maximize security with palm vein authentication

0 Copyright 2015 FUJITSU

Human Centric Innovation

in Action

Fujitsu Forum 2015

18th – 19th November


Maximize Security with…


…Palm Vein Authentication


Thomas Bengs Director & Head of Security Solutions

PTSC CCD SEC

FUJITSU


Digital Business – the risks for Identities

7 BN mobile phones

8 BN people

From 2014

to 2020

Every minute,

19 persons

Have their identity

stolen

639 million

250 million

connected cars

220 million connected

consumer electronics in

2020

2025: 100% connected

2032: 75% autonomous

12 victims per second

impacted by consumer

cybercrime

X 500

Investements in

industry 4.0 to grow by

2020

25 bn connected

things in 2020

Today 5bn


Security starts with your ID

Cost

All-day press alerts

Data theft

Stolen passwords

Forgotten/stolen

smart cards

Identity theft

Unauthorized use of

medical/social services

Unauthorized access to buildings

Hacking

Burglary, theft, and

manipulation of

personal data and that

of regulatory authorities

Skimming, Fraud

Manipulated ATMs

Manipulated online banking

Forged identification documents


What are the options?

Stick with a password or a pin

How often to change?

How many different ones?

Add an ID card, token or another password

You have it always with you?

Lifecycles?

• Cost?

• Usability?

• Manageability?

• Security?

Why not adding a biometric authentication method?


PalmSecure – secure biometric authentication

Cost

1 The human eye cannot detect palm veins

2 A near-infrared sensor detects the vein pattern

3 Image processing extracts the vein pattern

4 PalmSecure compares the pattern to an encrypted, pre-registered template


Advantages of PalmSecure

Cost Hidden in the hand

Relies on blood flowing

Permanent feature

Accurate: 5 million reference points

Contactless

Applicability


Palm Veins – most accurate & most convenient

Cost

Authentication method FAR (%) FRR (%)

Face recognition

Voice recognition

Fingerprint recognition

Finger vein recognition

Iris/retina recognition

Palm vein recognition

~ 1.3

~ 0.01

~ 0.001

~ 0.0001

~ 0.0001

~ 0.00001

~ 2.6

~ 0.3

~ 0.1

~ 0.01

~ 0.01

~ 0.01

False acceptance rate (FAR) & false rejection rate (FRR) compared

Fujitsu’s palm vein scanner is the most precise and practical technology.

A comparison: fingerprints vs palm veins – If you enrolled the population of Germany (80m people)

■ With fingerprints: About 80000 would be accepted in error

■ With palm veins: Only about 800 people would be accepted in error


PalmSecure portfolio elements

OEM solutions for Integration

PalmSecure Software solutions

PalmSecure ID Match Specific solutions

OEM Sensor modules SDK V02 PalmSecure ARM board To be embedded into:

• Terminals • Turnstiles / gates • Doors (indoor and outdoor) • Incl. time recording

Windows login with Fujitsu Workplace Protect

SAP login and authentication with SAP bioLock

SSO software solutions with truedentity™

Physical Access for indoor usage

Access LogOn for Client/Content POS Payment Solution ID Mobile: Usage with

smartphone Ultra secured enrollment 2 factor authentication

Project based solutions for special industry requirements:

Banking Retail Entertainment Healthcare

http://mediaportal.ts.fujitsu.com/pages/view.php?ref=35625&search=palm+secure&offset=0&order_by=field12&sort=DESC&archive=0&k=


PalmSecure mobiles

LIFEBOOK U904 Ultrabook PalmSecure™

CELSIUS H730 Workstation PalmSecure™

LIFEBOOK U745 Notebook PalmSecure™

LIFEBOOK S935 Notebook PalmSecure™

World's first notebook with integrated palm vein sensor

Only .61 inches thick and weights just above 3 lbs.

Ultra-sharp frameless 14-inch WQHD+IGZO display

Touchscreen option

Workstation performance for mobile use, extremely secure

15.6-inch workstation with comprehensive set of ISV certifications combines top performance with numerous connectivity options

4th-generation Intel® Core™ i7 & i5 processors with vPro™ technology. Professional NVIDIA® Quadro® graphic cards with up to 576 CUDA cores

A slim 19 mm and lightweight notebook from 1.55 kg, HD+ anti-glare display with touch panel option, magnesium housing with aluminum palm rest

„Pull-out LAN connector, embedded 4G/LTE or 3G/UMTS option, WLAN and Bluetooth

Door to exchange the battery, memory and internal storage

Sleek notebook design, up to two working days runtime with first and second battery, modular bay

Exceptional lightweight starting at 1.24 kg, with a sturdy magnesium housing and aluminum

High resolution (2560x1440) WQHD IGZO display with anti-glare, non-touch or glare, touch option, backlit keyboard, port replicator option


Software Solutions for secure authentication

Administrator application for central

management of security

relevant settings

Intuitive user interface

Relevant data is stored in a MS SQL

server database

Import of devices and users from

Active Directory

Automatic job management to

manage the security settings

License for each managed device,

three free test licenses are included

Can be ordered via price list

Single application for all security relevant

settings

Protects workplace devices against

unauthorized usage

Automatically locks workplace devices,

when user leaves his/ her desk

Supports a wide range of security

devices

Comes pre-installed on Fujitsu Client

Computing Devices

Free of charge for Fujitsu Client

Computing Devices

Enterprise Solution for secure

authentication

Secure Log On, Single Sign on and

Web application authentication

Identity services (Enrollment

services)

Two factor authentication (in

combination with smartcard, token or

credential based with Password and

user name

Can be customized

Flexible integration

Can be ordered via pricelist

Workplace Protect Client based

Workplace manager Client server

PalmSecure truedentity Enterprise/ client server


A new way of authentication – PS truedentity

Any client ID Match

Web Service

Access Control

Identity Owner Identity Provider Identity Consumer

Enterprise Application

Access Control

Mutual Authentication True Privacy

PROVIDER


PalmSecure truedentity - Elements

Companies: connection of several applications, also with regard to Active Directory

Governments: data reconciliation of IDs

Public sector: data transfer

Uniform "true identity"

Portfolio element

Use/combination of 2 components: "truedentity client component“ and truedentity server, verification by identity + vein pattern. Booth, server and client must be authenticate against each other by certificate.

Based on eID authentication technology

Area of application

Developed for Internet access Strong encryption (PACE, EAC)

More infor-

mation

Truedentity server in the role of a

identity provider

PalmSecure truedentity client with biometric

authentication

Identity consumer, who requests an

identity


PalmSecure truedentity - Special Features

Secure provision of sensitive content through trustworthy and

distinct logon

Preparation for eID with the ID card

Secure integration of external parties into internal IT systems

Replaces user ID and password

Strict development according to tried and tested German ID card

infrastructure (guidelines)

Forgery-proof through a multi-step verification processes via

the truedentity server


PalmSecure truedentity – base use cases

Windows Device Logon

Default truedentity

(using Active Directory Access Rights)

Device logon

Logon Device default truedentity or

Appl.Terminal (SDK) default truedentity

Identity Services

Enrollment Service

eID Service / HSM Consumer Integration Kit


PalmSecure truedentity – consumer integration

Logon for Web Consumer

default truedentity UI & JCOP Card

SAML Integration

SOAP Integration

Logon for Secured Data Consumer

default truedentity UI & JCOP Card

SAML Integration

SOAP Integration Secured Data Channel

Access Control System Consumer

external UI & JCOP Card

SAML Integration

SOAP Integration


Application Scenarios

Banking Sector Access to lockers, Transaction

authorization, Cash machines, Transport of cash or valuables

Aviation Security access control for airport employees, Gambling casinos: identification of

players, Youth protection

Energy Smart electricity meters, Access to power plants,

wind power stations, etc.

Post Offices packing stations

and PO boxes

Entertainment Gyms and Spa areas

in hotels

Healthcare System dispensing of medication

Government Military Technology,

Border and access control


Benefits using this technology

Technology for conclusively identifying internal and external users

Both partner must be authenticate

Dual factor authentication (identity + vein pattern)

Unique combination of electronic identity & biometric device (PalmSecure)

Online identity card for employees, suppliers, customers, etc.

Technical infrastructure according to the Technical Guidelines of the BSI (Federal Office for Information Security) for the electronic German ID card.

Uses ETSI-Standards (SAML/SOAP)

Provides several integration scenarios (SSO framework)

Offers scalability: from basic clients to high security by using hardware components


Differentiation

Secure authentication process by using advanced security methods

Authenticated communication channels between truedentity client & server

Protection of electronic identity through encryption & verified authenticity of electronic signatures

Authentication of the user against the truedentity client with biometrics

Identity & vein pattern are not stored on a server


Vision

Biometric Registration Biometric Authentication High Secure Infrastructure 1 2 3

User centric authentication

Elimination of authentication silos

Authentication@the world


PalmSecure – identification across industries

Government

Border Control

Database Management

Security

Retail

Payment transfer

Location security

Loyalty cards

Banking

Account access

Fund transfer

Access management

Office environments

Access to buildings

Access to workplace devices

Workforce management

Location access

Time management

Healthcare

Registration

Medical record access

Access management

Entertainment

Fitness centers and spas

Casinos

Amusement parks


Outlook

FUJITSU Desktop

Esprimo Q956 with

PalmSecure

ID Mobile:

PalmSecure identification

with mobile phone

Available Q2/2016