Monday, April 26, 2010
Friday, April 23, 2010
Some of the new computers... will come with specially-designed keyboards that can only be accessed by the insertion of a smart card into its side and the biometric identification of the designated user’s fingerprint.Token: Something you have.
Password: Something you know.
Biometric: Something you are.
The system described above combines two of the three (and I'd be surprised if passwords aren't used as well) to increase the confidence that those who access the computers in question are who they say they are.
The smart card in this example is the token. Your house key is also a token. Tokens are issued to someone whose identity is known so that they might access a virtual or physical location. The vulnerability of (most) tokens is that they work, no matter who possesses them.
One major redeeming quality of tokens, however is that they are not easily duplicated and when someone loses one, they usually know it and then at least they don't still have it. If there is one key to your house and you lose it, you only have to worry about on key.
This is not true of passwords. Passwords are information and the thing that's great about information is that it's practically free to reproduce and disseminate. That does make for pretty weak security, though. If you lose control of the password to a computer network you might not know it and it can be shared without limit.
Stand-alone, unattended biometric tools are also imperfect solutions. The Mythbusters overcame a fingerprint sensor, for example. But by combining tokens, passwords and biometrics, the security of high value systems can be dramatically improved.
Tuesday, April 20, 2010
I'd like to see more on this.
How unattended is the kiosk?
The kiosk itself reminds me of those amusement machines where prizes are grabbed with a crane, only the prize is your passport.
Hopefully they're on the lookout for Elvis.
Monday, April 19, 2010
Delta is an oil producing state of Nigeria situated in the region known as the Niger Delta, South-South Geo-political zone with a population of 4,098,291.
Friday, April 16, 2010
Can you make an EMP-generating RFID killer for under $100? Someone can.
Wool's latest research centres on the new "e-voting" technology being implemented in Israel. "We show how the Israeli government's new system based on the RFID chip is a very risky approach for security reasons," explains Wool.Well, you can always buy one of these.
Thursday, April 15, 2010
Under this statement, the United States and Germany will develop processes for qualified citizens of either country to apply for both the United States’ Global Entry program and Germany’s Automated and Biometrics-Supported Border Controls (ABG) program, which each use biometrics to identify trusted travelers.
Wednesday, April 14, 2010
Identity management systems buttressed by biometric technologies are a valuable tool in fighting corruption and fraud in the public sector.
Kronos, selected from five responses to a public proposal, will be paid an estimated $410,160 to implement the system and a $45,140 annual maintenance fee.
County officials have estimated the system will save an estimated $1.5 million annually, largely through the elimination of abuse.
Ghost workers and buddy punchers cost the public billions of dollars a year worldwide.
Tuesday, April 13, 2010
Monday, April 12, 2010
Vein Pattern Recognition: A Privacy-Enhancing Biometric - info4security.com
National Identity Card: Paving the Road to Tyranny - GOPUSA.com
Biometric identity management solutions are going to become ubiquitous.
Their value proposition is ultimately irresistible.
Biometric tools should be adopted in a consensual and transparent way, because as is the case with any new technology, abuse is not only possible, it is likely.
Friday, April 9, 2010
In secondary inspection Franco-Matos fingerprints were queried by CBP Officers to the FBI Criminal Justice Information database, and the comparison resulted in an identical match to an alien previously removed as an aggravated felon by the name of Julio Cesa-Soto.In contrast to yesterday's post, this one shows the power biometrics can bring to an identity management system.
In modern times, a person's name has been the datum most commonly used to differentiate among individuals. This is evident in our use of language: keeping one's good name; name brand; household name; etc.*
Names recommend themselves in several ways. Names are used universally. Names are (approximately) unique. They can be represented with text, making for efficient transmission and search. Names are durable and their changes, as in the case of marriage or legal name changes, are governed by well-known social conventions.
Names have always been the cornerstone of identity management systems and those with an antisocial bent have always recognized the value of subverting the defenses a society erects in order to function smoothly. Enter the alias. If you wear out a decent name, simply get another and open up shop again.
Mr. Franco-Matos was simply following the well-worn trail blazed by his criminal forebears, only this time it led straight to jail. The newly minted Julio Cesa-Soto caused no harm. What happened?
It appears that US Customs Border Protection recognized a weakness in an identity management system that was otherwise performing quite well. In this case it appears that the weakness derived from a combination of aliasing and document forgery.
It turns out that biometric ID management solutions are a very good way of dealing with the alias problem.
*The concept of "face" would be an interesting digression here.
Thursday, April 8, 2010
PERSONAL details of thousands of Britons have been put at risk after their passports were lost or stolen in the post, it emerged yesterday.If an organization is doing everything it can and still faces identity management challenges, biometric tools are an excellent way to further reduce uncertainty about people's identity.
If, however, other weaknesses exist in the ID management chain, the addition of biometric tools may not improve security as much as the user expects.
Adding biometric tools to a flawed system can help create a false sense of security. After all, if you know your system is insecure you act a certain way to minimize risk. If you think your system is bulletproof and it is not, really bad things can happen.
Wednesday, April 7, 2010
Identifying illegal immigrants at the Monterey County Jail just became easier for law enforcement officials.U.S. Immigration and Customs Enforcement announced Tuesday it has implemented a biometric system at the jail allowing them to receive instant updates on the immigration status of new inmates.
Tuesday, April 6, 2010
The Biometrics Identity Management Agency (BIMA) has a responsibility that spans the entire U.S. Department of Defense (DoD), and would specifically support the DoD's "authoritative biometrics database" in the name of national security.