Slashdot Mirror

← Back to Stories (view on slashdot.org)

Vein Patterns to Verify Identity

Posted by samzenpus on from the look-inside dept.

JonN writes "Fujitsu Ltd. will start selling a biometric security device next month that relies on vein patterns in the hand to verify a user's identity, it said today. The palm-vein detector contains a camera that takes a picture of the palm of a user's hand. The image is then matched against a database as a means of verification. The camera works in the near-infrared range so veins present under the skin are visible, and a proprietary algorithm is used to help confirm identity. The system takes into account identifying features such as the number of veins, their position and the points at which they cross."

31 of 293 comments (clear)

  1. Anybody else see "Demolition Man"? by nokilli · · Score: 5, Insightful

    Biometrics sounds great, right up until the point you run into the desperate dude who is willing to take out your eyeball -- or in this case remove your hand -- just to be able to access whatever it is that is being protected by biometrics.

    So who is this really good for?

    Wouldn't you rather give up the memorized password rather than your eye or your hand?

    But then, how does your employer look at this.

    He doesn't give a shit about your body. He just wants to protect corporate assets. From his point-of-view, it is statistically less likely that he'll lose such assets were biometrics used over passwords.

    Just remember that when next you go to ask for the raise, and your boss is making you authenticate to the company's grid using biometrics.

    1. Re:Anybody else see "Demolition Man"? by plover · · Score: 4, Interesting
      Well, to an infrared vein scanner that works entirely by imaging the heat given off by your circulating blood, a severed hand will be every bit as valid as one made of wood.

      Not that I expect the bad guys to be smart enough to know this up front (so we might still be losing a few hands to some idiots) but the entire technology functions as a liveness detector.

      --
      John
    2. Re:Anybody else see "Demolition Man"? by Blastrogath · · Score: 3, Informative

      >Or they just force your ass over to the scanner with a gun to your head, Solid Snake style.

      they can do that with a password, or keys, or almost anything else. I can't immediately think of anything that doesn't work with, other than well armed guards willing to perforate the hostage.

      --
      "The price good men pay for indifference to public affairs is to be ruled by evil men." -Plato
    3. Re:Anybody else see "Demolition Man"? by Felinoid · · Score: 4, Interesting

      3 answers.
      1. The tubes for the computer were designed to be used this way. The hand is intended to pump blood and once it loses pressure it colapses and becomes fairly disfunctional.
      2. A pump designed to handle pumping water into a hand is pritty complicated technology. At this point your better off using some sort of electronic bypass system like the devices used to trick slot machines into giving you a "win"
      Maybe a heat patern "copy" using a heat emitter fake hand. Then you need only scan the original to have a key that works forever.

      3. The results won't be the same. The water will leak heat more than blood will and heat up the surrounding tissue. The sensor will get a blur and probably give a negitive.

      --
      I don't actually exist.
    4. Re:Anybody else see "Demolition Man"? by QuantumG · · Score: 3, Interesting

      With a password you can actually deny an agressor access. They'd have to torture you until you gave it up. For opening a door or something pointless like that you'd give up your password in a heartbeat, but let me tell you about a little system called deniable cryptography. Suppose you work for the NSA. You're given a laptop on which you are required to encrypt any work which is deemed sensitive (and seeing this is the NSA, let's just say that everything is sensitive). You are instructed to encrypt documents of different security grades under different passwords. No system is prescribed for the grading of documents, you're just told you should use at least three.

      So now what happens when the bad guys grab your laptop and take out the rubber hose? I say you won't tell them a single password. How can I say so with such certainty? Well suppose after being beaten for an hour you decide to give up the least sensitive material on the laptop. In fact, this isn't even NSA material, it's just some emails you received from your girlfriend. So you give them your first password, say 'tulip'. The bad guys run to their cryptoanalyst guys and give over the password. They discover that it does indeed provide them with something intelligible. But they don't find anything of value, as you intended. Looking at the remaining space on the harddrive they notice that there is a heck of a lot left, so they send their low brow associates back to get another password from you.

      After another hour of torture you might give up another password. And after another hour you might give up another password. But every time you give up a password you're just guarenteeing more extensive torture. Every time you give up a password the cryptoanalyst guys say there is more data on the disk. When you get to the end of your list of passwords you're really screwed because as far as the cryptoanalysts are concerned, all the free space on your disk is potentially more top quality intelligence. It is impossible for you to convince your captors that they have all the passwords for the laptop. So you will eventually die in their hands or, worse yet, the torture will go on indefinitely.

      In summary, deniable encryption ensures that it isn't in your interest to give up a single password. You're better off claiming that it was some dude's laptop you stole on the way to where you got jumped.

      --
      How we know is more important than what we know.
    5. Re:Anybody else see "Demolition Man"? by KronicD · · Score: 5, Insightful

      Your comment is valid and raises the point that biometics should be used as part of a three factor identification system.

      1) Something you know (password/login)
      2) Something you have (token, keycard, secureid, proxy card etc)
      3) Something you are (biometric)

      This allows for duress passwords as well as the use of biometics to increase the strength of an authentication system, rather than replace it completely.

      --
      "Those who would give up Essential Liberty, to purchase a little Temporary Safety, deserve neither Liberty nor Safety"
    6. Re:Anybody else see "Demolition Man"? by Peyna · · Score: 3, Informative

      Getting someone's live hand over a scanner doesn't require a person to consciously divulge any information.

      So, it is a lot different than getting a password out of someone. I can beat you all day and you'll never tell me the password. I can knock you unconscious and drag your limp body over to the scanner and place your hand on it without your help.

      --
      What?
    7. Re:Anybody else see "Demolition Man"? by QuantumG · · Score: 3, Insightful

      That's the point, they can't prove there is anything else on the harddrive but neither can you so it's in their interests to beat you indefinitely.

      --
      How we know is more important than what we know.
    8. Re:Anybody else see "Demolition Man"? by Xiaran · · Score: 3, Insightful

      One other thing that can be bad about biometric only interfaces that is rarely discussed is that it doesnt allow for whats called in the industry as duress codes. Say for example you are a security guard that has a gun pointed at your head and your being force to give access to someone.

      If you have a password/PIN then most security panels allow for a dual PIN and duress code for a user. The regular PIN just opens the door. The duress PIN will open the door and trigger a silent alarm. No one gets hurt, bad guys are happy but the good guys are on the way.

    9. Re:Anybody else see "Demolition Man"? by iabervon · · Score: 3, Interesting

      Knowing that, why wouldn't you just give up all the passwords at once? This would put you in exactly the position you'd be in if there was only one password; you don't have anything further to give them, and there's more randomness on the disk.

      Actually, the smart thing would be to have a hard drive full of boring documents, and have a hidden directory full of porn, with all the important stuff steganographically added, encrypted, to the porn. That way your captors will have a reasonable explanation of every bit on the disk from the start, and you can just say that you don't take secret documents out of the office.

  2. Palm readers by plover · · Score: 4, Funny
    Please wait while we read your palm ... hmm ... your cat-5 line is very long, and is getting crosstalk ... oh, yes ... your gullibility line is quite full ... umm, hm ... I forsee many postings in this thread ...

    That'll be $25.00 please.

    --
    John
    1. Re:Palm readers by Scarletdown · · Score: 3, Funny

      Identity check...

      Please insert retina in the slot below.

      --
      This space unintentionally left blank.
  3. Yeah, but.... by croddy · · Score: 4, Funny

    Yeah, but can it tell my fortune?

  4. Paranoia... here we come... by Chmarr · · Score: 4, Funny

    "Please insert hand for vein identification"

    "Hand invalid. Third attempt failed. Hand retained."

  5. What about... by Anonymous Coward · · Score: 5, Funny

    My hairy palms, you insensitive clod.

  6. Credit Card? by Kaorimoch · · Score: 4, Funny

    This could get amusing. "Honey, can you swipe your arm for these groceries? My arm credit limit is a bit low this month." When you get robbed in back alleys, the drugged up crims rip off your arm and take it to the ATM to pull out all your money. I'm sure the "cost an arm and a leg" jokes are coming.

  7. In short... by eznihm · · Score: 4, Informative

    This is somewhat novel and cool because:

    a) there need not be any physical contact twixt the biometric reader and the individual - unlike with fingerprint scanners - defintely more hygenic

    b) as a previous poster mentioned, it doesn't work if the hand is severed

    c) fingerprints may be scarred, burned, or otherwise mutilated

    I mean, if you're gonna put people through biometric authentication, you might as well do it right, right?

    --
    -- i drop mine in braille so you blind cats can read me
  8. I much prefer... by gardyloo · · Score: 3, Funny

    ...hot chicks telling me they have to hear me say "passport".

  9. Veins not very constant by theufo · · Score: 5, Informative

    It is not uncommon for the smaller bloodvessels to simply disappear and appear over time to facilitate changes in energy consumption. A tiny inflammation can also cause the surrounding vessels to change themselves quite significantly. Wouldn't want to be denied my own money suddenly.

  10. Re:Excessive by plover · · Score: 5, Insightful
    What makes you think biometrics are better? Systems can be fooled.

    Just like any other computer-based biometric system, it only starts with a scanner. Once you get past the handwaving (pun intended) it turns into bits and bytes, just like any other security token, such as a password. These systems will have weaknesses, it's the nature of systems. Look at all the components: palm reader camera, imaging software, algorithms to reduce a hand-print to a series of numbers, a database full of those numbers, a database full of "rights" to be granted based on those numbers, a signal to the turnstile or electric door lock to let you in, and networks and wires interconnecting all of those pieces.

    To a bad guy, a wedge into any single component listed above might be enough to send "ACCESS GRANTED" to the door lock.

    Yes, the same is true of any security system of any sort -- but for reasons I can't fathom, biometric-based security systems seem to give a higher "sense" of protection to the executives writing the checks.

    At least this one won't be fooled by Jello.

    --
    John
  11. What if the pattern changes? by Hannah+E.+Davis · · Score: 3, Interesting
    Since I switched from biology to computer science before learning anything about human anatomy or the circulatory system, there's a fairly good chance that I'm going to sound incredibly stupid here... but... what happens if you cut yourself really badly and the body basically has to rewire a few of those veins? Will you be locked out of the system?

    Also, since the camera is presumably looking at the heat coming from the veins, would this mean that if you lost circulation to your hand for whatever reason (extreme cold, medical condition, etc.), that would also cause the device to reject you?

  12. Re:Interesting take on biometrics by Nos. · · Score: 3, Insightful
    I don't think you're going to find this equipment in stores that bare the "less than $50 after dark" and "employees do not have safe combination" type signs. That being said, this might be nice in some applications...
    • single sign on and never having to change passwords every 90 days
    • No more keys for your front door... unless you have cold winters like we do... I don't want to hold my hand in front of a camera at -40C
    • No more PIN numbers, or signatures for verification for bank and credit cards
  13. Uh, what? by Bill_Royle · · Score: 3, Insightful

    That's the dumbest argument I've heard all evening.

    The "desperate dude who is willing to take out my eyeball?" Why wouldn't he just leave it in your head and just piggyback through? Or bring you along to access that "protected" stuff?

    Sure I'd rather give up a memorized password instead of an eye or hand, but again this is a question of severity. I don't believe you go from demanding a password to cutting out an eye without things other than biometrics being a critical factor.

    Your employer may not give a shit about you, but most employers do. The liabilities of employees getting hurt is much of the reason that many employer-offered health plans have increases every year. I doubt that any employer will be nonchalant when one of their employees come to work with only one hand.

    There's nothing wrong with an employer implementing biometrics, if it's an at-will company. It's up to the employee as to whether that proposition is acceptable.

  14. Re:Modern medicine is based on the idea of samenes by Nos. · · Score: 4, Insightful

    I find it worrisome that the verification of something as personal and important as someone's identity is based on something as common and repeatable as the pattern and layout of veins.
    I haven't done the research, but I doubt this is any more "repeatable" than fingerprints, or for that matter DNA.

  15. Re:Obvious question by plover · · Score: 3, Interesting
    It's much better than fingerprint readers. For example, it's known that people who work in certain jobs (such as pineapple farming) actually have their fingerprints removed by the acids and the abrasion.

    The device works by looking at the infrared radiation emitted by your warm blood in relationship to the relatively cool epidermis. Unless the layer of tough skin is also a thermal insulator, it'll probably be able to read them just fine. The thing they aren't advertising is it probably won't work when the ambient temperature is above 98.6 degrees Fahrenheit.

    But if you RTFA, you'd see that their false rejection rates are 0.01%, or one in 10,000 incorrect rejections. That's pretty damned impressive for a biometric system.

    --
    John
  16. Why this won't work. by rincebrain · · Score: 4, Insightful

    I've met quite a few people who have nonstationary veins; that is, veins that they can move around, that twist under their fingers and stay in their new position, etc.

    How will this system handle these?

    --
    It's only an insult if it's not true.
  17. to all the "chop off the hand" people by SuperBanana · · Score: 4, Insightful

    Well, I see we've already got a few people posting "zOMG my hand's gonna get chopped off".

    Here's a pop quiz. How's a device that uses near-IR to see active blood vessels going to work....

    ...on a hand with no blood pressure, and no hot blood flowing through it? Seems to me a cut-off hand would be virtually worthless within seconds; the veins would become the same temperature as the rest of the hand, and collapse due to lack of blood pressure.

    --
    Please help metamoderate.
  18. Biometric security idea of the week. by RyanFenton · · Score: 5, Insightful

    This time, it's the translucent map of the hand.

    Problems with this idea?

    1. Injury or other causes of restricted bloodlow will change the pattern. People may be wearing a watch or carring a bag which may change the net translucent image of the hand for some time.

    2. No mention if this is 3-d imaging, or multiple-perspective scanning of some sort - but if it's just a 2-d single image, then another source of the 2-d image could be used as fake ID. In the case of 3-d imaging, fakes become more difficult - gummy hands are a lot less common than gummy bears. Still - there has to be a basis for pattern-recognition in the complex mess that makes up a human hand/palm, and that basis can be exploited. A rubber glove with ink on the palm, flipped inside-out may do the trick, or something similar.

    3. This equipment... will it be cheap? Will it require large databases and further security for that data? How much cheaper will this be than other security methods? Cost more than most things will likely determine the impact of a biometric technology. Just having another identification scheme won't help that much, if it can only be used in already-secure or expensive scenarios.

    Biometrics are a great idea, and some very cool implementations - but they always seem to involve a lot of false negatives/positives (none have solved both), and are fairly expensive relative to their unreliability. They certainly haven't been a replacement for most standard security schemes. How is this scheme different?

    1. Re:Biometric security idea of the week. by __aaijsn7246 · · Score: 3, Informative

      There has been some work to prevent the use of fake fingers in biometric devices. One I have read about is checking the resistance of the object placed on the scanner to be sure it matches the known resistance of skin. Resistance can be forged of course, but it is an extra layer in the system.

      Some systems have been so weak that you can simply breatheon them to cause moisture condensation - which in turn causes the device to believe the last finger has been placed on it again!

  19. Can It Be Done? by ndansmith · · Score: 3, Funny

    Biometrics are still so far from reliable. Hopefully this whole effort will not be in vain.

  20. biometrics just s*cks by l3v1 · · Score: 3, Insightful

    My main problems with almos all biometrics identification & recognition systems for public use is that
    - none of them works good enough (see below)
    - if you combine multiple biometrics to raise the efficiency they will become exponentially more inconvenient and expensive, and still not being 100%
    - very many biometrics can be falsified and there probably are levels where even cutting a hand isn't a big deal to get to the information; in cases when you need the hand/finger/etc. alive there's kidnapping and remember, one doesn't have to interrogate the fella, just to take him

    Ok, so about efficiency. If you care to dig a bit deep and read research regarding different types of biometrics, you'll easily find quite high numbers on %. There's two things one has to constantly keep in mind:
    - most if them give those high % only in specific working conditions
    - if you read one biometrics works at 9x%, always think on the reverse: e.g. how many real people does that 100%-9x% mean in the real life like airports with multi-million guests a day ? even 99% goodness means 10000 from 1mil. people falsly angered and that's a lot

    --
    I am putting myself to the fullest possible use, which is all I can think that any conscious entity can ever hope to do.