Tuesday 6 December 2016 | RSS

 
    Feedback
     
     

    News in brief

    Top marks for palm-vein biometric solution

    News in brief

    Fintech firm Fiserv has collaborated with Gesa Credit Union in the US to introduce palm-vein biometric authentication into Fiserv’s DNA account processing platform — the first palm-vein authentication solution implemented by a US financial institution. The companies found the Verifast solution reduced the time it takes to authenticate a member in the branch by 93% and was given top marks by 99.9% of Gesa members on both the registration process and ease of use.

    Filed by Email Christopher Brown nfcworld.com Published • Last updated 14 November 2016, 16:03

    • Willam Hugh Murray, CISSP

      In the 1970’s IBM Research did an experiment with voice authentication. Given the computing power of the day and the cost of storage, the experiment required fifty samples to establish the reference. Compare this to the five or six that it takes Apple to estblish a reference for fingerprint. The real problem was that, because of fatigue, the fifty samples could not all be collected in a single session.

      (I recently saw a recommendation to enroll the same finger several times to make it easier to authenticate. The recommendation was silent on the impact on security.)

    • Willam Hugh Murray, CISSP

      This report does not contain enough information for one to be able to comment on the utility, convenience, or security of this biometrics but one can envision an application and environment in which it would provide an attractive combination.

      As with any biometric, for security it must be resistant to false positives; for convenience, this must be achieved while minimizing false rejects. There is certainly enough information in the palm to achieve this.

      It must also be resistant to replay attacks. For most biometrics, this is achieved by using it as only one form of evidence in a system of strong authentication in which one of the other factors, e.g., a one-time password, resists replay. In this case, for convenience, one expects that a test of “liveness” will be used.

    More headlines...