Vein matching

Last updated

Vein matching, also called vascular technology, [1] is a technique of biometric identification through the analysis of the patterns of blood vessels visible from the surface of the skin. [2] Though used by the Federal Bureau of Investigation and the Central Intelligence Agency, [3] this method of identification is still in development and has not yet been universally adopted by crime labs as it is not considered as reliable as more established techniques, such as fingerprinting. However, it can be used in conjunction with existing forensic data in support of a conclusion. [2] [4]

Contents

While other types of biometric scanners are more widely employed in security systems, vascular scanners are growing in popularity. Fingerprint scanners are more frequently used, but they generally do not provide enough data points for critical verification decisions. Since fingerprint scanners require direct contact of the finger with the scanner, dry or abraded skin can interfere with the reliability of the system. Skin diseases, such as psoriasis, can also limit the accuracy of the scanner, not to mention direct contact with the scanner can result in need for more frequent cleaning and higher risk of equipment damage. On the other hand, vascular scanners do not require contact with the scanner, and since the information they read is on the inside of the body, skin conditions do not affect the accuracy of the reading. [5] Vascular scanners also work very quickly, scanning in less than a second. As they scan, they capture the unique pattern formed by veins as they branch through the hand. The retinal scanner is more reliable than the vascular scanner, but is less widely used because of its intrusive nature. People generally are uncomfortable exposing their eyes to an unfamiliar source of light, and retinal scanners are more difficult to install than vascular scanning equipment, since variations in angle of height and face in relation to the device must be accounted for. [6]

History

Joe Rice, an automation controls engineer at Kodak's Annesley factory, invented vein pattern recognition in the early 1980s in response to his bank cards and identity being stolen. He developed what was essentially a barcode reader for use on the human body and assigned the rights to the UK's NRDC (National Research Development Corporation). [7] The NRDC/ BTG (Thatcher privatised NRDC into BTG) made little headway in licensing vein pattern technology. The world was wedded to fingerprints and Iris patterns and governments (the main buyers of biometric solutions) wanted open view biometrics for surveillance purposes, not a hidden, personal biometric solution.

In the late 1990s BTG said they were dropping vein patterns through no commercial interest. Rice was unhappy with the BTG's decision and their implementation of vein pattern technology so he gave a talk at the Biometric Summit in Washington DC, on how he would develop vein pattern recognition. [8] This view was countered by a following speaker from IBG (The US based international Biometric Group) who said there was insufficient information content in vein patterns for them to be used as a viable biometric.

In 2002 Hitachi and Fujitsu launched vein biometric products and veins have turned out to be one of the most consistent, discriminatory and accurate biometric traits. In the mid 2000s, Rice received an invitation from Matthias Vanoni to partner in a Swiss company, Biowatch SA, to develop and commercialise the biowatch.

See: https://sites.google.com/site/veinpatternhome/

Commercial applications

Finger vein scanned WikimediaVeins.png
Finger vein scanned

Vascular/vein pattern recognition (VPR) technology has been developed commercially by Hitachi since 1997, [9] in which infrared light absorbed by the hemoglobin in a subject's blood vessels is recorded (as dark patterns) by a CCD camera behind a transparent surface. [10] The data patterns are processed, compressed, and digitized for future biometric authentication of the subject. Computer security expert Bruce Schneier stated that a key advantage of vein patterns for biometric identification is the lack of a known method of forging a usable "dummy", as is possible with fingerprints. [11]

Blood vessel patterns are unique to each individual, as are other biometric data such as fingerprint recognition or the patterns of the iris. [12] Unlike some biometric systems, blood vessel patterns are almost impossible to counterfeit because they are located beneath the skin's surface. Biometric systems based on fingerprints can be fooled with a dummy finger fitted with a copied fingerprint; voice and facial characteristic-based systems can be fooled by recordings and high-resolution images. The finger vein identification system is much harder to fool because it can only authenticate the finger of a living person. [13] [12]

Finger vein recognition

Finger vein recognition is based on images of human finger vein patterns beneath the skin's surface. The technology is currently in use or development for a wide variety of applications, including credit card authentication, automobile security, employee time and attendance tracking, computer and network authentication, end point security and automated teller machines. [14]

Multi-View Finger Vein biometric scanner Scanner empreinte veineuse.jpg
Multi-View Finger Vein biometric scanner

To obtain the pattern for the database record, an individual inserts a finger into an attester terminal containing a near-infrared light-emitting diode (LED) light and a monochrome charge-coupled device (CCD) camera. The hemoglobin in the blood absorbs near-infrared LED light, which makes the vein system appear as a dark pattern of lines. The camera records the image and the raw data is digitized, certified, and sent to a database of registered images. For authentication purposes, the finger is scanned as before and the data is sent to the database of registered images for comparison. The authentication process takes less than two seconds. [15]

Finger scanning devices have been deployed for use in Japanese financial institutions, kiosks, and turnstiles. [16] Mantra Softech marketed a device in India that scans vein patterns in palms for attendance recording. [17] Fujitsu developed a version that does not require direct physical contact with the vein scanner for improved hygiene in the use of electronic point of sale devices. [18]
Lambert Sonna Momo developed in 2020 a new generation of scanner, the VenoScannerF, which scans finger veins in multiple views and extracts a key that is encrypted from end to end with a constantly changing random code. [19] It is developing a new floating-hand version available for the market in 2022. [20]

Palm vein biometrics key generation

Palm vein authentication is one of the vascular pattern authentication technologies. Fujitsu offers contactless authentication and provides a hygienic and non-invasive solution [21] so that it could be used for contactless authentication like laptop, mobile or even an ATM. When compared to other vascular pattern recognition, the Palm vein plays a predominant role since it has a wide region of interest, while other similar technologies like eye Eye vein verification, finger vein has a very small RoI comparatively. Also, compared to other biometric recognition, palm vein does not include any noise data like hair, electrical/thermal/environmental conditions, or even sensor drift. Since a huge area of interest is available, even an irrevocable biometric key is proposed by Prasanalakshmi [22] to be generated from the bifurcations and minutiae patterns. The points of these patterns, in turn, are used to generate a key that protects data in smart cards, devices, and many others. The Palm vein biometric key generation is thus an "irrevocable cryptographic key from the biometric template" used for smart card/device authentication.

Forensic identification

According to a 31,000-word investigative report published in January 2011 by Georgetown University faculty and students, [23] [24] [25] [26] [27] U.S. federal investigators used photos from the video recording of the beheading of American journalist Daniel Pearl to match the veins on the visible areas of the perpetrator to that of captured al-Qaeda operative Khalid Sheikh Mohammed, notably a "bulging vein" running across his hand. [4] The FBI and the CIA used the matching technique on Mohammed in 2004 and again in 2007. [3] Officials were concerned that his confession, which had been obtained through torture (namely waterboarding), would not hold up in court and used vein matching evidence to bolster their case. [2]

Other applications

Some US hospitals, such as NYU Langone Medical Center, use a vein matching system called Imprivata PatientSecure, primarily to reduce errors. Additional benefits include identifying unconscious or uncommunicative patients, and saving time and paperwork. [28] Dr. Bernard A. Birnbaum, chief of hospital operations at Langone, says "vein patterns are 100 times more unique than fingerprints". [29] However, news reports on the use of vein matching for Mr. Pearl's murderer quote experts who say "that its reliability as a forensic identification tool is unproven. [30]

See also

Related Research Articles

<span class="mw-page-title-main">Authentication</span> Act of proving an assertion

Authentication is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicating a person or thing's identity, authentication is the process of verifying that identity. It might involve validating personal identity documents, verifying the authenticity of a website with a digital certificate, determining the age of an artifact by carbon dating, or ensuring that a product or document is not counterfeit.

<span class="mw-page-title-main">Fingerprint</span> Biometric identifier

A fingerprint is an impression left by the friction ridges of a human finger. The recovery of partial fingerprints from a crime scene is an important method of forensic science. Moisture and grease on a finger result in fingerprints on surfaces such as glass or metal. Deliberate impressions of entire fingerprints can be obtained by ink or other substances transferred from the peaks of friction ridges on the skin to a smooth surface such as paper. Fingerprint records normally contain impressions from the pad on the last joint of fingers and thumbs, though fingerprint cards also typically record portions of lower joint areas of the fingers.

Biometrics are body measurements and calculations related to human characteristics. Biometric authentication is used in computer science as a form of identification and access control. It is also used to identify individuals in groups that are under surveillance.

<span class="mw-page-title-main">Iris recognition</span> Method of biometric identification

Iris recognition is an automated method of biometric identification that uses mathematical pattern-recognition techniques on video images of one or both of the irises of an individual's eyes, whose complex patterns are unique, stable, and can be seen from some distance. The discriminating powers of all biometric technologies depend on the amount of entropy they are able to encode and use in matching. Iris recognition is exceptional in this regard, enabling the avoidance of "collisions" even in cross-comparisons across massive populations. Its major limitation is that image acquisition from distances greater than a meter or two, or without cooperation, can be very difficult. However, the technology is in development and iris recognition can be accomplished from even up to 10 meters away or in a live camera feed.

A retinal scan is a biometric technique that uses unique patterns on a person's retina blood vessels. It is not to be confused with other ocular-based technologies: iris recognition, commonly called an "iris scan", and eye vein verification that uses scleral veins.

<span class="mw-page-title-main">Hand geometry</span> Biometric identification

Hand geometry is a biometric that identifies users from the shape of their hands. Hand geometry readers measure a user's palm and fingers along many dimensions including length, width, deviation, and angle and compare those measurements to measurements stored in a file.

Living in the intersection of cryptography and psychology, password psychology is the study of what makes passwords or cryptographic keys easy to remember or guess.

A card reader is a data input device that reads data from a card-shaped storage medium and provides the data to a computer. Card readers can acquire data from a card via a number of methods, including: optical scanning of printed text or barcodes or holes on punched cards, electrical signals from connections made or interrupted by a card's punched holes or embedded circuitry, or electronic devices that can read plastic cards embedded with either a magnetic strip, computer chip, RFID chip, or another storage medium.

Some schools use biometric data such as fingerprints and facial recognition to identify students. This may be for daily transactions in the library or canteen or for monitoring absenteeism and behavior control. In 2002, Privacy International raised concerns that tens of thousands of UK school children were being fingerprinted by schools, often without the knowledge or consent of their parents. The supplier, Micro Librarian Systems, which uses technology similar to that used in prisons and the military, estimated that 350 schools throughout Britain were using such systems. In 2007, it was estimated that 3,500 schools are using such systems. Some schools in Belgium and the US have followed suit. Concerns have been raised by a number of groups, who suggest the harms far outweigh any putative benefits.

<span class="mw-page-title-main">BioAPI</span> Biometric Interworking Protocol

BioAPI is a key part of the International Standards that support systems that perform biometric enrollment and verification. It defines interfaces between modules that enable software from multiple vendors to be integrated together to provide a biometrics application within a system, or between one or more systems using a defined Biometric Interworking Protocol (BIP) – see below.

M2SYS Technology is a biometric identification management company that provides biometric identity management software, and hardware along with enterprise software applications. The company provide services to the different industries such as public safety, workforce management, point of sale, healthcare, education, child care, transportation security, banking and membership management. They offer Software Development Kits to software vendors that want to add biometric identification to their applications directly to end users.

IDEX Biometrics ASA is a Norwegian biometrics company, specialising in fingerprint imaging and fingerprint recognition technology. The company was founded in 1996 and is headquartered in Oslo, but its main operation is in the US, with offices in New York and Massachusetts. The company also has offices in the UK and China.

A whole new range of techniques has been developed to identify people since the 1960s from the measurement and analysis of parts of their bodies to DNA profiles. Forms of identification are used to ensure that citizens are eligible for rights to benefits and to vote without fear of impersonation while private individuals have used seals and signatures for centuries to lay claim to real and personal estate. Generally, the amount of proof of identity that is required to gain access to something is proportionate to the value of what is being sought. It is estimated that only 4% of online transactions use methods other than simple passwords. Security of systems resources generally follows a three-step process of identification, authentication and authorization. Today, a high level of trust is as critical to eCommerce transactions as it is to traditional face-to-face transactions.

<span class="mw-page-title-main">Smudge attack</span> Discerning a password via screen smudges

A smudge attack is an information extraction attack that discerns the password input of a touchscreen device such as a cell phone or tablet computer from fingerprint smudges. A team of researchers at the University of Pennsylvania were the first to investigate this type of attack in 2010. An attack occurs when an unauthorized user is in possession or is nearby the device of interest. The attacker relies on detecting the oily smudges produced and left behind by the user's fingers to find the pattern or code needed to access the device and its contents. Simple cameras, lights, fingerprint powder, and image processing software can be used to capture the fingerprint deposits created when the user unlocks their device. Under proper lighting and camera settings, the finger smudges can be easily detected, and the heaviest smudges can be used to infer the most frequent input swipes or taps from the user.

<span class="mw-page-title-main">Touch ID</span> Electronic fingerprint recognition feature by Apple

Touch ID is an electronic fingerprint recognition feature designed and released by Apple Inc. that allows users to unlock devices, make purchases in the various Apple digital media stores, and authenticate Apple Pay online or in apps. It can also be used to lock and unlock password-protected notes on iPhone and iPad. Touch ID was first introduced in iPhones with the iPhone 5s in 2013. In 2015, Apple introduced a faster second-generation Touch ID in the iPhone 6s; a year later in 2016, it made its laptop debut in the MacBook Pro integrated on the right side of the Touch Bar. Touch ID has been used on all iPads since the iPad Air 2 was introduced in 2014. In MacBooks, each user account can have up to three fingerprints, and a total of five fingerprints across the system. Fingerprint information is stored locally in a secure enclave on the Apple A7 and later chips, not in the cloud, a design choice intended to secure fingerprint information from users or malicious attackers.

Eye vein verification is a method of biometric authentication that applies pattern-recognition techniques to video images of the veins in a user's eyes. The complex and random patterns are unique, and modern hardware and software can detect and differentiate those patterns at some distance from the eyes.

Identity-based security is a type of security that focuses on access to digital information or services based on the authenticated identity of an entity. It ensures that the users and services of these digital resources are entitled to what they receive. The most common form of identity-based security involves the login of an account with a username and password. However, recent technology has evolved into fingerprinting or facial recognition.

<span class="mw-page-title-main">Biometric device</span> Identification and authentication device

A biometric device is a security identification and authentication device. Such devices use automated methods of verifying or recognising the identity of a living person based on a physiological or behavioral characteristic. These characteristics include fingerprints, facial images, iris and voice recognition.

<span class="mw-page-title-main">Fingerprint scanner</span> Electronic device used to capture a digital image of the fingerprint pattern

Fingerprint scanners are security systems of biometrics. They are used in police stations, security industries, smartphones, and other mobile devices.

Contactless fingerprinting technology (CFP) was described in a government-funded report as an attempt to gather and add fingerprints to those gathered via wet-ink process and then, in a "touchless" scan, verify claimed identify and, a bigger challenge, identify their owners without additional clues.

References

  1. Finn, Peter (20 January 2011). "Report: Top al-Qaeda figure killed Pearl". The Washington Post . Retrieved 21 January 2011.
  2. 1 2 3 Blackburn, Bradley (20 January 2011). "Report Says Justice Not Served in Murder of Daniel Pearl, Wall Street Journal Reporter". ABC News. pp. 1–2. Retrieved 20 January 2011.
  3. 1 2 Cratty, Carol (20 January 2011). "Photos of hands backed up Pearl slaying confession, report finds". CNN. Retrieved 21 January 2011.
  4. 1 2 Ackerman, Spencer (20 January 2011). "Qaeda Killer's Veins Implicate Him in Journo's Murder". Wired . Retrieved 21 January 2011.
  5. Zhang, Yi-Bo; Li, Qin; You, Jane; Bhattacharya, Prabir (2007), "Palm Vein Extraction and Matching for Personal Authentication", Advances in Visual Information Systems, Lecture Notes in Computer Science, vol. 4781, Berlin, Heidelberg: Springer Berlin Heidelberg, pp. 154–164, doi:10.1007/978-3-540-76414-4_16, hdl: 10397/75292 , ISBN   978-3-540-76413-7 , retrieved 3 April 2021
  6. Bryn Nelson (30 June 2008). "Giving biometrics a hand". nbcnews.com. Retrieved 17 May 2018.
  7. See his website from 1993 onwards at Vein Pattern [ user-generated source? ]:
  8. ""A Third Way for Biometrics" –Google Groups". groups.google.com.
  9. US Patent no. 7,526,111 "Personal Identification Device and Method"
  10. "HRSID Vein Recognition overview".
  11. Schneier, Bruce (8 August 2007). "Another Biometric: Vein Patterns". Schneier on Security. Retrieved 21 January 2011.
  12. 1 2 Finger vein recognition study
  13. info needed;[ dead link ]
  14. "Barclays – Hitachi Digital Security" . Retrieved 17 May 2018.
  15. "Archived copy" (PDF). Archived from the original (PDF) on 19 March 2012. Retrieved 6 July 2011.{{cite web}}: CS1 maint: archived copy as title (link)
  16. "Finger Vein Authentication Technology". Hitachi America, Ltd . Retrieved 21 January 2011.
  17. "PV2000". India: Mantra Softech Pvt. Ltd. Retrieved 21 January 2011.
  18. "Your hand is the key: The world's first contactless palm vein authentication technology". PalmSecure. Fujitsu . Retrieved 21 January 2011.
  19. "Global ID 3D vein biometrics patent filing published in Hong Kong". 13 April 2021.
  20. "Sanitary and cyber precautions, a key challenge for hospitals".
  21. "Palm vein authentication technology and its applications" (PDF). Retrieved 19 September 2005.
  22. Prasanalakshmi, B.; Kannammal, A. (2009). "A secure cryptosystem from palm vein biometrics". Proceedings of the 2nd International Conference on Interaction Sciences: Information Technology, Culture and Human. pp. 1401–1405. doi:10.1145/1655925.1656183. ISBN   9781605587103. S2CID   17458507 . Retrieved 24 November 2009.
  23. Stanglin, Douglas (20 January 2011). "Report: Forensic evidence ties 9/11 plotter to Pearl's killing". USA Today . Retrieved 21 January 2011.
  24. Benjamin Wittes (20 January 2011). "So KSM Really Did Kill Daniel Pearl". Lawfare. Archived from the original on 17 April 2013. Retrieved 10 October 2013.
  25. Asra Q. Nomani; et al. (20 January 2011). "The Pearl Project". The Center for Public Integrity . Retrieved 10 October 2013.
  26. Peter Finn (20 January 2011). "Khalid Sheik Mohammed killed U.S. journalist Daniel Pearl, report finds". The Washington Post . Retrieved 10 October 2013. A recently completed investigation of the killing of Daniel Pearl in Pakistan nine years ago makes public new evidence that a senior al-Qaeda operative executed the Wall Street Journal reporter.
  27. Ben Farmer (20 January 2011). "Daniel Pearl was beheaded by 9/11 mastermind". The Telegraph (UK) . Retrieved 10 October 2013. They replied: 'The photo you sent me and the hand of our friend inside the cage seem identical to me.' Both the CIA and FBI use the mathematical modelling technique, though it is not considered as reliable as fingerprinting.
  28. Allen, Jonathan (28 July 2011). "New York hospital using palm-scanners". Stuff.co.nz . Retrieved 30 July 2011.
  29. By Plasencia, Amanda (28 July 2011). "Hospital Scans Patient Hands to Pull Medical Info". NBC New York . Retrieved 30 July 2011.
  30. "Report Says Justice Not Served in Murder of Daniel Pearl, Wall Street Journal Reporter". ABC News. Retrieved 14 November 2020.

Further reading

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.