As a follow up to the recent post concerning the provision of the Biometric Signature Validation tool available in the Anoto Live Forms / Formidable Platform there has been increasing consumer activity surrounding device based biometric (fingerprint) scanning.
Fingerprint recognition or authentication refers to the machine based method of verifying a match between two human fingerprints. Despite recent consumer fascination with everything from device login to home automation, it is still only one of many Biometric methods available to confirm someones identity.
Both iPhone and Samsung have popularised the ability to quickly identify individuals through a comparative matching of digital and live fingerprint patters. However, there are a range of other possibilities used to identify people through biometric authentication. These include mainly physiological identifiers such as palm impressions, facial recognition, iris and retina recognition and geometry of a person’s hands.
The primary issues (as they relate to data security) in these cases concern the storing (and potential distribution) of this data. In order to validate a live sample with an stored biometrics source, the original data must reside somewhere. Because this residual data is then a collection of data points, the questions arise as to what happens when the data is compromised.
Perhaps the most embarrassing example of these vulnerabilities was the high profile German Political breach (when a hacker ‘copied’ a German Ministers fingerprints from a series of close range photos). In this case, the stored data was not even a breach pre-requisite. Jan Krissler, or ‘Starbug’, used a commercially available software solution in conjunction with several close up shots of Minister Von Der Leyen’s fingers to reverse-engineer the fingerprint. Commenting in The Guardian Starbug joked: “After this talk, politicians will presumably wear gloves when talking in public.”
More recently, the patch released by hardware manufacturers to protect a security flaw in device based scanning, demonstrated how with around 12 million phones exposed to the security breach, the issue of data security and biometrics is not a super high tech problem.
Which brings us back to the pen! While wet ink signatures (or even the signature and PIN combination) are by no means a secure method of validating the identity of it’s author, when used in conjunction with clever technology running in the background, signature based validation may be the best solution for a truly secure biometric identification method. Pin numbers can be memorised, but are open to brute force decoding, passwords can be changed, learned, or key logged, and fingerprint impressions copied. The additional lays of air time, pressure point and vector angles of individual writing styles make wet ink based signature authentication a significantly secure process. This process could work just as efficiently with a stylus on glass, as a pen on digital enabled paper.
With a market value of US$ 13.8 billion in 2015 a real solution that provides a serious answer to biometric authentication of data across multiple levels of integrity is certainly one that will gain rapid support and commercial success.