Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Security in the Palm of your Hands


Published on

To protect your business, it’s critical that you can control access to data, systems and premises. Highly secure authentication is the basis – and it is best and most conveniently provided by biometric authentication. Breadth and depth of Fujitsu PalmSecure biometric palm vein technology are illustrated with usage examples that range from ultra-secure thin clients to biometric controlling and monitoring of granular and highly customized usage rights for SAP applications. In addition we take a brief look at the latest Fujitsu developments for off-the-shelf biometrics with ID Access and the combination of mobility and palm vein authentication with ID Mobile.
Thomas Bengs

Published in: Technology
  • Be the first to comment

Security in the Palm of your Hands

  1. 1. 0 Copyright 2016 FUJITSU Fujitsu Forum 2016 #FujitsuForum
  2. 2. 1 Copyright 2016 FUJITSU Security in the Palm of your Hands Thomas Bengs Director & Head of PalmSecureTM EMEIA Fujitsu Technology Solutions
  3. 3. 2 Copyright 2016 FUJITSU About Identity…  Each creature is unique and it has its own individual identity  It starts from that our parents give us our identity at our birth  Our first identity document is the certificate of birth  Later on we get our 1st passport and national id card  But we also get other and we also collect other identity instruments during our live: • Driver License, insurance cards, debit cards, credit cards, loyalty cards, email accounts, PC accounts, bank accounts, online shopping accounts, e-government accounts, travel accounts, memberships, etc. etc. etc.
  4. 4. 3 Copyright 2016 FUJITSU Identity abuse – Identity theft…  It is not possible to steal somebody's individual identity, but it is possible to abuse it…  Online shopping, Online bets, Online auctions, Online banking  Name abusing in blogs  Creating fake profiles in social networks  Pretense of fraud facts  Fake president attacks  Payment diversions  Social identity attacking
  5. 5. 4 Copyright 2016 FUJITSU The Reality is… 49,2% 19,2% 15,8% 9,9% 5,9% 3,5% 3,3% 3,7% Government / Social Sec. Fraud Other Fraud Credit Card Fraud Phone & Utilities Fraud Bank Fraud Loan Fraud How Victims identity is misused in 2015 USA 0 500.000 1.000.000 1.500.000 2.000.000 2.500.000 3.000.000 3.500.000 2012 2013 2014 2015 Fraud Complaints Other Consumer Complaints Identity Theft Complaints Total Identity Theft & Fraud Complaints 2012 -2015 in USA Source: Federal Trade Commission, Consumer Sentinel Network, 2016  15 Billion US$ stolen from 13,1 Million US citizens  112 Billion US$ have been stolen by Identity Thieves the last 6 years  Identity Theft increased by more than 47% from 2014  As US credit cards became more protected the ID theft focus moved to new account fraud  Many ID thefts have been caused by personal information collected by ID thieves in the internet
  6. 6. 5 Copyright 2016 FUJITSU How to protect my ID?  Our passports, national ID cards using biometric features  However, we daily use desktops, tablets, mobiles to get into the internet to perform operations and actions requiring our ID  We are using Pins, Tokens, Smartcards, Passwords, Images to secure our user name which stands for our ID  We try to make it more safe by using multiple factors, but…
  7. 7. 6 Copyright 2016 FUJITSU …is that really safe enough? Large corporations reported a cyber breach in the past year 93% Small businesses reported a cyber breach in the past year 87% The time it takes for 60% of security vulnerabilities to be identified 9Months Source - Mandiant It is not anymore a question of „if“, but more a question of „when“ it will happen
  8. 8. 7 Copyright 2016 FUJITSU We need to establish a strong IAM Business Access ManagementIdentity Management User Roles / Groups Resources Technology Membership Access Right Identity Access Management is not just a product – it is a SOLUTION IAM starts with identification but it includes then also the way of communication forward & backward to/from the resources to work with • Business: - Defining the the IAM processes like access rights, protection levels, protected areas, building up a meta directory • Technology: - Interfacing the different applications and platforms to interact together • Enterprise Access Management: - Defining access roles / groups - Defining authentication processing - Defining identitity management - Defining external access management
  9. 9. 8 Copyright 2016 FUJITSU A real world IAM example with Fujitsu PalmSecure Your best choice to build up an IAM solution
  10. 10. 9 Copyright 2016 FUJITSU Why Biometrics is the right choice for IAM Risk of Fraud Ownership Knowledge Biometrics To be transferred Yes Yes No To be stolen Yes Yes No To be forgotten Yes Yes No To be copied Yes Yes No To be lost Yes Yes No To be altered Yes Yes No Keys Password Vein Tokens Pin Iris Smart Cards "Selfie" Fingerprint Face Voice Key stroke Known methods Possible authentication methods Precision of Biometrics Biometrics clearly is the superior method for processes requiring authentication
  11. 11. 10 Copyright 2016 FUJITSU How PalmSecure works Hand positioned over sensor Sensor focuses & detects live hand Hand scanned with infrared light Hand veins recorded Secure biometric template stored Biometric template converted individual key assigned & 2nd AES encryption Transmitted to PC 1st AES coding
  12. 12. 11 Copyright 2016 FUJITSU PalmSecure at a glance  Very hygienic because contact-free  Easy and intuitive operation  High level of privacy because hidden under the skin  Palm veins are complex >5 million reference points  Palm has thicker veins than fingers – easier to identify  Palm veins are not sensitive to external factors  Hidden under the skin  Unique (even in the case of twins)  Traits do not change for entire lifetime  Live hand detection: only used if blood circulation detected 1 Highest level of security & performance Extremely precise Accepted everywhere2 3
  13. 13. 12 Copyright 2016 FUJITSU PalmSecure Portfolio Overview OEMs & SIs Desktop Application Platform Software • PS Sensor • PS SDK • PS U-Guide • PS Embedded ARM Board • PS PC Mouse • PS Sensor Guide Kit • PS Desktop Sensor • PS USB Stick (planned) • PS ID MATCH • PS ID MOBILE • PS ID ACCESS / T&A • PS Ultra Secure Thin Client • PS Truedentity for client / server / web service • PS Biolock for client / server • PS Ultra Secure Thin Client Linux/ Citrix /VMware • Workplace Protect Client • PS Secure Printing • mPollux State of the Art Biometrics for • Industry • Automotive • Social Security Secured Log in / SSO for: • LEs & SMEs • Banks & Insurances • Gov. & Public Sector High Level Security for: • Gov. & Public Sector • Retail & Banks • Critical Infrastructures Solutions which fits: • Log in / SSO / Web services • Mobile / Payment Security • Cloud Security
  14. 14. 13 Copyright 2016 FUJITSU Client Computing Devices with PalmSecure Option LIFEBOOK U904 Ultrabook PalmSecure™ CELSIUS H760 Workstation PalmSecure™ LIFEBOOK U745 Notebook PalmSecure™ LIFEBOOK S936 Notebook PalmSecure™ ESPRIMO Q956 Desktop PalmSecure™ STYLISTIC Q736 Tablet PalmSecure™  Super-thin and light 14-inch business Ultrabook™ at 19 mm and 1.55 kg – optional unique anti-glare touch display  Variety of interfaces – VGA and DisplayPort  2nd Fujitsu Ultrabook™ that supports patented PalmSecure technology, optional port replicator  World's first notebook with integrated PalmSecure  Only .61 inches thick and weights just above 3 lbs  Ultra-sharp frameless 14-inch WQHD + IGZO display -Touchscreen option  Workstation performance for mobile use, extremely secure with PalmSecure  15.6-inch workstation with comprehensive set of ISV certifications combines top performance with numerous connectivity options  True Workstation Performance On-the-Go Intel® Core™ i5, i7 and Xeon processors Professional NVIDIA® Quadro® graphic cards with up to 660 CUDA cores  Best screen real estate on 13.3-inch anti-glare display  Best-in-class connectivity including NFC & PalmSecure option  Boosted efficiency with optional accessories, common cradle  Comfortable viewing experience with clear-cut WQHD IGZO or FHD 13.3-inch display with optional touch  Ultimate security supported by patented PalmSecure  Unlimited computing with 24 hours battery runtime and unique-in- its-class modular bay concept  Up to 6th Gen Intel® Core™ i7 vPro™ processors  Flexible bay – select security or storage devices, such as SC reader, PalmSecure or optical drives  Lowest power consumption  Zero Noise PC – whisper quiet operation in the office  Integrated VESA mount
  15. 15. 14 Copyright 2016 FUJITSU Components ■ Sensors with palm rest (SDK for integration needed) ■ Available sensors: ■ M1E (for OEM‘s) ■ MP1 (SL Sensor) ■ MP2 (inside Notebooks) ■ M5 (successor of M1E, Launch in Q2/2017)
  16. 16. 15 Copyright 2016 FUJITSU PalmSecure Generationen 2004 2006 2008 2012 LxBxHmm 80x80x35 35x35x27 27x27x11 20x20x6 Erste Generation mit Fujitsu Unique API M1/M1E mit Bio API MP1 SL Type Desktop MP2 Notebook Type
  17. 17. 16 Copyright 2016 FUJITSU NEU! -PalmSecure Serie M5 – PalmSecure F pro Arithmetic logical unit Memory CMOS SensorUSB I/F CPU Encrypting Function Aufbau M5 Sensor • Die CPU hat u.a. eine Verschlüsselungsfunktion • Auf Programme und Daten des Memory‘s wird über die Verschlüsselungsfunktion zugegriffen • Der Schlüssel ist für jeden Sensor unterschiedlich Verfügbar in März 2017
  18. 18. 17 Copyright 2016 FUJITSU *1 : Default is normal power mode. Can be switched by setting. *2 : Specification of 1 to 10,000 is only supported by I33-format mode on Enterprise Edition. *3 : Authentication Library V30 and later is supported. Items PalmSecure Sensor/V2 M5 sensor External dimensions 35×35×27(mm) 29×29×13(mm) Types Bare Standard Mouse Bare Standard Mouse Guide Stand Guide (flipflop) Mouse Guide U Guide Standard Guide Mouse Guide U Guide Material of Sensor’s Surface Glass Glass Capturing range Enrollment : 40~60mm Verification : 35~70mm Enrollment : 40~60mm Verification : 35~70mm Host interface USB2.0 USB2.0 USB3.0 Power supply mode - Normal power mode *1 High power mode(USB3.0 only) Lighting tolerance Enrollment : 2,000lux Verification: 3,000lux Enrollment : TBD Verification: Normal power mode : 5,000lux High power mode : 80,000lux Usage environment 0~60℃ To be decided within the range of -40~85℃. Items PalmSecure Sensor/V2 M5 sensor Sensor Security - Encrypting the data on the memory of sensor. Genuine check function Functions/ Features 1 to 1 verification 1 to N identification (10,000) *2 I33-format mode I-format mode With/without guide mode Continuous Capture 1 to 1 verification 1 to N identification (10,000) *2 I33-format mode I-format mode With/without guide mode Continuous Capture Compatibility - M1E templates supported *3 Authentication accuracy ■I33-format (Capture 2 time) FRR : 0.01% FAR : 0.00001% ■I-format (Capture 1 time) FRR : 0.01% FAR : 0.00008% Same as M1E (Except for the compatibility authentication between M5 sensor and M1E sensor Template size (byte) I33-format : Maxinum15,000 I-format : Maximum 3,072 I33-format : Maximum 15,000 +For new function(TBD) I-format : Maximum 3,072 Processing time Capture(1 time) : 850ms Verification : 150ms TBD PalmSecure M1E Vergleich zu PalmSecure M5
  19. 19. 18 Copyright 2016 FUJITSU ID-Match platform ■ Programmable ■ Supports multi-factor authentication ■ Network interface ■ New I/O module (Relais, Wiegand protocol) Physical Access Control Applications Financial Transaction Applications POS / Retail Applications Multi Card Applications Social Security Applications
  20. 20. 19 Copyright 2016 FUJITSU Portfolio element ■ Secure access ■ Access control, authorized access only ■ Variety of application areas and usage scenarios Application area ■ Data center ■ Facilities and large building complexes ■ Turnstiles (e.g. public transportation, Casinos) ■ Locker (e.g. Banks) ■ Stadium protection More information ■ Fujitsu Terminal PSN900 standalone or centrally managed ■ Fujitsu platform ID-Match with I/O plugin ■ Further solutions in cooperation with OEM partners Access control
  21. 21. 20 Copyright 2016 FUJITSU Time & attendance Portfolio element ■ Secure recording and monitoring of the presence of authorized personnel ■ Automation of processes, e.g. accounting and social security ■ Possible SAP integration Application area ■ Manufacturing plants (industry) ■ Food industry ■ Pharmaceutical industry More information ■ Actual solutions in cooperation with OEM partners
  22. 22. 21 Copyright 2016 FUJITSU Fujitsu Workplace Protect Software Workplace Protect ■ User Authentication for Microsoft Windows using ■ PalmSecure ■ SmartCard ■ Fingerprint ■ RFID card ■ Face recognition ■ Pre-boot Authentication based on PalmSecure, fingerprint or SmartCard to be presented at BIOS level ■ Multifactor Authentication (MFA) ■ Template-On-Card for fingerprint and palm-vein ■ Additional secret (e.g. personal password in addition to biometric data) ■ Configurable Single-Sign-On to Microsoft Windows ■ Password Safe, stores your secret login details needed to logon to protected websites ■ Encrypted Container, a virtual disk encryption to protect important user data PALMSECURE
  23. 23. 22 Copyright 2016 FUJITSU Realtime bioLock™ for SAP Software bioLock™ ■ Control and monitoring of SAP applications based on customer- defined checkpoints with renewed authentication ■ The only SAP certified biometric security solution ■ Granular security configurable on screen or field level ■ Maximum security level for SAP applications and transactions Secure SAP transactions PALMSECURE ■ Fraud prevention ■ Protection of data against unauthorized reading / export ■ Controls and authorizes financial transactions ■ SAP transaction monitoring and logging ■ Granular secured processes, e.g. ■ Financial transactions ■ Personal data ■ Customer data ■ ...
  24. 24. 23 Copyright 2016 FUJITSU Authentication platform truedentity Portfolio element ■ Secure access with electronic identities ■ Central authentication service for distributed organizations ■ 2-factor authentication (Biometrics and ID- card / user name) Application area ■ Authentication of Windows Clients in AD environment ■ Authentication of Web-applications (supports Kiosk devices) ■ Authentication based on embedded devices (ID-Match) More information ■ Actual solution in cooperation with OEM partner OpenLimit ■ Cloud based solution (private or public Cloud)
  25. 25. 24 Copyright 2016 FUJITSU The UltraSecure IAM solution for an Enterprise… Secured Access Log In / SSO Time Attendance Secured DMS Consuming  Single software platform  Supporting Linux, eLux, Vmware, Citrix, MS IOT MS Embedded  Secured file transfer  Central administration  Central data base like MS AD, or SQL  Virtualization
  26. 26. 25 Copyright 2016 FUJITSU Where we will go next… Biometric Security demanding Areas Enterprise Mobile Payment Financial Transactions Healthcare Datacenter Entertainment / Recreation / Events Automotive Logistics Government / Industry Video Surveillance Mobile Apps IDaaS/Cloud Physical Access Control Time Attendance Log in / SSO Web Services Perimeter Biometric Solution Portfolio Elements - Single Platform Biometric Modality Hardware Platform PalmSecure Fingerprint Face Recognition / Iris Recognition Voice Recognition
  27. 27. 26 Copyright 2016 FUJITSU And please – do not forget…
  28. 28. 27 Copyright 2016 FUJITSU