Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Maximize Security with Palm Vein Authentication


Published on

Professional end to end IT security solutions have to ensure a reliable access to data and services at all times and to guarantee that all information is complete and without unauthorized changes. Nearly daily news on frauds caused by insufficient secure IT environments underpin the necessity for a highly secure authentication – also within modern mobile working areas. Using unambiguous identities is a necessary prerequisite for avoiding data espionage, password theft and the like, effective supported by our PalmSecure truedentity offering, launched at Fujitsu Forum 2015. During this breakout session you´ll get additionally to insights on the broad band of existing solutions also a preview on upcoming solutions and services like “Biometrics as a Service” and “Mobile Identity Services” with seminal advantages for the users.

Thomas Bengs

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Maximize Security with Palm Vein Authentication

  1. 1. 0 Copyright 2015 FUJITSU Human Centric Innovation in Action Fujitsu Forum 2015 18th – 19th November
  2. 2. 1 Copyright 2015 FUJITSU Maximize Security with…
  3. 3. 2 Copyright 2015 FUJITSU …Palm Vein Authentication
  4. 4. 3 Copyright 2015 FUJITSU Thomas Bengs Director & Head of Security Solutions PTSC CCD SEC FUJITSU
  5. 5. 4 Copyright 2015 FUJITSU Digital Business – the risks for Identities 7 BN mobile phones 8 BN people From 2014 to 2020 Every minute, 19 persons Have their identity stolen 639 million 250 million connected cars 220 million connected consumer electronics in 2020 2025: 100% connected 2032: 75% autonomous 12 victims per second impacted by consumer cybercrime X 500 Investements in industry 4.0 to grow by 2020 25 bn connected things in 2020 Today 5bn
  6. 6. 5 Copyright 2015 FUJITSU Security starts with your ID Cost All-day press alerts Data theft  Stolen passwords  Forgotten/stolen smart cards Identity theft  Unauthorized use of medical/social services  Unauthorized access to buildings Hacking  Burglary, theft, and manipulation of personal data and that of regulatory authorities Skimming, Fraud  Manipulated ATMs  Manipulated online banking  Forged identification documents
  7. 7. 6 Copyright 2015 FUJITSU What are the options?  Stick with a password or a pin  How often to change?  How many different ones?  Add an ID card, token or another password  You have it always with you?  Lifecycles? • Cost? • Usability? • Manageability? • Security? Why not adding a biometric authentication method?
  8. 8. 7 Copyright 2015 FUJITSU PalmSecure – secure biometric authentication Cost 1 The human eye cannot detect palm veins 2 A near-infrared sensor detects the vein pattern 3 Image processing extracts the vein pattern 4 PalmSecure compares the pattern to an encrypted, pre-registered template
  9. 9. 8 Copyright 2015 FUJITSU Advantages of PalmSecure Cost  Hidden in the hand  Relies on blood flowing  Permanent feature  Accurate: 5 million reference points  Contactless  Applicability
  10. 10. 9 Copyright 2015 FUJITSU Palm Veins – most accurate & most convenient Cost Authentication method FAR (%) FRR (%) Face recognition Voice recognition Fingerprint recognition Finger vein recognition Iris/retina recognition Palm vein recognition ~ 1.3 ~ 0.01 ~ 0.001 ~ 0.0001 ~ 0.0001 ~ 0.00001 ~ 2.6 ~ 0.3 ~ 0.1 ~ 0.01 ~ 0.01 ~ 0.01 False acceptance rate (FAR) & false rejection rate (FRR) compared Fujitsu’s palm vein scanner is the most precise and practical technology. A comparison: fingerprints vs palm veins – If you enrolled the population of Germany (80m people) ■ With fingerprints: About 80000 would be accepted in error ■ With palm veins: Only about 800 people would be accepted in error
  11. 11. 10 Copyright 2015 FUJITSU PalmSecure portfolio elements OEM solutions for Integration PalmSecure Software solutions PalmSecure ID Match Specific solutions  OEM Sensor modules  SDK V02  PalmSecure ARM board  To be embedded into: • Terminals • Turnstiles / gates • Doors (indoor and outdoor) • Incl. time recording  Windows login with Fujitsu Workplace Protect  SAP login and authentication with SAP bioLock  SSO software solutions with truedentity™  Physical Access for indoor usage  Access LogOn for Client/Content  POS Payment Solution  ID Mobile: Usage with smartphone  Ultra secured enrollment  2 factor authentication  Project based solutions for special industry requirements:  Banking  Retail  Entertainment  Healthcare
  12. 12. 11 Copyright 2015 FUJITSU PalmSecure mobiles LIFEBOOK U904 Ultrabook PalmSecure™ CELSIUS H730 Workstation PalmSecure™ LIFEBOOK U745 Notebook PalmSecure™ LIFEBOOK S935 Notebook PalmSecure™  World's first notebook with integrated palm vein sensor  Only .61 inches thick and weights just above 3 lbs.  Ultra-sharp frameless 14-inch WQHD+IGZO display  Touchscreen option  Workstation performance for mobile use, extremely secure  15.6-inch workstation with comprehensive set of ISV certifications combines top performance with numerous connectivity options  4th-generation Intel® Core™ i7 & i5 processors with vPro™ technology. Professional NVIDIA® Quadro® graphic cards with up to 576 CUDA cores  A slim 19 mm and lightweight notebook from 1.55 kg, HD+ anti-glare display with touch panel option, magnesium housing with aluminum palm rest  „Pull-out LAN connector, embedded 4G/LTE or 3G/UMTS option, WLAN and Bluetooth  Door to exchange the battery, memory and internal storage  Sleek notebook design, up to two working days runtime with first and second battery, modular bay  Exceptional lightweight starting at 1.24 kg, with a sturdy magnesium housing and aluminum  High resolution (2560x1440) WQHD IGZO display with anti-glare, non- touch or glare, touch option, backlit keyboard, port replicator option
  13. 13. 12 Copyright 2015 FUJITSU Software Solutions for secure authentication  Administrator application for central management of security relevant settings  Intuitive user interface  Relevant data is stored in a MS SQL server database  Import of devices and users from Active Directory  Automatic job management to manage the security settings  License for each managed device, three free test licenses are included  Can be ordered via price list  Single application for all security relevant settings  Protects workplace devices against unauthorized usage  Automatically locks workplace devices, when user leaves his/ her desk  Supports a wide range of security devices  Comes pre-installed on Fujitsu Client Computing Devices  Free of charge for Fujitsu Client Computing Devices  Enterprise Solution for secure authentication  Secure Log On, Single Sign on and Web application authentication  Identity services (Enrollment services)  Two factor authentication (in combination with smartcard, token or credential based with Password and user name  Can be customized  Flexible integration  Can be ordered via pricelist Workplace Protect Client based Workplace manager Client server PalmSecure truedentity Enterprise/ client server
  14. 14. 13 Copyright 2015 FUJITSU A new way of authentication – PS truedentity Any clientID Match Web Service Access Control Identity Owner Identity Provider Identity Consumer Enterprise Application Access Control Mutual Authentication True Privacy PROVIDER
  15. 15. 14 Copyright 2015 FUJITSU PalmSecure truedentity - Elements  Companies: connection of several applications, also with regard to Active Directory  Governments: data reconciliation of IDs  Public sector: data transfer  Uniform "true identity" Portfolio element Use/combination of 2 components: "truedentity client component“ and truedentity server, verification by identity + vein pattern. Booth, server and client must be authenticate against each other by certificate. Based on eID authentication technology Area of application  Developed for Internet access  Strong encryption (PACE, EAC) More infor- mation Truedentity server in the role of a identity provider PalmSecure truedentity client with biometric authentication Identity consumer, who requests an identity
  16. 16. 15 Copyright 2015 FUJITSU PalmSecure truedentity - Special Features Secure provision of sensitive content through trustworthy and distinct logon Preparation for eID with the ID card Secure integration of external parties into internal IT systems Replaces user ID and password Strict development according to tried and tested German ID card infrastructure (guidelines) Forgery-proof through a multi- step verification processes via the truedentity server
  17. 17. 16 Copyright 2015 FUJITSU PalmSecure truedentity – base use cases  Windows Device Logon  Default truedentity  (using Active Directory Access Rights)  Device logon  Logon Device default truedentity or  Appl.Terminal (SDK) default truedentity  Identity Services  Enrollment Service  eID Service / HSM Consumer Integration Kit
  18. 18. 17 Copyright 2015 FUJITSU PalmSecure truedentity – consumer integration  Logon for Web Consumer default truedentity UI & JCOP Card  SAML Integration  SOAP Integration  Logon for Secured Data Consumer default truedentity UI & JCOP Card  SAML Integration  SOAP Integration Secured Data Channel  Access Control System Consumer external UI & JCOP Card  SAML Integration  SOAP Integration
  19. 19. 18 Copyright 2015 FUJITSU Application Scenarios Banking Sector Access to lockers, Transaction authorization, Cash machines, Transport of cash or valuables Aviation Security access control for airport employees, Gambling casinos: identification of players, Youth protection Energy Smart electricity meters, Access to power plants, wind power stations, etc. Post Offices packing stations and PO boxes Entertainment Gyms and Spa areas in hotels Healthcare System dispensing of medication Government Military Technology, Border and access control
  20. 20. 19 Copyright 2015 FUJITSU Benefits using this technology  Technology for conclusively identifying internal and external users  Both partner must be authenticate  Dual factor authentication (identity + vein pattern)  Unique combination of electronic identity & biometric device (PalmSecure)  Online identity card for employees, suppliers, customers, etc.  Technical infrastructure according to the Technical Guidelines of the BSI (Federal Office for Information Security) for the electronic German ID card.  Uses ETSI-Standards (SAML/SOAP)  Provides several integration scenarios (SSO framework)  Offers scalability: from basic clients to high security by using hardware components
  21. 21. 20 Copyright 2015 FUJITSU Differentiation  Secure authentication process by using advanced security methods  Authenticated communication channels between truedentity client & server  Protection of electronic identity through encryption & verified authenticity of electronic signatures  Authentication of the user against the truedentity client with biometrics  Identity & vein pattern are not stored on a server
  22. 22. 21 Copyright 2015 FUJITSU Vision Biometric Registration Biometric Authentication High Secure Infrastructure1 2 3 User centric authentication Elimination of authentication silos Authentication@the world
  23. 23. 22 Copyright 2015 FUJITSU PalmSecure – identification across industries Government  Border Control  Database Management  Security Retail  Payment transfer  Location security  Loyalty cards Banking  Account access  Fund transfer  Access management Office environments  Access to buildings  Access to workplace devices Workforce management  Location access  Time management Healthcare  Registration  Medical record access  Access management Entertainment  Fitness centers and spas  Casinos  Amusement parks
  24. 24. 23 Copyright 2015 FUJITSU Outlook FUJITSU Desktop Esprimo Q956 with PalmSecure ID Mobile: PalmSecure identification with mobile phone Available Q2/2016
  25. 25. 24 Copyright 2015 FUJITSU