Wednesday, April 30, 2014

LastPass Adds Galaxy S5 Fingerprint Scanner Support — This is the kind of stuff Apple won't be doing any time soon.

Monday, April 28, 2014

Facial recognition technology is still in its infancy (CSO) — As the article spends a fair amount of time on, there's a significant difference in system performance with cooperative vs. non-cooperative users.

Private sector biometric time-and-attendance systems are gaining steam (Channel News Asia) — "...institutions including banks, schools and polyclinics have also expressed interest in such systems, adding that demand has increased by 30 per cent annually for the past three years."

DHS testing biometric exit devices at mock airport this summer (Fierce Homeland Security) — The law requiring the DHS to implement such a system is a lot older than the DHS is.

Friday, April 25, 2014

Praise for Ann Cavoukian, Privacy Commissioner of Ontario

Canada's Global Player in the Privacy Debate (
To Cavoukian, the notion that personal privacy is sacrificed for the greater good -- from health reporting to communications tracking -- is the lazy way out. She has developed what she calls Privacy by Design, the idea that personal privacy protections and new technology advancements can actually live in harmony. “Why do we have to look at it as one interest versus another?” she asks. “I always call it the power of ‘and.’ Get rid of the word ‘versus;’ substitute the word ‘and.’ I want privacy and security.”
We have also had good things to say about Ms. Cavoukian in the past.

We're all ears

New academic research on ear biometrics...

3D Ear Identification Based on Sparse Representation (Forensic Magazine)
Compared with classical biometric identifiers such as fingerprint and face, the ear is relatively a new member in the biometrics family and has recently received some significant attention due to its non-intrusiveness and ease of data collection. As a biometric identifier, the ear is appealing and has some desirable properties such as universality, uniqueness and permanence. The ear has a rich structure and a distinct shape which remains unchanged from 8 to 70 years of age as determined by Iannarelli in a study of 10,000 ears. The recognition using 2D ear images has a comparable discriminative power compared with the recognition using 2D face images.
If you click through to the whole study at, the authors (Lin Zhang, Zhixuan Ding, Hongyu Li & Ying Shen) have made the Matlab source code for the ear matching algorithm available. That's really neat.

From our first post on ear biometrics in 2010...
-Facial recognition accuracy is degraded as the pose angle diverges from a full frontal view. As pose angles get bigger, an ear will come into view. Tying an ear-recognition system to a face recognition system could make more identifications possible, especially with a non-participating subject.

-Ears aren't really that stable. They grow throughout life, as the quote above addresses.
-As high school wrestlers can attest, ears are easily deformed by trauma.
-Hair obscures significant portions of the ear in a significant percentage of the population.

Washington DC: Participate in biometric system testing and earn $95

Seeking individuals to participate in an ID verification research study. (Upper Marlboro Patch)
Participants will be asked to pass through a simulated identification area that uses safe, commercially available sensors like high definition cameras. The simulated screening area will also test the usefulness of safe biometric scanners that are currently being used by other countries at border crossings such as fingerprint identification.

Video of gait analysis in action

This Security Solution Says It Can Figure Out If You Are Safe Or Dangerous By Scanning Your Skeleton (Business Insider - Australia)
They’re using a standard 2D surveillance camera to analyse a person’s motions and create a “skeletal map,” which shows the distance between joints and how they move. By comparing this map with future scans, Extreme Reality can detect any differences in movements that might indicate signs of stress and red flags. The system uses complex algorithms to detect these differences, and according to Extreme Reality, it is more than 90% accurate.

See for yourself...

Thursday, April 24, 2014

This kind of thing makes fingerprint spoofing even harder

Samsung patent suggests multi-fingerprint e-wallet authentication and gesture control (Android Authority)
Applications for fingerprint scanning are quite limited at the moment...

The future may hold a bigger promise, however. A patent application made by Samsung indicates that the company may be working on an even more innovative use of fingerprint scanning for authentication. In the patent application, Samsung describes several methods for authenticating a purchase, such as through PIN, password, pattern, and even fingerprint scans. An interesting addition is the inclusion of multiple fingers for stronger authentication.
Uncertainty over which fingerprint was used — or in the not too distant future, which combination of fingerprints are used — would go a long way towards making the already difficult task of fingerprint spoofing even harder.

Wednesday, April 23, 2014

Monday, April 21, 2014

Cross Match Acquires DigitalPersona (findBIOMETRICS)
“Cross Match is strong in multimodal biometric technologies and government solutions. DigitalPersona is strong in identity verification and the commercial sector, especially finance, retail and healthcare. So, the fit is highly complementary.”

Friday, April 18, 2014

Veins are great, but that doesn't mean fingerprints are a "gimmick"

Vein-scanning technology may trump fingerprint scanning for payments (Sydney Morning Herald)  But even if the headline is true, it doesn't follow that
"Using our fingerprint is not a secure way to do [authentication]," Professor Susilo said. "It's just like a gimmick."

One of the main benefits of vein and iris scanning is that you don't tend to leave behind iris or vein prints, he said.

As most vein scanner sensors coming out this year require no physical contact, it means there are no residual biometric patterns that could be copied, preventing fraudulent use.

Fingerprints are notoriously easy to lift from surfaces and are not secure, he said, which has been demonstrated by researchers for more than a decade.

In 2002, Japanese researchers showed that fingerprint scanners could be fooled with about $10 worth of household supplies. They also found many fingerprint systems did not detect if someone was "live and well".
Vein scanners are, in fact "more secure" in the sense that there is no latency. You can't leave vein prints behind. But that doesn't mean that fingerprints are a gimmick.

To take the professor in his own terms, how much money worth of household supplies are required to access an unsecured mobile device? How much money worth of household supplies are required to access a device secured by a password? How easy is it to apply the $10 worth of household supplies to cracking the phone? The answers: None, None, Not very. It really isn't that easy to spoof fingerprints without the participation of the person whose fingerprint is enrolled.

Vascular biometrics, on the other hand, have no latency. Nobody leaves behind vein prints. But hardware cost (too expensive) and form factor (too large) disqualify vein sensors' use in mass market mobile devices*. Until about 6 months ago this was true even for fingerprint readers.

*In mobile devices, power consumption is also a big concern. I don't really know if vein readers are power hogs or not. Perhaps the likely infrequency of vein sensor use compared to the screen or audio output means power requirements won't end up being the determining factor for vein reader deployment anyway.

Thursday, April 17, 2014

Newsweek not big fans of facial recognition

Biometric Surveillance Means Someone Is Always Watching (Newsweek) — It's a little hard to tell whether Newsweek is more angry about the "who" or "how."

Wednesday, April 16, 2014

Facial recognition ID's another 40-year fugitive

Suspected NC fugitive from 1970s arrested in Iowa (LaCrosse Tribune)
According to authorities, the man they believe is Carnes moved to Waterloo from Washington state in the summer of 2013. Where he lived before that is a mystery.

On July 12, he used the name William Henry Cox to obtain a vehicle title. Then on March 11, he used the identity of Louie Vance to apply for an Iowa driver’s license.

Investigators became suspicious when the Iowa Department of Transportation’s biometric facial recognition program sent up red flags about his driver’s license. The system records the distances between facial features and stores them on a computerized database to compare with measurements on other photos in the system.
See also from March 15...
A promising data point for the durability of facial recognition biometrics
Samsung Galaxy S5 Fingerprint Sensor Security Already Hacked And Compromised (Hot Hardware) — Our perspective on this sort of thing hasn't changed since we wrote this heavily linked post in response to the same demonstration on Apple hardware a few months back.

Long story short: It's not that easy to do, and convenient fingerprint security is way better than not doing anything at all, which is what many of us are doing now.

Tuesday, April 15, 2014

UNITED STATES: Feds Begin Fingerprinting 'High Risk' Medicare Providers and Suppliers (Weekly Standard)

Kenya seeks biometric citizen register

KENYA: State to register all citizens in digital database
The Government will register all Kenyans in a national digital database as a measure of addressing security challenges and arrest cases of fake identification documents. Deputy President William Ruto said the move will see a consolidation of all current registers of persons and development of a common database, which will bear biometric details of all those registered.

This will help the Government to address security issues and enhance planning. The database will contain biometric details of all persons, land, establishments and assets. The registration will start in three months. The database will capture new births registration.
There are some interesting details in the story and some important details are missing. We'll just have to wait and see.

Data privacy in schools is about much more than biometrics

As we've often said before, if schools can't be trusted with private information, biometrics aren't the problem. It's nice to see that education professionals take a broad view of student privacy issues.

State Lawmakers Ramp Up Attention to Data Privacy (Education Week)
As the appetite for educational data on students has grown across the K-12 sector, so has the stated desire among many state lawmakers to try to protect the privacy and security of sensitive student information.

Spurred by concerns that the rise of education technology and the increasing prevalence of new assessments will place student data in unreliable hands or be put to nefarious uses, lawmakers in dozens of states have acted this year to clarify who has what access to student data and to specify the best practices for shielding that data.
Biometrics gets an undue amount of attention where child privacy issues are concerned and they are mentioned quite a few times in the article. The article, however, is written for the education insider so it is missing the "passion" one often finds in the techy press and political news stories.

A gimlet eye on the FBI's face recognition database

The Electronic Frontier Foundation's FOIA request/lawsuit for FBI records about its facial recognition efforts has borne fruit, as we thought it might.

FBI Plans to Have 52 Million Photos in its NGI Face Recognition Database by Next Year (EFF)
The records we received show that the face recognition component of NGI may include as many as 52 million face images by 2015. By 2012, NGI already contained 13.6 million images representing between 7 and 8 million individuals, and by the middle of 2013, the size of the database increased to 16 million images. The new records reveal that the database will be capable of processing 55,000 direct photo enrollments daily and of conducting tens of thousands of searches every day.
Read the whole thing. There's a lot there.

Two of the most interesting revelations come under the headings: NGI Will Include Non-Criminal as well as Criminal Photos, and, Many States Are Already Participating in NGI.

Friday, April 11, 2014

Samsung and biometrics extends PayPal's point-of-sale reach

PayPal launches Galaxy S5 fingerprint-based payments in 25 countries (Android Authority)
Customers can use their finger to pay with PayPal from their new Samsung Galaxy S5 because the FIDO Ready software on the device securely communicates between the fingerprint sensor on their device and PayPal’s service in the cloud. The only information the device shares with PayPal is a unique encrypted key that allows PayPal to verify the identity of the customer without having to store any biometric information on PayPal’s servers”

Walking the walk in the Philippines

Shoe leather and high tech (
Beginning the 6th of May 2014, the spokesman of the Commission on Elections James Jimenez and a committed group of Walkahs will walk in the footsteps of the umalohokan, starting from Laoag City and ending in the City of Manila. Along the way, he will be engaging local communities to bring them news about events and decrees that will impact one of their most precious rights: suffrage.
The web site for the effort is very well done and earnestly reflects the importance of proper elections. We wish the Walkahs the best.

You can also follow them on Titter @Walkah_Walkah

Biometrics market forecast to 2020

Biometrics market will be worth $23.54 billion by 2020 at an estimated CAGR of 17.6% (Markets and Markets)
Biometrics provides a high degree of security and convenience which ensures confidentiality of personal information. This is superior to traditional passwords/PINs as these are easily guessed, forgotten, or copied; tokens can be stolen or misplaced. Biometric technology helps in preventing theft as the information is stored in the form of a digital record in the database which makes it highly impossible to reconstruct, decrypt, or manipulate. Biometric uses biological characteristics or features which are inseparable from a person, thus, reducing the threat of loss or theft.
Next Generation Biometric Market
Source: Markets and Markets

Monday, April 7, 2014

UK: Brighton clubs install scanners to catch underage drinkers after police sting — Similar deployments have been tried in Australia, India, and Scotland.

Where's the Danger in “Scanning Kids?” (Source Security) — Because if schools can't be trusted with private information, biometrics aren't the problem.

Wednesday, April 2, 2014

Emirates: Police car uses seven live cameras to identify people via facial recognition software (Gulf News)

MarketsandMarkets: Global market for image recognition technology to grow from $9.65 billion in 2014 to $25.65 billion by 2019 at a Compound Annual Growth Rate (CAGR) of 21.6% from 2014 to 2019.

Tuesday, April 1, 2014

The Search for the Perfect Biometric Is Over. The next big thing in biometrics is your wrinkly elbow.

Elbow scan
Forget digital fingerprints, iris recognition and voice identification, the next big thing in biometrics is your wrinkly elbow. Just as a fingerprints and other body parts are unique to us as individuals and so can be used to prove who we are, so too are our elbows. Computer scientist Eric Praline of the University of Housinge, has now demonstrated how an elbow wrinkle scan could be used to identify us for a range of cutting-edge applications.

The approach is based on infra-red scanners located in chair or automobile armrests and could be used to quickly register and identify people in a moving car as they approach passport control or in airport lounges for instance or as they sit in their offices to begin their day's work.

Praline has tested the approach and achieved accuracy of around 97 percent, this coupled with other factors such as having the correct heart rate, sitting in the right chair or tied to other biometrics such as the topography of your rear-end and earwax analysis could be used to prevent deception and fraud. Rubber fingers can be used to dupe fingerprint systems. Documents can be forged. "But most people walk around with their elbows covered most of the time so the odds of elbow spoofing are quite low," says Praline.

When asked how this new modality might stand up against the relentless health-and-beauty industry assault on wrinkly elbows, Praline remained confident that elbows are the "killer app" biometrics have been waiting for. "While various creams, ointments and unguents exist to ameliorate the effects of aging upon the skin of the human elbow, those treatments only serve to reduce the prominence of the elbow wrinkles, not to eliminate them altogether. Sit tight. The days of ubiquitous elbow scanners are closer than many are prepared to admit."