Slashdot Mirror

← Back to Stories (view on slashdot.org)

Vein Patterns Could Replace Fingerprints

Posted by samzenpus on from the no-two-alike dept.

Death Metal writes "Companies in Europe have begun to roll out an advanced biometric system from Japan that identifies people from the unique patterns of veins inside their fingers. Finger vein authentication, introduced widely by Japanese banks in the last two years, is claimed to be the fastest and most secure biometric method. Developed by Hitachi, it verifies a person's identity based on the lattice work of minute blood vessels under the skin."

24 of 152 comments (clear)

  1. Re:Chop, chop by Roland+Piquepaille · · Score: 5, Funny

    Funny you should say that, my first thought when I read "Finger vein authentication, introduced widely by Japanese banks in the last two years" was that it's got to be a bitch to withdraw cash from an ATM if you're a Yakusa...

  2. How about using it as a "username"? by mlts · · Score: 5, Insightful

    Maybe its me being pedantic, but I consider biometrics something that is intended to replace typing in a username, as opposed to being both pairs of the username/password combo. Ideally, one would have biometrics to ID which user is wanting access, then have a contactless smart card and/or a PIN for the "password" part that confirms the user is whom he or she said they are.

    1. Re:How about using it as a "username"? by cjfs · · Score: 5, Insightful

      Agreed. Single-factor authentication based on something that's not reissuable is a recipe for failure.

      Eventually people will run out of non-compromised fingers ;-)

    2. Re:How about using it as a "username"? by conchur · · Score: 5, Funny

      "authentify" - Does that mean simultaneous identification and authentication? Does "indentificate" mean the same thing?

    3. Re:How about using it as a "username"? by jonaskoelker · · Score: 3, Insightful

      I consider biometrics something that is intended to replace typing in a username

      And wisely so. Biometric data is an identifier--it's something with a one-to-one mapping to an identity (here: a pile of cells). Other common identifiers are SSNs, usernames, user IDs, RSA public keys and sha1 hashes [the one-to-one-ness works well in practice for sha1, but of course not in theory].

      Identifiers are not authenticators. A good authenticator for any given identifier requires that only the identified thing can produce the authenticator; except in one-time schemes, performing the authentication should not allow anyone else to authenticate as you later on. It also requires that they one you're trying to prove something to can verify what you're claiming.

      A good authenticator for a public key is a signature on a random string. [make sure the one validating you knows how the signature looks before you send it; use a commitment scheme].

      A bad way to authenticate is by sending a copy of the private key [or for sha1 hashes, the string that hashes to the given hash].

      Biometric authentication "works" by having the identifier be the authenticator, and the authentication protocol works by sending a copy of the authenticator:

      You put your iris in front of the scanner and it does a "SELECT permissions FROM users WHERE iris = %s" [without the horrible SQL injection possibilities, of course]. What's to stop those who look up your iris from creating a replica? If you work by fingerprints, I send my goons to follow you around. When you open or close a door, they take your print and produce a rubber replica.

      An analogy would be that you learn a word that only you can pronounce, and the authentication works by you saying the word aloud, such that everyone in your vicinity can hear it. "Only you can pronounce", I don't buy that.

  3. Re:I've got a unique vein for them... by clickclickdrone · · Score: 3, Funny

    >it's big and blue.
    IBM have veins now? Whatever next!

    --
    I want a list of atrocities done in your name - Recoil
  4. Replacement veins in case of fraud? by irexe · · Score: 4, Insightful

    Until someone figures out how to revoke and replace biometric properties in case of fraud, I don't see why we should even be considering them as a serious replacement for good old passports.

    1. Re:Replacement veins in case of fraud? by phoenix321 · · Score: 4, Insightful

      It would be very necessary to mandate a "duress PIN" or password for every authentication point. A silent alarm whenever someone is forced to enter credentials against their will.

      This should be mandatory for all authentication systems anyway, it would certainly hinder these ridiculous one-day kidnappings and ATM muggings.

    2. Re:Replacement veins in case of fraud? by Hellies · · Score: 3, Insightful

      And how would a duress pin help anything? As if the cops could jump onto the scene during the short time that an ATM transaction takes...

      Seriously? In the case that a duress code is entered, the police have a lot of information to work with. As opposed to someone reporting the crime possibly hours after is happened. 1. The cops are informed that a kidnapping is in progress right now and have the exact location of the kidnappers. 2. They know the person who has been kidnapped by the bank account that is being accessed. 3. They have the images from the ATM camera, which may indicate how many kidnappers there are, how they are dressed, what state the victim is in, etc... 4. The duress code could cause the ATM to display a "This account had insufficient funds" or some other error message. It's far from a perfect system. But having a "a crime is happening at this location" alarm would be a boon to law enforcement.

  5. Least secure, not most secure by (Score.5,+Interestin · · Score: 5, Interesting

    An evaluation by the National Physical Laboratory in the UK found vein patterns to be the least reliable biometric they'd ever encountered, worse even than face recognition which became notorious for its zero-percent hit rate in several public trials (OK, so you can't get worse than zero percent, but in carefully controlled lab trials face recognition did get a non-zero score).

    Looks like another great example of biometric vendor marketing at work. "Buy our stuff, it's gooder than anyone else's!".

    1. Re:Least secure, not most secure by smoker2 · · Score: 3, Informative

      In my capacity as truck driver, I have had occasion to visit Felixstowe container terminal. They have been trying to get a similar system going for years. I have a photo card that contains the data and I have to place my hand on a pad up against metal posts. This system has never worked reliably, and so far other than when I went through the initial process, I have never had to use it. The terminals are always out of order. So we just wave the card instead.

  6. Re:I've got a unique vein for them... by Joebert · · Score: 4, Funny

    I don't think anyone would appreciate you flopping your left nut out on the scanner. Oh wait, you said "big". Sorry Anonymous Coward I had you all wrong.

    --
    Wanna fight ? Bend over, stick your head up your ass, and fight for air.
  7. Re:I've got a unique vein for them... by wisty · · Score: 3, Funny

    You won't think it's so funny when the bad guys steal your account by hacking off your "finger".

  8. Re:Hacking (in more ways than one) by abigsmurf · · Score: 4, Insightful

    That is incredibly difficult. you'd need to hook up each individual vein and artery (with the flow going in the correct direction) and get the pressure spot on else you'll either damage the veins or just fill up the finger like a balloon.

  9. Re:Hacking (in more ways than one) by Andr+T. · · Score: 5, Funny

    I think the old gun-in-the-head-goddamn-put-your-finger-there-or-I'll-kill-you works better.

    --

    Any life is made up of a single moment, the moment in which a man finds out, once and for all, who he is.

  10. Linking the data by Andr+T. · · Score: 5, Funny

    Robot voice: "Hello, mister... JOHN SMITH. You forgot to pay your... UNIVERSITY BILL. You'll be expelled in... THREE DAYS. Also, you have... BLOOD CANCER. You'll die in... SIX WEEKS."

    --

    Any life is made up of a single moment, the moment in which a man finds out, once and for all, who he is.

  11. Re:I've got a unique vein for them... by conchur · · Score: 5, Informative

    FTA:

    The gruesome possibility that criminals may hack off a finger has already been discounted by Hitachi's scientists. Asked if authentication could be "forged" with a severed finger, the company says: "As blood would flow out of a disconnected finger, authentication would no longer be possible."

    I must admit that was the first thing I thought of when I saw the headline...

  12. Am I just paranoid or is anyone else.... by Viol8 · · Score: 5, Interesting

    ...getting sick of the endless ways to identify and tag individuals that have appeared recently? Fingerprints, iris scans, voice recognition, face regonition, smell (!) , walking gait, now vein patterns. How long before we're all just barcoded with a unique id??

    I'm sure some people will say I'm just being paranoid but with the advancement of AI image processing it won't be long before we can be identified no matter where we are , what the time is , or what we're doing. Yes , the governments all roll out the "terrorism" line whenever questioned about this but we've all seen how its been abused already.

    So whats next - infra red heat pattern signatures of individuals? Chemical piss analysis in public toilets?

    1. Re:Am I just paranoid or is anyone else.... by squoozer · · Score: 3, Insightful

      We sort of already do carry around a barcode - in our DNA. While we aren't even close to being able to process it fast enough to make it viable at the moment I could easily imagine we will be able to in the future. Welcome to the world of Gattaca only we won't be able to get round the checks as easily as he does in the film.

      --
      I used to have a better sig but it broke.
  13. Re:What else can you see? Handedness! by Tsu+Dho+Nimh · · Score: 3, Interesting

    Makes you wonder what else can be discerned from the pattern of blood vessels and other scan information.

    If you scan both hands simultaneously, you can usually tell if the person is right or left-handed. The hand that is used more has a larger blood supply, bigger blood vessels.

    It doesn't work on piano players, typists and some others who use both hands vigorously.

  14. Re:I've got a unique vein for them... by Killjoy_NL · · Score: 5, Funny

    Haha, this is why I love Slashdot.

    The ease that is assumed about the possibility of getting a real lightsaber.
    I LOVE IT :D

    --
    This is the sig that says NI (again)
  15. Stability of biometrics by DrYak · · Score: 5, Informative

    Plus, as an MD, I have quite some suspicion about the stability of some biometric methods over time or over pathologies.

    Take today's method :
    - it relies on vein patterns.
    The main problem I see is that veins are biomechanically elastic, in order to be able to comply with varying amount of blood. It works as a "blood pool".
    Depending on pathologies, the shape of the veinous network can change dramatically.

    (same goes for retina. I mean looking at the change induced is the way to assess the progress of some disease like diabetes or hypertension).

    Fingerprint worked so-so because the relatively stable : as long as the deeper structures aren't destroyed, the skin regrows with the same prints, no matter what.
    Fucking up fingerprints require deep mutilation of fingers. These kind of accident can happen is heavy industrial workers, but its not something the average laptop wielding geek is very likely to experience. Thus fingerprints are good enough.

    Whereas, the current trend of blood-related biometric systems are affect by pathologie (I've mentionned hypertension and diabetes) which are much more frequent, specially among the sedentary people: typically the users of such systems.

    Thus, I have real doubts about the long term feasibility of such measures.

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
    1. Re:Stability of biometrics by Lemmeoutada+Collecti · · Score: 3, Insightful

      Messing up a fingerprint requires nothing more than a sharp object and several horizontal lacerations in some cases... I know this from personal experience. On of my fingerprints was permanently altered enough that the whorls were distorted when I got a simple cut that became infected. The regrown print now has a section across it stretched to the side, distorting the shapes enough that most systems don't recognize it as the same fingerprint anymore.

      Of course, there is still enough that a human can identify it, but the limited data sets used in most biometrics can't find sufficient matching markers.

      In the case of another finger, I also have vertical wrinkles that come from aging, so now that fingerprint is segregated like looking at it through blinds.

      There are many everyday events that can cause enough change in fingerprints to mess up most biometric readers. These range from short term events like having a cut or blister, to permanent changes like slicing a fingertip off and the doctor not lining it back up perfectly.

      There is nothing about the human body that is immune to change. It is that elastic ability to adapt that has made homo sapiens a viable species.

      --

      You can have it fast, accurate, or pretty. Pick any 2.
  16. Re:I've got a unique vein for them... by Assmasher · · Score: 3, Interesting

    Ironically, a near infrared sensor (used for just this purpose - security) that I played with about 2 years ago had firmware which not only detected whether or not the hand (this one examined your palm) was severed but apparently had a method of detecting if the user was under stress (presumably this affects dilation and blood flow or something else observable in the spectrum) in order to prevent hostages from being used like this. Despite all the obvious problems with this, it was an interesting idea; however, apparently some people had problems using it at different times of the year because of this 'feature' or when in agitated or excitable states. Things are never as simple as they appear sadly...

    --
    Loading...