Thursday, May 18, 2017

An update on the world’s largest biometric database – and it's not in the U.S.

Photo of rural Indian women by McKay Savage

India’s government established an ambitious goal – adding its population of over 1.3 billion people to a biometric database which includes fingerprints, iris scans and photographs. The program was largely developed to aid the poor by streamlining benefits and providing a means of identity – needed to get a driver’s license or apply for a bank account. Linking the 12 digit Aadhaar number to a bank card allows the government to directly transfer cash benefits and subsidies, helping to prevent fraud. This amount of change is not without great challenges. Among the concerns are…

A Twitter account called “Rethink Aadhaar” gives witness to Indians who have suffered because scanners didn’t read their fingerprints correctly, or because their information (such as the spelling of a name) was incorrectly recorded in the database in the first place.

Rapid Expansion
An Aadhaar number is now required to pay taxes, collect pensions, obtain welfare benefits – and it's even needed by children register for school. Those without an Aadhaar number have trouble getting essential benefits, including food. Children who don’t have yet have an Aadhaar number are getting turned away at school registration.  

Problems in Rural Areas
Rural villages don’t routinely register births. Also many rural Indians only have one name. This makes it difficult to get a birth certificate, usually required to get an Aadhaar number. Cell phone reception is also a problem in rural areas. Without the means for a scanner to connect to the internet, how will ID authentication be made? 

Unsecured Data
The Center for Internet and Security in New Delhi reported recently that Indian federal and state agencies had published up to 135 million Aadhaar numbers on unsecured websites. With the possibility for leaks such as this, many are worried that their biometric data is not safe. Unlike a PIN number which is easily changed, biometric data once compromised is compromised for life.

Privacy Concerns
A program that was once thought to be voluntary is now becoming mandatory, but not without legal challenge. In response to lawyers arguing that Indians should not be forced to share their biometric data, Atty. Gen. Mukul Rohatgi “countered that Indians had no constitutional right to privacy and could not claim an ‘absolute right’ over their bodies.” Activists are concerned that government intelligence agencies will use Aadhaar database information to spy on citizens.

Supporters say the Aadhaar program will “transform governance,” saving India billions of dollars by curbing tax evasion, and by ensuring that subsidy money is not stolen by middleman. But it’s important that a program designed to be "hugely empowering" for the poor doesn’t leave the poor behind. That no Indians should be prevented from getting essential services.

India is building a biometric database for 1.3 billion people — and enrollment is mandatory

By Shashank Bengali, Contact Reporter, Mumbai, India. Published May 11, 2017, the LA Times online 

Photo credit: McKay Savage from London, UK [CC BY 2.0 (], via Wikimedia Commons (Rural Women)

Friday, May 12, 2017

Could a master fingerprint unlock your mobile device?

No two people are believed to have the matching fingerprints, but could similarities between partial prints be enough to pass the security check on your smartphone or mobile device?

Fingerprint authentication sensors on smartphones are small and only capture a partial print. Also, many smartphones allow users to save several prints to be used for verification. Identity is confirmed when any of these prints is found to be a match.

Nasir Memon, a professor at New York University Tandon School of Engineering, leads a research team that decided to try and see if a master fingerprint could be created that would be good enough to fool current commercial fingerprint verification sensors and software.

Using a sample of 8200 partial prints, Nasir’s team found an average of 92 potential MasterPrints for every randomly sampled batch 800 partial prints. They found just 1 potential MasterPrint out of every randomly samples batch of 800 full prints. (A MasterPrint was defined as a print that would match about 4% of the prints in a random batch of 800.) It was evident that a partial print fingerprint reader had a much greater chance of being spoofed than a full print reader. 

With their created MasterPrints, the team reported successful matches with 26 to 65% of users, depending on how many partial prints were stored on the device, and how many log-in attempts were allowed. In comparison, a hacker trying the number 1-2-3-4 has about a 4% chance of successfully logging in to a random smartphone by PIN number.

The researchers emphasize that their testing was done is a synthetic environment, but their research led them to a couple recommendations. Their high matching results reinforce the need for a multi-factor authentication system. Also, fingerprint sensors on smartphones and mobile devices would benefit by having improved resolution to capture additional fingerprint features. If the resolution is not improved, it’s possible that a users prints can be compromised, and thus the security of the smartphone.

Biometric securityPartial fingerprints sufficient to trick biometric security systems on smartphones 

Published April 12, 2017 on Homeland Security News Wire

Thursday, May 4, 2017

A new security technology better than passwords or fingerprints?

Photo of notebook computer and cell phone user

The future. That’s what many experts are seeing in behavioral biometrics – a technology that exceeds passwords and fingerprint sensors in secure authentication. Instead of a one-time biometric scan, behavioral biometrics learns the user’s behavior over time. Speed of typing, pressure on the keyboard, speed of scrolling, common errors – all this information is analyzed quietly in the background while the user goes about their normal activity.

Hackers now cost the U.S. economy as much as $600 billion annually, with the number of identity fraud victims up 18% in 2015, affecting 15.4 million Americans. Major financial institutions are already using behavioral biometrics to fight back. For example, banks can use behavioral biometrics to analyze user behavior on online credit card applications, helping to prevent stolen identities. Banks are using behavioral biometrics for improving authentication of online purchases, reducing the number credit denials caused by false positives (when the bank mistakenly believes you’ve been hacked).

Behavioral biometrics will be very difficult to hack because it’s hard to steal one’s behavior. Hackers are already at work trying to write scripts that mimic human behavior. However behavioral biometrics is extremely adept at picking out scripted or automated behavior. One recognized drawback is when a user’s behavior typing habits change. A user with a hand injury could become locked out of their account.

Besides the benefit of enhanced security, the overall convenience provided by behavioral biometrics is undeniable. Instead of the user having to remember changing usernames, passwords and pin numbers, the device simply remembers the user.

So where is the future headed? Nimrod Vax, co-founder of the privacy management firm BigID in New York believes “artificial intelligence is the next frontier for all aspects of identification and privacy.” However, he adds “The password is like a pencil – it’s always going to be there.”

Kari Paul, May 2, 2017, article for

Thursday, April 27, 2017

Mastercard testing new biometric bankcard with fingerprint reader

Mock-up of Mastercard biometric bankcard

Mastercard has been testing a new biometric bankcard with embedded fingerprint reader in South Africa. Expansion of the testing to Europe and Asia Pacific is planned over the next few months, with a rollout to the United States expected by the end of 2017.

The new biometric bankcard is easy to use; one simply holds the card by the sensor and inserts it into the card reader. The biometric bankcard will work with existing payment terminals. As a back-up, if the card terminal has trouble reading the fingerprint, the user will be asked to enter a pin number after a slight delay.

Fingerprint biometrics add an additional layer of security. Pin numbers are often poorly chosen (1-2-3-4), forgotten, or easily observed and stolen. While there are 10,000 4-digit pin combinations, the probability of two people having a matching print is much smaller, 1 in 50,000.

Mastercard also plans to introduce a contactless version of its biometric bankcard. Contactless technology is currently widespread in Europe. While fast and convenient, it is less secure as there’s usually no authentication check. Because of this, purchases are limited in dollar amount.

Previously Mastercard rolled out its Mastercard Identity Check program, allowing technology enabled mobile users to authenticate purchases with iris scanning technology, commonly known as “Selfie Pay.”

MasterCard trials biometric bankcard with embedded fingerprint reader

Natasha Lomas, April 20, 2017, article for TechCrunch

Never forget your PIN again: Mastercard creates credit card with fingerprint scanner 

James Titcomb, April 20, 2017, article for The Telepgraph, UK 

Thursday, April 20, 2017

Facial biometrics will help prevent cheating in Chinese marathons

Photo of runners with Chinese flag

Marathon running has soared in popularity in China. With the increase in runners and marathons, there has been also been an increase in reports of cheating, prompting new security measures.

Marathon race participation has grown along with the rise of China’s middle class, as more Chinese aspire to a healthy lifestyle. The Chinese Athletic Association (CAA) registered a total of 328 marathon events in 2016, which is double that of the previous year. 

One motive for the increase in cheating is the prizes awarded at many of the marathons. Another reason is more subtle – the pressure to have great results to post on social media.

A bold form of cheating is bib switching with unregistered participants or ringers. In a race in Shenzhen last December, two female participants had their results cancelled when it was discovered that male ringers had run in their places.

China is starting to use facial recognition scanning to crack down on the cheating. For the Beijing half marathon that just ran, 20,000 people will have been required to have their biometrics captured before the race. As of this post, there are no updates on the biometric security program, but it’s likely biometric security is a trend that will grow along with the popularity of this sport.

Beijing marathon to use facial recognition in cheating crackdown 

Neil Connor, April 13, 2017 , article for The Telepgraph, UK
(additional reporting by Christine Wei)

Runners from around the world are flocking to marathons hosted by China’s most toxic cities

Echo Huang, April 12, 2017, article on Quartz website 

Wednesday, April 12, 2017

Can Your Lips Reveal your Identity?

Photo of profiles of child and adult faces

Establishing a person’s identity is a main concern of forensic investigators, and India’s Forensic Science Laboratories often field questions about the parentage of children. While DNA testing is reliable and trusted, a simpler, less costly primary test is desired. New research is intriguing.

Dr. Anshika Dube, of the Institute of Forensic Science at Gujarat Forensic Sciences University, has conducted an exploratory study of the relationship between gender and genetic factors in rugoscopy (the study of the hard tissue patterns of the mouth’s palate), chieloscopy (the study of lip pattens), and dactyloscopy (the study of fingerprints).

The findings have been promising, showing a strong correlation between parents and children. The rugoscopy results showed a 71.4% correlation between mother and daughter, and 66.7% between father and son. Chieloscopy results showed a nearly 100% correlation between mother and daughter, and father and son. Of the two, rugoscopy may end up being more useful, as the hard palate is less likely to be changed by damage from injury.

Hard palate patterning or lip prints may end up becoming tools to provide an initial test to identify the family lineage of a missing person. They may also become another tool to help forensic investigators identify suspects. Research is ongoing.

Lips can reveal your identity

Parth Shastri | The Times of India | City News|Ahmedabad News | April 10, 2017

Thursday, April 6, 2017

New Low Cost 3D Contactless Fingerprinting System

Diagrammed fingerprint illustration

Advances in 3D fingerprint scanning technology are giving rise to smaller, more affordable 3D contactless fingerprinting systems. A team at Hong Kong Polytechnic University (PolyU) has developed a new desktop system for 3D fingerprint identification with high accuracy, quick processing (about 2 seconds), and comparatively low cost (up to $780) compared to current commercially used 3D systems.

2D fingerprinting, the current standard, is subject to a certain degree of inaccuracy due to partial prints or distortion from blurring or smearing that can occur when fingers are pressed against a hard surface like paper or a scanner screen. That problem is eliminated with 3D contactless fingerprinting. PolyU’s contactless printing technology has developed to a measured 97% accuracy with prints scanned without the closeness of touch.

Minutiae (specific points in a fingerprint) features such as ridge edges and bifurcation (where a ridge splits into two) are the most universally recognized fingerprint details. About 40 to 45 minutiae points can be recovered from an average fingerprint scan. The more minutiae points that are matched, the higher the confidence and reliability of the match. With 3D fingerprinting technology, more information is captured, allowing a more accurate representation of a fingerprint, and a higher certainty in matching.

More accuracy, more portability and more affordability in 3D contactless fingerprint identification systems will provide a boon to law enforcement agencies, forensics, secure access, and border and travel security.

A new 3D fingerprint identification system developed

Published by By BioSpectrum Bureau, April 3, 2017