Slashdot Mirror
Fingerprint Purchasing Technology Ensures Buyer Has a Pulse
An anonymous reader writes "A small U.S. university has come up with a novel solution to reduce the possibility of using a dead person's hand to get past a fingerprint scanner through the use of hemoglobin detection. The device quickly checks the fingerprint and hemoglobin 'non-intrusively' to verify the identity and whether the individual is alive. This field of research is called Biocryptology and seeks to ensure that biometric security devices can't be easily bypassed."
Checking for oxygenation level might be possible. Does not have to be a very accurate reading.
Does the device only check for pulse or does it also compare to the person's normal blood pressure (which was obtained upon registration into the system) to make sure the person being authenticated isn't being coerced into granting access to unauthorized personnel/burglars, etc???
I don't even want to read the article, but I'm sure they are filing yet another stupid patent for this completely ground breaking idea...
Something like "use of infrared or similar device combined with a fingerprint sensor.
What if the attacker drugged the victim with certain "date rape" drugs to make them more impressionable and willing to open the door for them?
How will lawyers use it?
Here's a good reason why: What happens when someone manages to steal your password? You change it. What happens when someone managed to recreate your DNA or other biological identifier used for authentication? Good luck getting new DNA or fingerprints.
Finally a way to stop these guys from shopping in malls, which is their favorite hangout.
And it also protects you data during the zombie apocalypse!
Bab72 (Not my real name)
The title is wrong. This is not checking for a pulse. If it were, then people with artificial heart pumps like Dick Cheney wouldn't be able to use it. They are alive, but do not have a pulse.
That said, I could see something like this checking for a pulse. This brings up the interesting problem of how to handle biometric checks for people who don't have those biometrics. Not everyone has fingers. Not everyone has eyes. Not everyone has a pulse. Maybe you don't care about that, as you don't have any of them among your target users, but what happens when that changes? You need a plan to handle that.
I actually read the article; what a useless waste of a web page.
There is only one paragraph that mentions anything about the technology, and that is the paragraph in the summary here.
The rest reads like filler material and pimping the advantages of investing/working in the upper midwest.
Lame. I was hoping for more details.
When will the public realize that all of these biometric systems are defeatable? You're just adding another layer of data that can also be faked. You know what can't easily be faked or spoofed? Sufficiently strong public-key cryptography. So let's get it over with and start assigning giant private keys to everyone on the planet and dealing with the infrastructure issues and loss/replacement stuff (similar to passports today, I imagine). Then it's easy to authenticate anyone: they just sign data with their private key and that can't be faked. The standards could be open, we could have multiple implementations of hardware/software signing devices to use during transactions. Some of them would suck and get compromised, resulting in waves of people having to revoke their keys and apply for replacements. We have time to work the system out and come up with something that's sane in practice.
This kind of stuff is good marketing. Useless, but that hasn't stopped anyone from blowing money so far.
Now convince criminals that your disembodied fingers won't work. There will always be skeptics. Don't worry, your missing fingers won't do the job for them.
Company Korporov Kopinc. announces new device to keep pulse on a dead body hand, the company says this device can bring the real deal on "another world" handshakes.
The vast majority of the fingerprint readers used for secure purposes already won't work for nonliving fingers.
Show me a biometric test that can't be spoofed for 10% the cost of the test hardware. Go ahead, I dare ya.
Fake retinas and fake fingerprints took, what, a couple weeks to show up after their respective scanners went into production? Why should any other sort of bio-scanner/detector be any different?
https://app.box.com/WitthoftResume Code: https://github.com/cellocgw
Hey, pal! Does this smell like chloroform to you?
If Slashdot were chemistry it would look like this:Cadaverine
I was getting pretty worried about biometric security there, but I'm glad to see that we no longer need to worry about clever people figuring out ways to defeat this sort of thing.
Does this device offer the least bit of protection against the "gummy bear attack" (i.e. a thin molded replica fingerprint, formed from, e.g., etched gelatin, over a living finger)? If not, then it's pretty useless (because lugging around a whole dead body or even severed finger is already riskier/harder than a simple replacement mold).
I believe the implied, and correct, is: "Fingerprint Purchasing Technology Ensures Buyer Has an IMPULSE"
You do what you always do when the computer can't recognise the input; have a human enter the details manually.
We'll never achive 100% computer automation for any sytem that involves processing people, and even if we did, we'd still want a human to be involved for edge cases (see the current debate on drones in another thread)
I read about this at least 10 years ago when some Japanese ATMs were going with fingerprints. They looked at the blood flowing through the skin to make sure they were looking at a live finger and also not just a faked fingerprint on a live finger.
I can see it now, people with finger tip calluses and thick skin syndrome will not be able to use this. They will form their own constituency to protest against the unfeeling corporate non-entities that are holding them down.
The article was delightfully free of actual info, but I assume they are just adding this: http://en.wikipedia.org/wiki/Pulse_oximetry
Yeah, the more expensive fingerprint readers have done this since the late 1980s. They can also tell if a retina was in a removed eye, et cetera.
StoneCypher is Full of BS
... will be pissed....
Whoop-de-doo. There are several outfits that have done something similar over the years, including companies that have tens of thousands of fingerprint devices out on the street already. I would be somewhat surprised if the tech covered in this article is not already patented by Lumidigm or somebody like them.
"Liveness checks" have been a part of fingerprint tech for many years now, ever since the famous "ghosting" attack on the early L-1 and Cross Match sensors. Whoever wrote the article didn't do their homework if they think this is actually "news."
One would *never* be able to simulate a pulse in a dead finger.
/s
Note to self: first use person to get past security THEN kill them.
did these fingerprint biometric 'security experts' ever solve the issue where someone could defeat nearly all fingerprint 'security' machines by blowing on the detection area with a small straw? The heat and humidity from the breath triggers the finger detector and the residual sweat from the previous fingerprint's impression passes the ID test and allows the straw-blower access to the system.
Biometric ID systems are all so stupid. If the access point is so important that someone is willing to pay tens of thousands of dollars for a flaky electronics system, then just hire a real person to guard it. We have plenty of people who need real jobs.
So what if you have hypothyroidism, kidney failure, certain anemias, etc. and have low hemoglobin? If you're American, there's a 50/50 chance you can't afford treatment, even if you have insurance.
I remember when fingerprint scanners first started getting widespread use people asked about "what if someone lifts my fingerprint, or worse, cuts off my finger?" and the manufacturers all said "Don't worry, it only works on live fingers." Then people tried it and discovered that yes, you can lift someone's fingerprint duplicate it, and the scanner is more than happy to take it. Luckily the latter has not proven popular (I don't know of any case of someone having a body part severed to defeat a biometric lock), but the former put a huge black eye on the concept of fingerprint scanners as security. Your average person leaves fingerprints everywhere and you'll never know if someone has gone and lifted them.
I read the internet for the articles.
and the lawyers will laugh their way to the bank
Because instead of taping your password to the screen or in your wallet, let's stamp it on everything you touch.
It can's detect silicone fingerprints. The cool thing about these, is that you don't have to cut off someones thumb and distracting a salesgirl while you press it to a scanner, you just act like nothing's wrong and thumb away.
I'm surprised anyone with even half a brain could have decided that a pulse was enough.
Guns can make people do amazing things, like placing their prints wherever the guy controlling the gun wants them placed.
You could engineer a pump to drive pulsed blood through the capillaries.
Heck, you could even heat the blood while you're pumping it. (This device does not detect temperature btw)
It is a solution, certainly, but wrought with a myriad of flaws. This ought to be a very long time to market I expect. Unless of course, they decide to give the job of redesigning the scanner to someone who's passed the fourth grade.
Geekism is your _only_ God!
I read the summary and was disappointed that this wasn't about a technology that allows me to purchase new fingerprints.
It all boils down to a process. This process will end with a function that determines a certain percentage (always less than 100%) of likeliness that you're the person that should access. Any process, I repeat, ANY PROCESS that does not end in a 100% certainty of who you are, has wiggle room for those that are not you. And as far as I know (maybe some of you nerds out there will chime in with another way) the only way to be 100% certain that the person is who they say they are, is to know them personally, and interact with them on a personal level. Human-to-human security is always the best solution, and even then there's a chance that the humans that work the security could be persuaded to follow another leader's plans...
Also, you could arrange the building in such a way that it's an ever-changing multi-level maze, whereby everyday a guy pops out of a garbage can, or bush, and gives you a map that self-destructs in 5 seconds. If you're one of the lucky people that have security clearance, you should always throw the paper behind your back when you're done reading it. Also, bring your niece along.
Checking for blood oxygen level would be easy... and easily fooled. Certain Chinese manufacturers added melamine to pet food to increase its apparent protein content. I wonder what one might have to add to a severed finger to make its blood oxygen level appear normal. Chlorine bleach? Peroxide? A rusty nail? You can rest assured that someone somewhere will go to great lengths to find out.
what about skimming?
Isn't this old news? I worked at a US based hardware manufacturer back in 2005 that made fingerprint scanners, and we were scanning for the em field around fingerprints at that time - not the external fingerprint, but the EM field created by a living finger with pumping blood. I figured this was the 'norm' - not only because it makes sure your subject is alive, but because the sub-skin part of your prints are less likely to be damages or obscured for day-to-day use.
Oh well, maybe we were too far ahead there... one thing I learned at that job is it doesn't pay to be first with new tech, it pays to be a copycat at a lower price.
Linking biology to cryptography will just encourage criminals to either cut off my hand, or keep me alive just long enough to steal all my money.
Why can't you simply use misted cyanoacrylate to get a good impression of the desired print and mold customer latex gloves for yourself or use a gelatin impression on top of your finger with that person's finger/handprint?
That should read Super-Glue
I have Raynaud's syndrome. There are times when it's cold and I've gone to the doctor's visit. They put the little gadget on my finger to take a reading and it doesn't work because the ends of my fingers are white. Will suck the first time I can't buy something because of this.
What about vampires, zombies, and other undead? How can this fit into a modern multi-vital society?
I put on my robe and wizard hat..
The check-for-life feature is 15-20 years old.
The presence of a "pulsatile" or time-varying signal will indicate the presence of a pulse and will also indicate the heart-rate and the oxygen saturation level of the blood. Using different wavelengths would allow for the measurement of CO_2 levels or of CO (carbon monoxide) levels also. This type of measurement is routinely done on neonates (newborns), intraoperatively, and in the post-surgical unit on patients coming out of anesthesia. I just studied some of it when I went on my hospital shadowing visits with my mom the doctor (!).
Dick Cheney would never be able to make a purchase. His heart does not beat.
Um, lolwhat? An Archimedes screw is gravity dependent. It would stop working when you lay down. A VAD may use a pulsing pump, centrifugal pump, or axial turbine.
...busted this one already
http://youtu.be/3Hji3kp_i9k?t=2m42s
(that's a finger print lock that's detecting signs of life)
.
Look at the patent application for this assigned to the company involved. It measures the change in oxygenation levels which varies slightly as each heartbeat pumps more blood through the vascular system. Here are some details. (it doesn't measure blood pressure, like some people were guessing above, it measures hemoglobin oxygenation/deoxygenation levels).
.
It measures "Pulse Oximetry" which measures the ratio of oxygenated vs. deoxygenated hemoglobin in the blood by measuring infrared absorption at two wavelengths, wavelengths $\lambda_1$=630 nm and \$lambda_2$=940 nm. [LaTeX mods inserted by moi] Here's the relevant information from their patent application at line 82, the preferred embodiment of the invention in http://www.faqs.org/patents/app/20120119089 : DESCRIPTION OF A PREFERRED EMBODIMENT OF THE INVENTION [0082] Basically, the invention is based on the transmission properties of quasi-coherent pulsed near-infrared radiation on human epithelial tissue and its absorption by oxidised and deoxidised haemoglobin (25). It is also based on the reflection of near-ultraviolet (24) and pulsed UV-A (23) radiation on human epithelial tissue.
The presence of a "pulsatile" or time-varying signal will indicate the presence of a pulse and will also indicate the heart-rate and the oxygen saturation level of the blood. Using different wavelengths would allow for the measurement of CO_2 levels or of CO (carbon monoxide) levels also. This type of measurement is routinely done on neonates (newborns), intraoperatively, and in the post-surgical unit on patients coming out of anesthesia. I just studied some of it when I went on my hospital shadowing visits with my mom the doctor (!).
Thanks for trolling. http://www.popsci.com/science/article/2012-02/no-pulse-how-doctors-reinvented-human-heart?page=3
At a glance the patent seems to be for a very specific approach to measuring pulse oximetry. The approach seems near identical to US patent 5737439 Anti-fraud biometric scanner that accurately detects blood flow. In any event the basic technique for using pulse oximetry for liveness testing is described in Sandstrom, "Liveness Detection in Fingerprint Recognition Systems", 2004 and Hill & Stoneham, "Practical applications of pulse oximetry", 2000. The use of two IR absorption measurements is not novel (see patent 5737439).
i-name =twylite [http://public.xdi.org/=twylite], see idcommons.net
Re: The use of two IR absorption measurements is not novel (see patent 5737439).
;>)
correcto, they do in fact cite that particular patent in their own patent. Note the quote I included in my GP post also mentions the use of UV wavelengths too for measuring skin.