Tuesday, March 31, 2015

A survey of African biometric elections

Dirty hands: Why biometric voting fails in Africa - and it doesn't matter in the end (Mail & Guardian Africa)

There's so much going on in the article that I couldn't settle on a key paragraph to set it up. Long-time readers will find some of the details familiar, especially the parts dealing with Kenya and Ghana.
ASUS ZenFone 3 Will Have a Fingerprint Recognition Sensor - Rumor (Softpedia) — It looks like pretty much all smartphone manufacturers will be offering models with fingerprint sensors soon.

Monday, March 30, 2015

Mobiles as access control tokens

Mobile Access Control: Exploiting the BYOD Trend (IFSEC Global)
With today’s mobile access technologies, smart devices can be used as universal credentials for accessing multiple buildings, IT systems and other applications using NFC and bluetooth. These devices provide users with extremely convenient vehicles for opening doors and performing other tasks that require the presentation of a secure credential.
There's a lot of good information in the linked article and it's written by the director of Strategic Business Development and Innovation at HID, and you'd expect that they've been putting a lot of thought toward what access control is going to look like after prox cards.

Challenges abound in Nigeria's biometric election

Smart Card Readers: INEC’s excuse (Vanguard)
The spokesperson, who admitted this was not the only flaw identified in the new electoral process deployed during the election, said the Commission had taken note of the challenges and would effect corrections in subsequent elections to ensure that the exercise was more credible and acceptable.
While the article deals with the technical challenges of the biometric technology, and the mixed response to those, Nigeria confronts other challenges that make proper elections difficult regardless of the technology used for casting votes.

Tuesday, March 24, 2015

Pakistan linking fingerprints to mobile SIM cards

Pakistani Mobile Users Have 10 Days To Register Their Fingerprints Or Lose Their Connection (Inquisitr)
To counter the growing menace of terrorism, the Pakistan government has ordered all mobile service companies to acquire fingerprint scans of their subscribers before April 15. Subscribers failing to do so will get their mobile subscription terminated.

Monday, March 23, 2015

Forecast: Mobile biometrics revenue $3.5 billion by 2024

Starting from a base of $249 million 2015, global mobile biometrics revenue is forecast to reach $3.5 billion by 2024, with cumulative revenue for the 10-year period totaling $17.5 billion. (EFY Times)
Biometrics for mobile devices have finally reached a tipping point. The march began with the release of the Apple iPhone in 2007 and later the iPad, each subsequently matched by Android competitors. These smartphones and tablets finally have enough processing power and hardware capabilities to put biometrics directly into their users' hands. Biometrics, whether for mobile devices or large stationary systems, typically perform one of two functions: authentication, proving that someone is who they claim to be, or identification, figuring out who someone is. Nearly all consumer-facing use cases are authentication and nearly all identification uses are enterprise-facing, especially government use cases. Somewhere in the middle, financial institutions are offering their users the chance to authenticate to online banking systems with their voices or with their eyes, in place of keying a personal identification number (PIN).

Huawei adding fingerprint hardware to mobiles?

Huawei Ascend P8 leaks point to integrated fingerprint scanner (Trusted Reviews)
Although we can’t say fir certain that the P8 will play host to a fingerprint scanner, the large rectangular cut-out on the phone’s rear looks markedly similar to the fingerprint reader on the oversized Huawei Ascend Mate 7.
Huawei's customer-facing products have really come on strong in the last few years.

The Slings and Arrows of outrageous Passwords

When your body becomes your password, the end of the login is nigh (Phys.org)
The good news for us password jugglers is that there is now a greater imperative behind building higher levels of security into systems from the outset, rather than trying to add it on afterwards, and that new and better ways of doing this are being expored.
...'Tis a consummation
Devoutly to be wished.

Deep learning for better face-rec

Google: Our new system for recognizing faces is the best one ever (Fortune)
At first we’ll see systems like Google’s FaceNet and Facebook’s aforementioned system (dubbed “DeepFace”) make their way onto those company’s web platforms. They will make it easier, or more automatic, for users to tag photos and search for people, because the algorithms will know who’s in a picture even when they’re not labeled. These types of systems will also make it easier for web companies to analyze their users’ social networks and to assess global trends and celebrity popularity based on who’s appearing in pictures.

Thursday, March 19, 2015

CyberSec: So hot right now

Why Venture Capitalists Love Security Firms Right Now (MIT Technology Review)
Venture capitalists poured a record $2.3 billion into cybersecurity companies in 2014, a year marked by frequent reports of hacks on high-profile companies. Yearly investment in cybersecurity startups been on the rise for several years now, and is up 156 percent since 2011, according to CB Insights. The trend will likely continue, as 75 percent of CIOs surveyed by Piper Jaffray said they would increase spending on security in 2015.

Bridge Day biometric ballyhoo

[ed: OK, ballyhoo is probably too strong, but the alliteration demanded it.]

Bridge Day panel backtracks on security plan (Beckley Register-Herald)
Bridge Day 2015 vendors, BASE jumpers and rappellers may be able to choose this year to either pay for a background check with a contracted security company or submit to a biometric fingerprint scan for free.

The Bridge Day Commission in Fayette County passed a motion Wednesday that adds the option of the background check. The check would be conducted by a contracted, third party security company, said Bridge Commission Chairwoman Sharon Cruikshanks.

The cost of the background check will be $12 to $35, depending on which of the three companies the commission contracts.

"Biometric scans are a free option," Cruikshanks said.
This one is especially of local interest here in West Virginia. Not mentioned in the article is that this year’s Bridge Day Festival takes place on Saturday, October 17, 2015.

Background checks became a requirement for vendors and jumpers after 2001. The fingerprint innovation appears to be meant to make the process easier by requiring less text-based identifying information from people undergoing the background check.

More information and the counter-argument to these measures can be read here: Fingerprinting Plan For Bridge Day 2015 Forces Jumper Boycott.

Oh, and if you're unfamiliar with Bridge Day...
 



...it's something.

US Customs pilots face-rec for returning citizens

US customs launches biometric pilot at airports (Security Document World)
“The facial recognition software provides the [CBP Officers] with a match confidence score after the e-passport chip is scanned and the photo is taken. The score is generated by algorithms designed to detect possible imposters.”
A one-to-one search comparing the passport photo to the person standing at the customs kiosk is about as simple as a facial recognition deployment gets.

The only complicating factor is where they get the photo. If they use the photo physically present on the passport's photo page, they will probably want to contend with the security marks and holograms somehow while processing the image for matching. If they want to use the photo stored electronically on the passport's internal chip, as it appears they do, they'll need some specialized hardware that retrieves the photo and the issue of "broken" passports will arise. Still, as far as country-level biometric deployments go, this one isn't too daunting.

In a post-pilot phase, it may be desirable to use the passport number to pull the photo from a State Department database and compare that to the passport image and a live image of the person presenting their travel documents.

Wednesday, March 18, 2015

Hello, Windows. Microsoft does biometrics.

Windows 10 News: New Authentication, New Storage Savings, And Launch Timeframe (AnandTech)
Microsoft will be taking a two pronged approach to authentication. The first is the actual authentication. Windows Hello will work with several biometrics, including fingerprint scanners, facial recognition, and iris scanning, as examples. This will be used in conjunction with hardware cryptography on the device to unlock the device. Microsoft is claiming false unlocks at around one in one hundred thousand. Fingerprints are well known, but the facial recognition will not rely on just a webcam, but rather will require new hardware such as the Intel RealSense 3D Cameras to ensure that it is a real person in front of the device and not just a photo. The unlock is tied to the actual device, and none of the unlock information is ever sent off of the device. Existing fingerprint readers can be used with Windows Hello.

Tuesday, March 17, 2015

Alipay with face

Alipay to Use Facial Recognition Biometrics (Find Biometrics)
The announcement came by way of Jack Ma, the CEO of Alipay’s parent company Alibaba, who provided a few details in a speech at the Cebit trade fair in Germany.

Ma explained the development as a solution to the difficulties associated with online paymetns, which he called “a big headache,” adding, “You forget your password, you worry about your security.” He went on to say that in its facial recognition system, Alipay will offer users “a new technology.”

Yahoo allows for mobile-device-as-token to replace email passwords

Yahoo Mail Now Accessible Without Password (Latinos Post)
"You log into your Yahoo account using your normal passwords. In the security settings, you turn on on-demand passwords and register your phone. Next time you try to login, the password field is replaced by a button that says 'send my password,' and the company texts a four-character password to your phone."
There are, however, critics of this approach. See Yahoo’s attempt to kill off passwords raises security concerns at Computer Weekly.

Monday, March 16, 2015

Biometrics By Market (Security Info Watch) — Phil Scarfo, Vice President of Biometrics Global Marketing for HID Global, gives his take on the near-term future of biometrics in banking, healthcare, retail, higher education, transportation, government ID, and the corporate office.

UAE building out border biometrics

UAE will launch full biometric scanning systems at borders soon (Tnooz)
The United Arab Emirates is set to become one of the most technically advanced countries when it comes to border control. The Emirates will deploy a series of biometric e-gates at all entry points while also working to gather more biometric data to add to the fingerprints currently tracked in its biometric database.
The UAE is already one of the most eager adopters of border biometrics. That doesn't look to be changing any time soon.

Thursday, March 12, 2015

Free Frost & Sullivan webinar next Tuesday

Biometrics Key to Future Growth in Healthcare, Retail and Financial Markets (Film Imaging)
Join Frost & Sullivan's upcoming complimentary webinar, "The Future of Biometrics," to understand the potential of the market and its impact on current businesses. Industry leaders should attend this webinar to learn how biometrics will boost convergence and growth in other markets.
Looks interesting.

Wednesday, March 11, 2015

Forecast: Global Government Biometric Systems Market

The Global Government Biometric Systems Market 2015-2025 (Market Reports Store)

Key Findings
◾The global biometric systems market is estimated to value US$4.4 billion in 2015 and increase at a CAGR of 8.70% during the forecast period, to reach a peak of US$10.2 billion by 2025.

◾The market is expected to be dominated by North America, followed by Asia-Pacific and Europe.

◾Fingerprint recognition is expected to account for the largest share of expenditure in the global Government Biometric Systems market going forward, followed by facial recognition and Iris.
That Compounded Annual Growth Rate (CAGR) is probably one of the lowest I've ever seen in the biometrics sector. It, however, doesn't come as much as a surprise. The number of government customers is pretty much capped at around 200. Governments were some of the earliest adopters of biometric solutions, so most of the 200 potential customers are already in the market. Prices paid by these customers, generally, should be falling or stable. So, there are a whole host of reasons for this low estimate for growth in the government biometrics sector.
Jury awards $150K to employee who feared scanner as “Mark of the Beast” (Overlawyered - CATO) — It appears the settlement was derived from missed wages due to early retirement for refusing to use the biometric scanner, but still.

Tuesday, March 10, 2015

Visit Oman

Tourism in Oman, Skift’s Pick for top destination of 2015, is booming, with an investment program by the Sultanate of Oman’s slated to attract 12 million visitors by 2020. Passenger traffic at Muscat International Airport has grown 329% since 2007, reaching 9 million passengers since 2014.

The comprehensive program consists of a “layered approach to border control,” giving the Royal Oman Police an efficient and flexible visa processing and security clearance process, including the issuance of eVisas.
I want to go.

Database hacks stoke demand for customer-facing biometrics

As hacking grows, biometric security gains momentum (Bizcommunity)
With hackers seemingly running rampant online and millions of users compromised, efforts for stronger online identity protection - mainly using biometrics - are gaining momentum...
It's true. The recent hacks have focused attention on biometrics. The spotlight, however, has fallen on consumer-level biometric applications. That's fine by us, but the recent high profile hacks haven't been perpetrated by hackers using customer credentials to gain access to systems. That kind of hack is hugely inconvenient for individual users, but it doesn't make the news.

Most of the big, news-making hacks involve taking huge repositories of data that can be sold wholesale to organized criminals who sell the information on to the retail crooks who perpetrate their fraud using the individual accounts.

We have argued for years that the first, best place to apply biometrics to the problem of large-scale data theft is at the database level.
From an organizational point of view, for many many service providers, allowing customers and users to protect their individual accounts with passwords, exposes the organization as a whole to minimal risk. Some relatively predictable number of users who use passwords will choose poor passwords, some will become victims of phishing scams. If the costs of sorting these cases out are less than the costs associated with burdening all users with more onerous security protocols, then the password is the appropriate solution. But at some point, all databases of user/customer information should be protected with biometric access control methods because, while having occasional users pick weak passwords or get tricked into giving them away is one thing, hackers making off with the entire database of user/password information is something else altogether. Requiring biometric verification of all human database Administrator logins would go a long way to lowering the biggest risk of passwords: their wholesale theft. In many ways the Admin level is the perfect point to introduce these more rigorous security protocols. There aren't (or shouldn't be) too many Admins, so the inconvenience falls on as few individuals as possible. Admins are tech savvy, so they should be able to adapt to the new security environment quickly. They should have an understanding of why the extra step is worth the effort. It's their responsibility to keep the keys of the kingdom. Perhaps most compelling, they're the ones on the hot seat when the CEO is out apologizing to all and sundry following a data breach.
Granted, after a hack, having biometrics there to protect individual accounts should change the retail fraudster's Return on Investment (ROI) calculations. With biometrics it should be harder for him to turn the user information into money. Still the Benjamin Franklin axiom that “an ounce of prevention is worth a pound of cure” would seem to carry the day here.