Using Fujitsu PalmSecure technology in two-factor authentication cases
Information technologies are becoming more diverse and pervasive, however, our personal data is at an ever greater risk. Today, only the lazy does not say that such an aspect of information security as user authentication requires reliable means of protection. Therefore, the two-factor authentication method has gained great popularity, i.e. recognition of the user not by any one parameter (personal password, smart card, fingerprint, etc.) but by several (or more precisely two), provided at the same time when entering the system or when requesting access to a particular service. Our material focuses on the solution presented at the Fujitsu World Tour 2014 conference, which uses a two-factor authentication method based on a contactless RFID card and Fujitsu Palm Secure palm vein pattern scanner, as well as on the PalmSecure technology itself.
Wherever we go - to the bank, fitness center, private clinic - everywhere we are surrounded by certain authentication methods and technologies. The simplest example is that your pass to work is most likely equipped with a small RFID tag that contains information about you as an employee of the company. More advanced methods are common, for example, in some ATMs in Europe , where in addition to a pin-code, your identity is confirmed by a fingerprint or by using the same Fujitsu PalmSecure vein pattern scanner. And such a scanner can be found at the entrance to the fitness center (a similar system is installed in the UK Gym EasyGym fitness clubs): it’s enough to have the fitness club's RFID card and bring your palm to the PalmSecure sensor and you will be immediately inside.
')
In one of our previous blogs, we have already described in some detail the technology of Fujitsu PalmSecure and its features. Today we will talk about a real-life solution created by Russian development companies, in which this technology has been successfully applied.
Of course, in addition to the examples described above, there are plenty of ways to effectively use the PalmSecure vein pattern scanning technology. One of such cases is the touch kiosk presented at the conference (or rather, the shared terminal, TOD) - a project by AMT-GROUP , based on the software Indeed ID and a kiosk from Zorgtech , equipped with a Fujitsu PalmSecure palm scanner and a contactless RFID card reader .
What is a touch kiosk in its most general form? As a rule, this is a software and hardware complex, assembled on the basis of a personal computer and equipped with a touch monitor, designed to provide the user with various information without the involvement of additional personnel. Such sensory kiosks are becoming increasingly popular and are used in almost all areas of business, ranging from clinics, universities, government agencies and ending with stores. And it is natural that in all fields of application of such complexes reliable user authentication is the most important condition for successful operation.
The identification technology of PalmSecure, as one of the authentication methods, in this project was chosen by AMT Group specialists because of a significant advantage over reading a fingerprint. In the case of using a fingerprint scanner, when reading, direct contact of the finger with the sensor occurs, which with active use leads to its rapid contamination and the need for frequent maintenance.
For sensor kiosks, the problem described above is particularly relevant, since being installed in public places (for example, in transport hubs - stations, airports, etc.) or in offices of large corporations, more than one hundred people will take advantage of such terminals. It is easy to imagine that in this case will be with a fingerprint scanner. Palm scanning has no such disadvantage - the palm does not contact the scanning surface of the device during operation.
Using the RFID card in the project allowed us to get several advantages:
• Adding an additional factor to the authentication scheme. As a result, the authentication is two-factor: on the card (what the user has) and on the palm (what the user is)
• Authentication procedure is simplified due to the fact that you do not need to enter your name - it is automatically determined by a contactless card
The vendor of the software for this TOD was Indeed ID. Its software solution Indeed Enterprise Authentication (Indeed EA) provides the ability to use strong authentication technologies when accessing Microsoft Active Directory domain resources. The system frees users from having to remember and keep passwords secret and eliminates the need to manually enter passwords from the keyboard. This allows you to increase the efficiency of working with the terminal, reduce information security risks, significantly reduce the number of calls to the help desk service (by minimizing the number of “forgotten password” and “blocked account” incidents) and ultimately reduce infrastructure maintenance costs.
In the case of installation on a public terminal, Indeed EA software operated in a kiosk mode. A feature of this mode is that the terminal is used by a large number of users and switching between their work sessions should be done very quickly. For maximum convenience in this mode, a contactless smart card (RFID) and an additional palm vein pattern scanner are used. The script for accessing the required services is as follows:
1. The user is shown the authentication window of Indeed Enterprise Authentication (IEA), offering to attach a palm to the scanning device, and a card to the reader.
2. After the user completes these operations, the IEA automatically determines the user name and sends the authenticator received from the user to the server for verification.
3. The application processing server, upon receiving a request for authentication, retrieves a reference user authenticator from the database, performs a comparison with the data provided and logs the corresponding event. If authentication is successful, the server returns the user’s password to the terminal to the terminal.
4. Having received the password from the server, the terminal authenticates the user in the domain, and he gets access to the requested service.
5. After the terminal has completed its use, when the user picks up the card, the terminal logs out and returns to standby mode.
Thus, the authentication procedure is extremely simplified, which eliminates the occurrence of conflict situations at this stage. The user accesses the terminal, identifies himself via a contactless RFID card, confirms his identity through the Fujitsu hand scanner, after which the system boots and provides access to the necessary information resources.
Fujitsu PalmSecure's palm vein pattern recognition technology can be applied in various business areas as one of the most reliable, fast, and accurate authentication methods. By contacting your Fujitsu representative, you can get detailed information about the possibility of using it in your business and order the appropriate model of the PalmSecure scanner in the required quantity, while receiving full technical support for the product.
Wherever we go - to the bank, fitness center, private clinic - everywhere we are surrounded by certain authentication methods and technologies. The simplest example is that your pass to work is most likely equipped with a small RFID tag that contains information about you as an employee of the company. More advanced methods are common, for example, in some ATMs in Europe , where in addition to a pin-code, your identity is confirmed by a fingerprint or by using the same Fujitsu PalmSecure vein pattern scanner. And such a scanner can be found at the entrance to the fitness center (a similar system is installed in the UK Gym EasyGym fitness clubs): it’s enough to have the fitness club's RFID card and bring your palm to the PalmSecure sensor and you will be immediately inside.
')
In one of our previous blogs, we have already described in some detail the technology of Fujitsu PalmSecure and its features. Today we will talk about a real-life solution created by Russian development companies, in which this technology has been successfully applied.
Shared terminal
Of course, in addition to the examples described above, there are plenty of ways to effectively use the PalmSecure vein pattern scanning technology. One of such cases is the touch kiosk presented at the conference (or rather, the shared terminal, TOD) - a project by AMT-GROUP , based on the software Indeed ID and a kiosk from Zorgtech , equipped with a Fujitsu PalmSecure palm scanner and a contactless RFID card reader .
What is a touch kiosk in its most general form? As a rule, this is a software and hardware complex, assembled on the basis of a personal computer and equipped with a touch monitor, designed to provide the user with various information without the involvement of additional personnel. Such sensory kiosks are becoming increasingly popular and are used in almost all areas of business, ranging from clinics, universities, government agencies and ending with stores. And it is natural that in all fields of application of such complexes reliable user authentication is the most important condition for successful operation.
The identification technology of PalmSecure, as one of the authentication methods, in this project was chosen by AMT Group specialists because of a significant advantage over reading a fingerprint. In the case of using a fingerprint scanner, when reading, direct contact of the finger with the sensor occurs, which with active use leads to its rapid contamination and the need for frequent maintenance.
For sensor kiosks, the problem described above is particularly relevant, since being installed in public places (for example, in transport hubs - stations, airports, etc.) or in offices of large corporations, more than one hundred people will take advantage of such terminals. It is easy to imagine that in this case will be with a fingerprint scanner. Palm scanning has no such disadvantage - the palm does not contact the scanning surface of the device during operation.
Using the RFID card in the project allowed us to get several advantages:
• Adding an additional factor to the authentication scheme. As a result, the authentication is two-factor: on the card (what the user has) and on the palm (what the user is)
• Authentication procedure is simplified due to the fact that you do not need to enter your name - it is automatically determined by a contactless card
The vendor of the software for this TOD was Indeed ID. Its software solution Indeed Enterprise Authentication (Indeed EA) provides the ability to use strong authentication technologies when accessing Microsoft Active Directory domain resources. The system frees users from having to remember and keep passwords secret and eliminates the need to manually enter passwords from the keyboard. This allows you to increase the efficiency of working with the terminal, reduce information security risks, significantly reduce the number of calls to the help desk service (by minimizing the number of “forgotten password” and “blocked account” incidents) and ultimately reduce infrastructure maintenance costs.
In the case of installation on a public terminal, Indeed EA software operated in a kiosk mode. A feature of this mode is that the terminal is used by a large number of users and switching between their work sessions should be done very quickly. For maximum convenience in this mode, a contactless smart card (RFID) and an additional palm vein pattern scanner are used. The script for accessing the required services is as follows:
1. The user is shown the authentication window of Indeed Enterprise Authentication (IEA), offering to attach a palm to the scanning device, and a card to the reader.
2. After the user completes these operations, the IEA automatically determines the user name and sends the authenticator received from the user to the server for verification.
3. The application processing server, upon receiving a request for authentication, retrieves a reference user authenticator from the database, performs a comparison with the data provided and logs the corresponding event. If authentication is successful, the server returns the user’s password to the terminal to the terminal.
4. Having received the password from the server, the terminal authenticates the user in the domain, and he gets access to the requested service.
5. After the terminal has completed its use, when the user picks up the card, the terminal logs out and returns to standby mode.
Thus, the authentication procedure is extremely simplified, which eliminates the occurrence of conflict situations at this stage. The user accesses the terminal, identifies himself via a contactless RFID card, confirms his identity through the Fujitsu hand scanner, after which the system boots and provides access to the necessary information resources.
Fujitsu PalmSecure's palm vein pattern recognition technology can be applied in various business areas as one of the most reliable, fast, and accurate authentication methods. By contacting your Fujitsu representative, you can get detailed information about the possibility of using it in your business and order the appropriate model of the PalmSecure scanner in the required quantity, while receiving full technical support for the product.
Source: https://habr.com/ru/post/238679/
All Articles