Lending a Hand

Palm reading, one of the most accurate forms of biometric identification, isn't just for psychics

It’s been clear for a long time now that user names and passwords are simply not enough to ensure secure authentication in enterprise applications. Three years ago, IT research firm Gartner predicted that 80 percent of IT organizations would reach a password breaking point and start using stronger authentication technology by 2007. Yet, here we are with 2007 in the rear-view mirror, and most organizations still continue to depend on passwords to guard their most valuable data.

The ramifications of this lingering dependence on passwords are significant. Every day, password-related data breaches put organizations in harm’s way. The latest high-profile debacle came to light in April, when the mortgage firm LendingTree announced that several former employees gave company passwords to outside lenders who then had free reign to view LendingTree’s customer files. The event not only undermined LendingTree’s good name, but it also opened the company up to a class-action lawsuit.

The unfortunate truth about the LendingTree situation and many others like it is that if the company had chosen a second form of authentication, the breach could have been avoided altogether. So why is it taking so long for enterprises to move beyond their singular dependence on passwords?

It is not for a lack of available authentication alternatives. These days, there are many options available, most notable among them being secure biometric technology. Universally regarded as the most secure authentication method, biometrics is based on who the person is rather than what they know—as is the case with passwords—or what they have—the identifier with USB tokens.

The challenge is that until now, many of the long-running biometric offerings have failed to successfully benefit the IT security world from their value, ease of use and ease of deployment to influence operational efficiency, and ultimately the bottom line. And those that do meet cost and ease-of-use requirements often suffer from slight accuracy deficiencies, a risk many IT security managers refuse to accept. But a new technology that reads the vein patterns in a user’s palm could be the game-changing biometric technology that finally convinces enterprises to step forward and update their authentication processes. This exciting new biometric category is poised to become a major player in enterprise authentication as it meets the current challenges facing the biometrics market.

Biometrics Challenges
One of the fundamental challenges with biometrics is that it deals with the human body. Because of this, biometric technology tends to be intrusive. Some people are not comfortable providing a fingerprint or standing in front of a device exposing their eyes to an unknown technology.

Additionally, because the human body and the nature of biometrics that deal with physiological factors are so unique, some biometric technologies statistically cannot be applied to certain users. In fact, it is said that 2 to 8 percent of the U.S. population cannot successfully interface with today’s fingerprint technology. Some users’ fingerprints are too thin, and others have been exposed to harsher elements, causing the skin to become too worn or dry to be read accurately. Even when a user can successfully interface, his body is always subject to changes that the technology cannot analyze. For example, some factors as simple as paper cuts can throw off certain fingerprint biometric systems.

Another important issue is accuracy. Although biometrics is known to be a very accurate method of identifying people, no single biometric technology can guarantee 100 percent accuracy. Vendors are competing with one another by attempting to get close to a 0 percent error rate for falsely accepting or rejecting a user. Though fingerprint biometrics is widely deployed, most of these technologies present some accuracy issues.

In many cases, they may be good enough for certain applications limited to personal use—for example, laptops and PDAs. But other more critical enterprise applications require more consistently accurate technologies, compared to conventional fingerprint recognition or other biometric techniques such as hand geometry comparisons or facial recognition. Iris scanning technology is one of the most accurate biometric technologies today, but it is not easy to deploy. It’s also an intrusive technology to many people and is cost-prohibitive to the average organization.

The final major stumbling block is ease of deployment. In the biometrics field, some vendors only provide sensors, some provide just the middleware and others only software. This leads to an integration-intensive security project for most IT departments, which want a product that will work right out of the box and easily interface with existing IT systems.

Vascular Recognition
In recent years, palm vein pattern recognition technology, also referred to as vascular recognition, has been refined to meet all of these concerns. The underlying technology of palm vein biometrics works by extracting the characteristics of veins in the form of an image. The image is captured by a high-performance sensor that maps the deoxygenated hemoglobin running through someone’s veins.

Deoxygenated hemoglobin absorbs near infrared rays, so a sensor emits these rays and captures an image based on the reflection that comes back from the palm. As the hemoglobin absorbs the rays, it creates a distortion in the reflection light so the sensor can capture an image that accurately records the unique vein patterns in a person’s hand. The recorded image is then converted to a biometric template— a numeric representation of several characteristics measured from the captured image, including the proximity between veins. This template is then compared against a user’s palm scan each time he authenticates.

This technology is non-intrusive. There is no need to physically touch the sensor. All the user does is hold a hand above the sensor for less than a second.

The method also is highly accurate. The International Biometrics Group, which evaluates all types of biometrics products through comparative testing, found that palm vein technology was on par with iris scan biometrics in accuracy ratings and has better usability ratings. Palm vein recognition showed extremely low occurrences of both false positives and false negatives.

Palm vein recognition technology is significantly less expensive than iris scanning technology. In fact, the only biometric solution less expensive than palm vein authentication is fingerprint recognition. The edge in savings is coupled with distinct deployment advantages, as the most robust palm vein authentication solutions provide a full complement of hardware and software necessary to implement manageable deployments for most organizations.

Successful Case Studies
While significant research and lab testing has been done to advance vascular recognition technologies, the most telling sign that palm vein technology is a viable solution is its successful deployment in the field.

For more than three years, Bank of Tokyo-Mitsubishi UFJ, Japan’s largest bank and one of the 10 largest banks in the world, has been using palm vein authentication biometrics. The technology is rolled out in one of the most demanding customer- facing solutions, the ATM. Account holders register their palms and receive a smart card containing their vascular information. Each time they access accounts through an ATM, they must insert the card, type a PIN and then hold a palm over the sensor. These devices are installed in each of the 5,000 Bank of Tokyo-Mitsubishi UFJ branches across Japan.

The deployment affects more than 1 million people and has worked without incident. This real-world rollout is stronger evidence than lab-based studies and confirms that the technology works and can be easily accepted by end users.

Hospitals and healthcare providers are rapidly adopting this technology as well. Medical identity theft is a rising concern, and hospitals around the world want to provide customers with assurance that they are protecting their medical identity.Not only does this kind of identity theft cause financial problems for the victim, but it also can be highly dangerous.

For example, Annedorie Sachs became a medical identification theft victim when a woman stole her driver’s license, gave birth using her name and left her with $10,000 in hospital fees. To make matters worse, the woman abandoned the newborn in the hospital, and the baby later tested positive for methamphetamine. Afterward, an agent from the Utah Division of Child and Family Services notified Sachs that the agency was already putting paperwork together to take custody of Sachs’ four children, then ages 2 to 7. In the end, the false accusations were dropped, but Sachs’ medical records had been altered to include the blood type of a complete stranger. This put her at risk in future treatments since she has a blood-clotting disorder. If she is administered the wrong type of blood, it could be fatal to her.

Clearly, patient identification relates directly to patient safety, which is a No. 1 priority for hospitals. Carolinas HealthCare System in Charlotte, N.C., sought a secure method of authentication. The solution was a healthcare-centric version of a palm vein-based solution that allows Carolinas HealthCare System to accurately identify patients and retrieve their electronic medical records when they check in, thereby eliminating potential human error of pulling the wrong record, and protecting patients from identity theft attempts.

“There is great importance in properly identifying the patient,” said Dr. Rober Ray, Carolinas HealthCare System chief medical officer. “If there is a main benefit from the system, it will be in helping us avoid patient errors.”

Palm vein technology has proved to be the best choice for the organization due to its accuracy and usability, as well as the contactless sensor—a critical feature for maintaining a sanitary hospital environment. Through the use of its palm vein authentication solution, Carolinas HealthCare System has managed to achieve operational benefits. The burden on staff during the registration process has decreased dramatically due to the speed of patient registration using an automated system. Patients also are happier knowing their medical information is secure.

Many other vertical markets can benefit from palm vein recognition’s accuracy, cost-effectiveness and usability. Gaming and hospitality companies, government organizations and secondary education institutions are showing interest and starting to invest in this technology as well.

Such a secure biometric offering is especially attractive to enterprises moving toward identity management plans that include single sign-on initiatives. Though SSO solutions provide a more efficient and convenient way to manage passwords, they can represent a single point of failure if front-end authentication is not robust enough. By placing palm vein biometrics in front of an SSO system, organizations will be able to affordably ensure the system’s security.

Until now, there has been no biometric technology that can achieve the highest levels of security and usability at a reasonable cost. Palm vein recognition hits that sweet spot of biometrics between security, cost, accuracy and ease of use that makes it an optimal physical and IT access control solution for healthcare organizations, financial services firms, government agencies and other businesses across the globe.

This article originally appeared in the issue of .

Featured

  • Maximizing Your Security Budget This Year

    7 Ways You Can Secure a High-Traffic Commercial Security Gate  

    Your commercial security gate is one of your most powerful tools to keep thieves off your property. Without a security gate, your commercial perimeter security plan is all for nothing. Read Now

  • Busy South Africa Building Integrates Custom Access Control System

    Nicol Corner, based in Bedfordview, Johannesburg, South Africa, is home to a six-star fitness club, prime office space, and an award-winning rooftop restaurant. This is the first building in South Africa to have its glass façade fully incorporate fritted glazing, saving 35% on energy consumption. Nicol Corner (Pty) LTD has developed a landmark with sophisticated design and unique architecture by collaborating with industry-leading partners and specifying world-class equipment throughout the project. This includes installing a high-spec, bespoke security and access control system. Read Now

  • Only 13 Percent of Research Institutions Are Prepared for AI

    A new survey commissioned by SHI International and Dell Technologies underscores the transformative potential of artificial intelligence (AI) while exposing significant gaps in preparedness at many research institutions. Read Now

  • Survey: 70 Percent of Organizations Have Established Dedicated SaaS Security Teams

    Seventy percent of organizations have prioritized investment in SaaS security, establishing dedicated SaaS security teams, despite economic uncertainty and workforce reductions. This was a key finding in the fourth Annual SaaS Security Survey Report: 2025 CISO Plans and Priorities released today by the Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment. Read Now

Featured Cybersecurity

Webinars

New Products

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.” 3

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame. 3

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file. 3