The case for mobile fingerprint hardware

Why would Apple add a fingerprint sensor to the iPhone? (Macworld)

Much of the theorizing has revolved around the possibility that Apple will add a fingerprint scanner to the iPhone, either incorporating it directly in the Home button, or, as indicated in a patent granted to the company in 2012, situating it in a dedicated area of the handset’s front screen. Such technology is far from science fiction—and it could actually provide real, tangible benefits to iOS device owners.

Results from French fingerprint payment pilot are in…

Natural Security Succeeds With French Fingerprint Payments Pilot (PYMNTS.com)

What they discovered about biometric payments – a technology many have previously failed to establish – turned out to be even more promising than they expected.

The pilot took place in Villeneuve-d’Ascq and Angouleme in the north of France. The fingerprint technology had high adoption rates, attracted over 900 customers and facilitated over 5,000 payment transactions. Interestingly, more women participated in the trial (53 percent), and the most prominent segment with the highest participation rates were coupled partners and homeowners.

“Feedback was very good. Ninety-four percent of participants were ready to use this payment, Pierre said. “The average transaction amount was €58.60, which is 15 percent higher than the value of average card payments in France.”

Read the whole thing.

If you build it…

Pantech reveals fingerprint-scanning smartphone (MSN – Malaysia)

The biometric reader is built into the phone’s rear panel, as is a small touchpad for unlocking the device. An interesting idea in theory but how it will work in practice is anyone’s guess.

Mobile application developers need to know that the hardware they rely upon will be there. It’s looking more and more likely that, following a false start in 2011, there will be a fingerprint capability in the Android environment. Hopefully it’s here to stay this time.

See:
Mobile Handset Review: Motorola Atrix 4G (The One with a Fingerprint Reader) – Monday, October 31, 2011

Disappointment followed two days later…

Motorola Atrix 2 Has No Fingerprint Reader – Wednesday, November 2, 2011

Bigger, Faster, Cheaper

As databases get bigger, they take longer to search. For a while, and in many applications, nobody really cares. Does it really matter if a criminal database fingerprint search takes one second or 1.5 seconds? A city of 1.5 million people may arrest 40 people on a busy day. In cases like this, the limiting factor to how many times a process can be repeated isn’t in the technology.

But if the world is headed the way many expect, biometric searches of large databases will be moving from applications where fractions of a second don’t matter much, as in the case above, to something that looks a lot more like what banks or large web sites do: handle thousands of transactions per hour among thousands of users with both the quantity of transactions and users fluctuating wildly over the course of a day, and generally increasing over time. Now, how the search happens starts to matter a lot and technique starts to affect cost.

In the biometrics world, sensor and algorithm innovation get a lot of attention. Database architecture and search techniques don’t. This press release from BIO-key is a refreshing change highlighting one technique programmers can use to cope with ever-larger biometric databases.

Accelerated Biometric Indexing Search: New Fingerprint Matcher Design Yields Higher Accuracy at Higher Speeds per Dollar Invested (Press Release via pr-inside.com)

“Using Commercial-Off-The-Shelf (COTS) products, BIO-key is expanding the way a biometric search can be performed which dramatically improves speed over conventional approaches. This revolution comes from the use of a highly parallel search architecture, allowing our solutions to perform faster and look deeper while improving speed and accuracy,” stated Renat Zhdanov, PhD, Vice President, Chief Scientist, BIO-key International.

Initial tests of the new accelerated architecture show speed results of several millions matches per second, on a typical PC. This provides biometric search acceleration of several orders of magnitude on that PC alone. “These performance gains mean the required hardware and support costs for larger systems, or those heavily used in the Cloud from mobile devices or other sources, can now be greatly reduced, providing for thousands of times more throughput per dollar spent,” stated Mira LaCous, Senior VP of Technology and Development, BIO-key International.

TSA ‘PreCheck’ expansion expected to enroll 88,000 in six months (Los Angeles Times)

Starting later this year, the TSA will allow all travelers who pay a $85 fee and submit background information, including fingerprints, to qualify for the program for five years.

In a report filed this week, the TSA estimated that 88,111 travelers would apply for the program in the first six months, with an additional 383,131 fliers applying in the following year.

The vetting process will take two to three weeks, the TSA said.

Scolding university professors on fingerprint time and attnedance

Stories bemoaning the adoption of biometric time-and-attendance systems are a dime a dozen. This piece from Calcutta, India takes the opposite stance in a humorous way.

Look who doesn’t want to get caught bunking (The Telegraph – India)

The attendance system was introduced at the varsity some five months ago and has since burdened teachers with regular classes, a habit hitherto unseen at most colleges in the capital.

“Biometric attendance is insulting. Do professors have to punch their fingers on a machine to prove they work? Does not the varsity believe in our honesty?” said Babban Choubey, the president of Federation of University Teachers’ Associations of Jharkhand.

Industries face different incentives for biometric adoption

Why Do I Get Fingerprinted at 24-Hour Fitness but Not the Bank? (Go Banking Rates)

When discussing the advancements in fraud prevention, executive vice president of the Federal Reserve Bank of Atlanta expressed that the United States is “falling behind the rest of the world in fraud protection, and I’m afraid American consumers are getting the short end of the stick.”

US banks lag behind banks worldwide and American fitness centers when it comes to tightening up ID.

India to require fingerprints before issuing SIM card

Soon You Will Require Fingerprints To Buy A SIM Card (SiliconIndia)

To put an end to the unauthorized distribution and access of SIM cards by fraudsters, the home ministry has asked Department of Telecommunication to explore various measures to take biometric details including fingerprints by cell phone service providers before activating the connection.

India isn’t alone. Pakistan is considering a similar requirement for purchasing a SIM (Subscriber Identity Module) card as a way of more definitively tying mobile phones to their purchasers.

Nigeria implemented a similar system beginning in 2010.

There are several reasons that countries want to do this. Most are related to making it easier (or even possible) to investigate crime. Mobile phones are critically important tools in criminal enterprises such as ransoming kidnapping victims and organized robbery. Terrorists depend upon mobile phones both for communication and to detonate explosive devices: Tele-operators briefed on biometric system (The Nation)

“NADRA being the sole custodian of biometrics of over 96 percent total population of the country, has offered the biometric solution in the wake of Interior Ministry’s grave security concerns over the use of cellular devices in terrorist plots,” the spokesperson said. It should be noted that on December 1, 2012, the Prime Minister, after taking notice of insecure sales mechanism for issuance of SIMs, directed all telecom companies to employ biometric verification for SIMs issuance within two months’ time.

Bulgaria: Fingerprint authentication for Members of Parliament

Bulgarian MPs Switch to Fingerprint Voting System (novinite)

At the beginning of Wednesday’s sitting of Parliament, Mikov announced that the use of biometrics would put an end to the practice of voting with other MPs’ cards.

The use of biometrics was introduced in early 2010.

However, the process of collection of biometric data and their integration into the MP cards in Bulgaria’s 42nd National Assembly was delayed, […]

US: Entry/exit dominating today’s biometrics news

An amendment to the immigration bill being discussed in the Senate Judiciary Committee has been all over the news this morning.

See:
Senators propose fingerprinting at airport security (Click Orlando), and
US senators approve immigration changes requiring fingerprint system at 30 airports (Truth Dive)

This Reuters piece is more detailed:
US panel votes to speed up airport fingerprinting of immigrants (Reuters)

The Senate Judiciary Committee voted 13-5 for an amendment to a wide-ranging immigration bill that would require the installation of devices to check immigrants’ fingerprints at the 10 busiest U.S. airports within two years of enactment of the legislation.

Checks currently are made at airports for foreigners arriving and re-entering the country but not when they leave. “It’s just a matter of having records we can keep so we know where we’re going,” Republican Senator Orrin Hatch of Utah told reporters of his successful amendment.

The committee’s work commands worldwide attention because it’s personal to many people because of their own travel habits, aspirations for immigration or education, or the living situation of friends or loved-ones.

It is also of worldwide importance because the United States will have a large role to play in any eventual interoperable international system accounting for international travel.

The amendment adopted by the committee would, in the event of the bill’s passage, institute a fingerprint-based entry/exit system starting with the ten busiest U.S. airports over two years.

The best framing I have read of the lack of-, case for-, and challenges associated with a decent entry/exit system is David Grant’s Immigration reform: What to do about those who arrive legally but never leave?

And in March, we wrote:

[… R]elevant to integrating the entry and exit points is the percentage of international travelers who enter a country through one international travel node and depart the country from another.

The more nodes, the more travelers, the more complex the travel patterns of international visitors, all of these things place additional pressures on any sort of entry/exit system and these complexities don’t necessarily increase as a linear function.

Of course all of this has bearing on the United States which has every challenge there is. It’s not surprising that, biometrics or no biometrics, the US lacks a comprehensive integrated entry/exit system. A couple of good pilot projects might go a long way towards getting an idea of the exact scope of some of the challenges, though. [emph. added]

With that in mind, does the committee’s amendment fit in with the idea of a “good pilot” project? I think so. Despite reluctance to call anything happening in the ten busiest airports in the country a “pilot project,” so as not to trivialize the challenges involved, the scope of a truly comprehensive entry/exit system accounting for all air, sea and land transport is so vast that it does make “pilot project” seem appropriate here.

But in order for this avenue to a pilot actually to lead there, even in two years, the whole immigration bill currently being fashioned in the Judiciary Committee must pass the full U.S. Senate and House of Representatives. Even if the broader immigration overhaul fails to attract majority legislative support, the 13-5 committee vote may bode well for the pilot on a stand-alone basis. You have to start somewhere.

PayPal would prefer prints to passwords, PIN’s. But…

…as the article concludes, it’s not necessarily an either/or proposition.

Online financial services providers are looking forward to a future where they are less reliant on password technology for authenticating their customers’ identities on line and they seem to have very open minds re biometrics. But can biometrics supplant the password altogether?

PayPal wants to get rid of passwords in favor of biometric security (SlashGear)

However, he [ed. PayPal chief information security officer Michael Barrett] noted that passwords simply won’t go away after biometrics are introduced. It’ll certainly take a while before a new standard can completely take over, especially considering that passwords have been the standard for so many years. So while we could see smartphones with integrated fingerprint scanners, it could be a few years before a new security standard takes over full-time.

Biometrics can be used to overcome some of the limitations of passwords in use cases important to PayPal.

A biometric template is like a really long password your body makes — the example below uses 800 hexadecimal characters — in that sense biometrics allow for more complex passwords the user doesn’t have to remember or write down.

Nevertheless (and in agreement with the quoted article’s concluding paragraphs), rather than making passwords obsolete, biometrics will most probably be used to return the the password to the simplicity of the PIN era, ending the arms race that has required the use of longer, more complex, and more frequently changing passwords.

Real fingerprint template:
2aba08229b3b2a44e72c8f14da168a560a3caf2257add068a7fc1636215bff53152546da3fc8071ea84433a42261f4ff7bc3b455199be8980eea2bb1e922f18aa309e050130d72ca124ecd6e9e86459e60858ff44f71d0c1c4e23b97a9a6554619543e8d347f79ea8fa70db87eaea7f37bf2cac4e697d5525479cc72fb653b5d32089e7b3cbcd01f8dba60eda95a50a31b2dc9ebaf0d5f602a64ff47f06cf97c1b2dc9ebaf0d5f602a64ff47f06cf97c1b2dc9ebaf0d5f602a64ff47f06cf97c1b2dc9ebaf0d5f602a64ff47f06cf97c1b2dc9ebaf0d5f602a64ff47f06cf97c1b2dc9ebaf0d5f602a64ff47f06cf97c1b2dc9ebaf0d5f602a64ff47f06cf97c1b2dc9ebaf0d5f602a64ff47f06cf97c1b2dc9ebaf0d5f602a64ff47f06cf97c1b2dc9ebaf0d5f602a64ff47f06cf97c1b2dc9ebaf0d5f602a64ff47f06cf97c1b2dc9ebaf0d5f602a64ff47f06cf97c1b2dc9ebaf0d5f602a64ff47f06cf97c1b2dc9ebaf0d5f602a64ff47f06cf97c1b2dc9ebaf0d5f602a64ff47f06cf97c1b2dc9ebaf0d5f602a64ff47f06cf97c

The Hamdroid

…or maybe it’s the Andster. At any rate, the Android Hamster or Hamster for Android is on it’s way and whatever the marketers decide to go with, the combination of a reliable, affordable, off-the-shelf, USB fingerprint reader and reliable, affordable, off-the-shelf, tablet devices could be a real game changer.

Artwork not endorsed/approved by Google or SecuGen

Now, for around than $150 all in, tinkerers can purchase a staggering array of hardware and operate it on an open platform. I can’t wait to see what people do with that power. Even before this, folks were applying biometrics to more things than any one person could possibly imagine.

The SecuGen Hamster sells for as low as $79.00.
Android tablets are available for as low as $70.00. I saw some sales circulars in the Sunday paper (Wal-Mart & Best Buy) advertising 7 in. tablets with front-facing cameras and Wi-Fi for $69.99.

Secugen releases fingerprint authentication SDK for Android (Biometric Update)

SecuGen has just announced the release of its FDx SDK Pro for Android.

According to the company, this new SDK will allow developers to add fingerprint authentication to their Android-based software on ARM tablets and smart phones using SecuGen’s Hamster IV and Hamster Plus fingerprint readers. This SDK also incorporates SecuGen’s MINEX tested, FIPS 201/PIV complicate template extraction and matching algorithms.

“We are very excited to be able to offer Android compatibility for our fingerprint readers,” Dan Riley, VP of engineering at SecuGen said. “Our partners have been asking for this and our role, as always, is to provide them with the tools that they need. The FDx SDK Pro for Android is one of several exciting new products that we will be bringing to market in 2013.”

UPDATE: Minor edits, added links to hardware, and bumped.

US: Background check requirements for working in child care facilities

Fingerprint background checks for day care workers in Georgia (Biometric Update)

Georgia’s governor, Nathan Deal has just signed a bill into law that will see national fingerprint and criminal record searches performed for day care workers.

Georgia is joining the 32 states* requiring a check of the FBI fingerprint database and 30 states that require a sate-level fingerprint check for employment as a child care provider.

A table of state-by-state Child Care Center Regulations [pdf] compiled by Child Care Aware® of America shows which states require fingerprint searches of state and federal databases.

Here’s a summary:

The linked pdf contains information on what type of background check (Federal fingerprints, state fingerprints, criminal record check, child abuse registries, sex offender registries) is conducted in each jurisdiction.

The document is current as of April 17, 2013 and the aforementioned table has notes changes in the law that aren’t yet in force.

Observations:
A few states require a search against one of the fingerprint databases but not the other.
Many states require a search against both fingerprint databases but not the state’s sex offender registry.

*plus the District of Columbia and the U.S. Department of Defense. The study accounts for 52 political entities referred to as “states” throughout this post.

“Any sufficiently advanced technology is indistinguishable from magic.”

— Arthur C. Clarke

Fingerprint led to arrest in Dollar General killings, detective testifies (Wichita Eagle)

Detective Tim Relph said a video camera showed the killer walking into the store and quickly leaving after shooting two people with a .22-caliber handgun. The killer tried to exit the store through an entrance door before realizing that the door wouldn’t open from the inside, Relph said. The finger and palm print left on that entrance door proved to be the key to solving the case, he said.

The shooting occurred at 8:01 p.m. on Nov. 30, Relph said, and a computerized fingerprint classification system identified Marshall as a possible suspect by 3:45 the next morning. By 4 a.m., he said, a fingerprint examiner confirmed that the print came from Marshall.

“By 4:30 in the morning there were 50 police officers looking for him,” Relph testified.

Shooting at 8:01 PM. Positive ID before 4:00 AM. That’s less than eight hours. Sometimes, we’re led by various television programs and movies to believe that the process is much quicker than that.

In actuality, given the steps involved, the eight hour turn-around is magical. Because…

Law enforcement, NIST making fingerprint files easier to search (GCN)

Not all AFIS are alike, however. State and local agencies often maintain their own databases, and although there can be some interoperability in a vertical hierarchy of local, state and federal databases, there is very little interoperability horizontally between neighboring jurisdictions. To search different databases, examiners must mark distinctive features for fingerprints manually for different systems, using different coding, notation methods and data definitions.

See also: Law enforcement interoperability, though little discussed, is a big deal

It looks like quite a lot of progress is being made on the interoperability challenges we’ve discussed from time-to-time.

Why some might prefer finger vein to fingerprint

‘Finger vein recognition system’ promises security (Times of India)

[…C]opying and hacking fingerprints to breach security can be stopped by mapping people’s veins to verify their identity. This model can be used to make up for errors and loopholes in the biometric system, where finger prints can be copied easily.

“Using the blueprint of our veins, areas like credit card security and other time attendance systems can be strengthened.

Even shorter answer: there’s no latency.

You got biometrics in my NFC!

SmartMetrics incorporates NFC into biometric chip card

“This will enable institutions to offer a safer NFC solution than that which is currently available since the NFC Biometric Card will only be turned on allowing NFC communication to be inactive until the user touches the cards fingerprint sensor,” Chaya Hendrick, SmartMetric President and CEO said. “All other NFC technologies are inherently unsafe in that the device is always on providing hackers the ability to capture the NFC information even while the NFC product is not being used. Smartphones are a good example of ‘unsafe’ NFC systems.”

Philippines expands biometric law enforcement capabilities

Philippines: US donates two biometric machines to Immigration (Business Mirror)

Lawyer Maria Antonette Mangrobang, BI acting intelligence chief, said with the biometrics equipment the bureau will now to be able to build a wider and more reliable database of the illegal aliens and foreign fugitives wanted by immigration intelligence personnel.

He said, henceforth, the machine will be used to scan the fingerprints of all arrested aliens, and the data will be kept in a database along with their photographs.

A humorous meditation on our modern times

Of course there’s a biometrics angle…

Dermatitis Could Make Fingerprints Unreadable (Scientific American)

Of course, the study was performed not to elucidate ways by which criminals’ hands can help them avoid the long arm of the law. The real purpose was to determine if a lot of people might have problems with increasingly common biometric identification systems. If a thumb scanner must identify your print before you can enter your workplace, a skin condition could leave you out in the cold, perhaps literally, which is only going to make that chapped finger even less readable.

The growth of biometrics is spurring a growth of finger research.