Hu Yoshida

The Future of Secure Authentication: Biometrics

Blog Post created by Hu Yoshida Employee on Jul 5, 2017



The world is going through a massive digital transformation. As the world becomes more digital and distributed, being absolutely certain about who we are dealing with and protecting our access credentials is critical to our safety and well-being. It used to be that an access badge was sufficient to grant access to a restricted area. A passport and signature was enough to get you through immigration, and a credit card and signature was enough to buy goods and services, or an ATM card and pin number was enough to draw money from your account. In this digital age that is not enough and many are turning to biometrics for authentication.


Biometrics are human features which are unique to an individual. Common biometrics include facial recognition, voice, iris scanning, finger vein and finger print, and vary in terms of cost, accuracy, ease of use and security level. With a biometric authentication system, the user enrolls in a system or service and provides a biometric sample, such as a fingerprint. Later, when the user wants to use the system, he presents his biometric to a scanner which matches his biometric with the previously stored biometric template. If the biometric matches the template, he is granted access to the system. If the biometric data is linked to a funding source, the process acts as both authentication and transaction enabler, greatly simplifying the transaction process. Biometrics are easier to use than having to remember and manage passwords. Smart phones like the iPhone are now equipped with an app to register a fingerprint and scan it for authentication in place of a password.


There are some criticisms about the use of biometrics. Facial recognition and voice have low accuracy. In the case of fingerprints, studies have shown that skin conditions like dryness or Dermatitis may cause fingerprint verification failures. The need to press your flesh against a scanner that hundreds of other people have touched is also a hygienic concern. When the touch verification was introduced by iPhone, articles were written on how biometrics would not work because, they could not be kept secret. We leave our fingerprints on everything we touch and if there was a way to lift our prints and use them on a scanner, there is no way that we can change our finger print, like we could with a password. Researchers have shown that Gummi bears can be used to generate counterfeit fingerprints.


Iris or retina scanning is a biometric approach which is considered to be the most accurate. This has been popularized in many movies. In the 2002 futuristic movie Minority Report, Tom Cruise’s character replaces his eye with one he purchased on the black market to bypass this surveillance technique. This is harder to spoof, but more expensive and not as convenient as other biometric approaches.


Iris scan.jpg


Hitachi’s approach to biometric is the use of finger vein. Although not as well known as finger print, finger vein is as convenient to use as finger print but bypasses the concerns of using finger prints. Finger vein has very high accuracy, and is not transferable or obscured by conditions on the skin. Unlike fingerprints that are left on everything you touch, finger veins are hidden inside the finger. When a near-infrared light is transmitted through the finger and partially absorbed by hemoglobin in the veins it is possible to capture a unique finger vein pattern profile, which is then matched with a pre-registered profile to verify individual identity. The finger does not need to touch the camera or the light source, so it relieves the concern for hygiene. If a finger is not live, or otherwise detached from the blood supply, there would be no vein ID.


A comparison of Biometric methods, published by the international Journal of Advances in Science and Technology, shows that finger vein biometrics has the highest accuracy, long term stability, and security level compared to facial recognition, iris scan, finger print, voice recognition and lip recognition.


BIo Comparisons.jpg


Hitachi VeinID technology was introduced in Japan in 2002 and has gained wide acceptance with over 40,000 ATMs and several million smart cards with finger-vein ‘match on card’. In 2010, finger vein ATMs were introduced in Poland and Barclay’s bank provides UK corporate banking customers with finger vein biometric authentication devices that will let them “easily access their online bank accounts and authorize payments within seconds, without the need for PIN, passwords or authentication codes”.


Hitachi VeinID has been gaining wider acceptance in Europe since its introduction in Poland. The man most responsible for introducing VeinID to Poland is Tadeusz  Woszczyński, who is currently the country manager for Poland and CCE for Hitachi Europe. Ben Edgington, Head of Engineering, Information Systems Group, Hitachi Europe, leads the engineering team, covering pre-sales, development, delivery, post-sales support and product management across our Digital Security solutions which includes VeinID. For more information you can link to this data sheet which was published by Hitachi Europe.


I am very pleased to announce that both Tadeusz and Ben will be at our NEXT 2017 users conference, Sept 18-20 in Mandalay Bay, Las Vegas to present a breakout session entitled: Putting identity at the heart of security: strong authentication via Hitachi's biometric technology. Click on the website for NEXT 2017 and register today to attend this conference.


NEXT promo event_banner-resize_v3.png