maximize security with palm vein authentication
TRANSCRIPT
0 Copyright 2015 FUJITSU
Human Centric Innovation
in Action
Fujitsu Forum 2015
18th – 19th November
1 Copyright 2015 FUJITSU
Maximize Security with…
2 Copyright 2015 FUJITSU
…Palm Vein Authentication
3 Copyright 2015 FUJITSU
Thomas Bengs Director & Head of Security Solutions
PTSC CCD SEC
FUJITSU
4 Copyright 2015 FUJITSU
Digital Business – the risks for Identities
7 BN mobile phones
8 BN people
From 2014
to 2020
Every minute,
19 persons
Have their identity
stolen
639 million
250 million
connected cars
220 million connected
consumer electronics in
2020
2025: 100% connected
2032: 75% autonomous
12 victims per second
impacted by consumer
cybercrime
X 500
Investements in
industry 4.0 to grow by
2020
25 bn connected
things in 2020
Today 5bn
5 Copyright 2015 FUJITSU
Security starts with your ID
Cost
All-day press alerts
Data theft
Stolen passwords
Forgotten/stolen
smart cards
Identity theft
Unauthorized use of
medical/social services
Unauthorized access to buildings
Hacking
Burglary, theft, and
manipulation of
personal data and that
of regulatory authorities
Skimming, Fraud
Manipulated ATMs
Manipulated online banking
Forged identification documents
6 Copyright 2015 FUJITSU
What are the options?
Stick with a password or a pin
How often to change?
How many different ones?
Add an ID card, token or another password
You have it always with you?
Lifecycles?
• Cost?
• Usability?
• Manageability?
• Security?
Why not adding a biometric authentication method?
7 Copyright 2015 FUJITSU
PalmSecure – secure biometric authentication
Cost
1 The human eye cannot detect palm veins
2 A near-infrared sensor detects the vein pattern
3 Image processing extracts the vein pattern
4 PalmSecure compares the pattern to an encrypted, pre-registered template
8 Copyright 2015 FUJITSU
Advantages of PalmSecure
Cost Hidden in the hand
Relies on blood flowing
Permanent feature
Accurate: 5 million reference points
Contactless
Applicability
9 Copyright 2015 FUJITSU
Palm Veins – most accurate & most convenient
Cost
Authentication method FAR (%) FRR (%)
Face recognition
Voice recognition
Fingerprint recognition
Finger vein recognition
Iris/retina recognition
Palm vein recognition
~ 1.3
~ 0.01
~ 0.001
~ 0.0001
~ 0.0001
~ 0.00001
~ 2.6
~ 0.3
~ 0.1
~ 0.01
~ 0.01
~ 0.01
False acceptance rate (FAR) & false rejection rate (FRR) compared
Fujitsu’s palm vein scanner is the most precise and practical technology.
A comparison: fingerprints vs palm veins – If you enrolled the population of Germany (80m people)
■ With fingerprints: About 80000 would be accepted in error
■ With palm veins: Only about 800 people would be accepted in error
10 Copyright 2015 FUJITSU
PalmSecure portfolio elements
OEM solutions for Integration
PalmSecure Software solutions
PalmSecure ID Match Specific solutions
OEM Sensor modules SDK V02 PalmSecure ARM board To be embedded into:
• Terminals • Turnstiles / gates • Doors (indoor and outdoor) • Incl. time recording
Windows login with Fujitsu Workplace Protect
SAP login and authentication with SAP bioLock
SSO software solutions with truedentity™
Physical Access for indoor usage
Access LogOn for Client/Content POS Payment Solution ID Mobile: Usage with
smartphone Ultra secured enrollment 2 factor authentication
Project based solutions for special industry requirements:
Banking Retail Entertainment Healthcare
11 Copyright 2015 FUJITSU
PalmSecure mobiles
LIFEBOOK U904 Ultrabook PalmSecure™
CELSIUS H730 Workstation PalmSecure™
LIFEBOOK U745 Notebook PalmSecure™
LIFEBOOK S935 Notebook PalmSecure™
World's first notebook with integrated palm vein sensor
Only .61 inches thick and weights just above 3 lbs.
Ultra-sharp frameless 14-inch WQHD+IGZO display
Touchscreen option
Workstation performance for mobile use, extremely secure
15.6-inch workstation with comprehensive set of ISV certifications combines top performance with numerous connectivity options
4th-generation Intel® Core™ i7 & i5 processors with vPro™ technology. Professional NVIDIA® Quadro® graphic cards with up to 576 CUDA cores
A slim 19 mm and lightweight notebook from 1.55 kg, HD+ anti-glare display with touch panel option, magnesium housing with aluminum palm rest
„Pull-out LAN connector, embedded 4G/LTE or 3G/UMTS option, WLAN and Bluetooth
Door to exchange the battery, memory and internal storage
Sleek notebook design, up to two working days runtime with first and second battery, modular bay
Exceptional lightweight starting at 1.24 kg, with a sturdy magnesium housing and aluminum
High resolution (2560x1440) WQHD IGZO display with anti-glare, non-touch or glare, touch option, backlit keyboard, port replicator option
12 Copyright 2015 FUJITSU
Software Solutions for secure authentication
Administrator application for central
management of security
relevant settings
Intuitive user interface
Relevant data is stored in a MS SQL
server database
Import of devices and users from
Active Directory
Automatic job management to
manage the security settings
License for each managed device,
three free test licenses are included
Can be ordered via price list
Single application for all security relevant
settings
Protects workplace devices against
unauthorized usage
Automatically locks workplace devices,
when user leaves his/ her desk
Supports a wide range of security
devices
Comes pre-installed on Fujitsu Client
Computing Devices
Free of charge for Fujitsu Client
Computing Devices
Enterprise Solution for secure
authentication
Secure Log On, Single Sign on and
Web application authentication
Identity services (Enrollment
services)
Two factor authentication (in
combination with smartcard, token or
credential based with Password and
user name
Can be customized
Flexible integration
Can be ordered via pricelist
Workplace Protect Client based
Workplace manager Client server
PalmSecure truedentity Enterprise/ client server
13 Copyright 2015 FUJITSU
A new way of authentication – PS truedentity
Any client ID Match
Web Service
Access Control
Identity Owner Identity Provider Identity Consumer
Enterprise Application
Access Control
Mutual Authentication True Privacy
PROVIDER
14 Copyright 2015 FUJITSU
PalmSecure truedentity - Elements
Companies: connection of several applications, also with regard to Active Directory
Governments: data reconciliation of IDs
Public sector: data transfer
Uniform "true identity"
Portfolio element
Use/combination of 2 components: "truedentity client component“ and truedentity server, verification by identity + vein pattern. Booth, server and client must be authenticate against each other by certificate.
Based on eID authentication technology
Area of application
Developed for Internet access Strong encryption (PACE, EAC)
More infor-
mation
Truedentity server in the role of a
identity provider
PalmSecure truedentity client with biometric
authentication
Identity consumer, who requests an
identity
15 Copyright 2015 FUJITSU
PalmSecure truedentity - Special Features
Secure provision of sensitive content through trustworthy and
distinct logon
Preparation for eID with the ID card
Secure integration of external parties into internal IT systems
Replaces user ID and password
Strict development according to tried and tested German ID card
infrastructure (guidelines)
Forgery-proof through a multi-step verification processes via
the truedentity server
16 Copyright 2015 FUJITSU
PalmSecure truedentity – base use cases
Windows Device Logon
Default truedentity
(using Active Directory Access Rights)
Device logon
Logon Device default truedentity or
Appl.Terminal (SDK) default truedentity
Identity Services
Enrollment Service
eID Service / HSM Consumer Integration Kit
17 Copyright 2015 FUJITSU
PalmSecure truedentity – consumer integration
Logon for Web Consumer
default truedentity UI & JCOP Card
SAML Integration
SOAP Integration
Logon for Secured Data Consumer
default truedentity UI & JCOP Card
SAML Integration
SOAP Integration Secured Data Channel
Access Control System Consumer
external UI & JCOP Card
SAML Integration
SOAP Integration
18 Copyright 2015 FUJITSU
Application Scenarios
Banking Sector Access to lockers, Transaction
authorization, Cash machines, Transport of cash or valuables
Aviation Security access control for airport employees, Gambling casinos: identification of
players, Youth protection
Energy Smart electricity meters, Access to power plants,
wind power stations, etc.
Post Offices packing stations
and PO boxes
Entertainment Gyms and Spa areas
in hotels
Healthcare System dispensing of medication
Government Military Technology,
Border and access control
19 Copyright 2015 FUJITSU
Benefits using this technology
Technology for conclusively identifying internal and external users
Both partner must be authenticate
Dual factor authentication (identity + vein pattern)
Unique combination of electronic identity & biometric device (PalmSecure)
Online identity card for employees, suppliers, customers, etc.
Technical infrastructure according to the Technical Guidelines of the BSI (Federal Office for Information Security) for the electronic German ID card.
Uses ETSI-Standards (SAML/SOAP)
Provides several integration scenarios (SSO framework)
Offers scalability: from basic clients to high security by using hardware components
20 Copyright 2015 FUJITSU
Differentiation
Secure authentication process by using advanced security methods
Authenticated communication channels between truedentity client & server
Protection of electronic identity through encryption & verified authenticity of electronic signatures
Authentication of the user against the truedentity client with biometrics
Identity & vein pattern are not stored on a server
21 Copyright 2015 FUJITSU
Vision
Biometric Registration Biometric Authentication High Secure Infrastructure 1 2 3
User centric authentication
Elimination of authentication silos
Authentication@the world
22 Copyright 2015 FUJITSU
PalmSecure – identification across industries
Government
Border Control
Database Management
Security
Retail
Payment transfer
Location security
Loyalty cards
Banking
Account access
Fund transfer
Access management
Office environments
Access to buildings
Access to workplace devices
Workforce management
Location access
Time management
Healthcare
Registration
Medical record access
Access management
Entertainment
Fitness centers and spas
Casinos
Amusement parks
23 Copyright 2015 FUJITSU
Outlook
FUJITSU Desktop
Esprimo Q956 with
PalmSecure
ID Mobile:
PalmSecure identification
with mobile phone
Available Q2/2016
24 Copyright 2015 FUJITSU