hardware

android, fingerprint, google, hardware, SecuGen

The Hamdroid

…or maybe it’s the Andster. At any rate, the Android Hamster or Hamster for Android is on it’s way and whatever the marketers decide to go with, the combination of a reliable, affordable, off-the-shelf, USB fingerprint reader and reliable, affordable, off-the-shelf, tablet devices could be a real game changer.

Artwork not endorsed/approved by Google or SecuGen

Now, for around than $150 all in, tinkerers can purchase a staggering array of hardware and operate it on an open platform. I can’t wait to see what people do with that power. Even before this, folks were applying biometrics to more things than any one person could possibly imagine.

The SecuGen Hamster sells for as low as $79.00.
Android tablets are available for as low as $70.00. I saw some sales circulars in the Sunday paper (Wal-Mart & Best Buy) advertising 7 in. tablets with front-facing cameras and Wi-Fi for $69.99.

Secugen releases fingerprint authentication SDK for Android (Biometric Update)

SecuGen has just announced the release of its FDx SDK Pro for Android.

According to the company, this new SDK will allow developers to add fingerprint authentication to their Android-based software on ARM tablets and smart phones using SecuGen’s Hamster IV and Hamster Plus fingerprint readers. This SDK also incorporates SecuGen’s MINEX tested, FIPS 201/PIV complicate template extraction and matching algorithms.

“We are very excited to be able to offer Android compatibility for our fingerprint readers,” Dan Riley, VP of engineering at SecuGen said. “Our partners have been asking for this and our role, as always, is to provide them with the tools that they need. The FDx SDK Pro for Android is one of several exciting new products that we will be bringing to market in 2013.”

UPDATE: Minor edits, added links to hardware, and bumped.

apple, facebook, google, hardware, ID, mobile, privacy

It’s all ID nowadays

If the one word for the 60’s was plastics and in the 80’s it was all ball bearings, the technology touchstone for the 2010’s figures to be identity.

The “i” in the next iPhone will stand for “identity.” (Cult of Mac)

When people hear rumors and read about Apple’s patents for NFC, they think: “Oh, good, the iPhone will be a digital wallet.” When they hear rumors about fingerprint scanning and remember that Apple bought the leading maker of such scanners, they think: “Oh, good, the iPhone will be more secure.”

But nobody is thinking different about this combination. Everybody is thinking way too small. I believe Apple sees the NFC chip and fingerprint scanner as part of a Grand Strategy: To use the iPhone as the solution to the digital identity problem.

NFC plus biometric security plus bullet-proof encryption deployed at iPhone-scale adds up to the death of passwords, credit cards, security badges, identity theft and waiting in line.

Apple loves to solve huge, hitherto unsolved problems. And there is no problem bigger from a lost-opportunity perspective than digital identity.

The Boston Consulting Group estimates that the total value created through real digital identity is $1 trillion by 2020 in Europe alone.

Read the whole thing. Stripped of the Apple-worship, it’s an astute post.

The link inside the quote above is in the original and the pdf it links to is highly worth a look, as well. From the executive summary…

Increasingly, we are living double lives. There is our physical, everyday existence – and there is our digital identity. Most of us are likely more familiar with that first life than with the second, but as the bits of data about us grow and combine in the digital world – data on who we are, our history, our interests – a surprisingly complete picture of us emerges. What might also be surprising for most consumers is just how accurate and traceable that picture is.

Views on digital identity tend to take one of two extremes: Let organisations do what they need to in order to realise the economic potential of “Big Data,“ or create powerful safeguards to keep private information private. But digital identity can‘t be cast in such black-and-white terms. While consumers voice concern about the use of their data, their behaviours – and their responses to a survey conducted specifically for this report – demonstrate that they are willing, even eager, to share information when they get an appropriate benefit in return. Indeed, as European Commissioner for Justice Viviane Reding remarked, “Personal data is in today‘s world the currency of the digital market. And like any currency it has to be stable and it has to be trustworthy.“ 1 This is a crucial point. Consumers will “spend“ their personal data when the deals – and the conditions – are right. The biggest challenge for all stakeholders is how to establish a trusted flow of this data.

A new type of ID is needed to bind our physical and online selves, payments and hardware. If the tech giants are going to finish off the post office and assume the role of credit card companies, they’re going to have to solve the ID problem. If they solve the ID problem, there’s really no telling how many other business models they can disrupt.

hardware, Information Security, mobile, security

Industry report: mobile malware on the rise

In a departure from our normal biometrics fare, NQ Mobile has a new report [pdf] showing that mobile devices are increasingly being targeted by, and succumbing to, malware developers.

The linked pdf also has a list of the top five most infected markets.

NQ Mobile offers their mobile security suite in both free and premium versions.

Despite warnings that too few people protect access to their mobile device with a PIN, doing so does not prevent authorized users from being tricked into downloading malware. See: The Con is Mightier than the Hack

That means mobile security services are going to be an important factor in keeping the purple bar at the far right of the picture as short as possible.

fingerprint, hardware, mobile, static, swipe

New Dell tablet appears to have a static fingerprint reader

Judging by one of the photos accompanying this item at GottaBeMobile.com, the new Dell Latitude 10 tablet incorporates a static fingerprint reader on the back.

The “static” part of static fingerprint reader refers to the finger as the user interacts with the hardware. With a static reader the finger is held stationary against the sensor. The swipe reader requires the user to drag a finger across the sensor. Though the software behind the swipe reader sensor has improved over time, I’ve found the swipe sensors more difficult to use than static sensors. Nevertheless, probably due to cost considerations and the availability of real estate available for situating the sensor hardware, the swipe fingerprint readers were preferred by the first generation of hardware manufacturers to incorporate fingerprint sensors into mobile devices like laptops and mobile phones.

So, it seems like some combination of the following statements must be true:
-The hardware cost of the static sensors, compared to swipe sensors, has come down*;
-The static reader hardware has gotten smaller;
-The market demand for fingerprint biometrics on mobile hardware has risen;
-And I’m not the only one who prefers using static readers.

Another observation:
It’s difficult to tell from the photo, but the fingerprint reader still looks awfully small — roughly the size of the cell phone camera also visible in the image.

Here’s a good static vs. swipe summary.

*To keep this apples to apples we’re going to leave optical scanners out of this discussion altogether.

eye, hardware, mobile, modality, smartphone, vascular

Eye biometrics with a mobile phone camera

Mobile technology is crying out for better user authentication. Fingerprints would seem like a good match, but there’s a hardware chicken-and-egg problem: no fingerprint sensor hardware means no apps and no apps means no manufacturer has decided (long-term) to drive up the cost of their handset to provide a feature few may use.

That means biometric app developers interested in verification using mobile devices have concentrated on modalities that can use the sensors that are already ubiquitous in mobile hardware.

A phone without a microphone isn’t a phone anymore so the developers of voice biometrics are in pretty good shape. And though a camera isn’t a strictly necessary feature on a mobile device, they all seem to have them. That invites facial recognition, and eye-based biometrics developers into the mobile world.

All three (face, eye, voice) face challenges.

Scan Eyes to unlock spartphones (PSFK)
If I’m reading this article correctly, or more accurately making the correct inference from the picture that accompanies it*, EyeVerify seems to be side-stepping the challenges associated with iris biometrics and camera resolution by switching to an analysis of sclera vasculation — the veins on the white part — for mobile verification.

That’s pretty cool.

See also:
Mobile Devices and Biometric Modalities

* According to the EyeVerify site, that was the correct inference.

authentication, hardware, mobile, voice

Is voice the killer app for mobile ID?

The Rise of Voice Biometrics for Mobile Phones (MIT Technology Review) 

Analysis of voice verification technology from a security angleThe question of course is which biometric system to use. Face, fingerpint and iris recognition are all topics of intense research. But the most obvious choice for a mobile phone is surely voice identification. However, this approach has been plagued with problems.

For example, people’s voices can change dramatically when they are ill or in a hurry. What’s more, it’s relatively easy to record somebody’s voice during authentication and use that to break the system. So many groups have steered away from voice biometrics.

That could be set to change.

Mobile devices already contain the hardware required to deliver two biometric modalities: a camera for facial recognition and a microphone for voice. These modalities present challenges not usually associated with fingerprint biometrics — in the case of facial recognition challenges include lighting and the well-publicized photograph hack; for voice, background noise (etc.) can be a problem — but they offer the advantage that the hardware is “free” and never going to be yanked out of mobile devices. That’s quite an advantage, and it points to why face and voice biometrics are the front-runners for handset biometrics.

This post has a longer discussion of mobile ID management and hardware.

hardware, mobile, modality, palm

Mobile Handset Camera for Palm ID?

KDDI palm authentication app (Ubergizmo)

Well, KDDI might be on to something here with their palm authentication app which runs on smartphones, which is an alternative to facial recognition software and most probably more secure than a fingerprint reader. What makes it even better is this – since it comes with a flash built in, you need not worry about using it in the dark, which is a different case for the face unlock.

Most palm biometrics (for ID management as opposed to forensic applications) use the vascular network of the hand.

This is the first time I’ve seen a palm biometric that uses a photo of a hand as the input.

Though the claims advanced in this very short article aren’t completely coherent (i.e. why can you use the flash for taking a picture of a hand but not a face?), the approach is interesting, especially within the context of mobile ID. Perhaps the greatest hurdle to mobile biometrics has been a mobile hardware chicken-and-egg problem.

So far, speculation about Apple’s future plans notwithstanding, and the short-lived Motorola Atrix, mobile handset manufacturers haven’t been willing to drive up handset costs by adding biometric sensor hardware to a device when there aren’t any applications that use it. Application developers won’t develop applications that can’t be deployed.

Barring a reversal where handset manufacturers add hardware to the devices, the only way out for biometric application developers is to use hardware that is already standard issue on mobile platforms. Besides using the touch-screen for some sort of behavioral biometric application, that means using the phone’s microphone for voice and camera for face, and now, perhaps, palm-based biometrics.

I don’t have an opinion about the viability of palm pattern recognition using cell phone cameras either from the algorithm side or the sensor side, but it is definitely interesting that people are trying to stretch mobile cameras into new applications.

UPDATE:
When I mentioned “using the touch-screen for some sort of behavioral biometric application,” this is what I meant: Your finger swipe could become your password.

To log into the new iPad app she made, computer science student Napa Sae-Bae held her hand open, touched her fingertips to the tablet’s surface, then drew her fingers together until they met in the center. Her app analyzed the way she performed the gesture — the speed of her swipe, the angles between each fingertip — to decide whether to let her in.

UPDATE II: A more detailed article on the palm camera app is out today from phones review, video by engadget.

Seeing the app in action, it’s very impressive.

access control, hardware, logical, passwords, schools

Schools should consider biometrics to protect personal information

Schools put pupils’ information at risk (The Telegraph)

Schoolchildren’s addresses, routes to school and even fingerprints are at risk of exploitation because nearly half of schools have no policy for handling pupil data, researchers have found.

If schools are unable to keep data secure, biometric template information is the last thing that should concern parents.

As the article points out, schools also keep academic records, behavioral records, medical records, socio-economic assessments for administering school lunch programs, home address information, counseling notes and a ton of other information that is much more sensitive than a fingerprint template consisting of a string text characters that cannot be used to learn anything about a student.

Too often, news accounts use biometrics as the ultimate example of private information and the hook on which to hang all sorts of fears the reader is supposed to imagine — i.e. part of the problem — when they are actually part of the solution. Because biometrics are far superior to usernames and passwords for securing personal information, I’d suggest that all electronic access to student information should be controlled biometrically.

Biometrics provide for far more secure information because the biometric sensor hardware itself provides a layer of protection that a keyboard never can provide passwords. In the standard Username/Password regime, the hardware used, the keyboard, offers no additional security. With username/password authentication, a hacker needs only a keyboard to fill in the proper fields and she gains access to the network. If that username/password is a superuser or administrator credential, an organization may see some turnover in the CTO function.

Biometric authentication is very different animal because with biometrics, the hardware layer does provide extra security. If the hacker steals a biometric or unencrypted biometric template (a long character string), she can’t just type it in even if she finds the place in the programming that handles the template. It has to come from the fingerprint sensor. The template resulting from a verification attempt is like a single use password created during the interaction of a physical object (body part) with certain known sensor.

apple, AuthenTec, fingerprint, hardware, mobile, NFC, payments

Recent SEC Filings Reveal More on AuthenTecApple

Apple may put fingerprint scanners in future products (V3.co.uk)

Among the technologies Apple now owns is a type of fingerprint scanner designed for mobile products with Near Field Communication (NFC) built in. AuthenTec’s AES2750 product is a fingerprint scanner that can interact with NFC applications to offer a secure way to log in to various systems.

AuthenTec says the technology can lock and unlock a phone, authorise mobile banking transactions and replace website user names and passwords, all with a fingerprint scan.

SEC filing fans rumors of mobile wallet for iPhone 5 (COMPUTERWORLD)

But how quickly these elements are introduced depends on Apple’s long-range plans for iPhone, and iPad, as well as the maturing of the mobile payments industry infrastructure, a big jump in consumer acceptance and — most of all — trust in the new technology, and how quickly Apple can phase these particular technologies into its supply chain and manufacturing processes.

The fingerprint sensor, many speculate, will be a key part of a full-fledged mobile “digital wallet” using a near-field communication (NFC) radio link to trigger purchases by simply waving the handset over an NFC reader. AuthenTec, an established vendor of a range of smart sensors, identity management (including PC/laptop fingerprint sensors), and embedded security products, announced the deal on July 27. At $365 million, it’s Apple’s biggest buy.

It’s worth pointing out that Josh Franklin at Seeking Alpha predicted the broad outlines of this whole thing a couple of months ago.

apple, AuthenTec, fingerprint, hardware, mobile, NFC

NFC + Fingerprint Biometrics = Cha-ching?

Apple wanted AuthenTec’s “new technology” ASAP for future products (Ars Technica)

There’s a hint that, whatever the tech involved, we won’t have long to wait. According to AuthenTec’s account, Apple wanted to hurry the buyout deal due to its own plans. “Representatives of Apple also noted Apple’s desire to proceed quickly due to its product plans and ongoing engineering efforts,” reads the SEC filing. “As a result of its focus on timing, Apple’s representatives also informed the Company that Apple would not participate in an auction process and would rescind its proposal if the board decided to solicit alternative acquisition proposals for the Company.”

fingerprint, hardware, mobile

Another Tablet with a Fingerprint Reader

Lenovo confirms full Windows 8 ThinkPad tablet (electronista)

The display is a 1366×768 IPS display, with a front-facing 2MP camera, and a rear-facing 8MP camera. Video output is provided by a micro-HDMI port. Wireless connectivity is provided by integrated 802.11n and optional 3G or 4G. A near-field communication (NFC) radio is installed, with biometric security provided by a fingerprint reader.

I think we’ll be seeing more of this. Password technology is already a bit of a nuisance even when a fully functioning keyboard is attached to the hardware. Tablets don’t have keyboards and the virtual keyboards they use are a big step down from their hardware cousins in terms of usability.

I think manufacturers are coming around to the idea that, for tablets, fingerprint readers are more convenient than passwords. Another fact of the mobile computing device market seems to be that convenience trumps security every time.

fingerprint, hardware, sensor, tablet

Fujitsu Releasing Windows Tablet with a Fingerprint Reader

Updated and bumped…

Fujitsu Is Bringing New Tablet to Legal Market (Law.com)

Because of its computer-level power, the Stylistic Q702’s battery life is a fraction of the iPad’s; however, an optional attachable keyboard dock bumps the battery up to about nine hours. Meanwhile, it comes with a number of security-related features, including HDD and BIOS password protection, an embedded TPM (Trusted Platform Module), and a biometric fingerprint scanner.

Tablets are working their way into business process in several large sectors of the economy. Typical username/password authentication is even less convenient on tablets than computers with keyboards.

UPDATE:
Fujitsu, DoCoMo and NEC: let’s go and get some chips (Mobile Entertainment)
Japanese giants form JV to make processors and reduce dependency on third parties. Fujitsu says its new LTE hardware will offer near field communication (NFC) and biometrics.

hardware, mobile, security

Mobile Device Security Hardware Market Analysis: Now $430M; $1.9B in 2017

Mobile device hardware security expected to boom in 2017 (EE Times Asia)

The mobile device hardware security market is currently valued at approximately $430 million. It is projected that by 2017, the market will have grown and will be worth $1.9 billion. The market is currently largely made up of embedded chip security consisting of embedded chip security technology, such as ARM’s TrustZone, and other semiconductor companies’ security solutions. Other factors considered are revenues generated by secure elements for near field communication (NFC) and biometric sensors. However, this landscape will have changed in the next two years.

fingerprint, hardware, logical

Product Review: Military Grade Fingerprint USB Flash Drive

Imation Defender F200 Biometric Flash Drive Review: Secure but Slow (IDG – Norway)

The Defender F200 is not only stylish, it’s highly capable. The drive has been validated to Level 3 of the FIPS 140-2 government security guideline–a lengthy and expensive process. The device uses hardware AES 256-bit encryption and may be configured to use the biometric scanner, a password, or both for a double layer of security. You may also specify two separate fingers to be used for validation. Excuse the morbidity, but it’s recommended that you use a finger from each hand in case you lose the use of an arm. The F200 Biometric, you see, is designed for with the military in mind.