Biometrics + Cryptography

Keeping your passwords safely in the palm of your hand (electropages)

…[C]ontactless palm vein recognition technology is nothing new and was first demonstrated back in 2002 and is widely used. It works by extracting feature data from biometric data. With previous technologies, confidential data was encrypted with this feature data, but when decrypting, the feature data extracted from biometric data would usually be matched with the encrypted data. This does not present a problem when used in a personal device, such as a laptop or smartphone, but when used via an open network such as in the cloud, a more secure decryption technology is necessary to prevent leaks of biometric data.

The article discusses encryption within biometric templates using Fujitsu’s palm vein technology, but the idea would seem to be applicable across biometric modalities.

Hungary: Some fans bristle at stadium palm vein scanners

Soccer-Ferencvaros fans upset by biometric ‘intrusion’ (Yahoo!)

Szebasztian Huber, editor of the Fradi fan website ulloi129.hu said many fans also fear that technological developments would help clubs pass Hungarian Football Association fines — which they regard as too strict — on to them.

Stricter stadium rules also puzzle fans because the number of violent incidents in and around Hungarian stadiums is much lower than 10 or 20 years ago, he added.

“The culture of soccer fans is different everywhere, in some countries (vein scanners) would be tolerated, while elsewhere fans could be upset,” Huber said. “Launching the system highlighting its comfort functions could increase tolerance.”

A look at biometrics and health care fraud

Iris Scans Seen Shrinking $7 Billion Medical Data Breach (Bloomberg)

Iris scanners aren’t just for airport border-control agents and spy movies anymore.

Clinics and hospitals around the world are acquiring technology that identifies people based on physical traits to improve patient safety and stamp out fraud. HCA Holdings Inc. (HCA) hospitals in London, as well as health-care providers across the U.S., are buying so-called biometric technologies.

There’s not an identity management problem hospitals don’t have.

Market forecasts for Face, Hand Geometry modalities

Facial biometrics sector to total $2.9 billion by 2018 (Companies and Markets)

The facial biometrics market has been forecast to reach a total value of US$2.9 billion by 2018, primarily driven by growing security concerns against the backdrop of increasing terrorist attacks, racial and ethnic disturbances, campus violence, random shootouts, riots, burglary, and physical assaults.

Hand geometry industry to be worth $152 million by 2018 (Companies and Markets)

The hand geometry industry has been forecast to achieve a market value of US$151.5 million by 2018, primarily driven by the well established use of the technology in physical access control, time and attendance, point-of-scale, and interactive kiosks.

More at the links.

South Florida: Baptist Health hospitals adopt biometrics for patient ID

New hand scanners being used in local hospital to identify patients (First Coast News)

You used to have to give your name, a form of ID, often a social security number when you checked into hospitals, but now all you may need is your palm.

Baptist Health is using new technology now that identifies each patient by the vein pattern in their hand. The technology is called the Palm Vein Biometric Identification System.

The computer stores the patient’s vein pattern as a binary number connected to your file, so anywhere you go within the Baptist Health system, you can be identified and your records pulled up by simply scanning your hand.

The Director of Information Services, Jim Bilsky, says the motives behind this new technology is to stop identity theft and ID Card sharing. Also to help identify patients that are brought in unconscious during emergency situations.

This one happens t be about patient ID, but it’s hard to think of an identity management challenge hospitals don’t have.

Mobile Handset Camera for Palm ID?

KDDI palm authentication app (Ubergizmo)

Well, KDDI might be on to something here with their palm authentication app which runs on smartphones, which is an alternative to facial recognition software and most probably more secure than a fingerprint reader. What makes it even better is this – since it comes with a flash built in, you need not worry about using it in the dark, which is a different case for the face unlock.

Most palm biometrics (for ID management as opposed to forensic applications) use the vascular network of the hand.

This is the first time I’ve seen a palm biometric that uses a photo of a hand as the input.

Though the claims advanced in this very short article aren’t completely coherent (i.e. why can you use the flash for taking a picture of a hand but not a face?), the approach is interesting, especially within the context of mobile ID. Perhaps the greatest hurdle to mobile biometrics has been a mobile hardware chicken-and-egg problem.

So far, speculation about Apple’s future plans notwithstanding, and the short-lived Motorola Atrix, mobile handset manufacturers haven’t been willing to drive up handset costs by adding biometric sensor hardware to a device when there aren’t any applications that use it. Application developers won’t develop applications that can’t be deployed.

Barring a reversal where handset manufacturers add hardware to the devices, the only way out for biometric application developers is to use hardware that is already standard issue on mobile platforms. Besides using the touch-screen for some sort of behavioral biometric application, that means using the phone’s microphone for voice and camera for face, and now, perhaps, palm-based biometrics.

I don’t have an opinion about the viability of palm pattern recognition using cell phone cameras either from the algorithm side or the sensor side, but it is definitely interesting that people are trying to stretch mobile cameras into new applications.

UPDATE:
When I mentioned “using the touch-screen for some sort of behavioral biometric application,” this is what I meant: Your finger swipe could become your password.

To log into the new iPad app she made, computer science student Napa Sae-Bae held her hand open, touched her fingertips to the tablet’s surface, then drew her fingers together until they met in the center. Her app analyzed the way she performed the gesture — the speed of her swipe, the angles between each fingertip — to decide whether to let her in.

UPDATE II: A more detailed article on the palm camera app is out today from phones review, video by engadget.

Seeing the app in action, it’s very impressive.

Biometrics & the FBI’s Criminal Justice Information Services (CJIS)

Here’s a Storify transcript of this morning’s Tweet Chat about biometrics (#biometricchat).

I offer many thanks to John at M2SYS for asking me to fill in for him and Mike Kirkpatrick for taking time out of his busy schedule to lend his experience to our understanding of the FBI’s use of biometrics for law enforcement and civilian purposes.

Background for the conversation is here.

July, 19 2012 Biometric Chat with Mike Kirkpatrick : Assistant Director in Charge of the Bureau’s Criminal Justice Information Services (CJIS) Division from April 2001 – August 2004.

Powered by Storify

  1. SecurLinx
    Good morning and welcome to this month’s chat on#biometric technology! #biometricchat
  2. SecurLinx
    I’m honored to be filling in for John @m2sys as this month’s host. Thanks for asking me, John!#biometricchat
  3. m2sys
    Good morning to you and thanks for taking over this month’s chat – we really are appreciative of your guest hosting skills! #biometricchat
  4. SecurLinx
    @m2sys The pleasure is mine. AND Thank you, and welcome to Mike @MDKConsulting, for joining us.#biometricchat
  5. SecurLinx
    Today, we will be discussing #biometrics in Law Enforcement (esp. FBI). Our guest is Michael Kirkpatrick. @MDKConsulting #biometricchat
  6. MDKConsulting
    Thanks for the invite! I’m looking forward to this morning’s chat #biometricchat
  7. SecurLinx
    @MDKConsulting Mike finished his FBI career as Asst. Dir. in charge of the FBI’s CJIS center (Apr. 2001 – Aug. 2004) #biometricchat
  8. SecurLinx
    Those dates should give you some idea of the challenges at the FBI’s CJIS. #biometricchat
  9. m2sys
    @SecurLinx Quite a tumultuous time at the FBI’s CJIS…anxious to hear some of Mike’s feedback and insight. #biometricchat
  10. SecurLinx
    Feel free to chip in with your own answers – answer each question (Q1, Q2, Q3, etc.) with A1, A2, A3, etc.#biometricchat
  11. SecurLinx
    Also feel free to submit your own questions during chat or ask other questions of the group. #biometricchat
  12. SecurLinx
    Q1: What was the biggest challenge CJIS faced in the transition from a paper fingerprint system to a fully fledged IAFIS? #biometricchat
  13. MDKConsulting
    A1:There were several challenges. Building the world’s largest #AFIS; IdM had never been done on that scale before… #biometricchat
  14. Note: IdM = Identity Management
  15. MDKConsulting
    A1…Getting the budget to build it ($640M); there were no #fingerprint electronic transmission standards so they had to be.. #biometricchat
  16. MDKConsulting
    A1:…developed (EFTS); Most #fingerprints were still being captured on paper so had to be converted to digital images:… #biometricchat
  17. MDKConsulting
    A1:…Major #FBI workforce retraining; IAFIS didn’t always work as advertised in the early days so alot of downtime #biometricchat
  18. m2sys
    Q1: Were lawmakers at the time reluctant to fund this or was it generally accepted that this was natural maturation? #biometricchat
  19. MDKConsulting
    m2sys A1: Overall, congress was very supportive but this was a high profile project, the only one of its peer projects… #biometricchat
  20. MDKConsulting
    m2sys A1:…(e.g., FAA & IRS modernizations) to succeed. It turned out to be a high risk/high reward project #biometricchat
  21. SecurLinx
    Q2: CJIS is a key part of US ID infrastructure. What is the breakdown between Law Enforcement vs civilian/licensing queries? #biometricchat
  22. SecurLinx
    FBI CJIS is used for firearm background checks, child care workers, financial services employment and more…#biometricchat
  23. BiometricUpdate
    Often wondered about this breakdown myself, actually#biometricchat #biometricchat
  24. MDKConsulting
    A2: #FBI has 2 #fingerprint streams-criminal and civil (licensing & employment checks). Currently ~55% are criminal… #biometricchat
  25. MDKConsulting
    A2:…and 45% are civil. The original IAFIS was designed to process 60K prints/day. #FBI Next Generation Identification… #biometricchat
  26. MDKConsulting
    A2: …(NGI) now easily processes more than 185K/day. Quite a leap forward! #biometricchat
  27. MDKConsulting
    Firearm pre-sale checks (NICS) are name-based, not fingerprint-based. #biometricchat
  28. SecurLinx
    @mdkconsulting Good catch re firearms… done thru the FBI but no fingerprints involved. #biometricchat
  29. SecurLinx
    Q3: What is the next biometric modality CJIS would like to incorporate into IAFIS? #biometricchat
  30. MDKConsulting
    A3: In order of priority, palm prints, face, and iris capabilities will be added to NGI. #biometricchat
  31. BiometricUpdate
    We just wrote about the B12 MORIS system being adopted by FBI. How much time can apps like this save?bit.ly/LYXvug #biometricchat
  32. SecurLinx
    Let’s go quickly to Q4 and then deal with Q3 & Q4 together… #BiometricChat
  33. SecurLinx
    Q4: Then, if the Big Three of #biometrics are Face, Finger/palm print & Iris – Where does DNA fit in?#BiometricChat
  34. MDKConsulting
    A4: There’s an ongoing multi-agency effort on rapid#DNA, which will put a “quick” DNA capability at the …#biometricchat
  35. SecurLinx
    @mdkconsulting Love the quotes around quick. Definitely quick compared to earlier DNA analysis!#BiometricChat
  36. MDKConsulting
    A4:…booking stations. We should see this in the market within the next couple of years. It’ll help solve alot of cases. #biometricchat
  37. MDKConsulting
    A4: #DNA in many ways is the ultimate #biometric but still has many privacy issues associated with it as well as the past… #biometricchat
  38. MDKConsulting
    A4:…relative slowness in getting results. It can prove someone innocent as easily as proving someone guilty, which is… #biometricchat
  39. MDKConsulting
    A4:…good as all in criminal justice should be searching for the truth. #biometricchat
  40. SecurLinx
    @MDKConsulting Excellent point. Biometrics can be evidence of either innocence and guilt. #biometricchat
  41. m2sys
    @MDKConsulting Q4: So DNA quick checks will be at booking stations to circumvent lab analysis in as little as a few years? #biometricchat
  42. MDKConsulting
    @m2sys A4: These are envisioned as a “quick” check as an investigative lead rather than a full-on forensic lab exam #biometricchat
  43. m2sys
    @MDKConsulting Thank you, truly amazing advances in science for DNA processing! #biometricchat
  44. MDKConsulting
    Currently, #FBI is processing criminal fingerprints in just a few minutes. Rapid DNA is envisioned to be more like an hour. #biometricchat
  45. SecurLinx
    Q3/4b: Which (palm, face, iris, DNA) advancement in CJIS capabilities is furthest along? #BiometricChat
  46. SecurLinx
    Last question Q5: What are some near future capabilities related to #biometrics that the FBI would really like to add? #biometricchat
  47. MDKConsulting
    A5: #FBI & law enforcement are looking for smaller, faster, cheaper mobile #biometric collection devices; capability for … #biometricchat
  48. MDKConsulting
    A5:…collection at a distance for fingerprints and iris; implementation of a national palm print capability (a high % of … #biometricchat
  49. MDKConsulting
    A5:…crime scene latents are palm prints); and greater accuracy in facial recognition technology for large databases. #biometricchat
  50. BiometricUpdate
    @MDKConsulting is palm a priority for any particular reason, or is it just an indication of technological advancement? #biometricchat
  51. MDKConsulting
    @biometricupdate: Palm print capability will help to solve many crimes which are unsolved without it. Countries, such … #biometricchat
  52. MDKConsulting
    @biometricupdate: …as Australia, which have implemented palms have reported significant increases in latent matches. #biometricchat
  53. SecurLinx
    That’s all folks. Our sincere thanks to @MDKConcultingMike Kirkpartick for taking the time to talk with us: FBI#biometricchat
  54. SecurLinx
    We kept him a little late but hopefully @MDKConsulting(and you) enjoyed our conversation as much as I did.#BiometricChat
  55. MDKConsulting
    Thanks! I’ve appreciated the opportunity to chat about one of my passions! #biometricchat
  56. m2sys
    @MDKConsulting Thank you for sharing your knowledge with us, it was extremely informative!#biometricchat
  57. SecurLinx
    Thanks @MDKConsulting! Thanks @m2sys for lending me the #BiometricChat hashtag! & to@BiometricUpdate for the questions!

One-Time-Only ID Technologies

Palm vein biometrics for access to mobile phone recharging stations at festivals (Pocket Lint)

New this year is a palm vein reader that will identify you using the pattern of blood vessels just under your skin, saving customers that use the recharging station the hassle of wearing wristbands and showing proof of identity. According to Vodafone, it will even work if your hands are caked in festival mud.

Think of all the ways business keep track of their customers for short periods of time by issuing some sort of token: a bracelet, a hand stamp, a slip of paper with a number on it, or asking for ID for proof of age when they don’t really care who you are, etc.

For many of these cases, the business is only interested a relationship between two things, one of which is a person. In this example, the relationship is between a person and the mobile phone they leave recharging while they rush back to the Garden Stage to hear Suzanne Vega sing Tom’s Diner. But dry cleaners, coat checks, and valets all do something similar.

In other cases, the business is interested in who can go where or do what so they can administer VIP areas, determine who can use the subway, consume alcohol or see an R rated movie.

Many types of business have processes in place that are at least in part about identity management. It’ll be interesting to see if, when and how some of them look to biometrics to make things easier.

Test of English as a Foreign Language (TOEFL) Adopting Voice Biometrics

Press Release: TOEFL® Program Unveils State-of-the-Art Biometric Voice Identification Software to Increase Test Security Globally (News Blaze)

ETS, the creator of the TOEFL® test, announced the introduction of biometric voice identification to maintain fair and reliable TOEFL testing. The newly announced security measure provides an additional proven technique to add to the TOEFL program’s comprehensive security system in authenticating TOEFL test takers globally.

Similar to the highly advanced speaker identification platforms used by government and law enforcement agencies, the software uses statistical pattern matching techniques, advanced voice classification methods, and inputs from multiple systems to compare speech samples from TOEFL test takers. Launched earlier this month, the speaker identification system offers the ability to create voice prints for detailed analysis to validate TOEFL test takers. The new technology will be used as part of test security investigations in 2012 and beginning in 2013 will gradually be used on a larger scale.

“The inclusion of biometric voice identification technology is yet another tool in the TOEFL test security portfolio to ensure test integrity worldwide,” explains David Hunt, Vice President and Chief Operating Officer of ETS’s Global Division. “Including a state-of-the art speaker identification component to the TOEFL’s security system further strengthens our ability to detect attempts to gain an unfair advantage, a common concern in academia today. ETS is committed to identifying and implementing those protocols deemed most effective by leaders in the security industry in safeguarding against fraudulent behavior.”

ETS also administers the SAT test.

See also: New York: Seven Arrested For Alleged SAT Cheating Ring UPDATE: SAT, Biometrics & ROI

Any guess why ETS is considering hand-based biometrics for the SAT but voice-based biometrics for the TOEFL?

Translate »