Mouse Scans Palms to Verify ID 145
p00kiethebear writes "'Fujitsu is eyeing a variation on the centuries-old art of palmistry as the latest biometric weapon against unauthorized access to computer systems and facilities. The company has developed a computer mouse that will scan the palm of the user and deliver not a look into the future but verify the identity of that person.', With a .5% error rate I wouldn't be surprised if we saw this in offices within the next few years."
Slashvertisement? (Score:2, Informative)
There've been thumb-reading mice for a while now. google: thumb biometric mouse [google.com] This isn't news, it's another slashvertisement.
Yawn.
Re:Slashvertisement? (Score:3, Interesting)
The thing attaches to an ordinary PS/2-style mouse port. That's a secure channel!
So anybody who can land a trojan on the box, can easily capture the valid auth dialogue with the device...
It wouldn't be too tough to have a bogus "print" stored electrically, and rep[lay it either from the actual port, or read from a location in memory.
Re:Slashvertisement? (Score:3, Interesting)
Re:Slashvertisement? (Score:3, Interesting)
Actually, that's one improvement that this system has over the easily-fooled fingerprint based systems. Since this system uses reflectance measurements from the palm that are affected by deep structures (veins), the palm print left on the mouse won't do a potential cracker any good.
That said, I suspect that the system really isn't worth the trouble. Other posters have noted that the mouse connects to an ordinary PS2 port, so there's an opportunity for a spoof right there. And the 0.5% error rate sounds good--but only if those are all false negatives. If the system is misidentifying users 0.5% of the time for a database of 700 users, then there will be a truly embarrassing failure rate in a corporation of, say, ten thousand users.
Re:Slashvertisement? (Score:2, Insightful)
Theoritically, someone could record someone's palm print inline on the ps/2 port, and watch them type their user/pass, then come back later with the spoofing device containing the correct responses to hook inline to the ps/2 port again and log in as that person. But you're talking about a BIG operation to pull this off, plus a lot of chances of getting caught. (you have to physically access their computer twice, PLUS somehow get their user/pass).
I think it could have a use, but it will need to be integrated into NDS/AD elegantly for it to catch on in the enterprise. And it must be low hassle to implement.
Re:Slashvertisement? (Score:3, Insightful)
I guess it comes back to what we already knew--as soon as someone has unfettered physical access to a machine, it's security is effectively compromised.
You want to limit access to a computer? Put it in an office. And lock the door. Know who has keys. Audit those keys.
Re:Slashvertisement? (Score:1)
Damn damn damn.
I wasn't paying attention; the 'it's' should be an 'its'.
Twenty lashes with the wet grammar noodle for me.
Re:Slashvertisement? (Score:2, Informative)
heh.... (Score:4, Funny)
Re:heh.... (Score:1)
Shouldn't we put it in the keyboard instead of the mouse to prevent this?
Re:heh.... (Score:1)
Re:heh.... (Score:2, Funny)
Who needs a keyboard with voice type and a 17-button mouse (with 3 scroll-wheels)
Re:heh.... (Score:1)
Oh look, here's my boot disc that doesn't auth anything.
Anytime someone can sit down at a computer theres not much changing the log on schemes can do, unless its a dumb terminal and authentication / anything else is done offsite.
Wash your hands (Score:4, Funny)
Mom's gonna be happy
Re:Wash your hands (Score:1)
Re:Wash your hands (Score:2, Funny)
why? (Score:1)
Re:why? (Score:1)
Anything that 'wastes an employees time' ('cuts into employee productivity') are seen as Very Bad Things<tm> in the big bad corporate world of bottom-lines and statistics.
Optical mouse (Score:1)
The Switch (Score:3, Interesting)
Re:The Switch (Score:2)
What would the system say... (Score:1, Funny)
.5%? (Score:2, Interesting)
Re:.5%? (Score:2, Insightful)
Re:.5%? (Score:1)
-Kevin
It's worse than that... (Score:1)
Why a mouse? (Score:3, Interesting)
Something just used for recognition would seem to be a bit more practical. Cheaper because size wouldn't be a significant factor, and also it'd be easier to lock down against theft.
But a mouse is just asking for trouble. Its got a
A mouse is a bad idea.
Re:Why a mouse? (Score:3, Funny)
Jeez, I'd hate to shate a machine with you!
Re:Why a mouse? (Score:2, Funny)
Are we still talking about a mouse here?
Re:Why a mouse? (Score:2, Interesting)
This could be useful because you now have a way to actually catch unauthorized people trying to get into your system instead of simply keeping them away. Consider this scenario: For whatever reason, Joe Evil manages to get to a computer that's logged on to a network that contains sensitive information. Gleefully, he sits down and uses the mouse to open up windows explorer and starts looking for a client list or something. Meanwhile, the mouse has detected that this person isn't authorized to be on the system, so it's notified security and also loaded a system image that contains totally bogus data for Joe to explore. Joe has no idea that he's accessing false data or that two hulking brutes from security are on their way to have a...discussion with him.
Re:Why a mouse? (Score:1)
With this system they could continuly test and over a wider part of the body. Also you could start to test the way that the user hold the mouse, which adds another factor which could be hard to duplicate.
USB _good_? (Score:2)
Finally, there's a convenience involved in various devices on the USB tree not being able to communicate with each other without relaying through the computer.
Re: (Score:1)
On hand position (Score:1)
Workplace environment (Score:1)
They didn't seem to mention price
.5% Error Rate (Score:1, Insightful)
Re:.5% Error Rate (Score:1)
That's like saying once every 28 weeks I identify the color green as orange.
"Or once every 28 weeks, my PC won't let me log on."
Those odds sure beats running an IBM hard drive, they don't even last 28 weeks.
Interesting... for desktop users. (Score:1)
A wild take on some of the coming comments: "privacy inavsion", "Like the movie Gattica", "trating people as criminals" ...
What good will this do? (Score:1)
Re:What good will this do? (Score:2)
Re:What good will this do? (Score:1)
Re:What good will this do? (Score:2)
Re:What good will this do? (Score:1)
According to Fujitsu PR... (Score:2, Interesting)
Of course, this tells us nothing about how easily fooled the system is. Considering the recent success [counterpane.com] of a Japanese researcher in breaking fingerprint systems, I wouldn't trust this for a second.
Re:According to Fujitsu PR... (Score:1)
Re:According to Fujitsu PR... (Score:2)
I wouldn't be surprised (Score:2, Insightful)
Have they not heard of the birthday attack? (Score:2, Informative)
It does not state what kind of errors were made. Failing to identify a palm or, confusing two palms. In the latter case, the error rate goes up dramatically with the number of palms in the database.
Why? (Score:2, Insightful)
What if??? (Score:1)
Re:What if??? (Score:1)
different styles (Score:1)
Too bad this is dangerous (Score:1)
Better come up with a trackball version, stat.
Atleast this will save me... (Score:1, Funny)
"Sorry, my palm won't work the mouse..."
Not used (Score:2)
Issues with Practicality (Score:4, Interesting)
I personally am not in favor of biometric protection devices. Even if they are 100% effective and never make mistakes reading, I do not feel that they are a wise choice.
Bruce Schneider wrote a good column about biometrics here [counterpane.com]. I don't like the fact that some biometrics are very easy to steal. This means that once someone discovers your biometric "password" they can use it anywhere because you can't change your password.
So I personally would be wary about having too much faith in such a device. /p
neurostar
Re:Issues with Practicality (Score:4, Insightful)
To paraphrase Schneider: if someone steals your palmprint (for example, by getting a print off a surface that you touched and making a duplicate good enough to fool the scanner), where do you go to be issued a new palm?
Biometrics are ok if they are only part of what you need to get into the system (e.g. the right fingerprint plus the right password).
Why on a mouse? (Score:1)
Of course, the keyboard could also be locked, but who the hell would want to type with one hand on the mouse?
Since neither of those options are good, the only thing left is to use it for authentication at the beginning of a session. So if I'm only going to use it as a fancy password (which is stupid anyway, considering the error rate), what benefit is there to having it on the mouse? None.
And I believe we can all see the negative side-effects of sticking even more stuff on something we move rather aggressively all the time...
Re:Why on a mouse? (Score:1)
That would be really annoying (Score:1)
A palm scanner to get into some secret lab isn't a bad idea -- but a mouse that does scans your palm? It's like (approximate Simpsons quote) nuts and gum -- together at last!
Fun with Print Readers (Score:1, Informative)
This gelatin fake finger fools fingerprint detectors about 80% of the time.
pitfalls of this technology (Score:1)
Criminals will have a slightly easier time getting access to systems they might not have been able to get to with the old personal ID number system. Unless you're of vulcan descent getting a PIN from someone's brain required some beating, but with the scanning technology all they'd have to do is chop a hand or gouge an eye and they'll have access to everything you did.
There's always room for jello... (Score:1)
wow, I now have full access!
Fault tolerance? (Score:2)
similar endevours? (Score:1)
Re:similar endevours? (Score:1, Funny)
In your case that is the same as facial recognition technology.
Easy to fool? (Score:2)
Personally, I'm happy with passwords - you can change those...
the future (Score:2)
the question is... (Score:5, Funny)
Re:the question is... (Score:3, Funny)
Fortunes (Score:2)
Well, if someone were to rewrite fortune for this, you would have a customized one every time you logged on!
Wear and tear (Score:1)
Solving the wrong problem (Score:2, Insightful)
Most of the security threats people have to worry about in the real world have to do with attacks that bypass authentication entirely (most buffer overflows), or that trick valid users into doing stupid things (most viruses), or that hijack the software valid users run into doing their bidding (most viruses and worms).
Go over all the high-profile security issues of the past year. How many of them would have been mitigated by using biometric authentication instead of passwords? Few, if any. I'll bet 99% of the Klez E-mail I get has its true origin in a valid, properly authenticated user.
And as a bonus, it combats porn in the workplace! (Score:1, Redundant)
Sounds inconvenient (Score:2)
I wonder if what they'll do about my laptop mouse.
-a
$5 cameras in "look-back" monitors (Score:2)
Eczema sufferers will love this (not) (Score:3, Interesting)
So now a visible percentage of the population are now going to be intermittently locked out of their computers by a stress-related illness. Isn't technology great?
Re:Eczema sufferers will love this (not) (Score:2)
Does it measure temperature? (Score:1)
That may prevent me from chopping off your hand in order to gain access to your machine. Just a thought.
The press releases for new identification technologies are so slick and appealing (in general), but all the "new" technologies suffer the same basic flaw: the determined individual can not be stopped whether that individual is set on stealing your files or crashing an airliner into a skyscraper.
An office scene (Score:1)
"Yah! uh-huh...no. It's not contagious...sure... no, yes - yes I'll meet you there. The Bawls bar on 2nd right? uh-huh... yah! lemme just check my email"
*click*
Please identify!
"Christ! I just went to the bathroom!"
Place your palm in full contact with the mouse
Stupid! {places palm on mouse}
Identification incomplete
"What?"
Please state your name
Rob
full name
Robert Malda
Please state supplementary identifier
"Which one?"
Orientation
"Lesbian!"
OS Orientation
"Linux"
bzzzt!
"BSD"
bzzzt!
"Oh for Christ's sake! -- OSX!"
ding! Access granted.
INCREDIBLY SECURE (Score:1, Funny)
2. *click* plug in new mouse
3. PROFIT!
Re:INCREDIBLY SECURE (Score:1)
Coward.
How long before... (Score:2)
Airliner control (Score:1)
Re:Airliner control (Score:1)
"Of course, control could be released by insertion of a secret code into a keypad that only certain ground security people would know and could tell the someone on the plane via radio in a pinch..."
The more people that know that password, the more brittle it is. If you have hundreds of airports, and a few tens of people at each airport (someone has to be awake and not sick at all times) that know the code--there are thousands of possible places to get it from. And how easy is it to change? Make it too easy, and an accomplice will simply change it to a key shared by the terrorists.
Technology is not a panacea. How about (bullet|blast)proof doors between the cockpit and passenger compartment? If no hijacker can get into the cockpit, they can't take over the flight.
one problem I noticed (Score:1)
i don't trust the 5% error rate (Score:2)
sorry i meant 0.5% (Score:1)
Reliability of biometric testing (Score:2, Interesting)
The companies selling this stuff are really pushing this as 'secure' and the way the media are raving about this, I imagine a lot of ppl are fooled by this.
Even when the system itself wouldn't be easily fooled I would hate to see what happens if people start bypassing this in hard/software. You would have to have physical protection of the hardware to avoid bypassing the scanner and have very ingenious software to make this secure.
Not really that secure... (Score:2, Interesting)
Seems to me the sOme common gelatin trick would work here as well...you just need more of it.
Another issue that this may create - the chopping off of hands. Think about this...in the early 90's insurance companies tried to reduce their car theft losses by encouraging the use of car alarms and passive security measures (eg, only your key will unlock the steering column). The result...lower incidence of car theft..sort of. While noone now breaks into and steals a car parked on the street, the incidence of "car jacking" or the violent theft of a running car from the owner at gun point. More often than not this results in serious physical harm or evenb death to the car owner. That almost never happened in the "old days" before car alarms.....
So this may, for access to the right kind of data, encourage the kidnapping of perwsons, the "removal" of a hand, and the making or a "hand cast" as in the article (a whole hand print is much harder to come across than a single fingerprint)to use to circumvent this "cool" mouse...
So, be careful what you wish for....
Jello palm (Score:1)
0.5% (Score:3, Interesting)
1 in 200 error rate? That's not good! (Score:3)
Mark of the Beast (Score:1)
9A third angel followed them and said in a loud voice: "If anyone worships the beast and his image and receives his mark on the forehead or on the hand, 10he, too, will drink of the wine of God's fury, which has been poured full strength into the cup of his wrath. He will be tormented with burning sulfur in the presence of the holy angels and of the Lamb
Remember the hoax about ID chips in palms? (Score:2)
Question (Score:2)
Re:I can see it now... (Score:5, Funny)
Re:I can see it now... (Score:2, Funny)
Then again, if you're as stupid as to spill some extremely aggresive acid on your hand, (most acids commonly available aren't aggresive enough to radically change things) not actually clean it off, endure agonizing pain in the process of letting it disfigure your hand, manage to hold a mouse with your disfigured hand and then finally wonder why it doesn't work, one shouldn't be allowed to use a computer to start with.
Re:I can see it now... (Score:1)
Re:I can see it now... (Score:1)
I'm assuming the data it matches your palm against isn't static..