Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

New Fujitsu Laptop Reads Your Palm, For Security

timothy posted about 10 months ago | from the keep-your-blood-pressure-up dept.

Security 107

judgecorp writes "Fujitsu has launched a laptop which authenticates users using the veins of their palm. The contactless technology is hard to deceive and — since it detects haemoglobin in the veins, is not so likely to be breakable using the gruesome method of cutting off a hand."

cancel ×

107 comments

Sorry! There are no comments related to the filter you selected.

Not for I (4, Funny)

binarylarry (1338699) | about 10 months ago | (#45559579)

Damn these hairy palms!

Damn them to hell!

Re:Not for I (2)

sunderland56 (621843) | about 10 months ago | (#45559631)

On the plus side: having your palm coated in a sticky gel-like substance should improve reader accuracy.

Obligatory: (1, Insightful)

fyngyrz (762201) | about 10 months ago | (#45559635)

Re:Obligatory: (0)

Anonymous Coward | about 10 months ago | (#45559685)

But at least They can't mangle your hands!

Re:Obligatory: (1)

fyngyrz (762201) | about 10 months ago | (#45559921)

You mean, your palms. No reason they can't take an interest in the *rest* of your hands.

Re:Obligatory: (1)

turbidostato (878842) | about 10 months ago | (#45560145)

"You mean, your palms."

And that's the really weird thing!

What are Fujitsu executives thinking about!? Palms have been out of the market for a decade! Why they don't support Android instead?

Re:Obligatory: (1)

fyngyrz (762201) | about 10 months ago | (#45564015)

Coming soon to a laptop near you: Newton recognition (fig model for initial release, apricot and whole grain planned with kickstarter funding, if whoever (now) holds the rights to Commodore's IP releases the rights to "kickstart" in time.)

Re:Not for I (1)

AmiMoJo (196126) | about 10 months ago | (#45560265)

Buddy, you need to see a doctor.

Re:Not for I (1)

davester666 (731373) | about 10 months ago | (#45563071)

If you hold the donut with the wax paper sheet it comes with, the jelly filling fall on that instead of your palm...

Re:Not for I (1)

K. S. Kyosuke (729550) | about 10 months ago | (#45560843)

Damn them to hell!

Heh. That reminded me of the "computer people from hell" story where the person in question was building a new in-house computer system, and because he was in the right mood, he inserted a function in the login screen (I think these were your grandpa's old green screen terminals) that, if I remember it correctly, drew a horizontal green line vertically moving either top-to-bottom or bottom-to-top, something like that. Then he told his users that in addition to entering their login name and password, the system will scan their hands for increased security. Then, in the morning, he amused himself with watching the office people caressing their computer screens en masse. This went on for some time until the boss noticed, asked what the hell were those people doing, and then told him to stop. When the guy removed the palm scanning feature, he explained the office people that the login was eating too much CPU time and had to be scrapped. ;-) I wish I had bookmarked the link, though. There were more stories like this.

Medical Application (3, Interesting)

mrbluze (1034940) | about 10 months ago | (#45559583)

This means that the near-infra-red emitters and camera have become so cheap as to be mass marketable. Hold off for six or so months before buying a vein finder for medical use, you could save 90% on the price ... or maybe the next generation of smart phones will support this?

Re:Medical Application (2)

binarylarry (1338699) | about 10 months ago | (#45559621)

Or... maybe we'll continue to be raped by the medical industry anyway?

Re:Medical Application (0)

Anonymous Coward | about 10 months ago | (#45560243)

Or... maybe we'll continue to be raped by the medical industry anyway?

Ah, most definitely this.

Unless you're one of those special people who actually think the $20.00 Tylenol pill by your hospital bedside is any different than the $0.02 pill sitting in the Tylenol bottle in your own home.

Re:Medical Application (2)

Sqr(twg) (2126054) | about 10 months ago | (#45559853)

The price of a medical device has very little to do with the price of components. (Compare the price of a medical hearing aid to the price of a bluetooth headset.)
It's all in certification and testing. - And insurance against lawsuits.

Re:Medical Application (1)

AlphaWolf_HK (692722) | about 10 months ago | (#45559873)

Some hunters like to use devices similar to hearing aids for hunting because they muffle the sound of gunshots while amplifying quieter rustling noises. Some models are as small and discreet as a medical hearing aid, will work just fine for that purpose, and cost a lot less.

If I were to guess I would think that since they aren't prescription they don't require any kind of FDA approval, which would certainly save on cost somewhere.

Re:Medical Application (0)

mwvdlee (775178) | about 10 months ago | (#45559945)

God forbid the manly sport of shooting bunnies from afar would slighly discomfort your sensitive ears.

Noise levels. (2)

Firethorn (177587) | about 10 months ago | (#45560277)

slighly discomfort

Say what? Gunshots range from ~143-174+. Hearing damage is pretty much instant at 130db [wikipedia.org] .

That means you need hearing protection, but when hunting hearing is still very useful, so 'active' hearing protection that shuts down for the gunshot but otherwise amplifies quiet signals are helpful assists.

As for the cost of hearing aides, it's my understanding that the expensive ones are much more configurable than 'simple' devices like bluetooth headsets, and are designed to last longer(with better warranty), plus often include the cost of the configuration in the cost for the device. But yeah, a lot of medical device paperwork&liability expense baked into the price.

Re:Noise levels. (1)

drinkypoo (153816) | about 10 months ago | (#45560353)

As for the cost of hearing aides, it's my understanding that the expensive ones are much more configurable than 'simple' devices like bluetooth headsets, and are designed to last longer(with better warranty), plus often include the cost of the configuration in the cost for the device. But yeah, a lot of medical device paperwork&liability expense baked into the price.

The really fancy expensive ones do pitch-shifting. Problem is, they've been the same price for ages. Some good ones are supposedly starting to come out of China but you're not going to find them at your local audiologist.

Re:Noise levels. (1)

mwvdlee (775178) | about 10 months ago | (#45560385)

I'm sure the last thing the bunny feels as the bullet passes through it's guts is worry about whether the gunshot hurt your ears.
All is relative.

Re:Noise levels. (1)

AlphaWolf_HK (692722) | about 10 months ago | (#45561715)

That doesn't make the bunny any less delicious.

Re:Medical Application (1)

chihowa (366380) | about 10 months ago | (#45563131)

No shit, brother! Real men don't let animals live free in nature until their lives are ended in a split second for food.

Real men cramp them in dirty confined spaces, pump them full of hormones and antibiotics, and deprive them of exercise or contact with their young until they're ready to be lined up and slaughtered in front of each other.

Taking responsibility for the life you've taken in order to eat is cruel and inhumane. It's much preferable to pretend that meat comes into existence in shrink-wrapped packages at the grocery.

Re:Medical Application (1)

mwvdlee (775178) | about 10 months ago | (#45563467)

There is, ofcourse, the alternative of letting animals live free in nature, then until their lives are ended in a split second without pain by somebody who does not take some perverse kind of pleasure in killing animals.

It costs a bit more, but if you're buying a thousand-dollar gun, ammo, go on hunting trips and buy outfit and gear in order to be "humane" to your food, it's quite a lot cheaper.

Besides. Lets get realistic here; how many of those animals killed by hunters and up as food? Most aren't.

Re:Medical Application (1)

chihowa (366380) | about 10 months ago | (#45563667)

I'm not quite sure what your argument is. Are you arguing that anyone who kills an animal must take a perverse pleasure in it? Or are you saying that I take a perverse pleasure in it, but that someone else (from whom I would, per your second sentence, buy the meat from) doesn't? On what basis do you feel you can make either of those statements?

You're also overstating the cost involved... There are rabbits in my backyard. The ammunition costs a dime a piece. The rifle was inherited. You can't get meat much cheaper than that. (Certainly not rabbit.)

I don't know every hunter, but everyone that I know shoots paper or an animal that they eat. Why do you think most hunters kill animals and don't eat them? Do you have a source for that?

[Your sig is quite apt, also. Where are these shades of gray you refer to. Your world looks pretty black and white from here.]

Re:Medical Application (1)

gigaherz (2653757) | about 10 months ago | (#45559987)

Too late: http://evenamed.com/products/glasses [evenamed.com]

Re:Medical Application (1)

mrbluze (1034940) | about 10 months ago | (#45560171)

Too late: http://evenamed.com/products/glasses [evenamed.com]

Yeah but it's still way overpriced, that's my point.

Re:Medical Application (1)

gigaherz (2653757) | about 10 months ago | (#45560273)

Hmm that was the wrong product... http://www.amazon.com/gp/product/B008LPFEDO [amazon.com] these use a passive filter, and should be much cheaper (if you can consider $300 cheap).

Re:Medical Application (1)

mrbluze (1034940) | about 10 months ago | (#45560435)

Interesting. The more expensive product though gives stereoscopic depth perception of the vein which is an advance.

Re:Medical Application (1)

K. S. Kyosuke (729550) | about 10 months ago | (#45562355)

"...is effective for almost all physiologies."

Obviously, it's costly because they made sure that it's Spock-compatible.

Re:Medical Application (1)

drinkypoo (153816) | about 10 months ago | (#45560349)

"Evena Sparrow is not available in the U.S., EU and many other developed nations" I presume because of licensing requirements. What undeveloped nation do I have to visit to get a pair of these, and how many camels will it cost?

Re:Medical Application (1)

Jane Q. Public (1010737) | about 10 months ago | (#45560211)

"This means that the near-infra-red emitters and camera have become so cheap as to be mass marketable. Hold off for six or so months before buying a vein finder for medical use, you could save 90% on the price ... or maybe the next generation of smart phones will support this?"

There is ZERO new here on the hardware end. The hardware has been capable for more than 10 years (some video cameras took advantage of this near-infrared sensitivity of CMOS sensors by offering a "night mode".)

The only difference is that some people are finally figuring out ways to exploit it.

Palm Authentication!! (0)

Anonymous Coward | about 10 months ago | (#45559589)

I'd give my right hand for security like this!!

Endorsed by Nancy Reagan so you know it's good (-1)

Anonymous Coward | about 10 months ago | (#45559605)

No one knows more about palm reading than Nancy Reagen. Yes, she is still alive!

Reliability? (2)

axlash (960838) | about 10 months ago | (#45559633)

Not so sure how good this is. From what I can see, the equal error rate of palm identification is 0.17 [acm.org] , compared to 0.01 for fingerprint identification [griaulebiometrics.com] .

Re:Reliability? (1)

lxs (131946) | about 10 months ago | (#45559723)

But I want to put my hand on the screen. In the glowing hand outline. Like in the movies.
Right after I have my destiny surgically altered [businessinsider.com] of course.
I love living in the future.

Re:Reliability? (1)

sumdumass (711423) | about 10 months ago | (#45559737)

The article also says nothing about the cutting off of the hand. I suppose you could just use a tourniquet in order to keep blood inside the hand after it is severed.

I guess a bigger question might be is how if the system accessed in case of death or injury? I mean suppose I crash my car and lose my arm on the way home tonight, how will I access the laptop after that or does it become a brick. What if I died, is some next of kin going to show up at my funeral and pull my hand out of the coffin and try to trick this thing into opening so they can find all my accounts or something? And if there is a way around it, that would sort of defeat the entire security point to some degree. I mean it wouldn't matter how big and strong the dead bolts on the doors to the house are if someone can squeeze through the doggy door and simply unlock them.

Re:Reliability? (1)

CaptQuark (2706165) | about 10 months ago | (#45559799)

Most of these systems are alternative ways of authenticating to Windows, but not the only way. (Most of the biometric systems require an enrollment process that is optional.) Most people will still have an Administrator account that uses the traditional password method.

~~(Mod -1 for too many uses of the word "most")

Re:Reliability? (1)

CohibaVancouver (864662) | about 10 months ago | (#45560993)

I know that on Slashdot everyone jumps to the personal / consumer use-cases, but it's important to note that this is a corporate solution, to protect corporate data on an endpoint. If the endpoint is no longer accessible (theft / loss / whatever) the data is simply retrieved from the upstream servers.

I have a better idea for a security device (1)

BringsApples (3418089) | about 10 months ago | (#45559707)

You lick it. It detects your tongue (much like a finger-print reader) and does a DNA analysis. Not that I've built one.

Re:I have a better idea for a security device (3, Funny)

chuckugly (2030942) | about 10 months ago | (#45559803)

Yeah I tried that "no honey, it's an ID verification device" line before too.

Hold on... (1)

srussia (884021) | about 10 months ago | (#45559973)

Yeah I tried that "no honey, it's an ID verification device" line before too.

Are you a man or a woman?

Re:Hold on... (0)

Anonymous Coward | about 10 months ago | (#45561545)

Are you a man or a woman?

Yes.

(Assuming inclusive, not exclusive OR)

Re:Hold on... (1)

binarylarry (1338699) | about 10 months ago | (#45562189)

I think you mean "true."

When was the last time an OR operation returned "Yes."?

Maybe in VB or Ruby or something.

Re:I have a better idea for a security device (0)

Anonymous Coward | about 10 months ago | (#45560169)

I have an even better idea. It's a port that you stick your cock into. If it verifies your cock against the allowed cock database, you get access to the system and if not, it cuts your cock off.

Just make sure to wait for SP1.

Re:I have a better idea for a security device (1)

Lehk228 (705449) | about 10 months ago | (#45560515)

"it's not a dick"

"Hard to deceive?" I doubt that. (1)

gweihir (88907) | about 10 months ago | (#45559717)

There are a few people that routinely break "hard to deceive" biometrics on the cheap. Wait till they get their hands on one of these. I predict it will fall fast, just as all the other technologies promoted by lying marketing scum as "secure".

Re:"Hard to deceive?" I doubt that. (-1)

Anonymous Coward | about 10 months ago | (#45559763)

Just as hard as America will fall because it has failed to unileaterally supports its greatest ally, Israel. When the Goyim fail to defend their masters and their lobyists, there will be hell to pay. Enjoy your FEMA camps, Goys! Die for Israel!

Re:"Hard to deceive?" I doubt that. (0)

Anonymous Coward | about 10 months ago | (#45560457)

Hey how do you expect anyone to buy that shit with so many muslims in the white house?

Re:"Hard to deceive?" I doubt that. (0)

Anonymous Coward | about 10 months ago | (#45559793)

There are a few people that routinely break "hard to deceive" biometrics on the cheap. Wait till they get their hands on one of these. I predict it will fall fast, just as all the other technologies promoted by lying marketing scum as "secure".

If it's detecting dark lines for the unique pattern, it wouldn't take long to modify a camera that uses the same near-infrared to take photos of someones hand waving to friends (or in japan a 'hi-5 the panel for a coke' vending machine) then it'd be as simple as printing out the hand. It's not like you can change it once it's stolen either... Short of cutting off the hand and grafting on a new one.

I suppose a high security one would take multiple shots and look for vein dilation matching the heartbeat but even that could be faked with a animated gif.

Que Mythbusters

Not Secure (0)

Anonymous Coward | about 10 months ago | (#45559733)

I read the article, but it doesn't go into specifics. It looks like it uses the built-in web cam. That means you'll be able to hold up a photo of the person's vein pattern and beat the security.

Re:Not Secure (1)

CaptQuark (2706165) | about 10 months ago | (#45559779)

Not unless you can print a picture that will show different levels of reflection to the near-infrared wavelengths.

If you've seen a thermal images of a house showing where the heat loss is, compare that to the normal image of the house. This method is using the equivalent of a thermal image.

~~

Re:Not Secure (0)

Anonymous Coward | about 10 months ago | (#45559825)

Yes, setup an IR camera to record everyone and you'll eventually get a good enough video of their veins. If the security software randomly goes through different wavelengths it would no longer to be simple to beat, but the gif in the article makes it look like they only do easy edge detection on the veins and pattern match against that.

Re:Not Secure (0)

Anonymous Coward | about 10 months ago | (#45559851)

Thermal imaging != NIR, unless you're imaging things that are hot enough to visibly glow.

Re:Not Secure (1)

Rosyna (80334) | about 10 months ago | (#45559887)

Not unless you can print a picture that will show different levels of reflection to the near-infrared wavelengths.

Actually, you'd just have to print something using a Laser printer (toner contains iron oxide, just like Hemoglobin) and tape it to something, like a copper sheet, to produce a very similar picture to the camera.

Re:Not Secure (1)

fuzzyfuzzyfungus (1223518) | about 10 months ago | (#45564233)

Good thing that IR-band pigments [huntsman.com] aren't already commercially available (never mind the tedious-but-likely-cheaper process of just looking for random stuff at Staples that happens to have the right property despite being formulated for visible-band applications, you only need to get lucky once and you'll probably have something you can spit out at usefully high resolutions on some ghastly inkjet that costs less than the ink it takes). This might actually be easier than cloning fingerprints...

And a big old (0)

Anonymous Coward | about 10 months ago | (#45559819)

Who the hell cares?

The stranger (1)

SpaghettiPattern (609814) | about 10 months ago | (#45559823)

Will it recognize me when I do "the stranger"? I'd be damned pissed off in such a moment of need.

Hemoglobin? Uh. Not quite. (1)

Chas (5144) | about 10 months ago | (#45559835)

Cut off the hand in such a way as to keep the appendage from bleeding out (think fire-heated axe), and there's still going to be blood (and hemoglobin) in there.

Maybe enough, maybe not.

What about people with poor circulation (older people mostly).

They're going to have real problems using this as an authentication mechanism. Hell, some of them NOW have major issues with capacitive touchscreens.

Re:Hemoglobin? Uh. Not quite. (3, Insightful)

Rosyna (80334) | about 10 months ago | (#45559897)

Cut off the hand in such a way as to keep the appendage from bleeding out (think fire-heated axe), and there's still going to be blood (and hemoglobin) in there.

Pretty sure it uses the RF properties of iron when in motion. If it does use IR, then the blood needs to be a different temperature than the skin. Cutting off the hand would cause the blood to cool too much.

Re:Hemoglobin? Uh. Not quite. (1)

stenvar (2789879) | about 10 months ago | (#45560031)

Except for the word "iron" that was complete gibberish.

Re:Hemoglobin? Uh. Not quite. (1)

Chas (5144) | about 10 months ago | (#45560149)

If the former, maybe. Might still be gotten around by pumping the hand.

If the latter, I wouldn't worry too much. A human hand doesn't bleed heat off that quickly.

Re:Hemoglobin? Uh. Not quite. (0)

Anonymous Coward | about 10 months ago | (#45560187)

It uses IR. See also: http://hackaday.com/?s=pulse+ox [hackaday.com]

The theory behind a pulse oximeter relies on the fact that hemoglobin absorbs red and infrared light differently based on its oxygenation levels. By shining a red and IR LED through a finger onto a photoresistor, it’s possible to determine a person’s blood oxygen level with just a tiny bit of math.

Re:Hemoglobin? Uh. Not quite. (1)

chihowa (366380) | about 10 months ago | (#45563269)

Dear god... stop talking. By what mechanism would an affordable laptop component measure the movement of the tiny amounts of iron in your blood via RF well enough to map your veins?

It is likely looking at the near IR (not thermal IR, so temperature isn't even being measured) absorption of hemoglobin [wikipedia.org] . It's similar to what's being measured in pulse oximetry, but you don't really care about whether the blood is oxygenated or not.

Re:Hemoglobin? Uh. Not quite. (1)

gl4ss (559668) | about 10 months ago | (#45560039)

you just need a picture that looks the same in ir..

Biometrics are not good as a "password" (4, Insightful)

Jody Bruchon (3404363) | about 10 months ago | (#45559847)

You can't change your palm vein layout or your fingerprint when an attacker makes a copy of it somehow. You can easily change a password with practically no real effort. Biometrics are a key to a door where the key is unchangeable. I reinstalled everything on a laptop of mine and didn't even waste time putting a driver in place for the fingerprint reader it came with.

Re:Biometrics are not good as a "password" (1)

Koookiemonster (1099467) | about 10 months ago | (#45559901)

Use another finger? :) Although after the 10th fingerprint-password you'll have to start removing your sock to open your computer.

Re:Biometrics are not good as a "password" (1)

Jody Bruchon (3404363) | about 10 months ago | (#45559931)

Oh fun. We'll get to enjoy Athlete's Palmrest.

Re:Biometrics are not good as a "password" (1)

Hognoxious (631665) | about 10 months ago | (#45560791)

after the 10th fingerprint-password you'll have to start removing your sock

Unless you're from Alabama - then you get two more goes!

Re:Biometrics are not good as a "password" (1)

PPH (736903) | about 10 months ago | (#45561897)

That's a lie! I don't stuff a sock in there.

Re:Biometrics are not good as a "password" (1)

Keyboard Rage (3448471) | about 10 months ago | (#45560151)

Somewhere deep inside a bunker hidden in a desert in the USA, General Alexander strokes his kitty, cackles evilly, and gleefully browses through his collection of hand palms. Each is carefully anotated with the most juicy information about its owner. He selects one, uses it to remotely log into the user's laptop using the NSA's various back orifices, and spends the rest of the day posting obscene cat videos to Youtoob. Elsewhere, someone is fired for gross misconduct during work hours.

Re:Biometrics are not good as a "password" (1)

AmiMoJo (196126) | about 10 months ago | (#45560269)

Biometrics like this are still useful though. If you laptop is stolen or you just want to keep your co-workers/family/flat mates out they are adequate since they are unlikely to bother stealing your credentials. You can always fall back to a password if they do.

On top of that it is a bad idea to have a single authentication for everything. For example you might have a different user account password and root account password. Your palm print might just be for unlocking after you have entered a password to log in initially.

Is it really though? (0)

Anonymous Coward | about 10 months ago | (#45559857)

I'm sure we've all seen those "ads" for similar tech before used for finger scanning, and all of them without exception could be fooled by a wet piece of paper that had the finger print of the other person on it.

Better be quick... (2)

Krokus (88121) | about 10 months ago | (#45559881)

How fast can you explain to the guy about to cut off your hand that it's not going to work? Is he going to believe you?

Re:Better be quick... (0)

Anonymous Coward | about 10 months ago | (#45560139)

Mod parent up! Are the types of criminals that would cut off your hand be likely to know the finer details of how the sensor works?

Re:Better be quick... (0)

Anonymous Coward | about 10 months ago | (#45560361)

Would they care that it might not work?

Not new technology (2)

RedLeg (22564) | about 10 months ago | (#45559915)

They demo'd this at CeBIT several years ago, and were spinning it at the time for high security applications, banking, etc. It did not get much traction IIRC, not sure how successful it was in Nippon.

One of its claimed advantages was (at least what they demo'd) that it used infrared to "see" the heat of your veins through the palm of your hand. Cut the hand off, it ain't gonna work, or so they claimed.

It will be interesting to see how this is accepted in the larger notebook market.

-Red

Re:Not new technology (1)

Lehk228 (705449) | about 10 months ago | (#45560497)

cut the hand off and attach a heated pump it will work just fine.

any security system is only as secure as it is cost effective for attackers to bypass. pumps and heaters are not expensive. building an interface for the arteries and veins in an arm will be moderately more expensive but not much since the interface does not need to be medical grade or last very long.

any security system that encourages an attacker to cut off part of my body is a security system I will not use

Re:Not new technology (2)

ColdWetDog (752185) | about 10 months ago | (#45560525)

Doesn't the tin foil get uncomfortable after a while?

Re:Not new technology (0)

Anonymous Coward | about 10 months ago | (#45561057)

Time f or a new MytBusters episode!!!! They did a really fabulous job showing how easy it is to fake fingerprints versus the latest, greatest door scanners, and even beat one with a moistened, printed paper copy of a fingerprint.

        http://www.youtube.com/watch?v=3Hji3kp_i9k

Advanced applications (1)

jandersen (462034) | about 10 months ago | (#45559999)

Just imagine the potential of this - "It is no use logging in - you are going to meet a tall, dark stranger ..."

I can see it now (1)

stenvar (2789879) | about 10 months ago | (#45560011)

"You have been authenticated based on your palm print; last login 11/15/2013. Also, you will meet a beautiful but mysterious woman with long blond hair, and you will have a long and healthy life."

NSA angle (0)

Anonymous Coward | about 10 months ago | (#45560041)

I'm sure the NSA loves these gadgets that do biometric checks. Expect many more of these to come. There are vast databases to be populated.

Alternative (1)

gnupun (752725) | about 10 months ago | (#45560055)

Just as you can use a physical key to open a conventional lock, why can't mobile device manufacturers come up with something that can read a password off a physical electronic key attached to an ordinary key chain.

One password systems are purely stupid, and biometric systems usually involve invasion of privacy of some sort.

Re:Alternative (1)

Megane (129182) | about 10 months ago | (#45560371)

Seeing as how it would be pretty easy to install an RFID reader on a PC, I'm going to guess that someone already patented it, wants too much money for it, and it won't expire for another ten years or so.

Re:Alternative (1)

Antique Geekmeister (740220) | about 10 months ago | (#45561223)

They're not very expensive, you can get a workable one for $10. But looking at the insides of a few readers for hacking reviews, the cheap antenna is fairly bulky. It's typically a coil of wire, several inches wide. Finding space for that inside a normal laptop is feasible, I'd assume it can be built into the case itself, for example. But every time you introduce bulky components in a laptop, you introduce additional expense. Also, like wifi, they consume some power, so a contact sensor to read only when the device is present is additional work and expense.

It does raise the interesting idea of having an RFID reader built into your laptop for security scanning of _other_ people's RFID keys. Coupled with the very poor security of these devices, it raises the possibility of using the RFID reader in my laptop to scan the RFID keys on your person, such as your laptop RFID key or your passport key, and do relatively easy identity theft. Examine some of the articles on cracking, or cloning, RFID passport keys to learn more about the vulnerabilities.

Re:Alternative (1)

fuzzyfuzzyfungus (1223518) | about 10 months ago | (#45564149)

Seeing as how it would be pretty easy to install an RFID reader on a PC, I'm going to guess that someone already patented it, wants too much money for it, and it won't expire for another ten years or so.

I think that the problem is mostly apathy. 'Enterprise' laptops offered smartcard support for years(as did/does windows) and you could get fairly cheap PCMCIA slot card readers(the just-slightly-larger size of the PCMCIA slot makes the physical design pretty easy, and implementing a low-voltage, low-speed serial bus isn't rocket surgery). Once 'contactless/RFID' became a Thing, laptops in the same bracket started to offer RFID as an option. It's mostly mired in cryptic alphabet soup (nothing reminds you exactly how many, mostly shitting and overlapping, some incompatible RFID 'standards' there are like trying to use something not purchased all in a lump and at a markup from a single vendor); but it's there. This [smartcardfocus.us] document applies to select Dells; but others should be largely similar.

Broadcom's "BCM2079x Family" shows up at the party, usually with some amount of confusing vendor rebranding, fairly frequently.

Added functionality (1)

shikaisi (1816846) | about 10 months ago | (#45560157)

The advantage of this system is that, as well as handling the security of your laptop, it is also able to tell you that you will meet a tall dark stranger, you will live to an old age and will be lucky in love but not in money.

Reads your Palm (0)

Anonymous Coward | about 10 months ago | (#45560185)

Does anyone use a Palm anymore?
Nevermind, TFA is about actual, physical palms. Not interesting.

About the laptop specs (0)

Anonymous Coward | about 10 months ago | (#45560191)

Forgetting the probably useless palm reader, this laptop is interesting. I was looking into HP ZBook 15 which also takes up to 32 GB RAM and has a matte display. In the league of the silly left-shifted-keyboards-and-touchpads (because they really can't restrain from slamming in a numberpad) the Fujitsu has large arrow keys which is great. The touchpad middle button is smaller but maybe is usable (thinking about Linux middle click paste). Processor and graphic card are the same. The HP can accomodate two disks (solid state or spinning) by swapping out the optical one. Now... if both would have a centered keyboard they'd be two great machines.

Something Tells Me (1, Interesting)

The Cat (19816) | about 10 months ago | (#45560193)

Something tells me the people who suggest throwing passwords overboard are the same people who advocate throwing the PC overboard along with 30 years of advancing technology including Flash, SQL, Linux, C and pretty much everything else they can't name-drop to impress college chicks at Silicon Valley parties with.

One of the reasons we can build things like suspension bridges, jet aircraft and hydro-electric dams today is because we don't throw all our engineering knowledge overboard every 30 years.

Maybe people would use good passwords if we spent more time teaching security instead of inventing stupid shit to impress college chicks with.

CANCER (0)

Anonymous Coward | about 10 months ago | (#45560249)

"It works by radiating the hand with near-infrared rays."

But wait those rays.. will give you CANCER.

Biometrics suck (1)

jonwil (467024) | about 10 months ago | (#45560409)

Biometric devices aren't particularly secure plus if they are compromised somehow you cant change your fingerprints or iris pattern or voice print or palm veins or DNA in the way that you can change a password or a security card.
Oh and using a device secured by biometrics rather than a good strong password can reduce your legal protections if the cops want to get at whatever it protects

Fourth and Fifth Amendment questions (0)

Anonymous Coward | about 10 months ago | (#45560549)

This technology if widely adopted could undermine the protection of the Fifth Amendment. The Fifth Amendment is only a bar to compulsion of testimonial acts - not government compulsion such as taking of fingerprints, DNA and standing in a lineup for identification. However, you still have a right to refuse producing documents and physical evidence if you by the act must admit to control, access, existence and authenticity, unless the government's knowledge is a foregone conclusion. It was the problem in some of the recent encryption cases that the government could prove the chain of custody. If a computer is tied to a physical profile, and every session must be authenticated with DNA, palm, fingerprint or iris scanning, a lot of Fourth and Fifth Amendment questions become moot. The Fourth Amendment does not protect you against disclosure to the government of information voluntarily disclosed to a third party. So if you have already disclosed to a cloud service that your computer is online at a certain time and the user authenticated with method X, you probably have lost any constitutionally protected reasonable expectation of privacy in a lot of facts wich the government would otherwise have to work out itself through warrants and probable cause. And when the government has legally acquired facts without violating the Fourth Amendment, it may attempt to build a chain of evidence sufficient to overcome the Fifth Amendment's protection against self incrimination. The government could and likely already uses these methods for a lot of mischief. Subpoena the cloud service for records, and correlate these to a particular user. Visit the person of interest, and ask him a lot of innocent sounding questions like - - did you use a computer at time XX. And when the person inevitably misremembers and falsely answers yes instead of no, nail him for violation of 1001. If the technology from bottom to top has built in authentication, proving that someone is not telling the truth is no match for the government.

Fourth and Fifth Amendment questions (0)

Anonymous Coward | about 10 months ago | (#45560567)

This technology if widely adopted could undermine the protection of the Fifth Amendment. The Fifth Amendment is only a bar to compulsion of testimonial acts - not government compulsion such as taking of fingerprints, DNA and standing in a lineup for identification. However, you still have a right to refuse producing documents and physical evidence if you by the act must admit to control, access, existence and authenticity, unless the government's knowledge is a foregone conclusion. It was the problem in some of the recent encryption cases that the government could prove the chain of custody. If a computer is tied to a physical profile, and every session must be authenticated with DNA, palm, fingerprint or iris scanning, a lot of Fourth and Fifth Amendment questions become moot. The Fourth Amendment does not protect you against disclosure to the government of information voluntarily disclosed to a third party. So if you have already disclosed to a cloud service that your computer is online at a certain time and the user authenticated with method X, you probably have lost any constitutionally protected reasonable expectation of privacy in a lot of facts wich the government would otherwise have to work out itself through warrants and probable cause. And when the government has legally acquired facts without violating the Fourth Amendment, it may attempt to build a chain of evidence sufficient to overcome the Fifth Amendment's protection against self incrimination. The government could and likely already uses these methods for a lot of mischief. Subpoena the cloud service for records, and correlate these to a particular user. Visit the person of interest, and ask him a lot of innocent sounding questions like - - did you use a computer at time XX. And when the person inevitably misremembers and falsely answers yes instead of no, nail him for violation of 1001. If the technology from bottom to top has built in authentication, proving that someone is not telling the truth is no match for the government.

Not likely, but someone is going to have to try (1)

mark_reh (2015546) | about 10 months ago | (#45560571)

so we can know for sure! Wait, that would be an anecdote, not equivalent to real statistical evidence. It will have to be tried many times before we have a definitive answer. Unfortunately for the rest of us, the sort of people (drug cartels?) who might test this aren't the sort who are likely to announce the results. I guess we'll never know.

Easy to read from a distance (0)

Anonymous Coward | about 10 months ago | (#45560665)

The way this works is that deoxyhaemoglobin is darker than oxygenated heamoglobin when viewed in the near infra-red. The downside to this is that there's no distance limit to it, you could easily take a picture of someone's palm from a distance, and assuming you were equipped with the right lens and sensor and read their 'password'

At least with fingerprints there's the hassle of obtaining an object that the target has physically interacted with.

Name? (0)

Anonymous Coward | about 10 months ago | (#45560911)

They need to call it the Soothsayer System. Microsoft and the NSA will be delighted to get this info on everyone.

Just another password that's impossible to change (1)

badger.foo (447981) | about 10 months ago | (#45561297)

I completely fail to see why this is supposed to be a good idea.

Whether it's port knocking, fingerprint reading or palm reading as in this case, can anybody point out why this is a more 'secure' authentication method than anything else?

I tend to think that a fingerprint or similar may possibly serve as a substitute for a user name, but would you want to let people sign in using usernames only, no password, ssh key or a generated one time pad? Other than that it was probably fun to make, I don't see any advantage at all to using a known constant as a substitute for the familiar user name plus password and/or other changeable secret.

Re:Just another password that's impossible to chan (1)

laejoh (648921) | about 10 months ago | (#45562699)

Why do you think you have to use your own hand? Think! Just as criminals can cut of your hand, you can cut of the hand of others whenever you need a new password!

Simple hack (1)

PPH (736903) | about 10 months ago | (#45561941)

Photograph user's hand in the appropriate IR band. Print to film stock that uses silver (or some other metallic/conductive) based emulsion. Place print in microwave* oven to selectively warm the image of the vein patterns. Place on keyboard and log in.

*Other heating technology could be used, including a print with conductive layers and resistive heating.

It is still a key (1)

Solandri (704621) | about 10 months ago | (#45563039)

If the biometric sensor can read the key (hemoglobin in your veins), then so can a key duplicator. And using what the duplicator reads, you can make a duplicate key which unlocks the biometric sensor just like the original key.

The only benefit biometric sensors bring to the table is that the keyholder cannot misplace the key. If you want real security, you need to go with public/private key encryption or rolling codes (essentially a continuous one-time pad), and multi-factor authentication. Biometrics can't do the former, and can only do part of the latter.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>