“Instead of handling paper documents, boarding passengers will queue in turnstile-like lanes, stepping onto yellow footprints and looking into a camera to have their face scanned. The scan will then be compared to images obtained from passports or other travel documents to confirm identity.”
The aspect of this program dealing with facial recognition for departing passengers is especially interesting. Airline gate agents probably aren’t trained to detect identity fraud to the degree that customs agents are. Their priority is to board the aircraft as efficiently as possible.
Recording the biometric transaction will also begin to provide rigorous data that may also inform efforts to meet the repeated US Congress requirements for biometric exit technology.
Much more information with pictures and video is available at the Orlando Sentinel.
In a post at Biometrics Update, Ever AI CEO Doug Aley makes the case that facial recognition technology is ready to reduce friction in identity authentication across a range of industries. It’s well worth reading in its entirety.
“For as hard as the industry has tried, consider all of the potential security exposures that still exist. Four-digit ATM pin codes. Patient identities verified by Social Security numbers. Lost or stolen physical corporate ID badges. Just the other day, in creating a security profile someone asked me for my mother’s maiden name.
Face recognition technologies are poised to re-write the rules of how transactions and identities are secured. But are we ready?”
We’re ready. The challenge for organizations seeking to adopt facial recognition to improve services is integrating the technology with existing processes and data structures. Our FaceTrac/IdentiTrac platform provides both the facial recognition technology and the integration with existing databases and applications.
“Biometric privacy remains an important issue, as facial recognition and other biometric technologies are increasingly in use. As such, it is desirable to find a balance between privacy and security while at the same time allowing companies to use the advances in biometrics in productive ways. Some argue that the Illinois law, in its present form, fails to strike that balance. It appears that some of the Illinois legislators have heard that argument and are trying to correct any imbalance that the law might present. Given what’s at stake, we will closely follow these legislative developments.”
Proskauer Rose, the source of the linked article, is an international law firm with offices in Chicago. The full piece has a lot of links to more information on the Illinois BIPA law. Read the whole thing, especially if you’re interested in biometrics, privacy, or in business in Illinois.
Our previous posts touching on the Illinois BIPA law can be found here.
“New Delhi: Nearly 3,000 missing children have been traced in four days, thanks to the facial recognition system (FRS) software that the Delhi Police is using on a trial basis to track down such children.
The identities of the missing children have been established and efforts are on to help them reunite with their families.
The Ministry of Women and Child Development (MWCD), in an affidavit to the high court, said that the Delhi Police, on a trial basis, used the FRS on 45,000 children living in different children’s homes. Of them, 2,930 children could be recognised between April 6 and April 10.”
A heartwarming story with a dose of local politics.
“The research, based on survey results from 200 U.S. senior IT decision makers, outlines how there is a lack of confidence of passwords alone to secure data sufficiently while highlighting how organizations are moving towards biometrics to better safeguard their most critical assets.”
“Harnessing the Power of Biometrics: The overwhelming majority of respondents agree that biometrics is the most secure authentication method for both organizations (86%) and consumers (86%) to use. Respondents believe the main reasons for using biometric authentication include overall better security (63%), increased workforce productivity (54%) and better accessibility (50%).”
Usually, increasing security decreases convenience. Biometric solutions offer a rare chance for organizations to increase security and convenience at the same time and senior IT staff are starting to embrace the opportunity.
Securlinx, is on the ground in Chicago to take part in the International Association for Healthcare Security & Safety (IAHSS) annual conference and to demonstrate the newest version of our FaceTrac facial recognition software. We’ll be in booth #601 today and tomorrow.
IAHSS is dedicated to professionals involved in managing and directing security and safety programs in healthcare facilities.
Through the partnership, Securlinx and REMTCS will join forces to solve critical security challenges for companies. Securlinx will provide a “whitelist” and enterprise-wide authentication of trusted users outside the customer’s firewall, while REMTCS will provide superior protection against threats inside the firewall by killing viruses and “blacklisting” sites circulating malware. Both companies will also help protect clients against ransomware attacks. The software offerings of both companies are fully integrated to work in conjunction with each other.
“We discovered exposed medical systems — including those that store medical-related images, healthcare software interfaces, and even misconfigured hospital networks — which should not be viewable publicly. While a device or system being exposed does not necessarily mean that it is vulnerable, exposed devices and systems can potentially be used by cybercriminals and other threat actors to penetrate into organizations, steal data, run botnets, install ransomware, and so on. Furthermore, it shows that a massive amount of sensitive information is publicly available when they shouldn’t be.”
The article linked above and the companion Trend Micro blog post, along with the entire 61 page pdf report (available here) do a really good job of covering the range of threats confronting healthcare networks today.
The internet of things (IoT) offers so much of benefit — remote monitoring, diagnosis, collaboration, home healthcare, devices, etc. — to healthcare providers and patients that it is inconceivable that it will be abandoned. There are, however, significant privacy and health outcome risks associated with putting practically every software application, sensor, device and record within reach of the internet.
How large healthcare providers harness the IoT for better care delivery while minimizing the associated risks will go a long way toward sorting out the winners and losers in the business of healthcare.
Cyber security, identity assurance, and training are of critical importance if the promise of the healthcare IoT is to be kept for healthcare providers and patients alike.
“Using National Cancer Institute survey data, the study found that 52 percent of US citizens were offered access to an online medical record by a healthcare provider or insurer in 2017, up from 42 percent in 2014. Of those who were offered access, 53 percent viewed their records at least once in the past year.
However, of the individuals offered access to online medical record, one-quarter did not access that information because of privacy/security concerns.”
So, is it fair to imply that up to 25% more patients would access their online health record if they were more confident in the security of their access to it?
“Physical, sensing, actuating, computing and other security access control systems — including the spectrum of biometric usage such as biometric access and security systems; door, parking facilities, elevators, communication facilities, and rooms; occupant interface dashboards; and universal control and monitoring systems — are among the issues discussed in the recently released National Institute of Standards and Technology’s (NIST) Interagency Report on Status of International Cybersecurity Standardization for the Internet of Things (IoT), prepared by the Interagency International Cybersecurity Standardization Working Group.”
Securlinx CEO Barry Hodge noted this morning:
IdentiTrac is the Securlinx flagship identity assurance platform that supports all of our ID management applications and integrates with users’ existing data infrastructure.
“The global healthcare biometrics market size was valued at USD 2.1 billion in 2016 and is expected to witness a CAGR of 24.2% over the forecast period. The major driving parameters attributing to the growth of this market are rising healthcare IT application combined with increasing awareness and demand for cyber security and biometric development catering to the healthcare facilities.”
Facial recognition tech moves from smartphones to the boardroom (Computerworld)
“With the release of Apple’s iPhone X and its Face ID feature, facial recognition technology has become more mainstream – and it’s already being piloted by some government agencies and commercial airlines as a friction-free security measure.”
Craig Workinger, Executive Vice President and General Manager of Securlinx, said: “Healthcare institutions at every level are facing significant security challenges and a dizzying array of technologies and partners that often solve one problem only to create new ones. We take a different approach – a system that works with both the customer’s current infrastructure and new applications. We are pleased to be attending IAHSS conference this year and are looking forward to demonstrating our capabilities and the benefits we offer healthcare organizations.”
“Imagine it is 2030 and you are a U.S. government employee working from home. With the assistance of the latest technology, you participate in video calls with clients and colleagues, augment your job activities through artificial intelligence and a personal digital assistant, work through collaboration software, and regularly get rated on a one-to-five scale by clients regarding your helpfulness, follow-through, and task completion.”
But it’s not just the government sector. The convergence of cloud, AI, and biometric identity assurance among other emerging technologies like the blockchain will change the way individuals interact with large organizations throughout the economy.
“Many IT professionals aren’t convinced biometrics can serve as a secure and reliable replacement for the standard username and password combo,” said Peter Tsai, senior technology analyst at Spiceworks. “Unless technology vendors can address the security issues and privacy concerns associated with biometrics, the technology will likely be used side-by-side in the workplace with traditional passwords or as a secondary authentication factor for the foreseeable future.”
It looks like this 2013 post and the paper that informed it are holding up quite well.
In the paper, A Research Agenda Acknowledging the Persistence of Passwords, Cormac Herley and Paul C. van Oorschot write:
“Passwords, though unloved, deserve some words of praise. They have brought us this far: they are the means by which two billion Internet users access email, banking, social networking and other services. They are essentially free from the service provider viewpoint, and are readily understood by users. They allow instantaneous account setup. Revocation is as simple as changing the password. Those who forget their passwords can be emailed either reset links or the passwords themselves (this practice, though insecure, is common for low-value sites). All of this is automated and instantaneous. They allow access to one’s accounts from anywhere in the world assuming nothing more than a simple browser. Sophisticated users can protect themselves from many of the threats. “
All this is still true. Biometrics, however, can also be used as a way to return the password to the simplicity of the PIN. For example: a fingerprint scan associated with a weak password such as a 4 digit PIN provides far stronger authentication than any password a human could be expected to type. In other words, biometrics can be combined with rudimentary passwords to bring an end to the “password arms race” where the main coping strategy has been longer, more complex and more frequently changing passwords — i.e. the real reasons people tire of the humble workhorse of the ID game. So instead of replacing the password, biometrics might one day be used as a way to salvage what makes it great while minimizing the frustrations associated with over-reliance upon it.
Eric Schmidt, the former executive chairman of Alphabet, delivered a bold vision of the future of health care and technology at HiMMS, urging participants to go immediately to the cloud.
The cloud, he notes, can take in—and provide security for—the large amounts of data being generated from the growing number of new mobile apps and sensors, then integrate and structure this data into an information flow to support the clinician sitting in front of a patient. Through an earbud or mobile phone, the clinician can access potentially life-saving guidance.
But Eric’s comments underscore the big challenge facing the next generation of EHR (Electronic Health Records). EHR has a growing, vast flow of potentially valuable data from broad array of devices and apps. What’s lacking is the means to store it and validate its sources.
Identity authentication across platforms and devices is thus crucial to the next generation of EHR. To be usable, all that data must be tied unequivocally to the individual in front of the clinician. In turn, that means having an integrated, holistic approach to managing identity across all the platforms, apps and sensors.
We are attending the HiMSS annual meeting this week and wanted to share a few observations. It’s a terrific event, and a reminder of how important personal contacts are in an age when we’re on our screens constantly.
Nearly every conversation here includes the issue of how to get data out of isolated, proprietary systems so it can be used more effectively. If data can be collected from many sources, then AI and machine learning tools can be applied to it, looking at both text and images to create a predictive system for clinicians. That offers a real opportunity to improve patient care.
This also seems to be driving talk of partnerships, another hot topic at the conference. People recognize there are lots of technologies trying to solve healthcare’s problems but they approach it in an isolated way. So they are trying to figure out how to make data actionable and link it to what others have. The idea of partnerships is a departure for big industry players who’ve mostly taken a go-it-alone approach in the past.
Interoperability is also getting a lot of buzz at HiMSS. Most people focus on its technological aspect but that’s only half the challenge. The other is culture.
From a technology perspective, there are lots of vendors battling for market share and holding on to data as part of their competitive strategy. But that’s running up against consumer behavior. People today get their health care from a variety of places – hospitals, outpatient centers, specialized clinics, even their home – and they are increasingly shopping around. Inevitably, they wind up in separate health systems, and none of them speak to each other. So the challenge is to get the data up a level so that it’s accessible to their doctor no matter where they go.
There are technologies that can do that, and more. But change is slow, and that’s where culture comes in. Many healthcare organizations are reluctant to change. Some still use fax machines and paper records. They want to be more efficient but are slow to embrace the technology that can help them get there. Of course, adoption has been the challenge for every technology innovation, from PCs to cell phones. Healthcare tech is no different.
I’ve been attending HiMSS for more than 15 years (do I get an award for that?), and every year I see a few things that surprise me. That’s what keeps it interesting.
One surprise is the number of vendors who claim to have a patient identity solution when what they actually do is patient identity for one specific application, like labs or payments. They don’t provide that identity outside of their system. There’s almost no one addressing the need for a universal identity repository – a database that would handle identity authentication for multiple applications. (That’s what Securlinx offers, and that’s why we are excited about the opportunities we are seeing to help healthcare organizations.)
The other surprise is the absence of the insurance industry. The major insurers are a huge part of healthcare, involved in everything from procedures and protocols to reimbursements and record-keeping. And they see how much money is lost every year from errors and fraud. Yet hey don’t have a presence here and don’t seem to collaborate with other organizations much right now. That will change, though. Collaborating to reduce costs and improve care would be a natural focus for them, not to mention a great marketing message. Insurers are a key component in all this.