Slashdot Mirror
Vein Patterns to Verify Identity
JonN writes "Fujitsu Ltd. will start selling a biometric security device next month that relies on vein patterns in the hand to verify a user's identity, it said today. The palm-vein detector contains a camera that takes a picture of the palm of a user's hand. The image is then matched against a database as a means of verification. The camera works in the near-infrared range so veins present under the skin are visible, and a proprietary algorithm is used to help confirm identity. The system takes into account identifying features such as the number of veins, their position and the points at which they cross."
Biometrics sounds great, right up until the point you run into the desperate dude who is willing to take out your eyeball -- or in this case remove your hand -- just to be able to access whatever it is that is being protected by biometrics.
So who is this really good for?
Wouldn't you rather give up the memorized password rather than your eye or your hand?
But then, how does your employer look at this.
He doesn't give a shit about your body. He just wants to protect corporate assets. From his point-of-view, it is statistically less likely that he'll lose such assets were biometrics used over passwords.
Just remember that when next you go to ask for the raise, and your boss is making you authenticate to the company's grid using biometrics.
That'll be $25.00 please.
John
Yeah, but can it tell my fortune?
I guess more biometric sensors are always better -- but at a point, doesn't it seem excessive? I guess I'll be able to sleep easier tonight knowing that if I'm killed in my sleep and my murder spreads my bodyparts across the county, I can still be indentified by the veins in my hands. Thank God.
"Please insert hand for vein identification"
"Hand invalid. Third attempt failed. Hand retained."
My hairy palms, you insensitive clod.
This could get amusing. "Honey, can you swipe your arm for these groceries? My arm credit limit is a bit low this month." When you get robbed in back alleys, the drugged up crims rip off your arm and take it to the ATM to pull out all your money. I'm sure the "cost an arm and a leg" jokes are coming.
What if I don't have fingers you insensitive clod!
Or blood, or vein, or whatever
Seriously I wonder how good the scanning is- some people's fingers have a layer of crust(skin, due to labour work such as farming or handling) that is pretty tough. Could the device scan through a layer of hardden skin?
Realistically speaking, how much is it worth to you to secure your company's assets? At retail locations, conventional wisdom says "give the dude the money, because it's not worth it."
Would you lose a body part?
I think the answer would be "Heck No!"
What would the court say? Isn't using biometric security putting life and limb of the employees in jeopardy?
That would be an interesting case for a judge and jury.
While some factors, both genetic and external, may lead to the divergence of form in venal positioning and number, the chance that two people have similar (if not identical) veinous patterns is not small.
Medicine is based on the supposition that human beings are, at a very basic level, extremely similar to each other. This allows us to give generalized prescriptions instead of having to perform meticulous measuring and experimentation to determine the correct level of drugs to give to a person.
Even Da Vinci noticed that many measurements of human bones were precisely measurable using the Golden Ratio. Humans, and most of Nature, is perfectly balanced so as to result in a great homogeneity across the species. Even in our day-to-day life we sometimes encounter "spitting images" of people we know. Some even make a living impersonating famous people.
I find it worrisome that the verification of something as personal and important as someone's identity is based on something as common and repeatable as the pattern and layout of veins.
It sounds like such a system is subject to replay attacks. i.e., if I take a picture of your hand I can replay it to the reader. That's the beauty of smart cards: challenge-response with a random nonce means no two queries are ever identical, so no two replies are ever identical, and replay attacks are worthless.
This is somewhat novel and cool because:
a) there need not be any physical contact twixt the biometric reader and the individual - unlike with fingerprint scanners - defintely more hygenic
b) as a previous poster mentioned, it doesn't work if the hand is severed
c) fingerprints may be scarred, burned, or otherwise mutilated
I mean, if you're gonna put people through biometric authentication, you might as well do it right, right?
-- i drop mine in braille so you blind cats can read me
...hot chicks telling me they have to hear me say "passport".
It is not uncommon for the smaller bloodvessels to simply disappear and appear over time to facilitate changes in energy consumption. A tiny inflammation can also cause the surrounding vessels to change themselves quite significantly. Wouldn't want to be denied my own money suddenly.
Also, since the camera is presumably looking at the heat coming from the veins, would this mean that if you lost circulation to your hand for whatever reason (extreme cold, medical condition, etc.), that would also cause the device to reject you?
forgive my ignorance, but don't veins' positions shift slightly? Don't quote me on that, but I think I read that somewhere..
I'm all for increasing security, but biometrics have always been fairly insecure in a number of situations. I'd guess that its only a matter of time before this method is cracked.
Fingerprint scanners have numerous ways of being defeated - through lifting the prints off the scanner (by use of tape and graphite powder), to gel finger molds.. And I forgot how to defeat retina scanners and vocal scanners, but simple vocal reproduction shouldn't be too hard considering the quality of numerous recording devices. Cheaper retina scanners used to be defeatable by photograph IIRC, strange enough..
"Better to be vulgar than non-existent" -Bev Henson
Really now, how difficult can it be to fool one of these. It seems all it would take is:
1. Remove the IR filter from a 3 megapixel or higher digital camera.
2. Photograph the hand with and without a low pass IR filter.
3. Print a mirror image of the first photo on an acetate sheet.
4. Take the same print and print the other side with IR visible inkjet ink from the second photo.
5. Fool scanner.
6. Profit?
how will this device fare on zombie veins?
enquiring minds want to know... give us something to talk about at the winchester, at any rate
That's the dumbest argument I've heard all evening.
The "desperate dude who is willing to take out my eyeball?" Why wouldn't he just leave it in your head and just piggyback through? Or bring you along to access that "protected" stuff?
Sure I'd rather give up a memorized password instead of an eye or hand, but again this is a question of severity. I don't believe you go from demanding a password to cutting out an eye without things other than biometrics being a critical factor.
Your employer may not give a shit about you, but most employers do. The liabilities of employees getting hurt is much of the reason that many employer-offered health plans have increases every year. I doubt that any employer will be nonchalant when one of their employees come to work with only one hand.
There's nothing wrong with an employer implementing biometrics, if it's an at-will company. It's up to the employee as to whether that proposition is acceptable.
I find it worrisome that the verification of something as personal and important as someone's identity is based on something as common and repeatable as the pattern and layout of veins.
I haven't done the research, but I doubt this is any more "repeatable" than fingerprints, or for that matter DNA.
I had an infrared security cam and IR light source; and interestingly when shined on my arm you could pretty easily see the veins inside. Looked quite freaky. Especially tweaked us out because we were merely trying to duplicate the old infamous Sony-night-vision-sees-through-clothing trick. Didn't expect it to see through skin.
Comment removed based on user account deletion
Some day in the very near future there will be a way to easily duplicate fingerprints, vein prints, retina prints, or whatever.
Current solution: change password or revoke key.
Solution for the future: slice your finger off and hope they can someday regrow you a new one with a new fingerprint.
Do we really want to slice hands/arms and eyes off too? Biometric ID has NO solution if the thing you're testing against becomes compromised.
I've met quite a few people who have nonstationary veins; that is, veins that they can move around, that twist under their fingers and stay in their new position, etc.
How will this system handle these?
It's only an insult if it's not true.
Dancin Santa wrote:
>I find it worrisome that the verification of something as personal and important as someone's identity is based on something as common and repeatable as the pattern and layout of veins.
According to Fujitsu (in TFA), their method is capable of identifying one hand from a population of 1,250,000 (they claim a FAR of 0.00008%). So the vein pattern is not as 'common and repeatable' as you think; the differences may be subtle, but they're large enough (provided their claims are true, of course).
I have quite a few veins in my penis. I wonder if that would work... :-P
Well, I see we've already got a few people posting "zOMG my hand's gonna get chopped off".
Here's a pop quiz. How's a device that uses near-IR to see active blood vessels going to work....
...on a hand with no blood pressure, and no hot blood flowing through it? Seems to me a cut-off hand would be virtually worthless within seconds; the veins would become the same temperature as the rest of the hand, and collapse due to lack of blood pressure.
Please help metamoderate.
So how do we know that's a valid form of unique identifaction? Have results been published and reviewed?
This time, it's the translucent map of the hand.
Problems with this idea?
1. Injury or other causes of restricted bloodlow will change the pattern. People may be wearing a watch or carring a bag which may change the net translucent image of the hand for some time.
2. No mention if this is 3-d imaging, or multiple-perspective scanning of some sort - but if it's just a 2-d single image, then another source of the 2-d image could be used as fake ID. In the case of 3-d imaging, fakes become more difficult - gummy hands are a lot less common than gummy bears. Still - there has to be a basis for pattern-recognition in the complex mess that makes up a human hand/palm, and that basis can be exploited. A rubber glove with ink on the palm, flipped inside-out may do the trick, or something similar.
3. This equipment... will it be cheap? Will it require large databases and further security for that data? How much cheaper will this be than other security methods? Cost more than most things will likely determine the impact of a biometric technology. Just having another identification scheme won't help that much, if it can only be used in already-secure or expensive scenarios.
Biometrics are a great idea, and some very cool implementations - but they always seem to involve a lot of false negatives/positives (none have solved both), and are fairly expensive relative to their unreliability. They certainly haven't been a replacement for most standard security schemes. How is this scheme different?
You're not the only one. Who says fingerprints aren't "repeatable"?
Fingerprints as legal evidence are basically 'grandfathered' in--they're accepted because they're accepted. If you tried to introduce fingerprinting as a new technology--and had to prove each was unique and that you could make a positive ID based on this--you'd never get it in front of a jury.
Biometrics are still so far from reliable. Hopefully this whole effort will not be in vain.
Storm
Da Vinci obviously never travelled to Iowa. Seeing someone with both arms or legs the same length is like seeing a double-rainbow. It's something you tell your grandkids about while they stare in disbelief.
I'm Rick James with mod points biatch!
I don't know about you guys, but the amount of times I've cut or bruised my hands, let alone bone breakages is quite high. I assume all these injuries, even the more minor ones would cause a change in the exact layout of your veins... especially after surgery to repair broken bones or torn ligaments.
On a similar note, what happens when someone has to have their hand in a cast? Or how about the problems dealing with children who are still growing rapidly... their vein structure is constantly changing with the rest of their bodies.
She's built like a steak house, but she handles like a bistro....
If someone receives hand surgery or something, then I suppose they would have to re-submit their hand, right? I just hope it doesn't end up in some emergency situation. Like you get shot in the hand, then need to run away from the dudes and hide in a room that is protected by this device. Since I doubt you'd be able to get in! Then again, with other systems, you could always get your eyeball taken out.... or fingers cut off...
In the end, I think this is more an important step into things. I think all this technology will lead to a method that makes sure you are who you are. and that just cutting off a finger or something won't work. So you yourself would have to be there, in tact. And maybe even count who else is there.... or messure your heart rate.... I think if there were a bunch of checks that need to be done to ensure that the person entering is the only one... or that they aren't scared or anything.... Well.. Something like that is sure to come.
http://www.6765656b.com it's the ~ for us geek's.
When you are alive, your veins are full of blood. When somebody cuts your hand, it will change the impression. So the test will fail. The best method will be to combine this with a scanner which detects blood flow. No blood flow and it means its a fake hand :).
My Aurora : http://www.youtube.com/watch?v=o91ZsGwJYyg
FB : https://www.facebook.com/TanveersPhotography
You guys are all overreacting -- as if this will be the end all be all of identification.
This won't be used solely except perhaps for minor barriers to entry. You don't need to worry about some guy having the same vein pattern as you, since the chance that this guy is also trying to defraud you is pretty small. A criminal might share a pattern with some other people, but how is he going to find out which people he matches without some inside access to the system?
You people worried about not reading due to various biological reasons: it may be an inconvenience, but you aren't gonna be locked out of your account. What do you do if you forget your password nowadays?
And those who say that the system is insecure and bypassable. No system is secure. At least this is probably more secure.
I am pretty sure that asshole wrinkles are unique too, so when are we going to see a brand new method of really failproof(TM) ID check where you have to sit butt naked on a scanner?
Which is why usually fingerprints are good enough to get a warrant (probably cause), whereupon other evidence comes to light that is much more solid. But good luck getting a conviction on just an old fingerprint anymore.
What?
Those damn biometric auth device developers... pfff... they don't even think about Darth Vader: he can't use the device with his right hand !
If someone held me under duress I would give up my password, hold my hand against a scanner or do some other biometric thing. So the only way to combat this is to arm yourself, companies should hand out standard issue firearms at the end of every successfull job interview with the pass card. All you need is the right to bear arms, which potentially makes the USA the most company safe country in the world. The postal service has a great deal of experience with armed employees, they could consult, screw all this biometric stuff.
Task Mangler
It didn't seem to be mentioned, but there are more details regarding this device people ought to know. The current version they are pimping is a black block a little bigger than a pack and a half of cards, and while it is true it does IR vein scanning, it also is performing hand geometry matching in software, to assist in getting around vein irregularities. The Fujitsu minions who use it seem to like it, and have gotten so good at positioning their hand over it that they no longer need the positioning guide. They are already prototyping a new version that is roughly a 1 inch cube including the USB controller.
No matter how much they work in software to prevent fakes from gaining accees (which by the way is pretty decent from the demo I saw) it is still weak to the picture attack fundamentally. The algorithms are pretty good though, since a major japanese bank is using them on ATM's, combined with a smartcard ATM card that does MatchOnCard with the calculated template from the sensor (ostensibly to prevent private information from leaking to the outside, though they still require a PIN as well to use the ATM).
Now if only the manufacturers moved to a harder to fake biometric sensor type, like ultrasonic fingerprint sensors...
Stick something else in? Something else with plenty of blood vessels? ;)
My main problems with almos all biometrics identification & recognition systems for public use is that
- none of them works good enough (see below)
- if you combine multiple biometrics to raise the efficiency they will become exponentially more inconvenient and expensive, and still not being 100%
- very many biometrics can be falsified and there probably are levels where even cutting a hand isn't a big deal to get to the information; in cases when you need the hand/finger/etc. alive there's kidnapping and remember, one doesn't have to interrogate the fella, just to take him
Ok, so about efficiency. If you care to dig a bit deep and read research regarding different types of biometrics, you'll easily find quite high numbers on %. There's two things one has to constantly keep in mind:
- most if them give those high % only in specific working conditions
- if you read one biometrics works at 9x%, always think on the reverse: e.g. how many real people does that 100%-9x% mean in the real life like airports with multi-million guests a day ? even 99% goodness means 10000 from 1mil. people falsly angered and that's a lot
I am putting myself to the fullest possible use, which is all I can think that any conscious entity can ever hope to do.
Retinal scanning, iris photography, finger prints, hand vein scanning. When will they produce a biometric scanning system which is based on things the bad guys won't cut off or cut out to get into the secure facility?
who have cybernetic hands, because ours were severed in a climactic showdown with our evil fathers, you insensitive clod!
From the Unix fortune file:
The mature bohemian is one whose woman works full time.
Get your Unix fortune now!
With a latex bag of spaghetti bolognaise.
"My name is Louie, my password is my Mumma's Special with extra garlic."
His name is Robert Paulsen...
Anyone thinking of Paul Atreides being tested by the Bene Gesserit?
"Put you hand in the box"
"What's in the box?"
"Access"
"I must not move. Movement is the access killer. I must still my hand. I must let the scan pass over me and through me..."
The big thing about biometrics is it's another way to verify access. There are three basic ways to identify yourself:
1) Something you have. This would be a key, a smartcard, an access ID, whatever. It's a physical token issued to those that should be allowed access.
2) Somethink you know. A password, a PIN, a secret handshake, etc. It's a verification procedure that is stored (hopefully) in your mind.
3) Something you are. Your fingerprint, thermal skull image, vein print, whatever. It is an actual measurement of what you are.
Now each one has advantages and disadvantages. The advantage of a physical token is that these days, they can be made such that they are basically unreplicatable, and even if not one needs physical access to it to replicate. The disadvantage is, of course, that one can simply take it from the rightful owner. Also, it can be lost.
Something you know is good because it can't be taken, and can't be lost. It cna be forgotten, but at least then it's not lost where someone can get it. The problem is that if someone discovers the password, through any means, they can have it and you'll never know they do since nothing is missing.
Something you are is good in that it can neither be stolen or copied. The problem is that what ou are changes, as you noted. There has to be tolerance built in the system and the more tolerance, the more chance it can be faked.
Well real security comes from using more than once of these. Any of these mathods alone isn't all that secure, there's basically a single point of failure. So, for real security, you go to 2 or 3 factor security.
If something requires a smart card, a password, and a hand scan for access, well good luck to you trying to break in. That means you have to get a good fake of the person's hand, find out their password, and steal their key, and do all of that and make use of it before it is noticed and the access changed.
Also, if it's better than what's common now "fingerprint scanning" then it's not worthless. Things don't need to be 100% secure to be useful, just better than what you had. The 10+ character random passwords I use for most things aren't perfect, but they are a shitload better than a 4 number pin and thus worth upgrading to.
On the topic of ambient temperature...
Mother: Oh, yeah. We can wrap you in a full-body suit of neoprene, heat-resistant rubber. Or we can raise the temperature in Cosmo's office to 98.6 degrees - which is probably what we'll have to do, because the neoprene would suffocate you. Either way, you've got a top speed of two inches per second. Any faster than that-
[alarm beeps]
Mother: and, uh, big guys with guns. But you'll probably do fine.
That wouldn't really help much on getting you access though - More likely to send the big guys out wondering why their palm scanner can't find anyone's veins.
Ask me about repetitive DNA
you misspelled "Soylent Green is people"
Is that if I have access to data worth enought aht someone would mutalate me for it, they'd also be wiling to beat the shit out of me for my passowrd. In that situation I'd probably remember our second ammendment and remember that I can arm myself, and do so. I'd also remember that blood vessles colapse and thus look different when there's no boold in them, and remember that that they'd probably know that and just force me at gunpoint to get them what they wanted. Additonally I'd remember that biometrics in combination with other factors makes for better sucurity than just a password alone, and thus makes it less likely someone would try and gain access.
Finally I'd remember that Slashdot is full of people that are conspiracy theorists with little grasp on reality.
Seriously, find me numbers that show how many sysadmins were shaken down for passwords. That kind of shit doesn't happen. Why? Well that data the passwords secure isn't valuable enough to be worth the risk. In any case that it is (like nuclear secrets) it's also protected by many other layers of security, like guys with guns.
Remember: Demolition Man is FICTION.
The real problem here is the false negatives. Suppose I switch from typing to writing for a couple of weeks. Two weeks later, all my viens have moved back into the base of my palm and away from the little finger. It's too temperamental compared to ascii passwords :)
If I end up implementing unbreakable security somewhere , it's be proximity card (RFID) + password + biometric. This combines - what you have, what you know and what you are. Also some very good error messages if you type the password wrongQuidquid latine dictum sit, altum videtur
Maybe, just maybe, we don't really need security. This continual search for stronger and more complicated forms of security seems to add more and more weak points into secure systems. An alternative model is needed that doesn't rely on security.
I was told by a blood drawer at my HMO, that veins can drift around a bit under the skin.
as for a severed hand... water heated to 99 degrees with a pump that matches heart speeds.
which made me think... what if the system rejects too high of a heartrate?, man holding a gun to your head boosts your pulse quite a bit I suppose... better for the company if the door stayed closed...
I can't remember what movie I saw it in, but there was a palm recognition plate that you put your hand on and when the actor took their hand off, you could see the hand outlined with the veins shown.
at least five years ago. I remember my first flight to Japan, fro Tel Aviv Airport, this technology was used at Tel Aviv, instead of passports. The real problem with this technology is that if your hand gets scarred, or superficially injured in some way, the ID process isn't worth anything anymore.
...and a proprietary algorithm... /.-brainwashing tells me that such an algorithm is probably broken (either in design or implementation).
I'm sorry, any time I read the word "proprietary", my
It seems to be that an open (as in beer) algorithm that can be critiqued and improved would be a business advantage to the company who brings it to market. If they are worried about competition, then build a better product. And in the wonderful USA, I'm sure they can patent the method of extracting identity from vein-patterns without including the particular algorithm, so they're safe anyways.
Personally, I'd be suprised to see that vein-patterns are unique enough to work in this case. And how is this any better than a fingerprint scanner? Most people don't like getting lasers pointed in their eyes, but do we really need another biometric device?
Wer mit Ungeheuern kämpft, mag zusehn, dass er nicht dabei zum Ungeheuer wird. --Nietzsche
untill u discover teh hand has cold blood, the veins have shrunk/hardened or whatever, and the machine rejects it and beats u upside teh head with a fresh tuna
I have once worked for a firm that serviced a (privately-owned) high school where the primary mean of identification (for entering the premises, for instance) was that hand-measurement biometric tool. They had a serious problem because, well, between 13 and 18 the kids hands measurements varied wildly. They solved it by overlapping after confirmation the reference measurement data with the last measured data. This way, if the (natural) variation was below the "this is a different person" parameter, there is no cumulative variation (and they expected their students to show up at least once a month :)
It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048
No idea if its the same device, but palm vein pattern readers are already in use in some of the new Tokyo-Mitsubishi bank ATMs in Tokyo.
The problem with biometrics is that it has become too much of a buzzword and bandwagon to jump on. Were at the stage similar to the Internet in 1999 when everyone was 'getting on-line' because everyone else was and a whole load of sites popped up that had no content or purpose. The police have historically used biometrics for years because they have a very good reason - when you arrive at a crime scene its likely that someone has left allot of evidence in the form of finger prints and possibly DNA, the police then usually produce a list of suspects by other means and the biometric evidence is used as the final proof. Now its probably at the stage where a finger print can be matched with all criminal finger-prints on file, is this fair? well these people were on file for a reason and its often the same people offending, but after you have done your time are you not clear? so the system gets a little tighter but everyone is fine with that because, well its targeting past criminals only.
Biometrics in airports serve little purpose other than to help identify who blew themselves up _after_ they did. As has been said time and time again like a broken record totally ignored by everyone, the 9/11 hijackers where all legal, all presented real ID, had no previous records except a speeding ticket and originated from a country that was supposedly a US ally (sure) but in fact I think they entered the US from somewhere in Europe which would raise no flags?
The most worrying use of biometrics now is this stupid fast-lane system where you can get a background check and you will be allowed to go straight through security with only a fingerprint scan.
The other use of biometrics is for the most stupid things you can imagine - ATM's, payment systems, cars! these things all work perfectly without biometrics, if I want to give my ATM card and pin, or car keys to a trusted friend who's business is that? But worse is the potential for criminals, if they want your fingerprint they can cut off your finger, this palm system might be slightly more secure (someone will figure out a way) but the point is, some people won't know that!! you can imagine some idiots cutting someone's hand off and later finding that it doesn't work oh fucking great, they've failed to break into whatever it was, im sure the owner is over the FUCKING MOON! The same is true for most biometric systems so how have we managed before? ID cards usually have your face on them and a human will look at it and generally humans can tell if you are really the person on the card or if you are holding up the severed head of someone else. It all boils down to computers replacing people in an area that computers just can't compete. We are lead to believe that all these new biometric systems work great when in fact most of them are barely out of beta testing and are full of hacks and workarounds and poorly designed systems that will continue to produce false positives and negatives and allow them to be fooled - they might detect pulses and blood flow but as the biometric readers become more advanced so will the tricks employed to get around them, you will be seeing a device in the near future that can be pressed up to a finger print left on a table and will instantly produce a replica fake either on a visible screen or some electro-static thing and will have all the pulse and movement effects of a real finger, the same will happen for your iris and palm print, these systems will get more and more advanced until you are able to hide them in contact lenses and fingers.
Remember kids, biometrics is the new hotness, get your selves kitted out today.
The point is, the direction we are going in is the absolute identification of people. Surely this is not as important as stopping crime in the first place? Which is the better of these too options
1) You let a known terrorist on a plane but you thoroughly search him and the plane first and the plane is full of anti-hijacking innovations and the passengers are not going to take any crap.
2) Yo
This comment does not represent the views or opinions of the user.
How does it cope with sticking plasters (Band-aids for the Americans)?
...that this is a vein [sic] attempt at proof of identity.
They must have been vein [sic] thinking their idea was this great.
Badump-crash
Thanks folks, I'll be here all week, don't forget to tip your waitress!
I am NaN
The main troubles about Biometric Identity are :
A) Biometric may provide very inward informations about once health and disabilities. That depend mainly on what is sampled.
(Eg: You wouldn't want anyone know your DNA and show XY chromosmes with no CyP19 if you where born as a girl).
and
B) Identifying biometric data, just identify about the sampled part.
Biometric controls are all about identity and none about approval of anything. Misconceptions about this leads to:
- Granting anything based on biometric and beying mutilated from the part providing the sampled reference.
Léa Gris
I worked for a firm that serviced a high school.
This (privately-owned) high school had an access control system based on those biometric devices that measure your hand and fingers. Their problem was that the students' hand measurements varied wildly in the course of the year...
To solve it I made the access control program, from time to time (once a week IIRC), to substitute the reference measurements for the last-good measurement. This way, gradual changes were incorporated to the database, well, gradually....
It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048
Guard: Excuse me sir, we aren't getting a valid reading. You're going to have to do something to increase the blood flow. Me: (pulling out the Playboy) Ok, just a sec... Zzzziiippp! Guard: Sir, what are you doing? Me: Increasing the blood flow like you asked. Guard: To your hand sir. To your hand. Me: It works both ways. Guard: Sir, please don't. Guard: SIR Me: Just a sec, I'm almost done. Guard: SIR, please don't do that here.. Guard: (to other guard) Just open the door, I'm not cleaning the scanner.
I smurf everything and everything I smurf is perfect.
We're currently adopting a little one born with no arms or legs.
... I just wonder sometimes with all this biometric talk how many additional challenges will be placed in front of him.
Yes, I know there will be all sorts of lovely exceptions made. And if there are any humans involved, he'll be pretty memorable
It can store a list of PIN codes protected by a single unlock PIN code. When you enter the wrong unlock code you just get the list populated with the wrong PIN codes.
:(
That's why crooks usually take you hostage in your appartment while their accomplice goes to the ATM. When the codes work, you lose, when they don't, you lose in a different and probably even less pleasant way
Any chance this won't work without proper bloodflow through your hand? I'm guessing IR will have problems if a hand is severed or some something.
Nothing wrong with a bit more security - provided someone's willing to foot the bill... But if they're intelligent they'll keep the passwords too.
>then the vein signature could be updated evertime the person is scanned successfully
This is actually a very bad idea!
Consider what happens if someone (let's call them Alice) gets mis-identified (identified as someone else, say Bob). There is a non-zero probability that this happens with any biometric system, called the False Acceptance Rate. If you use a large enough biometric database (the US Gov't appears to like those a lot) for 1-to-many matching and this probability approaches 1. Alice's live scan will match Bob's recorded reference data, probably only just within the maximum delta, but that's good enough. Now look at what happens if you update the recorded reference data (Bob's) with the live recording (Alice's). The recorded reference will be migrated towards Alice and away from Bob. Do this a couple of times, and Alice is more likely to be identified as Bob than Bob himself! Not good.
Note that it is not even necessary for Alice to be enrolled in the system with her own biometrics. In fact, the chances of her getting mis-identified are higher if she's not...
They actually cut someones hand off and tested it?
The danger is not whether or not it will work or can be made to work, but that some dumb fools will try anyway.
Once my hand has gone, if it works is secondary to me.
With all this fear of people stealing your bodily parts, how long til someone develop biometrics that won't identify a bodypart once it's been removed from your body?
I would think you could make it detect whether there is a blodflow in the vains while trying to identify you.
They're overlooking another major problem: genetics
My family noticed decades ago that the veins in the back of my hand have the exact same pattern as my mother's. My sister's is the same, although shifted up, and my brothers shifted down (same branch layout, just moved closer to the wrist).
If the back of the hand can be identical, why not the palm?
- Preferences: Solaris 10 (servers), Ubuntu (desktops), Solaris 11 (personal servers) -
As I sit here reading all of these comments, only one thing comes to mind: Anakin Skywalker is gonna have a tough time with this stuff.
Identity?
Current computers can differentiate between human beings. Yet, in the future, vastly more powerful computers won't be able to tell them apart.
The Buddha in the Quanta
apt-get install gnugo
For 99.99999% of the applications out there, no one would even DREAM of going to these lengths.
For the other 0.00001% (read military secrets) of the applications out there, there is likely to be two or three other authentication processes out there, one of which involves a person pysically giving you access.
See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
I know a man in Maryland who patented this very process in 1992 (only difference is that he scanned the vien pattern in a persons thumb.)
I am very small, utmostly microscopic.
That's a good point. My only question is, how did this ever come up, not just once, but with "quite a few" people?
Possible jobs you hold, in my fertile imagination, include "tattoo artist," "vampire," and "plastic surgeon." Or some combination thereof.
"Fundamentalism" isn't about divine morality. It's about human authority.
...skin conditions, et cetera. Perhaps they should look at a part of the body that gets beat up less ;).
Loading...
promising than biometric fingerprint scanners. I say this because his past term my genetic's professor said that despite what people think there has not been any scientific study to prove that fingerprints are 100 persent unquie.
The blood will coagulate within minutes, the molecular bonding changes, and the scan will no longer match. NIR is wierd: we could tell accurately how sticky tape was, and how thick the layers of plastic in a multi-layer trash bag were ... just from a scan. You can also calibrate it to identify the area where of coffee, pot, or other plant material was grown.
What happens when you end up in hospital and the poor intern can't find any veins because you've got no blood pressure.
That intern is going to dig around looking for vein where ever s/he can.
I've seen veins burst whilst canulars are being put in. It's an inevitable thing that happens during an emergancy session.
I'll bet much vaunted biometric scanner fails.
Say someone has a blood clotting disorder, or pulmonary hypertension, or a restrictive blood vessel disease. Any of these could alter the appearance of the veins. Do we just ignore these people?
Be sure to remember the Programmers Prayer
1. Down to the skin with an infrared device that picks up traces of hemoglobin in the blood.
2. Back up to the camera with that information.
3. Back down to the skin to show the results of the first two steps.
All this happens in a timeframe of 30f/s. The dark colors on the picture are the veins, the lighter color is just the skin the light is projected on since the hemoglobin is the only thing that the camera picks up.
Here is an image of that device:
http://www.quentecafe.com/image.asp?id=277
Be sure to remember the Programmers Prayer
Just sounds like Fujitsu is trying to scare up more money out of business customer's pockets. Next thing you know, they'll be hawking "pee here for access" devices. (Oh damn! I should have made Fujitsu sign a "non disclosure... OH DAMN!! this is a pubic, er, public forum!!!) Whoopee.
Lonestar is inside RoboMaid and needs access to the self-destruct button. "Hand print identification, please. Hand print identification, please. Hand print.." Yeah, Spaceballs is an awesome movie.
What is your penile percentile?
You are giving away your password to every counter you lean on, to every door whose knob you turn. And you've only got one or two hands anyway. Right?
Your hand changes as you grow, learn a sport, take martial arts classes, sustain injuries, wash your hands in hot water, get infected, get writers cramp, develop an allergic reaction, or just age. Right?
I worked for Eastman Kodak in the UK in the 80s and one of my colleagues, Andy Green, developed something like this for the back of the hand. Like most biometrics, it worked fine in a test environment, but when it was shown as cool new technology on Tomorrow's World, a weekly tech programme on the BBC, guess what? It failed. Too many variables such as nervousness due to being on the telly, heat from the studio lighting, etc., etc.
I'm sure this - like most biometrics - will fail in the field.
Call me old fashioned, but I like a dump to be as memorable as it is devastating - Bender
If it can't detect a pulse in those veins, purse snatching is going to get a lot more gory.
Really, we never implemented a basic security feature which would have saved many lives right now: "SOS passwords". When asked for your password, you can enter a different one that signals for help, if you're being coerced or threatened. The transaction continues exactly the same way, but any recording equipment (like on an ATM) sends location and sensor info (like video) to a security team. An ATM might issue tagged bills for tracking. Security might use a speaker to tell the bad guy they're busted, and to leave immediately, as the police are now en route. After this feature is widespread, attackers will see terminals as dangerous places, not vulnerable ones, and deterrence will render most attacks a historical curiosity.
But rather than use such a simple feature, until we all understand and expect it, we've left password users twisting in the wind. So now that we're moving to biometrics, without the ability to modulate our response to an access challenge (like "password?"), we won't have the impetus to demand such a safeguard from the new access system. Just as we're trusting more of our assets and safety to the system. We'll have to wait until the biosensor can detect stress signals, and cryptically ask us questions to which we can choose a response (like "is your cousin named Larry?", to which we falsely respond, triggering the SOS response). That's so much more complex than the opportunity we've missed, that we'll never see it, if we couldn't even get the simpler one. Gotta hand it to the tunnelvision security industry.
--
make install -not war
"With a password you can actually deny an agressor access. They'd have to torture you until you gave it up."
Most people underestimate the power of physical or mental pain (or even starvation).
Given the appropriate tools anyone can be made to do anything or believe anything. You can hold out, but a skilled mental engineer will break you and make you believe he is the son of god, 2+2=3, there are 4 light bulbs, he can walk on water, and make you believe that your parents, kids, and wife or spies and you have no qualms about murdering them.
Secondly, your scenario assumes that torture is the only tool. Personally, if I captured an NSA agent I'd show him nice video tapes of one of our agents talking to his kids widley grinning at the camera. Or maybe setup an encouter with a "woman of the night" and leave picutres in his mailbox with instructions on what to do if he doesn't want his wife to see them.
But thats kind of barbaric and mostly would raise alarm bells if agents suddenly started missing... If I were in charge of some foreign intelligence ring I'd resort to more subtle methods like bribing NSA janitors to look under keyboards and look for sticky notes on monitors.
"I am the king of the Romans, and am superior to rules of grammar!"
-Sigismund, Holy Roman Emperor (1368-1437)
I have an open circulatory system you insensitive clod.
Otherwise, when my hand turns black & blue from beating up my computers, I'll be unable to be identified.
But looks really cool in movies.
Anything that can be imaged can be reproduced to the accuracy of the imager. Hence, biometric security is like a social security number: it might be unique to you, but you can't change it ever* and if someone gets a hold of it, you're screwed.
*I am aware that in extreme situations you can change your SSN. afaik, This capability was designed to address that point, however the address space of SSNs is not that sparse and the cost of changing the number is too high. (in both time and money)
The only way to change your biometric data would involve some pretty severe scarring.
Can you be Even More Awesome?!
.. oh, nevermind.
My point is that if I ever have a job important enough for someone to want to chop off my hand to forge my credentials, I'm pretty sure I'll be allowed to carry enough weapons or bodyguards around to make that extremely difficult.
Give a man a fish and you have fed him for today. Teach a man to fish, and he'll say "WHERE'S MY FISH, YOU IDIOT?"
I would be concerned that this system would be unreliable for the following reasons:
1. Could your vein patterns change with age? I don't know if people get varicose veins in their hands, but couldn't that be a problem?
2. I would also think people might be able to forge or throw off the results by drawing veins on their hands and/or taking extreme measures to mimic someone else's bio patterns for forgery.
3. Couldn't the angle of how you place your hand over the scanner create problems? I mean, if you angle your hand (as in not flat), then I would think the system would read your veins as being closer or farther apart than normal.
I'm sure the company has taken these things into account, but I wouldn't be able to put much faith in the security of this system.
Health Insurance Quotes
In Soviet Russia, they cut off your hands.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Not that I expect the bad guys to be smart enough to know this up front
Thanks, we know now.
Cheers,
Bad Guys.
...why I keep gigs of pr0n on my computers!
What was it? Um.. stegan0graphy, yeah.
For most biometric devices I see a clear invasion of privacy. For example fingerprint scanners can be used against you, retnal scans can be taken at a distance and DNA... is well, obvious. I think something that people have missed in the preceding discussion is that this type of biometric identification may have a much higher level of privacy involved. This type of scan cannot be detected after the fact and (as I understand it) cannot be scanned from afar. IMHO this could be a good comprimise of security and privace in terms of biometrics. Granted that the arguments about the reliability of the technology are valid IMHO cheers
Give them the illusion of choice and they will blindly follow for they choose not to make one.
Based on the same infrared imaging principle this device can help a nurse find elusive veins for an injection.
Stop worrying about the risks of nuclear power and start worrying about the risks of not using nuclear power.
First of all, I'm sure the NSA has some sort of policy where its employees must be single and/or pass a test that ensures their commitment to the country and not their family. Second, I highly doubt that they keep their passwords on little sticky notes.
No existe.
The extent of the uniqueness requirement depends on whether the biometric is being used for both identification and authentication, or simply for authentication.
If there are 100,000 unique results, then it's not a very good way to identify yourself at the state DMV. However, if you are holding up your driver's license in the same hand, one reader reads the barcode on the license, the other reader reads your palm, and they match -- well, that's pretty darn good, and you didn't have to remember anything.
I was being humorous... One would think there would be policies against sticky notes on monitors unlike most major companies. *coughs*
Besides, NSA actually hires mostly non-family types and those with little room for national security issues. However, that said... People are human and passwords can be extracted or bought even at the highest levels.
That said... How valuable are your teeth? How about your toes? Fingers? Remember you only need one good hand to write down your password.
"I am the king of the Romans, and am superior to rules of grammar!"
-Sigismund, Holy Roman Emperor (1368-1437)
in a high-end data center in Tokyo. We've been here for over a year, and they've had them from the beginning. There's a picture on this page: http://www.attokyo.co.jp/eng/facility.html They use this technology, in conjunction with proximity cards, to secure access to different parts of the building. So, I scan two of these in each direction on the way to my office. I'm not sure if they're fujitsu, but I'm sure they are Japanese made. You know they are looking through your hand, because you don't have to put your hand down on the surface - as long as you have your fingers positioned correctly (guided by some posts that rise from the surface)it scans correctly.
This thing could be a huge help for nurses and phlebotomists trying to find veins on large patient with lots of subcutaneous fat. There are a lot of central lines placed with ultrasound guidance because these guys are a "tough stick."
Anyone know where I can get a cheap and portable version to see my patient's veins through their skin?
And let us not forget that in the film Minority Report, Tom Cruise uses some eyeballs from a plastic bag to gain entry to a police station. Fair dues, they were his eyeballs originally, so it wasn't exactly identity theft.
The further we go into this century, the more it resembles a Philip K Dick novel.