Slashdot Mirror
Vein Patterns to Verify Identity
JonN writes "Fujitsu Ltd. will start selling a biometric security device next month that relies on vein patterns in the hand to verify a user's identity, it said today. The palm-vein detector contains a camera that takes a picture of the palm of a user's hand. The image is then matched against a database as a means of verification. The camera works in the near-infrared range so veins present under the skin are visible, and a proprietary algorithm is used to help confirm identity. The system takes into account identifying features such as the number of veins, their position and the points at which they cross."
Biometrics sounds great, right up until the point you run into the desperate dude who is willing to take out your eyeball -- or in this case remove your hand -- just to be able to access whatever it is that is being protected by biometrics.
So who is this really good for?
Wouldn't you rather give up the memorized password rather than your eye or your hand?
But then, how does your employer look at this.
He doesn't give a shit about your body. He just wants to protect corporate assets. From his point-of-view, it is statistically less likely that he'll lose such assets were biometrics used over passwords.
Just remember that when next you go to ask for the raise, and your boss is making you authenticate to the company's grid using biometrics.
That'll be $25.00 please.
John
Yeah, but can it tell my fortune?
I guess more biometric sensors are always better -- but at a point, doesn't it seem excessive? I guess I'll be able to sleep easier tonight knowing that if I'm killed in my sleep and my murder spreads my bodyparts across the county, I can still be indentified by the veins in my hands. Thank God.
"Please insert hand for vein identification"
"Hand invalid. Third attempt failed. Hand retained."
My hairy palms, you insensitive clod.
This could get amusing. "Honey, can you swipe your arm for these groceries? My arm credit limit is a bit low this month." When you get robbed in back alleys, the drugged up crims rip off your arm and take it to the ATM to pull out all your money. I'm sure the "cost an arm and a leg" jokes are coming.
Realistically speaking, how much is it worth to you to secure your company's assets? At retail locations, conventional wisdom says "give the dude the money, because it's not worth it."
Would you lose a body part?
I think the answer would be "Heck No!"
What would the court say? Isn't using biometric security putting life and limb of the employees in jeopardy?
That would be an interesting case for a judge and jury.
While some factors, both genetic and external, may lead to the divergence of form in venal positioning and number, the chance that two people have similar (if not identical) veinous patterns is not small.
Medicine is based on the supposition that human beings are, at a very basic level, extremely similar to each other. This allows us to give generalized prescriptions instead of having to perform meticulous measuring and experimentation to determine the correct level of drugs to give to a person.
Even Da Vinci noticed that many measurements of human bones were precisely measurable using the Golden Ratio. Humans, and most of Nature, is perfectly balanced so as to result in a great homogeneity across the species. Even in our day-to-day life we sometimes encounter "spitting images" of people we know. Some even make a living impersonating famous people.
I find it worrisome that the verification of something as personal and important as someone's identity is based on something as common and repeatable as the pattern and layout of veins.
This is somewhat novel and cool because:
a) there need not be any physical contact twixt the biometric reader and the individual - unlike with fingerprint scanners - defintely more hygenic
b) as a previous poster mentioned, it doesn't work if the hand is severed
c) fingerprints may be scarred, burned, or otherwise mutilated
I mean, if you're gonna put people through biometric authentication, you might as well do it right, right?
-- i drop mine in braille so you blind cats can read me
...hot chicks telling me they have to hear me say "passport".
It is not uncommon for the smaller bloodvessels to simply disappear and appear over time to facilitate changes in energy consumption. A tiny inflammation can also cause the surrounding vessels to change themselves quite significantly. Wouldn't want to be denied my own money suddenly.
Also, since the camera is presumably looking at the heat coming from the veins, would this mean that if you lost circulation to your hand for whatever reason (extreme cold, medical condition, etc.), that would also cause the device to reject you?
Really now, how difficult can it be to fool one of these. It seems all it would take is:
1. Remove the IR filter from a 3 megapixel or higher digital camera.
2. Photograph the hand with and without a low pass IR filter.
3. Print a mirror image of the first photo on an acetate sheet.
4. Take the same print and print the other side with IR visible inkjet ink from the second photo.
5. Fool scanner.
6. Profit?
That's the dumbest argument I've heard all evening.
The "desperate dude who is willing to take out my eyeball?" Why wouldn't he just leave it in your head and just piggyback through? Or bring you along to access that "protected" stuff?
Sure I'd rather give up a memorized password instead of an eye or hand, but again this is a question of severity. I don't believe you go from demanding a password to cutting out an eye without things other than biometrics being a critical factor.
Your employer may not give a shit about you, but most employers do. The liabilities of employees getting hurt is much of the reason that many employer-offered health plans have increases every year. I doubt that any employer will be nonchalant when one of their employees come to work with only one hand.
There's nothing wrong with an employer implementing biometrics, if it's an at-will company. It's up to the employee as to whether that proposition is acceptable.
I find it worrisome that the verification of something as personal and important as someone's identity is based on something as common and repeatable as the pattern and layout of veins.
I haven't done the research, but I doubt this is any more "repeatable" than fingerprints, or for that matter DNA.
The device works by looking at the infrared radiation emitted by your warm blood in relationship to the relatively cool epidermis. Unless the layer of tough skin is also a thermal insulator, it'll probably be able to read them just fine. The thing they aren't advertising is it probably won't work when the ambient temperature is above 98.6 degrees Fahrenheit.
But if you RTFA, you'd see that their false rejection rates are 0.01%, or one in 10,000 incorrect rejections. That's pretty damned impressive for a biometric system.
John
I've met quite a few people who have nonstationary veins; that is, veins that they can move around, that twist under their fingers and stay in their new position, etc.
How will this system handle these?
It's only an insult if it's not true.
Well, I see we've already got a few people posting "zOMG my hand's gonna get chopped off".
Here's a pop quiz. How's a device that uses near-IR to see active blood vessels going to work....
...on a hand with no blood pressure, and no hot blood flowing through it? Seems to me a cut-off hand would be virtually worthless within seconds; the veins would become the same temperature as the rest of the hand, and collapse due to lack of blood pressure.
Please help metamoderate.
This time, it's the translucent map of the hand.
Problems with this idea?
1. Injury or other causes of restricted bloodlow will change the pattern. People may be wearing a watch or carring a bag which may change the net translucent image of the hand for some time.
2. No mention if this is 3-d imaging, or multiple-perspective scanning of some sort - but if it's just a 2-d single image, then another source of the 2-d image could be used as fake ID. In the case of 3-d imaging, fakes become more difficult - gummy hands are a lot less common than gummy bears. Still - there has to be a basis for pattern-recognition in the complex mess that makes up a human hand/palm, and that basis can be exploited. A rubber glove with ink on the palm, flipped inside-out may do the trick, or something similar.
3. This equipment... will it be cheap? Will it require large databases and further security for that data? How much cheaper will this be than other security methods? Cost more than most things will likely determine the impact of a biometric technology. Just having another identification scheme won't help that much, if it can only be used in already-secure or expensive scenarios.
Biometrics are a great idea, and some very cool implementations - but they always seem to involve a lot of false negatives/positives (none have solved both), and are fairly expensive relative to their unreliability. They certainly haven't been a replacement for most standard security schemes. How is this scheme different?
Biometrics are still so far from reliable. Hopefully this whole effort will not be in vain.
> Some day in the very near future there will be a way to easily duplicate fingerprints, vein prints, retina prints, or whatever.
Some day in the very near future, there will be biometric scanners that can tell the difference between real/live and fake/amputated body parts. The fact that there are not many now is mostly due to the fact that nobody wants to pay for them. People seem to think that spoofing is not an issue. But it is, or will be. As biometrics are increasingly used to protect things of value (cars, credit cards, etc), it becomes more profitable to develop spoofing techniques. That, in turn, makes it more profitable to develop better liveness detection methods. It's an arms race, really.
You guys are all overreacting -- as if this will be the end all be all of identification.
This won't be used solely except perhaps for minor barriers to entry. You don't need to worry about some guy having the same vein pattern as you, since the chance that this guy is also trying to defraud you is pretty small. A criminal might share a pattern with some other people, but how is he going to find out which people he matches without some inside access to the system?
You people worried about not reading due to various biological reasons: it may be an inconvenience, but you aren't gonna be locked out of your account. What do you do if you forget your password nowadays?
And those who say that the system is insecure and bypassable. No system is secure. At least this is probably more secure.
My main problems with almos all biometrics identification & recognition systems for public use is that
- none of them works good enough (see below)
- if you combine multiple biometrics to raise the efficiency they will become exponentially more inconvenient and expensive, and still not being 100%
- very many biometrics can be falsified and there probably are levels where even cutting a hand isn't a big deal to get to the information; in cases when you need the hand/finger/etc. alive there's kidnapping and remember, one doesn't have to interrogate the fella, just to take him
Ok, so about efficiency. If you care to dig a bit deep and read research regarding different types of biometrics, you'll easily find quite high numbers on %. There's two things one has to constantly keep in mind:
- most if them give those high % only in specific working conditions
- if you read one biometrics works at 9x%, always think on the reverse: e.g. how many real people does that 100%-9x% mean in the real life like airports with multi-million guests a day ? even 99% goodness means 10000 from 1mil. people falsly angered and that's a lot
I am putting myself to the fullest possible use, which is all I can think that any conscious entity can ever hope to do.
I have once worked for a firm that serviced a (privately-owned) high school where the primary mean of identification (for entering the premises, for instance) was that hand-measurement biometric tool. They had a serious problem because, well, between 13 and 18 the kids hands measurements varied wildly. They solved it by overlapping after confirmation the reference measurement data with the last measured data. This way, if the (natural) variation was below the "this is a different person" parameter, there is no cumulative variation (and they expected their students to show up at least once a month :)
It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048
I suppose it wouldn't fly to have someone press a nipple to the computer, but the hand doesn't seem ideal. A little Japanese class bias? Nobody who works with his hands uses a computer? What about sports? Motorcycle road rash? Kitchen knife? Hand tool? Just about anything that could run a cut across that vein pattern.
For 99.99999% of the applications out there, no one would even DREAM of going to these lengths.
For the other 0.00001% (read military secrets) of the applications out there, there is likely to be two or three other authentication processes out there, one of which involves a person pysically giving you access.
See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
But looks really cool in movies.
Anything that can be imaged can be reproduced to the accuracy of the imager. Hence, biometric security is like a social security number: it might be unique to you, but you can't change it ever* and if someone gets a hold of it, you're screwed.
*I am aware that in extreme situations you can change your SSN. afaik, This capability was designed to address that point, however the address space of SSNs is not that sparse and the cost of changing the number is too high. (in both time and money)
The only way to change your biometric data would involve some pretty severe scarring.
Can you be Even More Awesome?!
First of all, I'm sure the NSA has some sort of policy where its employees must be single and/or pass a test that ensures their commitment to the country and not their family. Second, I highly doubt that they keep their passwords on little sticky notes.
No existe.