mobster who cuts the bank exec's hands off to steal the money in my account. Body parts should not be used for ID unless you are willing to lose them.