Slashdot Mirror

← Back to Stories (view on slashdot.org)

Biometrics: Prepare to be Scanned

Posted by michael on from the scanned-in-the-place-where-you-live dept.

npistentis writes "From an article in the Economist: It has been a long time coming. But after years of false starts, security systems based on biometrics--human characteristics such as faces, hand shapes and fingerprints--are finally taking off. Proponents have long argued that because biometrics cannot be forgotten, like a password, or lost or stolen, like a key or an identity card, they are an ideal way to control access to computer networks, airport service-areas and bank vaults. But biometrics have not yet spread beyond such niche markets, for two main reasons. The first is the unease they can inspire among users. Many people would prefer not to have to submit their eyes for scanning in order to withdraw money from a cash dispenser. The second reason is cost: biometric systems are expensive compared with other security measures, such as passwords and personal identification numbers. So while biometrics may provide extra security, the costs currently outweigh the benefits in most cases."

7 of 284 comments (clear)

  1. Real-world biometrics by tr0llx0r · · Score: 2, Informative
    Mytec Technology Inc. develops applications of biometric encryption and optical computing. Mytec's technology of Biometric Signature Encryption can be applied to transmission on the Internet and to Electronic Commerce applications, enabling persons to securely transmit communication and information to each other. The Biometric Signature Encryption (BioscryptTM) has no relationship to the fingerprint image but is a randomly created pattern of the original fingerprint. It secures both the sending and receiveing of data. With the introduction of the CybermouseTM (wich houses an optical computer) the transmitting and receiving of data becomes totally secure. The CybermouseTM will identify the BioscryptTM of the sender, encrypt the message and, in turn, the receiver, with their CybermouseTM, will decode the newly received message via their BioscryptTM. This same degree of transmission security can be incorporated in a wide range of local and global business transactions, including Electronic Data Interchange (EDI), telephone faxes, Internet purchasing, ATM machines, debit cards, smart cards plus numerous other applications. A BioscryptTM can help prevent abuse of government benefit payments and programs, falsification of passports which are two areas of great concern in our society. This protection can be achieved without loss of individual privacy. With this optical technology, privacy is assured in that the individual's fingerprint is converted into a BioscryptTM which can not be identified to a particular individual without a live matching finger. The Mytec database comparator performs high speed search and match functions which can quickly detect duplicate situations and quick authorization is ensured. Access Control Mytec's special purpose optical computer, operating at the speed of light, is designed to provide instantaneous verification of a person's fingerprint (BioscryptTM) with unsurpassed accuracy. Only those authorized and identified can gain access to the protected area. The system is designed to respond only to a live finger or fingers which ensures that the individual is present as the system will not recognize any reproduction of a fingerprint.So the use of an employee's fingerprint as their timecard requires that they be present in person to clock in or out. This is an easy and quick enrollment process, taking less than thirty seconds.

    Digital Biometrics Inc. provides live-scan systems from the Los angeles County Sheriff's Department. These systems are installed in Los Angeles County Courthouses to verify the identity of persons being released from custody. These systems are also installed in Los Angeles Sheriff's Department booking stations.

    Miros Inc. ,developers of the world's easiest ad most reliable personal identification systems, have announced that they will demonstrate the first biometric technology to secure Internet access employing face-recognition: TrueFace Web. This technology employs a live video image previously recorded.

    XL Vision Inc. a leading provider of fingerprint have announced the Human Authentication Application Program Interface (HA-API) for companies and electronic commerce applications.

    Eltron and 3M have announced their collaboration for secure identification-printing systems. Eltron International Inc. leading global designer and manufactor of thermal-label and plastic-card printers.

    PenOp Inc. is a privately-held international software company specializing in electronic signature capture and verification for on-line business transactions. While some vendors, including IBM Corp., have been quietly researching the viability of this type of software, PenOp Inc. is one company that has taken an agressive role in promoting it to the financial services market. The company's software allows signatures to be written onto a penabled computer screen or a digitizer (a computer pen and pad), then encrypted and tran

  2. Re:Chopping of your Nose despite your Face by Anonymous Coward · · Score: 1, Informative

    It is "to spite your face" not "despite your face". "despite your face" in that context doesn't even make sense.

    Retard.

  3. Faking fingerprints trivial by imnoteddy · · Score: 4, Informative
    This email talks about how easy faking fingerprints is. Key paragraph:

    The time it takes to make a perfect duplicate is about 15 minutes (with special material it can be reduced to less than 10 minutes). To make a duplicate of a lifted fingerprint took me several days in 1992 and I had to do a lot of experiments to find the right process/technique. Now it takes me half an hour and the material costs are $20 (also sufficient for about 20 duplicates), the only equipment you need is a digital camera and an UV lamp. Not only do I now make the duplicates in a fraction of the time, but also the quality is better.

    --
    No electrons were harmed creating this post, though some may have been subjected to electrical and/or magnetic fields.
  4. Re:Biometrics are bad because.... by Coventry · · Score: 5, Informative

    I think you need to look into security principles. As you say, a lone password is easy to compromise, so is a lone biomtric. However, any truely secure system needs to use multiple forms of identification - preferably two or more of the following:
    - something intrinsic (a biometric, dna scan, etc)
    - somethign known (a password)
    - somethign kept (a security card)

    By having more than one step involved, the system is much more secure than any individual part. Somesteals your backcard - but do they have your pin? Or, someone sees your pin - but do they have your card or account number? PINs are actually very simple and easy to break (thoeretically), but are pains to break in reality because of the Other required piece of the puzzle, the bankcard, and how false authentications lead to the removal of the card (most ATMs shred your card after a few false PINs are entered).

    similarly: Just because someone steals your face, how will they get ahold of your new bankcard?

    After that fact comes the fact that most biometrics are hard to fake - fingerprint scanners these days can be made smart enough to check the temperature of the item placed on them - and some are even smart enough to look for normal temperature differences and gradients within the skin surface, and refuse authentication to 'fingers' that are too regularly or irregularly warm. Some very high end systems look for capilary blood flow... Most facial systems are smart enough to refuse a photo held up of your face, and carrying around a stiff 3d mask of someone's face is kind of obvious.

    Also, the fact that every type of scanning device on the market practially has a different data format for the biometric data (which is all one-way, you can get the data from a fingerprint, but not the other way around), and spoofing the data becomes more restrictive - a spoof of, say, visa's system wouldn't work against mastercard's (unless they were using the same equipment).

    Having said all that, I'd still like it to be pin+card+face/fingerprint rather than card+biomtric. Biometrics should be used to Enhance security, not replace known or kept-item security methods.

    --
    man is machine
  5. Re:Fingers by _Sprocket_ · · Score: 4, Informative

    It seems that these sorts of sensors can be fooled using a geletin finger.

  6. Re:Fingers by Anonymous Coward · · Score: 1, Informative

    And will these methods work, and be reliable in, for instance, outdoor ATMs? Kind hard to detect bodyheat accurately is the sensor pad is in direct sunlight, or half-covered in ice.

    And, you HAVE heard of the guy who used Jello to defeat fingerprint scanners, right?

    http://zdnet.com.com/2100-1105-916135.html

  7. Re:Can't be stolen? Are they on crack? by JimBobJoe · · Score: 2, Informative

    I predict that we will eventually see ATMs that require a card, password and biometrics.

    I don't, because ATM fraud is fairly low, and there is simply no justification for the investment in new ATM security infrastructure. (If anything, phony machines caching card numbers is far more a concern.)

    It is unlikely for a criminal to get both the card, the password, and a time to use the card before it gets cancelled. The current system works well.

    Having said that, the introductions of biometrics with ATMs has been biometrics alone. We all know that this is stupid from a security perspective, but the biometric companies are unable to sell banks on the security (since there is little need to chage the security situation) so they sell the equipment for customer convenience. Customers are willing to be scanned so that they don't have to carry their ATM card and know their password.