New Fujitsu Laptop Reads Your Palm, For Security

judgecorp writes "Fujitsu has launched a laptop which authenticates users using the veins of their palm. The contactless technology is hard to deceive and — since it detects haemoglobin in the veins, is not so likely to be breakable using the gruesome method of cutting off a hand."

Not for I

[binarylarry]

Damn these hairy palms!

Damn them to hell!

Re:

[sunderland56]

On the plus side: having your palm coated in a sticky gel-like substance should improve reader accuracy.

Obligatory:

[fyngyrz]

XKCD has the last word on this subject [xkcd.com]

Re:

[fyngyrz]

You mean, your palms. No reason they can't take an interest in the *rest* of your hands.

Re:

[turbidostato]

"You mean, your palms."

And that's the really weird thing!

What are Fujitsu executives thinking about!? Palms have been out of the market for a decade! Why they don't support Android instead?

Re:

[fyngyrz]

Coming soon to a laptop near you: Newton recognition (fig model for initial release, apricot and whole grain planned with kickstarter funding, if whoever (now) holds the rights to Commodore's IP releases the rights to "kickstart" in time.)

Re:

[AmiMoJo]

Buddy, you need to see a doctor.

Re:

[davester666]

If you hold the donut with the wax paper sheet it comes with, the jelly filling fall on that instead of your palm...

Re:

[K. S. Kyosuke]

Damn them to hell!

Heh. That reminded me of the "computer people from hell" story where the person in question was building a new in-house computer system, and because he was in the right mood, he inserted a function in the login screen (I think these were your grandpa's old green screen terminals) that, if I remember it correctly, drew a horizontal green line vertically moving either top-to-bottom or bottom-to-top, something like that. Then he told his users that in addition to entering their login name and password, the sys

Re:

[kaladorn]

I note they say that there is no 'cut off hand' tactic viable with this.

They don't mention how incredibly viable the 'pistol resting against the temple' tactic is. That one will still work. you can pull the trigger after they unlock the laptop.

And what happens if your hand gets mashed? It does happen. It's rare, but I'll bet that messes up the capillaries something fierce. Then... is there a way around this? Do you enroll both hands? (One assumes, just like you enroll multiple fingers)

And who can come along

Medical Application

[mrbluze]

This means that the near-infra-red emitters and camera have become so cheap as to be mass marketable. Hold off for six or so months before buying a vein finder for medical use, you could save 90% on the price ... or maybe the next generation of smart phones will support this?

Re:

[binarylarry]

Or... maybe we'll continue to be raped by the medical industry anyway?

Re:

[Sqr(twg)]

The price of a medical device has very little to do with the price of components. (Compare the price of a medical hearing aid to the price of a bluetooth headset.)
It's all in certification and testing. - And insurance against lawsuits.

Re:

[AlphaWolf_HK]

Some hunters like to use devices similar to hearing aids for hunting because they muffle the sound of gunshots while amplifying quieter rustling noises. Some models are as small and discreet as a medical hearing aid, will work just fine for that purpose, and cost a lot less.

If I were to guess I would think that since they aren't prescription they don't require any kind of FDA approval, which would certainly save on cost somewhere.

Re:

[mwvdlee]

God forbid the manly sport of shooting bunnies from afar would slighly discomfort your sensitive ears.

Noise levels.

[Firethorn]

slighly discomfort

Say what? Gunshots range from ~143-174+. Hearing damage is pretty much instant at 130db [wikipedia.org].

That means you need hearing protection, but when hunting hearing is still very useful, so 'active' hearing protection that shuts down for the gunshot but otherwise amplifies quiet signals are helpful assists.

As for the cost of hearing aides, it's my understanding that the expensive ones are much more configurable than 'simple' devices like bluetooth headsets, and are designed to last longer(with better warranty), plus

Re:

[drinkypoo]

As for the cost of hearing aides, it's my understanding that the expensive ones are much more configurable than 'simple' devices like bluetooth headsets, and are designed to last longer(with better warranty), plus often include the cost of the configuration in the cost for the device. But yeah, a lot of medical device paperwork&liability expense baked into the price.

The really fancy expensive ones do pitch-shifting. Problem is, they've been the same price for ages. Some good ones are supposedly starting to come out of China but you're not going to find them at your local audiologist.

Re:

[mwvdlee]

I'm sure the last thing the bunny feels as the bullet passes through it's guts is worry about whether the gunshot hurt your ears.
All is relative.

Re:

[AlphaWolf_HK]

That doesn't make the bunny any less delicious.

Re:

[chihowa]

No shit, brother! Real men don't let animals live free in nature until their lives are ended in a split second for food.

Real men cramp them in dirty confined spaces, pump them full of hormones and antibiotics, and deprive them of exercise or contact with their young until they're ready to be lined up and slaughtered in front of each other.

Taking responsibility for the life you've taken in order to eat is cruel and inhumane. It's much preferable to pretend that meat comes into existence in shrink-wrapped pac

Re:

[mwvdlee]

There is, ofcourse, the alternative of letting animals live free in nature, then until their lives are ended in a split second without pain by somebody who does not take some perverse kind of pleasure in killing animals.

It costs a bit more, but if you're buying a thousand-dollar gun, ammo, go on hunting trips and buy outfit and gear in order to be "humane" to your food, it's quite a lot cheaper.

Besides. Lets get realistic here; how many of those animals killed by hunters and up as food? Most aren't.

Re:

[chihowa]

I'm not quite sure what your argument is. Are you arguing that anyone who kills an animal must take a perverse pleasure in it? Or are you saying that I take a perverse pleasure in it, but that someone else (from whom I would, per your second sentence, buy the meat from) doesn't? On what basis do you feel you can make either of those statements?

You're also overstating the cost involved... There are rabbits in my backyard. The ammunition costs a dime a piece. The rifle was inherited. You can't get meat much c

Re:

[kaladorn]

Most of the people I know who shoot (who are not military or police) hunt for food. I do not know a single trophy hunter. I do know people who, for a reasonable expense, bring home a fair value of food to their table. They would not dream of shooting an animal just for the fun or some wierd killing joy. It's all about putting food on the table, just like fishing.

There are probably instances where an animal brought down for food could yield a trophy antler rack or some skin or fur, but that's more in 'whole

Re:

[Firethorn]

I've heard of the occasional evidence of pure 'trophy hunting' where no effort is made to collect the meat. However it's extremely rare and more associated with illegal hunters, IE poachers. The general consensus in my family and friends who hunt is that they like to put a round to the back of the head of those people.

And yes, the family has a few trophies, and they've pretty much all been 'lucky' in the sense that they happened to find a trophy buck, not that they particularly went looking for a trophy,

Re:

[Firethorn]

until their lives are ended in a split second without pain by somebody who does not take some perverse kind of pleasure in killing animals.

Don't know about you, but I think that 'professional hunters' like you propose are going to precisely be the people who 'take some perverse kind of pleasure in killing animals'. There's a difference between somebody who goes hunting once a year for 1-6 animals, and a professional who does it for hundreds.

Re:

[gigaherz]

Too late: http://evenamed.com/products/glasses [evenamed.com]

Re:

[mrbluze]

Too late: http://evenamed.com/products/glasses [evenamed.com]

Yeah but it's still way overpriced, that's my point.

Re:

[gigaherz]

Hmm that was the wrong product... http://www.amazon.com/gp/product/B008LPFEDO [amazon.com] these use a passive filter, and should be much cheaper (if you can consider $300 cheap).

Re:

[mrbluze]

Interesting. The more expensive product though gives stereoscopic depth perception of the vein which is an advance.

Re:

[K. S. Kyosuke]

"...is effective for almost all physiologies."

Obviously, it's costly because they made sure that it's Spock-compatible.

Re:

[drinkypoo]

"Evena Sparrow is not available in the U.S., EU and many other developed nations" I presume because of licensing requirements. What undeveloped nation do I have to visit to get a pair of these, and how many camels will it cost?

Re:

[Jane Q. Public]

"This means that the near-infra-red emitters and camera have become so cheap as to be mass marketable. Hold off for six or so months before buying a vein finder for medical use, you could save 90% on the price ... or maybe the next generation of smart phones will support this?"

There is ZERO new here on the hardware end. The hardware has been capable for more than 10 years (some video cameras took advantage of this near-infrared sensitivity of CMOS sensors by offering a "night mode".)

The only difference is that some people are finally figuring out ways to exploit it.

Reliability?

[axlash]

Not so sure how good this is. From what I can see, the equal error rate of palm identification is 0.17 [acm.org], compared to 0.01 for fingerprint identification [griaulebiometrics.com].

Re:

[lxs]

But I want to put my hand on the screen. In the glowing hand outline. Like in the movies.
Right after I have my destiny surgically altered [businessinsider.com] of course.
I love living in the future.

Re:

[sumdumass]

The article also says nothing about the cutting off of the hand. I suppose you could just use a tourniquet in order to keep blood inside the hand after it is severed.

I guess a bigger question might be is how if the system accessed in case of death or injury? I mean suppose I crash my car and lose my arm on the way home tonight, how will I access the laptop after that or does it become a brick. What if I died, is some next of kin going to show up at my funeral and pull my hand out of the coffin and try to tr

Re:

[CaptQuark]

Most of these systems are alternative ways of authenticating to Windows, but not the only way. (Most of the biometric systems require an enrollment process that is optional.) Most people will still have an Administrator account that uses the traditional password method.

~~(Mod -1 for too many uses of the word "most")

Re:

[CohibaVancouver]

I know that on Slashdot everyone jumps to the personal / consumer use-cases, but it's important to note that this is a corporate solution, to protect corporate data on an endpoint. If the endpoint is no longer accessible (theft / loss / whatever) the data is simply retrieved from the upstream servers.

I have a better idea for a security device

[BringsApples]

You lick it. It detects your tongue (much like a finger-print reader) and does a DNA analysis. Not that I've built one.

Re:I have a better idea for a security device

[chuckugly]

Yeah I tried that "no honey, it's an ID verification device" line before too.

Hold on...

[srussia]

Yeah I tried that "no honey, it's an ID verification device" line before too.

Are you a man or a woman?

Re:

[binarylarry]

I think you mean "true."

When was the last time an OR operation returned "Yes."?

Maybe in VB or Ruby or something.

Re:

[Lehk228]

"it's not a dick"

"Hard to deceive?" I doubt that.

[gweihir]

There are a few people that routinely break "hard to deceive" biometrics on the cheap. Wait till they get their hands on one of these. I predict it will fall fast, just as all the other technologies promoted by lying marketing scum as "secure".

Re:

[CaptQuark]

Not unless you can print a picture that will show different levels of reflection to the near-infrared wavelengths.

If you've seen a thermal images of a house showing where the heat loss is, compare that to the normal image of the house. This method is using the equivalent of a thermal image.

~~

Re:

[Rosyna]

Not unless you can print a picture that will show different levels of reflection to the near-infrared wavelengths.

Actually, you'd just have to print something using a Laser printer (toner contains iron oxide, just like Hemoglobin) and tape it to something, like a copper sheet, to produce a very similar picture to the camera.

Re:

[fuzzyfuzzyfungus]

Good thing that IR-band pigments [huntsman.com] aren't already commercially available (never mind the tedious-but-likely-cheaper process of just looking for random stuff at Staples that happens to have the right property despite being formulated for visible-band applications, you only need to get lucky once and you'll probably have something you can spit out at usefully high resolutions on some ghastly inkjet that costs less than the ink it takes). This might actually be easier than cloning fingerprints...

The stranger

[SpaghettiPattern]

Will it recognize me when I do "the stranger"? I'd be damned pissed off in such a moment of need.

Hemoglobin? Uh. Not quite.

[Chas]

Cut off the hand in such a way as to keep the appendage from bleeding out (think fire-heated axe), and there's still going to be blood (and hemoglobin) in there.

Maybe enough, maybe not.

What about people with poor circulation (older people mostly).

They're going to have real problems using this as an authentication mechanism. Hell, some of them NOW have major issues with capacitive touchscreens.

Re:Hemoglobin? Uh. Not quite.

[Rosyna]

Cut off the hand in such a way as to keep the appendage from bleeding out (think fire-heated axe), and there's still going to be blood (and hemoglobin) in there.

Pretty sure it uses the RF properties of iron when in motion. If it does use IR, then the blood needs to be a different temperature than the skin. Cutting off the hand would cause the blood to cool too much.

Re:

[stenvar]

Except for the word "iron" that was complete gibberish.

Re:

[Chas]

If the former, maybe. Might still be gotten around by pumping the hand.

If the latter, I wouldn't worry too much. A human hand doesn't bleed heat off that quickly.

Re:

[chihowa]

Dear god... stop talking. By what mechanism would an affordable laptop component measure the movement of the tiny amounts of iron in your blood via RF well enough to map your veins?

It is likely looking at the near IR (not thermal IR, so temperature isn't even being measured) absorption of hemoglobin [wikipedia.org]. It's similar to what's being measured in pulse oximetry, but you don't really care about whether the blood is oxygenated or not.

Re:

[fuzzyfuzzyfungus]

As far as I know, absolutely none; in particular, throwing out enough RF to get a usable signal back would probably do your battery life and relationship with the FCC no good at all; but the large, precise, and sensitive PCB antenna arrays in Wacom tablets would be my off-the-cuff candidate for 'component most likely to be able to do the sensing' (but not the illuminating, they only work with the passive pens because those pens are designed to behave usefully in response to the quite feeble field put out by

Re:

[gl4ss]

you just need a picture that looks the same in ir..

Biometrics are not good as a "password"

[Jody Bruchon]

You can't change your palm vein layout or your fingerprint when an attacker makes a copy of it somehow. You can easily change a password with practically no real effort. Biometrics are a key to a door where the key is unchangeable. I reinstalled everything on a laptop of mine and didn't even waste time putting a driver in place for the fingerprint reader it came with.

Re:

[Koookiemonster]

Use another finger? :) Although after the 10th fingerprint-password you'll have to start removing your sock to open your computer.

Re:

[Jody Bruchon]

Oh fun. We'll get to enjoy Athlete's Palmrest.

Re:

[Hognoxious]

after the 10th fingerprint-password you'll have to start removing your sock

Unless you're from Alabama - then you get two more goes!

Re:

[PPH]

That's a lie! I don't stuff a sock in there.

Re:

[Keyboard Rage]

Somewhere deep inside a bunker hidden in a desert in the USA, General Alexander strokes his kitty, cackles evilly, and gleefully browses through his collection of hand palms. Each is carefully anotated with the most juicy information about its owner. He selects one, uses it to remotely log into the user's laptop using the NSA's various back orifices, and spends the rest of the day posting obscene cat videos to Youtoob. Elsewhere, someone is fired for gross misconduct during work hours.

Re:

[AmiMoJo]

Biometrics like this are still useful though. If you laptop is stolen or you just want to keep your co-workers/family/flat mates out they are adequate since they are unlikely to bother stealing your credentials. You can always fall back to a password if they do.

On top of that it is a bad idea to have a single authentication for everything. For example you might have a different user account password and root account password. Your palm print might just be for unlocking after you have entered a password to l

Better be quick...

[Krokus]

How fast can you explain to the guy about to cut off your hand that it's not going to work? Is he going to believe you?

Re:

[fuzzyfuzzyfungus]

How fast can you explain to the guy about to cut off your hand that it's not going to work? Is he going to believe you?

Wrong strategy: Simply explain that you'd be happy to assist a fine fellow such as him with making the desired modifications to your laptop's security settings...

Seriously, if somebody is willing to chop your hand off to bypass the security system (even if they are on the wrong track technologically) probably has many ways of demonstrating the sort of attacks enabled by physical access. You'll need to have something good on that computer to make even trying to hold out worth it.

Not new technology

[RedLeg]

They demo'd this at CeBIT several years ago, and were spinning it at the time for high security applications, banking, etc. It did not get much traction IIRC, not sure how successful it was in Nippon.

One of its claimed advantages was (at least what they demo'd) that it used infrared to "see" the heat of your veins through the palm of your hand. Cut the hand off, it ain't gonna work, or so they claimed.

It will be interesting to see how this is accepted in the larger notebook market.

-Red

Re:

[Lehk228]

cut the hand off and attach a heated pump it will work just fine.

any security system is only as secure as it is cost effective for attackers to bypass. pumps and heaters are not expensive. building an interface for the arteries and veins in an arm will be moderately more expensive but not much since the interface does not need to be medical grade or last very long.

any security system that encourages an attacker to cut off part of my body is a security system I will not use

Re:

[ColdWetDog]

Doesn't the tin foil get uncomfortable after a while?

Advanced applications

[jandersen]

Just imagine the potential of this - "It is no use logging in - you are going to meet a tall, dark stranger ..."

I can see it now

[stenvar]

"You have been authenticated based on your palm print; last login 11/15/2013. Also, you will meet a beautiful but mysterious woman with long blond hair, and you will have a long and healthy life."

Alternative

[gnupun]

Just as you can use a physical key to open a conventional lock, why can't mobile device manufacturers come up with something that can read a password off a physical electronic key attached to an ordinary key chain.

One password systems are purely stupid, and biometric systems usually involve invasion of privacy of some sort.

Re:

[Megane]

Seeing as how it would be pretty easy to install an RFID reader on a PC, I'm going to guess that someone already patented it, wants too much money for it, and it won't expire for another ten years or so.

Re:

[Antique Geekmeister]

They're not very expensive, you can get a workable one for $10. But looking at the insides of a few readers for hacking reviews, the cheap antenna is fairly bulky. It's typically a coil of wire, several inches wide. Finding space for that inside a normal laptop is feasible, I'd assume it can be built into the case itself, for example. But every time you introduce bulky components in a laptop, you introduce additional expense. Also, like wifi, they consume some power, so a contact sensor to read only when th

Re:

[fuzzyfuzzyfungus]

Seeing as how it would be pretty easy to install an RFID reader on a PC, I'm going to guess that someone already patented it, wants too much money for it, and it won't expire for another ten years or so.

I think that the problem is mostly apathy. 'Enterprise' laptops offered smartcard support for years(as did/does windows) and you could get fairly cheap PCMCIA slot card readers(the just-slightly-larger size of the PCMCIA slot makes the physical design pretty easy, and implementing a low-voltage, low-speed serial bus isn't rocket surgery). Once 'contactless/RFID' became a Thing, laptops in the same bracket started to offer RFID as an option. It's mostly mired in cryptic alphabet soup (nothing reminds you exa

Re:

[gnupun]

I think the key should be something simple that you can stick in a laptop's usb port. The BIOS and OS do some hardware initialization, read the password and unlock/login the user. The key should also have protections that data relating to the password cannot be stolen (copied.)

Added functionality

[shikaisi]

The advantage of this system is that, as well as handling the security of your laptop, it is also able to tell you that you will meet a tall dark stranger, you will live to an old age and will be lucky in love but not in money.

Biometrics suck

[jonwil]

Biometric devices aren't particularly secure plus if they are compromised somehow you cant change your fingerprints or iris pattern or voice print or palm veins or DNA in the way that you can change a password or a security card.
Oh and using a device secured by biometrics rather than a good strong password can reduce your legal protections if the cops want to get at whatever it protects

Not likely, but someone is going to have to try

[mark_reh]

so we can know for sure! Wait, that would be an anecdote, not equivalent to real statistical evidence. It will have to be tried many times before we have a definitive answer. Unfortunately for the rest of us, the sort of people (drug cartels?) who might test this aren't the sort who are likely to announce the results. I guess we'll never know.

Just another password that's impossible to change

[badger.foo]

I completely fail to see why this is supposed to be a good idea.

Whether it's port knocking, fingerprint reading or palm reading as in this case, can anybody point out why this is a more 'secure' authentication method than anything else?

I tend to think that a fingerprint or similar may possibly serve as a substitute for a user name, but would you want to let people sign in using usernames only, no password, ssh key or a generated one time pad? Other than that it was probably fun to make, I don't see any

Re:

[laejoh]

Why do you think you have to use your own hand? Think! Just as criminals can cut of your hand, you can cut of the hand of others whenever you need a new password!

Simple hack

[PPH]

Photograph user's hand in the appropriate IR band. Print to film stock that uses silver (or some other metallic/conductive) based emulsion. Place print in microwave* oven to selectively warm the image of the vein patterns. Place on keyboard and log in.

*Other heating technology could be used, including a print with conductive layers and resistive heating.

It is still a key

[Solandri]

If the biometric sensor can read the key (hemoglobin in your veins), then so can a key duplicator. And using what the duplicator reads, you can make a duplicate key which unlocks the biometric sensor just like the original key.

The only benefit biometric sensors bring to the table is that the keyholder cannot misplace the key. If you want real security, you need to go with public/private key encryption or rolling codes (essentially a continuous one-time pad), and multi-factor authentication. Biometrics