Wednesday, April 23, 2014

Monday, April 21, 2014

Cross Match Acquires DigitalPersona (findBIOMETRICS)
“Cross Match is strong in multimodal biometric technologies and government solutions. DigitalPersona is strong in identity verification and the commercial sector, especially finance, retail and healthcare. So, the fit is highly complementary.”

Friday, April 18, 2014

Veins are great, but that doesn't mean fingerprints are a "gimmick"

Vein-scanning technology may trump fingerprint scanning for payments (Sydney Morning Herald)  But even if the headline is true, it doesn't follow that
"Using our fingerprint is not a secure way to do [authentication]," Professor Susilo said. "It's just like a gimmick."

One of the main benefits of vein and iris scanning is that you don't tend to leave behind iris or vein prints, he said.

As most vein scanner sensors coming out this year require no physical contact, it means there are no residual biometric patterns that could be copied, preventing fraudulent use.

Fingerprints are notoriously easy to lift from surfaces and are not secure, he said, which has been demonstrated by researchers for more than a decade.

In 2002, Japanese researchers showed that fingerprint scanners could be fooled with about $10 worth of household supplies. They also found many fingerprint systems did not detect if someone was "live and well".
Vein scanners are, in fact "more secure" in the sense that there is no latency. You can't leave vein prints behind. But that doesn't mean that fingerprints are a gimmick.

To take the professor in his own terms, how much money worth of household supplies are required to access an unsecured mobile device? How much money worth of household supplies are required to access a device secured by a password? How easy is it to apply the $10 worth of household supplies to cracking the phone? The answers: None, None, Not very. It really isn't that easy to spoof fingerprints without the participation of the person whose fingerprint is enrolled.

Vascular biometrics, on the other hand, have no latency. Nobody leaves behind vein prints. But hardware cost (too expensive) and form factor (too large) disqualify vein sensors' use in mass market mobile devices*. Until about 6 months ago this was true even for fingerprint readers.






*In mobile devices, power consumption is also a big concern. I don't really know if vein readers are power hogs or not. Perhaps the likely infrequency of vein sensor use compared to the screen or audio output means power requirements won't end up being the determining factor for vein reader deployment anyway.

Thursday, April 17, 2014

Newsweek not big fans of facial recognition


Biometric Surveillance Means Someone Is Always Watching (Newsweek) — It's a little hard to tell whether Newsweek is more angry about the "who" or "how."

Wednesday, April 16, 2014

Facial recognition ID's another 40-year fugitive

Suspected NC fugitive from 1970s arrested in Iowa (LaCrosse Tribune)
According to authorities, the man they believe is Carnes moved to Waterloo from Washington state in the summer of 2013. Where he lived before that is a mystery.
Carnes

On July 12, he used the name William Henry Cox to obtain a vehicle title. Then on March 11, he used the identity of Louie Vance to apply for an Iowa driver’s license.

Investigators became suspicious when the Iowa Department of Transportation’s biometric facial recognition program sent up red flags about his driver’s license. The system records the distances between facial features and stores them on a computerized database to compare with measurements on other photos in the system.
See also from March 15...
A promising data point for the durability of facial recognition biometrics
Samsung Galaxy S5 Fingerprint Sensor Security Already Hacked And Compromised (Hot Hardware) — Our perspective on this sort of thing hasn't changed since we wrote this heavily linked post in response to the same demonstration on Apple hardware a few months back.

Long story short: It's not that easy to do, and convenient fingerprint security is way better than not doing anything at all, which is what many of us are doing now.

Tuesday, April 15, 2014

UNITED STATES: Feds Begin Fingerprinting 'High Risk' Medicare Providers and Suppliers (Weekly Standard)

Kenya seeks biometric citizen register

KENYA: State to register all citizens in digital database
The Government will register all Kenyans in a national digital database as a measure of addressing security challenges and arrest cases of fake identification documents. Deputy President William Ruto said the move will see a consolidation of all current registers of persons and development of a common database, which will bear biometric details of all those registered.

This will help the Government to address security issues and enhance planning. The database will contain biometric details of all persons, land, establishments and assets. The registration will start in three months. The database will capture new births registration.
There are some interesting details in the story and some important details are missing. We'll just have to wait and see.

Data privacy in schools is about much more than biometrics

As we've often said before, if schools can't be trusted with private information, biometrics aren't the problem. It's nice to see that education professionals take a broad view of student privacy issues.

State Lawmakers Ramp Up Attention to Data Privacy (Education Week)
As the appetite for educational data on students has grown across the K-12 sector, so has the stated desire among many state lawmakers to try to protect the privacy and security of sensitive student information.

Spurred by concerns that the rise of education technology and the increasing prevalence of new assessments will place student data in unreliable hands or be put to nefarious uses, lawmakers in dozens of states have acted this year to clarify who has what access to student data and to specify the best practices for shielding that data.
Biometrics gets an undue amount of attention where child privacy issues are concerned and they are mentioned quite a few times in the article. The article, however, is written for the education insider so it is missing the "passion" one often finds in the techy press and political news stories.

A gimlet eye on the FBI's face recognition database

The Electronic Frontier Foundation's FOIA request/lawsuit for FBI records about its facial recognition efforts has borne fruit, as we thought it might.

FBI Plans to Have 52 Million Photos in its NGI Face Recognition Database by Next Year (EFF)
The records we received show that the face recognition component of NGI may include as many as 52 million face images by 2015. By 2012, NGI already contained 13.6 million images representing between 7 and 8 million individuals, and by the middle of 2013, the size of the database increased to 16 million images. The new records reveal that the database will be capable of processing 55,000 direct photo enrollments daily and of conducting tens of thousands of searches every day.
Read the whole thing. There's a lot there.

Two of the most interesting revelations come under the headings: NGI Will Include Non-Criminal as well as Criminal Photos, and, Many States Are Already Participating in NGI.

Friday, April 11, 2014

Samsung and biometrics extends PayPal's point-of-sale reach

PayPal launches Galaxy S5 fingerprint-based payments in 25 countries (Android Authority)
Customers can use their finger to pay with PayPal from their new Samsung Galaxy S5 because the FIDO Ready software on the device securely communicates between the fingerprint sensor on their device and PayPal’s service in the cloud. The only information the device shares with PayPal is a unique encrypted key that allows PayPal to verify the identity of the customer without having to store any biometric information on PayPal’s servers”

Walking the walk in the Philippines

Shoe leather and high tech (WalkahWalkah.org)
Beginning the 6th of May 2014, the spokesman of the Commission on Elections James Jimenez and a committed group of Walkahs will walk in the footsteps of the umalohokan, starting from Laoag City and ending in the City of Manila. Along the way, he will be engaging local communities to bring them news about events and decrees that will impact one of their most precious rights: suffrage.
The web site for the effort is very well done and earnestly reflects the importance of proper elections. We wish the Walkahs the best.

You can also follow them on Titter @Walkah_Walkah

Biometrics market forecast to 2020

Biometrics market will be worth $23.54 billion by 2020 at an estimated CAGR of 17.6% (Markets and Markets)
Biometrics provides a high degree of security and convenience which ensures confidentiality of personal information. This is superior to traditional passwords/PINs as these are easily guessed, forgotten, or copied; tokens can be stolen or misplaced. Biometric technology helps in preventing theft as the information is stored in the form of a digital record in the database which makes it highly impossible to reconstruct, decrypt, or manipulate. Biometric uses biological characteristics or features which are inseparable from a person, thus, reducing the threat of loss or theft.
Next Generation Biometric Market
Source: Markets and Markets