Passwords can be hidden in fingertips

Fingerprint scanning will make passwords and PINs obsolete, or at least that’s what Terry Milkie hopes.

Milkie, director of engineering and new product development at Toronto-based Mytec, said it would be nice not to have to remember five different passwords or numbers.

People shouldn’t need passwords, according to Milkie, since a unique identifier is available at everyone’s fingertip.

Mytec has released a Bioscrypt Portable Authentication Device, which Milkie said provides all of Mytec’s “knowledge-ware” for biometrics pattern recognition. The vendor is hoping this technology will represent a breakthrough for biometrics in the mobile market.

“Basically, what that means is that this little device provides all the software and firmware you need to match fingerprints,” he said.

The bioscrypt board, which is about two and a half centimetres by about six centimetres, will provide complete authentication to the user, according to Milkie.

He added Mytec chose a solid-state sensor, about the size of a postage stamp, where the user places a finger and his or her identity is checked and confirmed. This, he noted, is ideal for cell phones, palm-sized PCs and other wireless devices.

“We call it the third leg of the stool for securing m-commerce (mobile commerce). The first leg is something that you have, which is the possession of a device,” he explained. “The second leg is something that you know, like a PIN or a password, and the third leg is your identity.”

Milkie noted portable devices need security, specifically personal authentication, as people begin to do more with these devices over the Internet.

Mytec uses a technology called Stand Alone Verification, which means the device, once it has the registered user’s template inside, can operate by itself.

“The interface between this device and some other peripheral can be complex communications, encrypted communications, it can even be wireless communications between this device and the host application,” Milkie said.

Once a fingerprint matches, the bioscrypt technology creates a template for the registered user and releases a password to an application which can use the password to do more processing.

“This system links a password with your biometrics template and then locks it up. It’s like putting a hard shell around it. So inside the biometrics template is your PIN and when you’re verified the number is released,” he explained.

Mytec is one of the companies partnering with Smith and Wesson to create the “smart gun,” an electronic weapon which will use biometrics technology to ensure only registered users can pull the trigger.

Kevin Foley, vice-president of product engineering for Smith and Wesson, said the Springfield, Mass.-based company has been working with Mytec for just over a year on this technology.

Foley noted the marriage of the technology with guns hasn’t been smooth.

“We’ve had a lot of difficulty enrolling people. We had a lot of false positives and false negatives. Either one of those, whether it’s a gun or a safe or the door to your office, it’s not acceptable,” he said.

Foley added Mytec has made several modifications and the results of the current tests are acceptable. “If we expand the example size and get the same performance, I would be very happy,” Foley said.

He stated the main objective is to have a gun that works only for authorized users.

“We’ve taken the approach of saying the ideal solution is to fire the emission electronically and integrate the access control into the firing system and then you can’t remove it. So we’re looking at biometrics access.”

He noted the jump in biometrics, and the fingerprint scanning industry in particular, is amazing, saying two years ago he couldn’t find anyone working with it and now there are too many offers.

Dan McLean, a research analyst with IDC Canada, said the biometrics industry is still at the starting stages.

“It’s fair to say we’re fairly early on with this type of technology,” he said.

A recent IDC survey showed Canada has very low deployment of biometrics.

“I think it’s fairly high-level stuff and we’re not talking about mass deployment of this kind of technology,” McLean said.

Fingerprint scanning is the most commonly used biometrics right now, Milkie said. When a sensor is scanning a fingerprint there are many different types of algorithms that can come into play.

“How well you run that algorithm, how it’s crafted and how much data it uses for analysis – that’s really the strength or weakness of [fingerprint scanning],” he said.

Mytec uses patterns and a lot of data to make the comparison, according to Milkie, who added if someone has a cut or scratch, the bioscrypt technology will see through that.

Milkie said once a fingerprint is scanned the information is encoded, and no longer exists as a recognizable print.

An added security feature is that users must slide their fingers onto the scanner to be enrolled. Milkie said this allows the scanner to register the elasticity of the skin. “We’ve taken rubber fingerprints and we’ve taken latent prints of glass and the system doesn’t accept them.”

The cost of the scanner hardware is between $50 and $75 plus Mytec’s licensing fees.