It's probably due to the briefings I've had on fingerprint scanning. I doubt any of you are wondering if there will be a bizarre biometric twist to the mystery of the severed fingertip that turned up in a bowl of Wendy's chili this month. Authorities are sleuthing to track down its origins. This got me thinking about fingerprint—and finger—security.
For many years, fingerprint scanning and other forms of biometric identification have been the purview of ultra-high-security installations. Suddenly, fingerprint scanning has gone mainstream, showing up at airports, libraries, and grocery stores and in personal data-security applications. Now I wonder if the criminal element, ignorant of how the technology works, will consider "hacking" its way into fingerprint-secured applications. This gives a whole new meaning to "digital theft," doesn't it?
Grocery shoppers from Seattle to South Carolina are signing up for new checkout systems. Working in partnership with IBM, Pay By Touch lets shoppers pay using a finger scan linked to their checking account and the stores' loyalty programs. South Carolina's Piggly Wiggly grocery chain says it's had great customer acceptance, so it will roll out Pay By Touch to all its corporate-owned grocery stores next month.
"After only five months in our Charleston locations, more customers are using Pay By Touch Express Checking than any one of the credit card products we accept," says Rich Farrell, vice president of information services at Piggly Wiggly. Pay By Touch also offers a check cashing service via a marketing alliance with Certegy, so consumers enrolled in the program can cash checks via a finger scan as well.
DATA SECURITY Paris Hilton's infamous lost PDA (with posting of her personal data onto the Internet) underscores perhaps the hottest new application for biometric identification—securing personal data and personal computing devices. (See "Mobile Storage: Chips Served With Hard-Disk Salsa," p. 67, for the scoop on engineering gigs of on-the-go data.)
AuthenTec Inc., a manufacturer of fingerprint sensors for cell phones, PCs, and PC peripherals, has shipped more than 4 million sensors worldwide. Company cofounder Scott Moody showed me how the EntrePad 1510 sensor enables new functions that are controlled by the swipe of a finger. Each finger has its own print, so the phone can be programmed to dial assigned numbers or perform programmed functions via the scan of certain fingers. Multiple swipes of a finger can correlate to a given command. The sensor detects motion as well, providing mouse-like capabilities for gaming and navigation. And, the biometric sensors can be used in a phone to secure M-commerce (mobile commerce), such as the Near Field Communications (NFC) capabilities promoted by Philips and Sony, for contactless smart-card-like functions.
So why incorporate a fingerprint reader into a phone if the fingerprint itself can enable M-commerce? NFC goes beyond a simple ID concept, using two-way communications. For example, the cell phone can wirelessly receive electronic content like music or digital promos, track account balances, or store electronic receipts. Without a fingerprint match, all the e-commerce capabilities (and personal data) are locked and inaccessible to unauthorized users. Additionally, some users will be more comfortable with storing their fingerprint template in their private phone, versus having that template stored in a grocery store or bank system.
Note, though, that neither the Pay By Touch nor the AuthenTec system stores actual fingerprint images. Rather, they store "a set of unique data points," data that the companies say cannot be reverse-engineered to create a fingerprint. The data points are encrypted and stored as a unique algorithm.
AuthenTec sensors and competitive products from Fujitsu and other suppliers are being incorporated into PC keyboards for e-commerce and data security far beyond the everyday password. The advent of the Sarbanes-Oxley Act and the attendant need to build a careful accounting trail fuel further applications for fingerprint ID, as users "sign" documents with digital fingerprints.
But all this secured value revolving around fingerprints brings me back to the fear of a finger being hacked for data hacking (or less gruesomely, even a cast of a fingerprint being made to fool the readers). I asked Moody whether finger theft could become an issue. He explained that AuthenTec's True Print technology collects images below the surface layer of the skin, "at the live layer where the true print resides." True Print was engineered to negate surface-level contamination issues, but it also ensures that a print matches a live finger.
So as we progress into the brave new world of biometrics, it's important to get the word out: There's no point in hacking off those fingertips!
In spite of what the sensor vendors say thieves don't read spec sheets and your fingers aren't safe. Talk about technologies unintended consequences.
Howard Franklin -June 06, 2005
Needless to say the the Wendy's fingertip was apparently a fraud scheme, but security of Bio-ID has always been a problem. Some 10 to 15 years ago, the hot Bio-ID scheme was the Iris Scan promotions. Like finger prints, the iris has a unique pattern for every person and was going to be used at many automatic remote teller machines to unmanned Mil security gate access entrances.
Then the problem of security came up. What if they killed the victim and taped his or her eyes open and propped the victim up to the teller machine's camera? So they proposed to use a laser light flash to get a blink response from live people only. About then, they sort of gave up on this Bio-ID approach.
Similarly, one could readily make a finger cot or full rubber glove with printed finger prints on it. The prints are taken off a victim's morning empty cup of coffee. Again security is the problem for this Bio-ID. And also, who wants to touch a screen when you just watched the last guy to touch the screen was coughing up phlegm at a bucket per hour and barely able to walk. And the next Asian Flu scare will kill public touch screens. No doubt when food bills start to hit $800 per week, we should expect to see these frauds materialize and getting diseases may also take the fun out of this Bio-ID approach.
There are some benefits to a human cashier. Have you noticed how much SLOWER the checkout stand is whenever someone uses a debit or credit card instead of cash? Spend an hour with a stop watch sometime at your supermarket or Kmart or Wallmart or worse yet, the so called do it yourself checkout at Home Depot.
I see on average, that cashiers are 20% to 40% faster per patron thru-put when they ring it up, make change from a 20 or a 10 dollar bill and bagging it; RATHER THAN just bagging it and then watching the customer do his thing with the card and wait and wait and wait and finally the machine spits out the receipt that the cashier puts in the regester. True, the off premise bank and the telecom link are taking out time to perform and verify verify the transactions. It could be improved on.
Anonymous -June 06, 2005
Your Comments:
Enter the text from the image below
Please refresh the page if you have trouble reading this text.
Search Electronic Design
Web Seminar
Sponsored By:
Title: Read Pacing: A Performance Enhancing Feature of PCI Express Gen 2 Switch Devices
Reprints
