Tuesday, December 23, 2014

BYOD driving demand for mobile biometric hardware

In 2011, we observed that:

Mobile hardware is a tricky business. There is a tension between the market signals coming from the "make 'em cheaper" vs the "make 'em more secure" crowds.


It looks like that is set to change in a big way...

BYOD Security to Improve With Mobile Device Biometrics
IHS technology supports that claim and reports that mobile companies will drive that growth through the use of fingerprint sensors, a market that could be valued at $1.7 billion by 2020. "Fingerprint sensors have arrived in force and we are forecasting that shipments of fingerprint enabled handsets and tablets will reach 1.4 billion units by 2020," Marwan Boustany, senior analyst at IHS Technology, told the publication.
As with many things in the technology world — domestic air travel, vehicle air bags, mobile phones, etc. — mobile biometric hardware started out with high cost and limited appeal. If International Data Corporation (IDC) is correct in its assessment, mobile biometrics could take a similar path to ubiquity.
Juniper: Biometrics, NFC top tech trends of 2015 (SecureIDNews)
The number one trend is secure data by using encryption, tokenization and biometric authentication. In the wake of a number of high profile security breaches, cloud service providers need to regain trust at both the enterprise and consumer level.

Monday, December 22, 2014

US: Los Angeles County acquiring multimodal biometric ID system

LA County Sheriff’s Department to Start Collecting Face and Eye Scans (The Epoch Times)
Thai argues the new data collection will actually protect people from identity theft and will avoid wrongful arrests.

“Sometimes we arrest people, and they don’t use their real name, so by having a better way to identify that person, it will protect the public [from] those that will get their name used by somebody else,” he said.

The technology will be used by all of the approximately 46 law enforcement agencies in Los Angeles County. It will take about 15-18 months to be installed and fully operational.
LA County may be one of the more complex law enforcement environments in the developed world.

Technology is neutral

WikiLeaks Releases Alleged CIA Documents Detailing Travel Tips For Undercover Agents (IBT)
“The two classified documents … detail border-crossing and visa regulations, the scope and content of electronic systems, border guard protocols and procedures for secondary screenings,” WikiLeaks said, in the statement. “The documents show that the CIA has developed an extreme concern over how biometric databases will put CIA clandestine operations at risk.”

In the leaked documents, the CIA also expressed concerns over the impact the implementation of a biometric security system in the Schengen Area would have on its undercover operatives traveling under false identities, adding that it would “increase the identity threat level for all US travelers.” The Schengen Area comprises of a bloc of 22 European nations that have relaxed passport and border controls at their common borders.
Biometrics can be used to suss out identity fraud among organized criminals. Biometrics also appear to be greatly complicating the activities of intelligence agencies to move assets from country to country.

The technology doesn't care.

Monday, December 15, 2014

Being realistic about passwords

Ping Identity engineer: On second thought, passwords may be okay (FierceEnterpriseCommunications)
In the first part of a new discussion with Paul Madsen, a senior technical architect in Ping's office of the CTO, I first asked whether Ping truly did intend to resurrect the password as a viable mechanism by way of supporting FIDO 1.0.

Paul Madsen, Senior Technical Architect, Ping Identity: It's less a resurrection than just trying to be a little bit realistic about what FIDO does, and what it can do. Half of the FIDO specification set--U2F, specifically--pretty much assumes that there are still passwords in the mix. FIDO, arguably more so than killing off passwords, just mitigates some of their worst problems, particularly the risk of bulk compromise of the password database, as we see more and more.
Two things jump right out of this article. The first is the realistic treatment of the fact that passwords aren't going the way of the dodo any time soon. The second is that passwords that control access to databases of passwords are very different than passwords that control access to an individual account.

The big scores are database hacks.

See also:
FIDO is not the end of passwords (and that's OK) at the Ping Identity blog. It's well worth it.

Friday, December 12, 2014

Face rec ATM debuts in Baltimore

Face-scanning ATM test in Baltimore (PYMNTS)
Securityplus Federal Credit Union is installing the biometric ATM at one of its seven branches. Instead of calling in each member for a photo session, the ATM will snap a picture after members enter their eight-digit PIN. When the member later returns to the ATM for another transition, if the face is deemed a match, the transaction is granted without requiring the PIN again.

Predicting the future of security

IDC Reveals Worldwide Security Predictions for 2015 (TMCnet)

Some excerpts:

2. Biometric Identification - Mobile devices have biometric capabilities and in 2015 we expect that 15% of those devices will be accessed biometrically, and that number will grow to 50% by 2020.

5. Security SaaS - Enterprises will be utilizing security software as a service (SaaS) in a greater share of their securiy spending. By the end of 2015, 15% of all security will be delivered via SaaS or be hosted and by 2018 over 33% will be.

6. User Management - By 2016, multi-factor authentication will be the primary method of access control used by 20% of enterprises for highly privileged or otherwise sensitive accounts.

There's a lot more good information at the link.

Wednesday, December 10, 2014

Vascular biometrics have a lot to offer

Hitachi finger vein scanner could secure large venues (Network World)
The scanner is able to confirm a person’s identity by detecting finger vein patterns, which are unique to each person. It works regardless of the number of fingers used or their orientation above the scanner surface, allowing it to process about 70 users per minute.
Vascular biometrics have a lot to offer. There's no latency (i.e. no prints left behind). They're contactless, and they're getting faster.

Well, he will be soon, he's very ill.


The Dead Collector: Bring out yer dead.
Man With Dead Body: Here's one.
The Dead Collector: That'll be ninepence.
That Claims It Isn't: I'm not dead.
The Dead Collector: What?
Man With Dead Body: Nothing. There's your ninepence.
The Dead Collector: 'Ere, he says he's not dead.
Man With Dead Body: Yes he is.
That Claims It Isn't: I'm not.
The Dead Collector: He isn't.
Man With Dead Body: Well, he will be soon, he's very ill. [Source]

FIDO 1.0 Specifications are Published and Final Preparing for Broad Industry Adoption of Strong Authentication in 2015 (FIDO Alliance)
“Today, we celebrate an achievement that will define the point at which the old world order of passwords and PINs started to wither and die,” said Michael Barrett, president of the FIDO Alliance. “FIDO Alliance pioneers can forever lay claim to ushering in the ‘post password’ era, which is already revealing new dimensions in Internet services and digital commerce.”
FIDO is doing great work at developing standards for managing online identity without passwords.
FIDO's press release and this article at PC World explain what FIDO is up to quite well and the people behind FIDO are to be commended for tackling a serious issue, the solution to which could add significantly to the value proposition for businesses and customers interacting over electronic networks.

Just don't fall for all the "death of passwords" hype that is out there in other places.




Passwords are going to be around for a long, long time but FIDO is doing a great job of corralling them back to where they can do the most good with the least annoyance.

See also:
Why Passwords are Great

Fingerprint credit cards headed to the UK

New Biometric MasterCards Take Norway; Britain is Next (findBIOMETRICS)
So next year the card is going to make its debut in Britain, a country that seems to have recently come around to the benefits of biometric technology, having fully embraced biometric airport screening after a disastrous initial go of it a decade ago. The fingerprint scanners in MasterCard’s new credit cards are, of course, for authentication purposes, and will replace the PIN system currently in use in Britain.

Thursday, December 4, 2014

Tech firms developing privacy expertise

Eid Passport Lawyers Up On Biometric, Data Issues (findBIOMETRICS)
To those outside the industry it may seem like an odd thing to announce, but those in the fields of identity management and biometrics are likely well aware of the anxieties percolating as data-collecting technology steadily creeps into many facets of contemporary life...

Biometrics for secure medical records access

NSTIC pilot uses biometrics to bring identity management to seniors (Fierce Government IT)
Members of AARP, a nonprofit group that serves adults 50 years or older, are testing technology to help them better manage their digital identities in a simple, but more secure way using biometrics. It's just one of 15 federally funded pilots that was recently highlighted by the National Institute of Standards and Technology.

Access control upstages video surveillance

The Press Release for this Memoori market research study contains a lot of great information...
The Physical Security Business in 2014

This steady consistent growth since 2011 has been driven by a combination of factors including strong growth in IP Video Networking and IP Access Control products, buoyant markets in Asia and North America and higher levels of penetration in vertical markets such as transport, retail, health and education.

ACCESS CONTROL MOVES TO IP AND DELIVERS CUSTOMER VALUE PROPOSITIONS

Access Control, for so long the poor relative of Video Surveillance, this year it has come out of the shadows and upstaged it by delivering a higher growth rate and we forecast that it will continue to increase its growth rate over the next 5 years.
This will be achieved by moving to IP Technology and integrating Access Control with Identity Management. There can be no doubt about the business case for integrating these services. Identity Management for the purpose of Access Control has given rise to a number of major acquisitions in the last 5 years. September 2010 saw a flurry of activity with the purchase of L-1 Identity Solutions by Safran for $1.1 billion, 3M’s purchase of Cogent Systems for $430m, the merger of AuthenTec and UPEK. In 2014 whilst the number of deals declined, this group accounted for 19.2% of the total number of acquisitions and 5.6% of the total value.
Access control through a standard card reader system is a weakness particularly at a time when risk of corporate theft, malicious damage to staff and property and terrorism has increased. The need for a more secure system incorporating biometric devices to authenticate identity and manage the process is becoming a standard requirement for new systems in high security areas.
Physical Identity and Access Management (PIAM) is also a service that promises to deliver further growth opportunities. It enables common policy, workflow, approval, compliance automation and life cycle management of the identity / badge holder (employee, contractor, visitor, temps) across disparate physical security systems. The key benefit from PIAM solutions is operational cost reductions that can be delivered through this platform providing a bridge between the disparate systems, without stripping out and starting again. PIAM has so far failed to attracted the mainstream PACS business.
There is a steady stream of alliances and partnerships between PIAM Software companies & PACS companies but so far we have not identified any mergers and acquisitions. Information on the business is pretty sparse and most “best estimates” on the market size range around $150 million. This if accurate is quite small considering that virtually all Fortunes Top 500 companies must have installed one.

IMPROVED PERFORMANCE, ROI & REDUCED TCO

Now has to be the time to dig even deeper and for manufacturers to increase their efforts to align the motivation of security buyers to invest in better performing systems through educating and training both themselves and those in the distribution channel in order to drive out all the benefits.
Whilst technology has been the enabler of change, the driver and motivator is now clearly to channel this to deliver products and services that increase productivity and provide a better ROI and reduce the TCO. This is gradually changing the buyers culture from believing that physical security is a pure cost centre to a profit centre.
Security, sadly, is still regarded by most end users as a cost center and as such has been towards the end of the food chain for capital investment. This can be crucial when budget reductions are on the agenda. However a gradual change in attitude by buyers is taking place. Specifically that security can be a cost saver when reducing shrinkage (retail) and that when integrated with other services it can increase productivity in the business enterprise and therefore reduce operational costs. This has been made possible through IP convergence and in some vertical markets such as retail there is a growing belief that IP Video Surveillance should be treated as a profit centre.
This has had a major impact on increasing the value-add on security projects. The market has not been slow to see the opportunities and changing requirements for more converged and integrated solutions. In order for companies to deliver such systems many have decided that it is necessary to acquire, merge or form alliances and partnerships with other suppliers. In order to maximize the opportunities of delivering on ROI it is vital for suppliers to have specialist knowledge and experience in vertical markets. But equally important is to have the networking skills to join all the vertical and horizontal layers of product together with the analytical software and interface with the other building services software and finally join them to the business enterprise. Video Surveillance is already on route to establishing an important role in the Building Internet of Things (BIoT) and the wider IoT.

Wednesday, December 3, 2014

Marketers look to "facial coding" program

The new technology that can read your face, and your mind (Yahoo - Australia)
Using the camera in your personal device, the new facial recognition software interprets your emotions by mapping the minute movements of your eyes when you smile, your mouth when you gasp or the furrow of your brow when you are confused.

“They use the technology to make sure that people have understood their content,” Matt Newcomb from Proctor and Gamble said.
Some (me included) might quibble that this isn't technically a facial recognition system because it isn't used to uniquely identify an individual within a larger set of individuals even though true face-rec and this emotional response detector use some of the same underlying technologies.

Some organizations that opt for this type of technology will do a better job of explaining its use than others.

Ghana: Praise for biometric health insurance scheme

Government has been commended for giving full backing to the Biometric Registration System adopted recently by the National Health Insurance Authority (NHIA) to ensure greater patronage. (Spy Ghana) — the new system has completely abolished the three months waiting period which, hitherto, newly –registered members had to go through before getting their membership Cards.

The Nitty Gritty of fingerprint algorithm testing

re:ID podcast — The Minutiae Interoperability Exchange Test
Gina Jordan and NIST researcher Patrick Grother discuss the ins and outs of how some fingerprint templates are made and how the US National Institute of Standards and Technology (NIST) provides the service that allows algorithm developers to test them (6:26 min.).

Biometrics in US v ISIS Co-In

U.S. expects some familiar faces among Syria rebel recruits (Reuters)
The Pentagon has estimated that it can train 5,400 recruits in the first year and that up to 15,000 will be needed to retake areas of eastern Syria controlled by Islamic State. It hopes more training sites might allow training of more recruits.

They will face a thorough vetting, including psychological exams and gathering of biometric data, the official said. Candidates' names would be run through U.S. databases and shared with regional allies for checks.

Tuesday, December 2, 2014

Ghana streamlines payments to employees

GhIPSS hails National Service e-zwich agreement (Ghana Web)
The National Service Scheme announced a change in the mode of payment of allowances last week, saying from January 2015 payment of allowances to all national service personnel at post shall be effected through the biometric e-zwich platform.

This is to ensure that payments are made directly to national service personnel by cutting down on the existing long chain of effecting payments.

Monday, December 1, 2014

India linking UID to voter rolls

India: EC to check bogus voting, link Aadhaar with electoral rolls (Hindustan Times)
“We keep getting complaints of bogus and duplicate votes. One of the best ways to ensure that a person votes only once in the country is to link electoral rolls with Aadhaar numbers. It will be a very tedious and time-consuming exercise and we can start it only when elections are over,” Delhi’s chief electoral officer Vijay Dev said.

“We will organise special camps for people to first enrol for Aadhaar and then for the electoral rolls, especially in areas where the enrolment for both Aadhaar and voter card is extremely low. We will tie up with the district administration for this,” Dev said.

Former chief minister and Aam Aadmi Party national convenor Arvind Kejriwal had complained to the CEO that fake votes were allegedly being cast in different constituencies. The electoral office also stumbled upon some names in the electoral rolls, pointing towards a bigger racket.

Push notifications to bust truant Saudis

Saudi School Goes Biometric to Curb Student Bunking (New Indian Express)
In a novel step to monitor students' attendance, a school in Saudi Arabia has introduced fingerprinting system, also enabling parents to be updated about their children's arrival and departure time via a cellphone message.

A way out of "Authentication hell"

Biometric authentication could help solve online fraud (bobsguide)
Darren Hodder, Director of Fraud Consulting told delegates at the SMi 2nd Annual Big Data in Retail Financial Services last week that the easiest way to solve online fraud is for banks to know exactly who their customer is, which could be achieved through biometric authentication.

Hodder believes that we are currently in “authentication hell” and that the authentication processes used by biometrics such as facial, iris, finger print or vein recognition could help to reduce the risk of fraud and enhance customer experience by enabling banks to recognise exactly who their customers are.