UK company fingerPIN Ltd has launched fingerPIN, a biometric fingerprinting technology that increases the complexity of penetrating fingerprint based security methods. The system authenticates identity on two levels: the uniqueness of the users fingerprints and the privacy of the sequence.
Using fingerPIN the risk of someone fraudulently logging on or accessing a secure area using a third persons fingerprint data are reduced from 1 in 10,000 to 1 in 10 billion due to the difficulty of cracking a combination of several unique fingerprints used in a specific sequence. This enhanced level of security is provided through a simple software upgrade to existing fingerprint readers and by storing fingerprints as an encrypted digital pattern. MatchLogon is the first company to integrate the technology into its PC/Network logon software.
With any fingerprint system, a user will never present exactly the same image to the scanner. There will always be subtle variations, (for instance, dirt, cuts, faulty scanner). Systems match on the basis of confidence intervals, i.e. a fingerprint is 95 per cent similar to the one in the database. When a single fingerprint is presented, that interval needs to be very high to ensure that other people can not log in as an authorised user. With fingerPIN, as multiple fingerprints are used in a sequence, the confidence interval for each fingerprint is reduced. As long as a user knows the sequence in which the fingerprints were input, it massively reduces the chances of letting a non-authorised user log in.
[Trading time to authenticate and added user inconvenience for added security is nothing new. That a system like this is even considered illustrates the lack of security in commonly used fingerprint recognition technologies, as often pointed out in ISB. More secure fingerprint systems exist but they are very expensive on the equipment side. The charm of this system lies in the fact that it uses cheap biometric equipment. Somehow I don't see it gaining ground in the till queue anytime soon... --Ed].
Related links: (Open in a new window.)
www.fingerpin.co.uk
Taken from Information Security Bulletin.