Today we will be taking a short break from investigating security dilemmas (fear not – it’s back on Thursday!) because instead I would like to share with you an interesting blog post featuring our fingerprint readers. No not written by us, instead by an intrigued security installer who witnessed an ievo demonstration from one of our account managers. So as I sit back and relax, read ATEC™ Security perception of the ievo ultimate™.
From Flaky Fingerprint Readers to Bullet Proof Biometrics
I had a demonstration today of a new biometric reader and it really opened my eyes. Thankfully it wasn’t iris recognition – I’m not sure the “pun-ometer” could stand that.
To be frank I have tended to steer clear of anything to do with fingerprint reading in the past, as it has had a reputation for being unreliable.
The issue is that the optical sensor technology used looks at the surface of the fingerprint, which is easily altered by dirt, dust, grease and other common substances.
Today I witnessed a reader reliably recognising a finger through a layer of latex gloves which adds a whole new dimension of convenience and robustness.
MULTI-SPECTRAL IMAGING
Multi-spectral imaging captures radiation at a range of different frequencies, not just visible light which optical sensors are confined to.
Just as radio telescopes allow us to see deeper and deeper into space, multi-spectral fingerprint sensors allow us to see deeper into the surface of the finger – up to 4mm deep in this case – so the reader is not just looking at the surface fingerprint.
The results of this are low false rejection rates (about 1 in 1000) and extremely low false acceptance rates (around 1 in 10 million) well suited to high security applications.
RESISTANCE TO SPOOFING
ATEC have had a lot of experience with hand geometry readers, a technology popular on construction sites as it deals well with dirty hands. It is however quite bulky, needs an inconvenient housing when fitted outside.
More importantly to some it can be easily spoofed – we managed to fool one in our lab with a false hand made for the purpose. Because the multi-spectral technology allows us to see deeper inside the finger, it allows for some robust anti-spoofing measures, including looking for oxygenated blood which would be difficult to fake.
DATA PROTECTION CONCERNS
Fingerprints are a sensitive data protection issue. People are quite rightly concerned if their biometric data is going to appear on a database in readable form. Often this is addressed by putting the biometric data an access control card in encrypted form.
In use the template is loaded from the card and the reader performs a 1:1 match. This requires less processing than a 1:many match and is more secure because it requires two credentials (card and finger) but is fundamentally less convenient for the same reason (it’s difficult for most of us to forget to bring our finger to work).
This reader uses the 1:Many matching principle, but crucially doesn’t store a fingerprint as such. It takes key points from the finger print and stores those.
Also the finger data is never stored in the same place as the personal details – the two are only associated with a card number. This should address privacy concerns but sometimes perception can get in the way of the facts and there may still be some barriers to overcome.
SUMMARY
A good biometric reader should offer convenience and robust performance in the designated environment. With the help of multi spectral imaging fingerprint reading technology seems set to leave it’s flaky reputation in security applications behind.
About ATEC™
If you would like to read more of ATEC™ Blog Posts and view what security services they have to offer, visit http://www.atec-security.co.uk - It’s definitely worth a look, this year they won Large Security Installer of the Year at the SEA – after winning three consecutive years in the Small to Medium Security Installer category!
Banking will become even simpler within the next month or so as Barclays are lunching a new App which will allow us to make payments, transfer money and check our bank balance all from the comfort of our smart-phones. However, how safe is this App and what happens if our data becomes compromised?
The new Pingit App from Barclays
The new App promises to make our lives a lot easier. Although at first it will only be available to Barclays customers, within a month it will be available to anyone with a bank account and personal smart-phone. In hindsight, it’s a great idea! How many times have we eaten with our friends only for someone to pick up the tab while everyone re-pays the money back to the unlucky individual. Situations like these could disappear. Think about how you could instantly make a transfer to your friends account while they’re paying for the meal. Simple, but effective!
The bank’s head of current accounts, Dan Wass, said: ‘This is the first service of this type to be launched across Europe. It is like having a bank in your pocket all the time.
‘It allows you to send payments to anyone in the UK, simply by knowing their mobile number.
‘It makes sending and receiving money as easy, quick and convenient as sending a text.’
But let’s think about how this could be detrimental to our security. If we lose our phone or leave it behind somewhere, can unidentified users gain access to the account? According to to Richard Hurley of the Fraud prevention Service CIFAS, well only if we’re careless. He adds,
‘Users must ensure mobiles are password protected and locked at all times and should encrypt any stored data’
If you are planning on downloading the App or already have it, look into the CIFAS and check out their regulations on fraud prevention. You may just be thankful some day!
If you would like to find out more information on Ievo and our entry access systems visit the Ievo website www.ievoreader.com. We have a range of biometric fingerprint readers that you might just be interested in for current projects or your own use.
Recently, scandal has been prominent within the world of journalism, and not just stories that have been circulating about celebrities, but of course..security! The phone hacking debate has been stirring for years, but only within the last six months or so it has boiled over board. Every day we hear of another innocent family or troubled celebrity that have fallen victim to phone hacking. But, have you ever wondered how it actually happens? Well, after trawling the internet for an explanation, we’ve found one! Not that we need to worry, but then again, who knows? Perhaps us unsuspecting biometric manufacturers or fingerprint system installers could be hacked right now…
What’s really being discussed is illicit access to voice mail messages. There are a number of possible methods to gain access to someone’s voice mail illicitly. In the UK at least, given the original police inquiry into the News of the World scandal, mobile network operators improved their security mechanisms to increase protection of users. The good thing is, you can test out these mechanisms yourself. If your operator hasn’t taken steps to close down the basic loopholes, ring them and tell them!
A lot of the problems that arose in the voicemail scandal arose from the use of well-known default PINs for voicemail access. In fact, you as a customer may never have used a PIN for accessing your voicemail. That is because on most mobile phones, the network recognises that it is your phone calling in and makes life more convenient for you. So you would never even think that someone could access your voicemail by just dialling a number and entering a well-known default PIN.
These PINs can be found across the web – they naturally needed to be publicised to customers so they knew how to get remote access if they wanted. This was one of the mechanisms allegedly used by the News of the World ‘phone hackers’ to get access to people’s voice mails without their knowledge. If you’d never setup a PIN, the attackers would get in via well publicised default PINs. If they came up against someone who was using their own PIN, they would then use social engineering techniques to trick the operator into resetting the PIN to the default.
Another not-so-well-known method of accessing voice mail is to actually call your own mobile number.
Claims about the voicemail hacking scandal say that one journalist would call up a celebrity to engage the phone while another would then go into the voicemail using this method. This seems pretty likely as a lot of celebrities’ phones are looked after by personal assistants, not the celebrity themselves so it could look fairly legitimate to call up the PA.
One of the security measures that have been introduced is to notify the customer more often by SMS when something goes on that they should know about. Remember that if a third-party was accessing your voice mails remotely, you as a customer wouldn’t normally get to know that anyone had been there. In some cases, the attackers deleted the voice mails. The type of notifications you could get could tell you that there has been a remote access to your voice mail, that there was an invalid PIN code attempt or that your voice mail PIN has been changed – all useful bits of information!
This is something that has been borrowed from the banking industry. It is a simple, effective early warning mechanism that something could be wrong. Because it shouldn’t happen very often, you shouldn’t be plagued by messages, equally you are the best person to know if it is dodgy activity or not.
However, always be careful with any message you receive. The best thing to do if you are unsure is to ring the customer helpline of your operator who’ll be able to tell you whether the message is genuine.
Sadly, there are always people who want to find out what others are up to, illegally. The methods for doing this are continually evolving. Some of the newer methods involve faking a phone’s displayed number so it can trick access to voicemail. This technique has been used in the USA and recently in the Netherlands to get access to the voicemails of politicians. To block this attack, you need to setup a PIN to access your voicemail. By doing this you prevent automatic access to your voicemail (as if you were ringing from your own mobile).
Explanation provided by Naked Securty
Ievo manufactures access control systems specialising in fingerprint scanners. Both products Ultimate and Micro are available globally. To find out more visit www.ievoreader.com and visit the products page
LinkedIn has become the subject of a recent security scam, one which anyone using the site is vulnerable. The spam message tries to make you believe that one of your connections is on an unplanned business trip and had their possessions stolen. The message then asks you for money to pay for their hotel bill. The deviant messages looks something like this -
The spam LinkedIn messages to watch out for
One way the spammer tries to con you is through the use of making phone contact. This is a common pattern among spammers, because obviously, the first thing you would do if you received this message was try and get hold of them in any way possible. Only to find out that it’s a fake. That is why they cleverly tell you in the message that the hotels phone system is down.
‘Stranded’ scams as they are called have appeared in numerous social networking sites, including Facebook. Tricksters have even tried to break into the email accounts of US senators to try and retrieve money from innocent people. The only way to protect yourself from this is either; don’t set up social networking sites (who needs them anyway!) or look after your details and keep them original and private.
If we have said it once we have said it a thousand times..wouldn’t biometric password entry solve this problem? Okay it’s a long shot and might not become a normal part of our social networking or banking routine for another couple of years, but if any time we needed to enter a familiar pin, we simply scanned our fingerprint, vicious attacks like this would potentially disappear.
Fingerprint software is so far advanced now that even fake fingerprints cannot dupe some superior biometric devices, making fingerprint access systems even more reliable, robust and trustworthy than ever before!
If you would like to find out more information on the Ievo door access devices, then visit www.ievoreader.com to download technical information, end user guides and watch our compelling biometric fingerprint reader test videos.
The latest security scandal to capture our minds has of course been the phone hacking enquiry, and this has perhaps overshadowed the ‘Man in the Browser’ (MitB) attack which lets face it we are more vulnerable to than a journalist hacking our mobile phones. But yet, there are so many people out there that haven’t even heard of this security breach and it is potentially destructive. This is why..
According to the BBC Click investigation, customers of banks such as HSBC and Barclays which use remote calculator devices are particularly vulnerable of being tricked by an offer of training in the ‘new security upgrade’ only for the holders details to be accessed by the Mitb, but this is hidden from the user.
However, these banks issued a statement claiming that as long as the user has an up to date anti-virus they will not be susceptible. This is not true! Because the hackers will learn how to crack the anti-virus’ software to gain access to your details. One security company even admitted that if this threat had come from a source not known to be bad and started communicating with a web address also not on the black-list of “bad” sites – until they had discovered and analysed it – it probably would have beaten their protection.
The BBC investigation used a test witness to try and figure out if normal users are at risk. They found that the threat does not strike until the user visits particular websites and is not specific to any one individual bank. Basically, the malware lives in the web browser and can get between the user and the website, altering what is seen and changing details of what is being entered. Some versions of the MitB will change payment details and amounts and also change on-screen balances to hide its activities. With the additional security devices, the risk of fraud is only present for one transaction, and only if the customer falls for the “training exercise”. But once entered into you are automatically vulnerable.
Although very alarming, most banks in the UK will refund victims of online security fraud. But take some precautions to try and alleviate the threat. Continue to use online security anti-virus’ and internet security, only accept advice from official bank pages and monitor the patterns of your online banking system, because most banks have software which logs your banking patterns and if they deviate alarm bells will start ringing.
To find our more on Ievo and view our product lines, visit www.ievoreader.com
Detecting a lie has been at the forefront of police and lifestyle television investigations for quite some time. But, for several hundred years now, numerous methods have been used to try and crack an individual into telling the truth, from torture to polygraphs to voice biometrics. But are any of them really successful, and can we really tell if someone is telling the truth or just outright lying?
The tradition began as oath taking prior to testimony which tested peoples moral codes by swearing by the religious gods. Obviously, practices as such still exist today, when a person gives evidence they can swear by the Bible, although not compulsory. The difference between one person telling the truth in the court of law and otherwise might not necessarily be religiously influenced, therefore, other methods have been developed to try and figure out if the subject is fibbing.
The polygraph is still considered the gold standard when it comes to lie detectors. In case you don’t know the exact methodology used, it measures several physiological indices such as blood pressure, pulse, respiration and skin conductivity, while the subject is asked a serious of questions. Although based on psychology, the method uses scientific methods, to produce a quantifiable statistic.
An interesting method adopted by many psychologists is the kinesic interviewing technique. Where the interviewers themselves look for specific behavioural techniques which would lead them to believe if the subject is lying or not. Some would say that if the individual looks up and to the left while speaking they are formulating a lie. While a glance in the opposite direction indicates truthfulness. This stems from Neurophysiologists school of thought that certain areas of the brain activate when recalling memories, while others are stimulated when we’re being creative, e.g. lying. The idea is that a lie requires some creative thought, while answering a question truthfully relies only on memory.
However, some interviewers refute this method, saying that you must study the individuals behaviours first before trying to decide whether they are being truthful or not, because you cannot possibly generalise peoples behavioural patterns.
So..what has this got to do with biometrics? Well, people have been trying to figure out what is the best form of lie detector and some would believe that it is voice biometrics. Although these can be used as forms of access control systems, researchers have found that from the subjects voice, computers can analyse variations in speaking, pitch, volume, tempo and syntax to determine the questions answered are truthful, or even if the individual is stressed, angry or drunk!
Okay, so when voice recognition is used in entry systems, it won’t be detecting if what your saying is a lie or if you are in a particularly bad mood that day. But it is interesting to think that our voice actions can be analysed in order to create an assumption about ourselves.
However, the best method is probably an excellent interviewer. Wouldn’t everyone love to be able to differentiate between a lie or truthful statement. Albeit, it could cause problems at home or in the workplace. But then again, a little white lie here and there does nobody any harm.
In our own security world, biometric obsessives believe that the sole purpose of fingerprints is for access control and for this alone. However, recent research has shown that this is not the case. In fact, there are two schools of thought. Firstly, that humans have fingerprints for gripping and secondly, for sensitivity. Clearly, the people relishing these arguments don’t work in the security industry, but for the purpose of this blog, lets pretend we don’t either!
So, for a long time, there has been an ‘urban myth’ that we were born with fingerprints for gripping onto everyday objects, our pens, tea-cup, paper and telephones. But this theory has actually been squashed by researchers at a Manchester University. Basically, they have found that friction between two materials, in this case our fingers and an unknown object, acted like rubber instead of a normal solid, where the friction is proportional to the contact area between the two surfaces.
So in other words, the friction between the two objects was 33% less than it should be, in fact in some cases the fingerprints hinder or loosen our grip. Therefore, this would lead one to question, what exactly are our fingerprints for? Well aside from biometric purposes, perhaps they are for sensitivity. Our bodies natural reaction to anything that looks remotely dangerous is to fight or flight. So perhaps our prints are to enhance this to survive.
It might be correct in saying that our fingerprints have evolved from our cavemen selves, where we might have needed gripping prints, for tree bark and rough surfaces. Whereas now, we use them to determine the touch of something; hot, cold, prickly or smooth. But, we think it’s perfectly fine to go on assuming that fingerprints should be used for access control, and this alone. Perhaps then biometric fingerprints will become a common term, taking the security industry by storm. Here’s hoping!
Ievo is a biometric manufacturer of fingerprint readers, to view our product range, visit our products page
The first UK citizen to have a bionic arm fitted is having the life changing surgery today in Austria. Corporal Andy Garthwaite, 24 lost his right arm in Afghanistan but will have a fully functioning arm in around 18months time. The arm will be operated via messages from his brain.
The bionic arm strapped across the chest and controlled by the brain
This is only the fifth nerve re-innervation surgery to have taken place in the world. The technology works as so..
The amputee will have their original nerves de-activated then re-innervated with remaining nerves from the ‘good’ part of the limb. The electrical potential of the muscle represents the motor commands to the missing limb and therefore act as a drive to the motorised prosthetic. It will provide the individual with a sense of the missing arm being touched.
It will take around 18 months for the corporal to gain full use of his new sophisticated arm, and will be able to control actions such as throwing a ball and moving his elbow and hand.
This is major breakthrough technology and seriously poses questions as to where medical advances are going to lie in the future with regards to brain activity controlling foreign objects. Not only this, but with biometrics! Although this is not directly linked to the security advances taking place within the industry today, it is interesting to think where we stand in combining the two. Will we ever have a biometric based on our mind activity? Perhaps a long shot but maybe a possibility.
IBM have recently revealed its ’5 in 5 report’ five technological advances within the next five years which will change the way we function in society. The futuristic projects range from controlling electronics with your mind to biometrics becoming a major part of our everyday lives.
First – Soon all we will have to do to power up an electronic device is think about it. By devices we mean, phones, emails, ovens and other certain appliances. The individual will not have to say or do anything. This would be a major advancement to a quadriplegic or paraplegic whose lives could potentially change because they may eventually live without full or part time support from a carer. Gadgets like this are already under-way, albeit in a very minor scale. The Wii and X-Box are both able to be controlled by the users motions, so keeping this in mind, perhaps it doesn’t seem too far fetched that one day our brains could be the controller.
Second – We will be able to power electronics using energy cultivated from activities like walking, running or exercising. This is formally known as micro-electronic generation. A certain motion sensor kept in sole of your shoe could charge a battery that can connect to a power grid, to access a smart-phone or other appliance dependant on a battery. Again, this seems likely. Nike are able to track a users steps and motions and convert it into quantifiable data for the user to assess their calorie consumption and loss. So perhaps, yes in five years time this also could be possible.
Third – Biometrics will over-take the use of passwords in our everyday lives. This is probably the most likely scenario out of all five that seems the most possible. The reason being, biometrics have been around for a long time, and not just as a form of security but access control to track people’s whereabouts at work. An earlier Ievo blog-post assessed the mainstream of biometrics in 2012 which in our opinion, won’t happen, but in 2017.. fingerprint recognition especially will become a major part of our lives, from ATM’s to paying for our groceries at the supermarket.
Fourth – Better technology will exist to prevent unwanted emails. Everyone has certain patterns when it comes to emailing, or so IBM believe. The software will track how you interpret certain emails and after it learns your emailing habits, it will automatically delete them. This seems a little bit utopian, as we all get those emails we hate or don’t want, but is it a possibility? Well, perhaps so, as it picks up on individual behaviour instead of generalising everyone collectively.
Fifth – the ‘digital divide’. There will be no more, ‘those who have and those who have not’ people will be able to connect with anyone, no matter where they are, no matter what language they speak and at any time. Communication will be completely open. Will this be the end of the ‘us and them’ dilemma around the world? We will have unlimited access to anyone, anywhere without any presumptions or hesitations.
To see more of Ievo blog posts, visit www.ievoreader.com/blog
Biometric fingerprint systems in hospitals have been widely criticised, not only because of dry prints due to frequent hand washing, but because latex gloves are often worn by the registered individuals, including domestic assistants, nursing auxiliary and porters. However, fingerprint biometrics can be used in this environment. Here’s why..
The Ievo Ultimate..Complete with MSI Sensor
Multi-Spectral Imaging Sensors capture fingerprint data beneath the surface of the skin so that dryness or gloves create no problems for reliable reads. This is a major advantage to fingerprint recognition systems that use this innovative technology, hospitals spend $100 to $200 per employee per year supporting password-based systems – and even more for token- or card-based systems – while trying to ensure the protection and safety of patient information.
Although these forms of security have their advantages, they can seriously jeopardise doctor-patient confidentiality. What if an unauthorised individual became party to a lost fob or card. Even worse, what if one was stolen on purpose to gain access to records? Although these scenarios may be an extremely rare case, can one really take the risk? Thus, biometric entry can help minimise insurance fraud and theft of controlled inventories such as pharmaceuticals, and they can secure against the unauthorised use of expensive medical equipment and records.
An interesting argument against biometric fingerprint scanners in this case is spoofing, which can uniquely be avoided through the use of ground-breaking MSI technology and a world-class algorithm combined. Say, for example the Ievo Ultimate reader, which cannot be spoofed, even by the Police would be perfect for such applications; hospitals, cash offices, server rooms and many other high security applications.
But biometrics security systems are only viable if the technology and solution can be made to work reliably for every user, every time. Today, the cutting-edge biometric technology multispectral fingerprint, which has the unique ability to “see” beneath the surface layer of skin, is having a dramatic impact on user performance and real-world experience in the healthcare industry. Not only can multispectral fingerprint handle the environmental factors that can affect fingerprints, but it is also the only technology on the market today that can extract a fingerprint image from a gloved hand. In addition, the Ievo Ultimate fingerprint access control reader has a robust and durable spoof detection feature meaning it’s a solution that is now showing up in healthcare facilities worldwide.
