Log in with the world or Fujitsu PalmSecure vein pattern recognition technology
To date, there are quite a few ways to identify an individual by biometric parameters - by face, voice, handwriting, fingerprints, retina, but most often the passage of proxies remains the responsibility of the security guard, and the launch of programs requires the introduction of a password. In addition, each of these methods has a number of other disadvantages. Thus, the fingerprint identification procedure is not as convenient as we would like, and face recognition is relatively unreliable. Perhaps, only recognition by the retina has an optimal ratio for the user of false restrictions on the access of an authorized user and the ability to fake his biometric characteristic.
It is believed that the “open hand” gesture dates back to the Stone Age, thus meeting members of different tribes showed that they have no stone in their hand and they are not going to fight. The same gesture was laid in the basis of the technology developed by Japanese Fujitsu engineers: to enter a building or launch a program or equipment, simply raise your palm and hold it over the Fujitsu PalmSecure sensor for a few seconds. The method of identifying the veins of the palm, taken as a basis, is as reliable as the method of fingerprint identification, but less often “forgets” the owner, and, as a result, provides the highest percentage of alarms.
The scanner irradiates the hand in the near infrared range and reads the pattern of the veins that are warmer than the surrounding tissues due to blood coming from the heart. The image of the venous pattern on the palm is recorded in a 5-MB image containing a temperature of 5 million points. This image is encrypted according to the AES algorithm with a bit width of 128 or 256 bits. Through the USB interface, the encrypted file is transferred to a PC, server, laptop, or industrial PC, where a biometric template (a hash, in other words) 1–3 KB in size is formed. The biometric template is re-encrypted using the AES algorithm and is used in all subsequent operations. Such a mechanism does not require the use of additional data storage devices, which ensures complete safety of information (unless the scanner itself is stolen).
')
For registration, a user’s palm is scanned twice and a biometric template is created. This operation is one-time and the longest - it takes 10 - 30 seconds. The process of user identification lasts 1 - 2 seconds.
Each developer company using the PalmSecure package receives from Fujitsu, a developer, its own encryption key. This key encodes a biometric template that only an integrator has. In this case, the cipher used to encode information is available only to the company operating the sensor. Such an approach prevents the risk of potential forgery of templates by a developer or integrator.
There are several user recognition scenarios. If a high level of secrecy is not required (the mark of arrival and departure from work) and the circle of persons is limited, then 1: N identification is used. In this case, the user is only required to scan the hand, and the resulting biometric template is compared with the database stored on the central server. After comparing the pattern received from Fujitsu PalmSecure is erased. When identifying thousands of users (1: 1000), this technology gives the probability of accidental triggering on someone else's vein pattern (hereinafter referred to as FAR) - 0.0008, and the palm of an authorized visitor may not be recognized in 0.1% of cases.
Such a method is convenient, but there is a theoretical danger of falsification or erroneous operation. Therefore, for public places (ATMs), high-security areas in companies and high-risk enterprises (NPPs) personal identification of 1: 1 should be applied. With it, besides the pattern of veins, the user must be verified at another level of protection - dial a pin code, password or attach a smart card. This approach can be used both to enter the premises, access the PC, and to launch a separate application or access the ATM. It is when using a smart card that a high level of reliability is achieved with maximum user convenience. There are two options when working with a smart card - TOC (Template-On-Card or template-on-card) and MOC (Match-On-Card, comparison-on-card).
In a variant of TOC, a copy of a biometric template of the owner's palm pattern is recorded on a smartcard chip. The system compares the templates received from the scanner and smartcards, and this can be done both on the central server and on the local smartcard reader. After verifying the identity, the resulting patterns are erased.
In the case of MOS, the comparison of the biometric palm template from the sensor occurs on the smartchip itself (after comparing, the template received from the palm is erased). For this operation, the chip requires 10-13 KB of memory and support for Java. Since information about a biometric template sewn up in a smart card does not leave it, this method is the most reliable among 2-factor biometric identification methods. However, it is also the most expensive, since strict requirements are imposed on the chip, so it is used only in ATMs, payment terminals and secret areas of enterprises and government institutions.
The reliability of this access method is explained both by the crypto-algorithm that is resistant to cracking, and by the location of the veins inside the human body (to get access to them, it is more difficult even than to the retina). In terms of reliability, the MOC identification according to the pattern of veins is much higher than the identification by the retina of the eye and is the highest in the industry.
Before being launched into mass production in 2005, vein recognition technology was studied for 20 years, the entire scanner was tested for 150 thousand people of different ages, gender, nationality and profession. It turned out that the pattern of veins on the palm of people is as unique as fingerprints - it differs even from twins. With the passage of life, the size of the palm changes, but not the general pattern of lines. Also, delicate Japanese claim that it is impossible to diagnose a user's diseases according to the scan - they care about the secret of their private life. As for dirty hands, the work of the scanner is possible, but detailed research on the permissible limits of contamination has not been conducted. Dry or wet palms, hands of diabetics (which, according to Fujitsu, have a low oxygen content in the blood) are not an obstacle for PalmSecure. There are some problems with patients with anemia (they have constantly low blood pressure), you may need to re-scan or reorganize the recognition algorithms. But the narrowing of the vessels in the user does not cause problems with the scanner.
Regarding the strength of the sensor coating, the manufacturer considers it sufficient. If the customer wants to strengthen it, then flat glass is not suitable, since it will leave glare and distort the picture, you need concave or convex unpolarized glass.
The power of infrared radiation from PalmSecure is ten times lower than that from a TV remote - it is harmless and therefore is used in many medical institutions.
It is believed that the “open hand” gesture dates back to the Stone Age, thus meeting members of different tribes showed that they have no stone in their hand and they are not going to fight. The same gesture was laid in the basis of the technology developed by Japanese Fujitsu engineers: to enter a building or launch a program or equipment, simply raise your palm and hold it over the Fujitsu PalmSecure sensor for a few seconds. The method of identifying the veins of the palm, taken as a basis, is as reliable as the method of fingerprint identification, but less often “forgets” the owner, and, as a result, provides the highest percentage of alarms.
Mechanism of action
The scanner irradiates the hand in the near infrared range and reads the pattern of the veins that are warmer than the surrounding tissues due to blood coming from the heart. The image of the venous pattern on the palm is recorded in a 5-MB image containing a temperature of 5 million points. This image is encrypted according to the AES algorithm with a bit width of 128 or 256 bits. Through the USB interface, the encrypted file is transferred to a PC, server, laptop, or industrial PC, where a biometric template (a hash, in other words) 1–3 KB in size is formed. The biometric template is re-encrypted using the AES algorithm and is used in all subsequent operations. Such a mechanism does not require the use of additional data storage devices, which ensures complete safety of information (unless the scanner itself is stolen).
')
For registration, a user’s palm is scanned twice and a biometric template is created. This operation is one-time and the longest - it takes 10 - 30 seconds. The process of user identification lasts 1 - 2 seconds.
Each developer company using the PalmSecure package receives from Fujitsu, a developer, its own encryption key. This key encodes a biometric template that only an integrator has. In this case, the cipher used to encode information is available only to the company operating the sensor. Such an approach prevents the risk of potential forgery of templates by a developer or integrator.
Degrees of trust
There are several user recognition scenarios. If a high level of secrecy is not required (the mark of arrival and departure from work) and the circle of persons is limited, then 1: N identification is used. In this case, the user is only required to scan the hand, and the resulting biometric template is compared with the database stored on the central server. After comparing the pattern received from Fujitsu PalmSecure is erased. When identifying thousands of users (1: 1000), this technology gives the probability of accidental triggering on someone else's vein pattern (hereinafter referred to as FAR) - 0.0008, and the palm of an authorized visitor may not be recognized in 0.1% of cases.
Such a method is convenient, but there is a theoretical danger of falsification or erroneous operation. Therefore, for public places (ATMs), high-security areas in companies and high-risk enterprises (NPPs) personal identification of 1: 1 should be applied. With it, besides the pattern of veins, the user must be verified at another level of protection - dial a pin code, password or attach a smart card. This approach can be used both to enter the premises, access the PC, and to launch a separate application or access the ATM. It is when using a smart card that a high level of reliability is achieved with maximum user convenience. There are two options when working with a smart card - TOC (Template-On-Card or template-on-card) and MOC (Match-On-Card, comparison-on-card).
In a variant of TOC, a copy of a biometric template of the owner's palm pattern is recorded on a smartcard chip. The system compares the templates received from the scanner and smartcards, and this can be done both on the central server and on the local smartcard reader. After verifying the identity, the resulting patterns are erased.
In the case of MOS, the comparison of the biometric palm template from the sensor occurs on the smartchip itself (after comparing, the template received from the palm is erased). For this operation, the chip requires 10-13 KB of memory and support for Java. Since information about a biometric template sewn up in a smart card does not leave it, this method is the most reliable among 2-factor biometric identification methods. However, it is also the most expensive, since strict requirements are imposed on the chip, so it is used only in ATMs, payment terminals and secret areas of enterprises and government institutions.
Secrets of reliability
The reliability of this access method is explained both by the crypto-algorithm that is resistant to cracking, and by the location of the veins inside the human body (to get access to them, it is more difficult even than to the retina). In terms of reliability, the MOC identification according to the pattern of veins is much higher than the identification by the retina of the eye and is the highest in the industry.
Before being launched into mass production in 2005, vein recognition technology was studied for 20 years, the entire scanner was tested for 150 thousand people of different ages, gender, nationality and profession. It turned out that the pattern of veins on the palm of people is as unique as fingerprints - it differs even from twins. With the passage of life, the size of the palm changes, but not the general pattern of lines. Also, delicate Japanese claim that it is impossible to diagnose a user's diseases according to the scan - they care about the secret of their private life. As for dirty hands, the work of the scanner is possible, but detailed research on the permissible limits of contamination has not been conducted. Dry or wet palms, hands of diabetics (which, according to Fujitsu, have a low oxygen content in the blood) are not an obstacle for PalmSecure. There are some problems with patients with anemia (they have constantly low blood pressure), you may need to re-scan or reorganize the recognition algorithms. But the narrowing of the vessels in the user does not cause problems with the scanner.
Regarding the strength of the sensor coating, the manufacturer considers it sufficient. If the customer wants to strengthen it, then flat glass is not suitable, since it will leave glare and distort the picture, you need concave or convex unpolarized glass.
The power of infrared radiation from PalmSecure is ten times lower than that from a TV remote - it is harmless and therefore is used in many medical institutions.
Source: https://habr.com/ru/post/166787/
All Articles