View
2
Download
0
Category
Preview:
Citation preview
Biometrics for
High Security & Reduce Operation Cost~Card-less & Password-less operation
by PalmSecure~
September 2009
FUJITSU FRONTECH LIMITED
Copyright 2009 FUJITSU LIMITED
Copyright 2009 FUJITSU LIMITED
Necessity and Effectiveness
Of
Biometrics
1
Leakage of Personal Information
JNSA:NPO Japan Network Security Association April 2008
―Report of Information Security Incident‖
Cause of Information leakage and % Number of leakage of personal information
by internal illegal stolen
Rapid increase of personal information leakage by internal illegal affairs and
crimes
Copyright 2009 FUJITSU LIMITED2
Internal illegalAffirs 2.2%
Bug, Security
0.2%
Illegal access
0.9%
Stolen
19%
Usage for other
purposes 0.6%
Others 1.7%
Unknow1.2%
Lost 29.2%
Operation mistakes
14.7%
Illegally stolen
8.1%
Internal illegal
stolen 2.2%
Administration
mistakes 8.1%
Setting mistakes 1.7%
Worm Virus
12.2%
Internal Illegal affairs
Other causes
Incident number
Increase of Illegal Access
FY2008, Number of Incidents and methods of crimes
Easy Password setting and administration 1,368
Ex-employee and friends who knew identification code
163
Obtain by Phishing sites 88
Use spyware to get identification codes 48
Verbally from or looking to administrators 26
Purchase from others 24
Obtain from accomplices 7
Get identification code from file exchange software or other software
6
Others 6
■Number of illegal access is increasing
■Illegal access from companies are increasing
■Many crimes are cased by easy Password
setting and administration
From Japanese Ministry of Affairs ―Causes of Illegal Access‖
Many illegal access to information were caused by easy password setting and password administration
Copyright 2009 FUJITSU LIMITED3
2005 2006 2007
1,818
592
946
2,289
203 325
437 685 1,000
2005 2006 2008
1,818
592
946
2,289
203 325
437 685
2,000
Companies
(many of them areISPs)
Number of Incidents
人的運用管理
資産運用管理
ストレージ
サーバ
IT担当人員
PC
情報系
ネットワーク
運用管理
営業/顧客業務
IT教育
基幹系
BCMコンプライアンス
セキュリティ
-10 -8 -6 -4 -2 0 2 4 6 8 10
Souce: Noak Research November 2008
Where Mid-size companies will invest money to?
財務・会計
セキュリティ・個人情報保護
販売管理
内部統制
人事・給与
営業支援
サプライチェーンマネジメント・物流管理
生産管理
仮想化・サーバー統合
調達・購買管理
顧客管理
Webサイト強化(Web2.0対応)
知識共有(ナレッジマネジメント等)
BCP(事業継続計画)
利用部門向けのデータ分析支援
経営層向けの意思決定支援
人材開発
SOA関連
SaaS関連0.5
1.9
財務・会計
セキュリティ・個人情報保護
販売管理
内部統制
人事・給与
営業支援
サプライチェーンマネジメント・物流管理
生産管理
仮想化・サーバー統合
調達・購買管理
顧客管理
Webサイト強化(Web2.0対応)
知識共有(ナレッジマネジメント等)
BCP(事業継続計画)
利用部門向けのデータ分析支援
経営層向けの意思決定支援
人材開発
SOA関連
SaaS関連0.5
1.9
:implemented as 2 to 3 years:will implement within 2 to 3 years
Souce:Nikkei Information Strategy March “CIO comments from well known 369 companies”
Research Period:October 2008 to November 2008
Well known 369 companies will invest money to
Investment to security continues to be increased though economic crisis.
Where companies will invest money?
Copyright 2009 FUJITSU LIMITED4
Finance & accounting
Security & Protection of Personal InformationSecurity
Compliance
No.1 SecuirtyPrevention of Information Leakage/Illegal Access
No. 2 Compliance
Copyright 2009 FUJITSU LIMITED
IT Security Base and Authentication Base
Department Servers Department Servers Department Servers
ID/Password Authentication ID Card/USB key Authentication Biometrics
Active
Directory
Active
DirectoryID
Management
Active
DirectorySSO
Authentication Server
For IT Security Base, Enhancement and integration of authentication base is
mandatory5
IT S
ecu
rity B
ase
Ap
pro
val B
ase
Au
then
ticatio
n B
ase
・Always need ID Card
・Many and Complicated Password
・Periodic Change of Password
Conveniences
Issues of Authentication Base
・ID Card Management
・Password Management
・Help Desk Function
Cost
・Enhancement of Internal Control
・Protection of Personal Information
・Compliance
Security
Trade-Off
Enhancement of Security
⇒Decrease of Conveniences
Management
IT Dept. End User
Trade-Off
Enhancement of Security
⇒Increase of costs
Copyright 2009 FUJITSU LIMITED6
Issue #1 of Authentication Base
Security
Problem of password authentication
●Stolen : Somebody looking at your Passwords
●divulgation : Memo of Passwords
●Guess: Easy Password
Cost●Increase of Password Management by IT Dept.
●Increase of inquiries to Helpdesk
Conveniences
●Different Password for Each System
●Complicated Password
●Needs Periodic Password Changes
●Forgetting Passwords means no work
・Risk of impersonation
・Defects of Identification
・Increase of Admini-
stration cost
・Decrease of Productivity
・Limitation of memory
・Inconveniences of
forgetting password
Copyright 2009 FUJITSU LIMITED7
Issue of ID Card Operation
●Stolen
●Lost, Forget
●Fake (Magnetic stripe can be faked)
●Cost of ID Card
●Cost of ID Card Reader
●Cost of ID Card Administration(Issuance, Regsiter, Deliver, Stop, Re-issue, Expiry, Withdrowal)
●Always needed to be carried
●Pay attention for not losing
●No cards, No work
●Different cards for different works
・Risk of impersonation
・No Identification Check
・Increase of Admini-
stration Cost
・Decrease of Productivity
・Inconvenience when
not carrying
Security
Cost
Convenience
Copyright 2009 FUJITSU LIMITED8
Issue #2 of Authentication Base
Mechanism of Biometrics Logon
palm01
90514
abcd
User Name YOZUE
Vein Data ○●□■△
123456
********
123456
********
123456
********
123456
********
123456
********
123456
********
Application A
Application B
Application C
Verify vein
data
Biometrics
Authentication
Server
■ Replace Windows Logon and Application Logon from ID cards and Password to Biometrics.
■ Enhancement of Authentication Base by Biometrics with SSO function
■ Users’ data (Name, Vein data, ID, Password) is administrated by Biometric Authentication Server
■ Collection of Log, and analysis of usage tracing is possible.
Copyright 2009 FUJITSU LIMITED9
I D PASS I D PASS I D PASS I D PASSYOZUE ○●□■△ 1001 1357 1001 abcd F001 90514 J901palm01
HARADA●○■□▲ 1002 2468 1002 efgh F002 90515 J902palm02
INAOKA ◎○◆◇▼ 1003 3579 1003 ijkl F003 90516 J903palm03
Application B Application CWindowsVein DataUser Name
Application A
Cost Reduction by Biometrics Authentication
Biometrics Authentication業務アプリサーバ
PalmSecure
Client
Vein Data
Authentication
Results(ID, Password)
Login
500 PalmSecure(Example) H/W : US$80K
S/W : US$50K
Total US$130K
Application Image
No Change to
Current appli-
cation
Biometric Authentication
・Short term and lows cost for appliance server
・Multimodal is possible (Vein, Fingerprint)
It is possible to reduce ID card/password operation
and Helpdesk operation cost
Issuance of ID Card and Card Reader
Operation cost of ID Card and Password
Helpdesk Operation Cost
Authentication system cost for each application
Per user/Year
US$150 to 200
Per card
US$5 to 20
40% of Helpdesk operation
is password inquiry.
Development of Application
and Authentication System
Per reader
US$30 to 50
ID Card, Password Cost
Copyright 2009 FUJITSU LIMITED10
Security Enhancement
・Impersonation by ID Card is impossible
・Impersonation by password is impossible
・Operation by log administration
Cost Reduction
・Cost reduction of ID Card administration
・Cost reduction of password administration
・Cost reduction of helpdesk
・Cost reduction by no ID card
Convenience
・No worry for losing ID Cards
・No worry for forgetting passwords
・No action of ID Card reader and password
Benefits of Biometrics (Cardless, Passwordless)
Management
IT Dept. End User
Security Enhancement
+
Conveniences
Security Enhancement+
Cost Reduction
Copyright 2009 FUJITSU LIMITED11
Copyright 2009 FUJITSU LIMITED
PalmSecure Sensor
① Place a hand
Oxidized hemoglobin absorbs around 760nm
wave length.
(Source: Corona, 1997)
← 約760nm前後の波長を吸収
Operating principal of Palm Vein Authentication
② Emit Near-Infrared Light ③ Take photos
【Image of Near-Infrared Light】
⑤ Templates
HDD
or
【Vein Pattern Image】
④ Abstraction
PalmVein Authentication Mechanism
12
Copyright 2009 FUJITSU LIMITED
Characteristics of PalmVein Authentication
■Vein is a biometric inside bodies・Nobody can spoof biometrics inside the bodies.
■Each vein pattern is different. No pattern change after born・Vein patterns never changes in life.
1.High Safety
2.High Accuracy■『PalmVein』 can be high authentication accuracy
・Number of veins in palms are very large and complex. Palm is most suitable for high authentication.
・Many Veins
・Complex
・Vein pattern
is clear
3.High Acceptance■Everybody can use palm
・There is nobody without veins (Some peopled do not have fingerprints)
■Hygiene with contacless operation
■Easy Operation
13
Vein
■Biometrics inside boy =
Impossible to impersonation
■High Authentication Rate
Copyright 2009 FUJITSU LIMITED
Face
Voice
Public Use
Personal Use
High Authentication
RateLow Authentication
Rate
Needs to be hygiene
Fingerprint
Signature Iris
Authentication rate and Application Area of Each Different
Biometrics
■High
Authentication Rate
■Expensive
■Human being can
authenticate as well as
machine authenticate
■Passport use
■Can be used
through telephone
■Small
■Low Prices
14
Expanding Biometric Market
742 786 1,0522,080 2,431 2,948468 656
1,129
5,492
7,363
9,8645,335
6,342
8,527
2006年度 2007年度 2008年度
PCログイン
入退室管理
勤怠管理
装置組込み
その他
According to Mic Economic Research Institute on November 6, 2008, biometrics solution reports
says as follows:
- Average Growth Rate after 2009 : 16.9% (2012 will be US$441.4M)
- ID Card can be target for impersonation. Mic estimates the Access Control will be ID card + Biometrics.
- PC Login market will be expanded from fingerprint to vein recognition.
Biometrics Solution Growth Graph
20,000
15,000
10,000
5,000
0
(Millon Yen)
Biometrics market continue growing. Especially, vein recognition will
continue at the highest rate.
Copyright 2009 FUJITSU LIMITED15
134%
135%
172%
134%
119%
140%
PC Login
Access Control
Time & Attendance
Embedded
Others
Copyright 2009 FUJITSU LIMITED
Evolution of ―PalmSecure‖
16
Copyright 2009 FUJITSU LIMITED
Memory
Code, Password
BiometricsFingerprint, Iris , Vein
Clobber
Card、USB Key
Conveniences
Hig
h S
ecu
rity
Trade-off carve of Security & Conveniences
①High Authentication Rate
②Small Hardware
③Easy operation
④Everybody can use
⑤ Hygiene
Targets of
PalmSecure
High Security
& Convenient
Biometrics
●Easy Relief & Security
●Daily Relief from Special Security
●So, What are necessary?
Technological Target of PalmSecure
17
1:1Matching between an ID
and a Vein data
ID Card
OR
Key
0001 0002 0003 ・・・・・・1000Search
vein data
Palm Vein
Authentication
abstraction
Vein Data
Matc
hing
1:1 matching can be high speed
authentication.
However, ID card or ID input is necessary.
1:NMatching between a vein
Data and multiple vein data
0001 0002 0003 ・・・・・・1000
Vein Data
Palm Vein
Authentication
Matching
1:N Matching needs no ID Card or ID input.
Great improvement of convenineces.
With an identifier like birth data, large
Number of 1:N authentication is possible.
Matching Result
XXXX
1:N realizes no ID and password operation
Enhancement of 1:N Authentication
Copyright 2009 FUJITSU LIMITED18
0001 0002 0003 ・・・・・・1000
Matching
Only PalmSecure can sustain FRR 0.01% and FAR 0.00008% with 1:N
authentication (N≧1,000).
Challenges to 1:N Authentication
Matching Results
XXXX YYYY ZZZZ
Vein Data
?
Technical Issues How to improve PalmSecure 1:N
N becomes larger =
More time for matching
1.Slow Authentication Speed
N becomes large =
Similar patterns increase.
(Decrease of FAR)
2.Decrease of
Authentication Rate
Copyright 2009 FUJITSU LIMITED19
1.High Speed Authentication Library
■Fujitsu developed high speed algorithm
for 1:N authentication.1:1000 → 2 seconds
2.Improve FAR■Improve FAR of PalmSecure
Palm has large number of veins and complicated. With such characteristics, improvement of FAR is possible.
・Large Information
・Complex pattern
・Clear vein pattern
●Example of 1:N usage (Cardless)
【Ibaraki Naka-city Library)】
Use 1:N with birthdates, current users
without library cards are over 10,000 people.
This method of 1:N can be used for Time & Attendance,
cashless payment, membership, school attendance.
Extremely Large 1:N
●How to make extremely large 1:N?
Example: Use birthdates (mmdd) as an identifier, about 300K people
(≒1,000人×365 days) 1:N is possible.
300,000
1,000
Total Data
1:1000 matching to the same
birthdates.
Use birthdates as Identifiers, narrow the 1:N
to 1:365
Narrow
11:1000
Copyright 2009 FUJITSU LIMITED20
Naka-City Library
Automatic Rental Authentication
①Place books on machines (Read IC Tag)
②Input birth date
③Place a palm over a sensor
④confirm the number of books renting
⑤Renting receipt printed
Authenticate moving hands ⇒ Dramatic improvement of Contactless Operation
High Speed Authentication by Fujitsu Laboratory
Fingervein is impossible due to sever position requirement of fingers.
Target
Authenticate moving hands
Contactless
No difficult operation for users
No stopping of hand movement
☞☞☞
Prototype 9cm x 7cm
High speed photo taking technologyOtimized for movement less than 1mm seconds
1 meter per secondMaximum hand movement
30 frames per secondFrame rate
1mm secondExposure time
Prototype
☞
Abstraction of the most optimized photoAutomatic selection of the most optimized photos
PC Input(30 frames per second)
Abstraction of Photo Authenticate
☞
Copyright 2009 FUJITSU LIMITED21
Te
ch
no
log
y
1
Te
ch
no
log
y
2
Copyright 2009 FUJITSU LIMITED
PalmSecure Solution
22
●Windows Logon
PalmSecure LOGONDIRECTOR
1.Windows LogonWindows Logon, PC lock release, Screen Saver lock release
2.Application LogonWeb Login, Password replacement
3.Authentication Log CollectionLogon trace, User operation trace
●Atuthentication Log
Old
Keyboard logon
LOGONDIRECTOR
PalmSecure Logon
●Application Logon (Easy SSO)
Application System
Web Page
ID/Password
Replacement
23 Copyright 2009 FUJITSU LIMITED
PC Logon Software ―PLD‖
PalmSecure LOGONDIRECTOR
2 types of authentication method (vein data, ID, Password)
1.Client Version (All authentication information stored in local PC)
2.Server Version (All authentication information stored in servers)
PC Logon Software ―PLD‖
Client Version
・Client PC with users’ authentication infomation
Sd-userLogon ID
****User ID
sddom
userpassword
Application
Password
Vein Data
User ID Input「****」
Vein Data
Logon
24 Copyright 2009 FUJITSU LIMITED
Server Version
Any clients can access to servers with users’ Authentication
information
Sd-userLogon ID
****Uer ID
sddom
userpassword
Application
Password
Vein Data
User ID Input「****」
Vein Data
Logon
Authentication Server
Copyright 2009 FUJITSU LIMITED
For solution and application developers, Fujitsu prepred PalmSecure™ SDK
PalmSecure™ SDK
PalmSecure SDK supports application and solution developers by
SDK.
1 Hardware PalmSecure TM Sensor, Guide, Holder, USB Interface Cable (1meter)
2 Authentication Library Authentication library for enrollment, verification.
3 Sample Application C/C++ language source program and sequence charts for application developers. Sample programs. Supports both standalone/client・server structures
4 Sample Collection/
/FAR Evaluation ToolUsers can collect vein data samples to calculate FRR and FAR.
5 Basic Demonstration Tool Basic demonstration tool to introduce mechanism of PalmSecure
6 System Developer’s Guide Procedures, cautions, developer’s environment is described.
7 Authentication Library Reference
API Interface
8 Hardware Drawing Manual
For customers’ using embedded cases, guide design manuals.
PalmSecureTM SDK Support Web
Users can download the latest version of software
and Q&A services are provided.
25
■Bank Box, Locker System
Copyright 2009 FUJITSU LIMITED
Products by use of PalmSecure SDK
■Time & Attendance
■Multi Function Printer
Prototype
26
■Token Automatic Teller
2727 Copyright 2009 FUJITSU LIMITED
SSO – Citrix Ready
Fujitsu PalmSecure LOGONDIRECTOR Verified as Citrix Ready
Award-Winning Palm Vein Authentication Technology Integrates with
Citrix Password Manager Single-Sign On Solution to Enhance Security and
Compliance
Sunnyvale, CA, October 22, 2008 — Fujitsu Computer Products of America, Inc., a leading supplier of
innovative computerproducts including hard disk drives, peripherals and biometric security solutions, today
announced that its PalmSecure LOGONDIRECTOR has been verified as Citrix Ready™.
The PalmSecure LOGONDIRECTOR is a new identity management solution that combines the Fujitsu
PalmSecure biometric authentication technology embedded into a PC mouse with software that seamlessly
integrates with many third-party vendors’ single sign-on (SSO) solutions. The Fujitsu PalmSecure
LOGONDIRECTOR has been verified as compatible with Citrix Password Manager, providing organizations
with a robust, cost-effective user authentication solution to enhance security and facilitate compliance with
HIPAA, SOX, PCI DSS and other regulations.
"By integrating PalmSecure with Citrix Password Manager, PalmSecure LOGONDIRECTOR addresses the
security issues associated with relying solely on passwords for access to proprietary systems and
information," said Joel Hagberg, vice president, marketing and business development, Fujitsu Computer
Products of America, Inc. "The fact that Fujitsu PalmSecure LOGONDIRECTOR completed the Citrix Ready
compatibility testing demonstrates our commitment to providing validated biometric security solutions."
WYSE ThinClient
+
【WYSE Thin Client + PalmSecure Global Leader of Thin Client ―Wyse Technology‖Wyse Technology Co, Ltd、(San Jose) offered Windows-Based Terminal
in 1995. 33% of global share is currently held. 40 companies of Fortune
100 are using Wyse Technology.
Case Study: O-rid Corporation
―All data is personal information. No leakage of data is allowed.‖
Thin Client + PalmSecure solved the problem.
Copyright 2009 FUJITSU LIMITED
PalmSecure™ Case Study in Japan
29
30
PalmSecure™ Sensor
PalmSecure™ Application
Time &
Attendance
Access Control
Cashless/Cardless Payment
Bank Box,
Security Locker
MFP
Copy/Print Security
ATMBank Teller
Biometric smart card
Cardless
Membership
Administration
PC・Terminal
Login
Information
Access
30 Copyright 2009 FUJITSU LIMITED
Copyright 2009 FUJITSU LIMITED
Solution for Clients
Want enhance securities with next application changes and consolidate login and access control
PalmSecure consolidates from PC login, Time & Attendance and access control.
Complicated passwords and changes are huge loads for users and administrators.
PalmSecure releases the administration of complicated ID and passwords.
Fingerprints do no work, low thresholds causes high FAR
PalmSecure does not use body surface information.
ID cards cost large amount of money (card cost, lost, re-issue, so on)
PalmSecure does not require ID card.
Compliance to internal control requires new securities.
PalmSecure can clear security laws of internal control regulations.
31
Copyright 2009 FUJITSU LIMITED
Financial Market
ATM(Withdrawal & Transfer
of money)
Bank Terminal(VIP
identification)
Access Control
(Bank Box)Back Office
(Administrate
Operators)
Biometric Smart Bank
Card for ATM usersPrevent information
leakage
AICHI GUARANTEE
愛知県信用保証協会
32
Access control to data
center
Copyright 2009 FUJITSU LIMITED
Aichi Guarantee Association adapted PalmSecure
~For the purpose of information leakage ~
Aichi Guarantee is a public association who
is a bond association for small to medium
business Companies.
In order protect customers’ personal infor-
mation, Aichi Guarantee replaced ID and
password and adapted PalmSecure for terminal
login.
Personn
el
LAN
PalmSecure Authentication
PalmSecure
Current System
Personnel DB
Update
data
Client PC 356 systems
① ②
③
AD
Adapted PalmSecure for Personnel Identification
Aichi Gurarantee adapted PalmSecure (biometrics) due to only
enrolled person can access to terminals. PalmSecure mouse
requires less space for desks.
Terminal Access Authentication System
33
3434
Government Market
Personnel
Identification
Citizen
IdentificationAccess ControlPolice・Fire Dept.
(Operator Identification)
Copyright 2009 FUJITSU LIMITED
PalmSecure PC security
for local government PC
PalmSecure for Shimane
Police’s portal site
PalmSecure PC security
for local government PC
■ Collaboration of Active Directory and PalmSecure, single administration of
Windows login and made group policies for information access.
■ PalmSecure login to Windows/Backbone application without knowing password.
Personnel Identification is well adapted by local government holding private Information
PC Login Authentication
PalmSecure adapted for prevention of private information leakage
Authentication Server
Active Directory
Authentication
Client
System Image
Authentication
Login/System Login Information
Au
then
ticatio
n
Copyright 2009 FUJITSU LIMITED
Retail Market
Time & Attendance Login to terminals Access Control POS(operation Identification)
Physical access control
for warehouse
Prevent information leakage
of personal information
36
Time & Attendance for
employee management
アッシュ・セー・クレアシオン
37
Healthcare Market
EMR Access Patient
Identification
Access Control(New born baby room)
Access Control(Medicine Warehouse)
Patient Identification
Before surgery
Access control to server
room
サーバ室の入退室管理
病歴室の入退院管理
Copyright 2009 FUJITSU LIMITED
EMR Login System
EMR Access
University of Yamanashi Hospital adapted PalmSecure
~EMR access login~
■ Collaboration of EMR ―HOPE/EGMAN-GX‖ and ―PalmSecure,‖ EMR access can be
limited to employees who have rights to access EMR system.
■ Old fingerprint authentication was replaced due to high FRR rate.
Logon
PalmSecure is the most suitable option for EMR
Copyright 2009 FUJITSU LIMITED
Education Market
Attendance
Identification
Student
Identification
Library
(Cardless operation)Cafeteria
(Cashless Payment)
Student ID Card (Smart Card)
contains vein data for accessing
KIOSK terminal.
Cardelss operation for
rental books
39
Access Control to
nursery
まーぶる保育園
40
Manufacturing Market
Copyright 2009 FUJITSU LIMITED
Time & Attendance
(Employee Control)CAD System
(Operation identification)Access
Control
Access control to milk
production room
森永乳業株式会社(多摩工場)
Employee Time & AttendanceAccess control to data
center
Production Control System
(Operator
Identification)
Copyright 2009 FUJITSU LIMITED
Reasons why PalmSecure was adapted
Customers Application Why PalmSecure was adapted
Aderance Co. Ltd. PC login ■No effects to palms caused by chemicals
■Total security plan (Desktop keeper & Operation)
Keiyukai Sapporo Hospital
Surgery patient identification
■High authentication rate and quick response
■Ease to use by patients
H.C. Creation Co. Ltd. Time & Attendance ■No effects to palms by water
Aichi Guarantee Association
PC Login・
Access Control
■Less space by PalmSecure mouse
■Contactless authentication
University of Yamanashi Hospital
EMR authentication ■High security to prevent impersonation
Kiyose City PC login ■Quick development period with PalmSecure SDK
■Less space by PalmSecure mouse
Naka City Public Library Library System ■Increase of conveniences, administration cost and ecological by cardless operation
Happiness Shakuji Nursery
Access Control ■Less mental resistance comparing fingerprints
Big retail shop Increase security ■Fingerprint has high FRR.
Lunch box facility Access Control ■Less mental resistance comparing fingerprints
41
Copyright 2009 FUJITSU LIMITED
Global PalmSecure
42
Copyright 2009 FUJITSU LIMITED
FBR
FEL
FFNA
FTL
FFTS
FHK
FKL
FAPL
FUJITSU Ltd
Fujitsu Asia Pte Ltd.
● Fujitsu Sales Offices
FALFujitsu Australia Ltd.
Fujitsu Frontech Shanghai Ltd.
FIL
Fujitsu Frontech North America
Fujitsu do Brasil Ltd.
Fujitsu Taiwan, Ltd.
Fujitsu Europe Ltd.
Fujitsu Korea Ltd.
Fujitsu India Ltd.
Fujitsu Hong
Kong Ltd.
Global PalmSecure business since 2006
Worldwide Business Network
Global PalmSecure Sales
43
Source:International Biometric Group
Global Biometrics Growth
Biometrics market continues to increase. Visibility of PalmSecure is the key for large
market share
Copyright 2009 FUJITSU LIMITED44
Biometrics Revenue by Technology
2009
Vein Recognition
2.4%
☞PalmSecure targets to replace
fingerprints, iris and hand geometry
☞☞☞
Annual Biometric Industry Revenues
2009 - 2014
CAGR(’09-’14)=21%
127%
124%
121%
119%
119%
Revenues by Technology through 2014 M(US$)
2009 2010 2011 2012 2013 2014
Fingerprint 971.0 1,380.9 1,740.1 2,064.1 2,422.9 2,827.2
Iris Recognition 174.4 287.8 360.8 480.5 578.3 730.3
Hand Geometry 62.0 62.8 63.7 68.2 76.0 85.0
Middleware 275.0 327.7 413.8 525.2 625.2 732.6
Face Recognition 390.0 510.8 675.4 848.5 1,097.3 1,417.8
Voice Recognition 103.8 109.3 113.5 136.3 167.5 189.7
Vein Recognition 83.0 102.1 132.2 172.2 199.5 235.7
AFIS / Live-Scan 1,309.1 1,489.9 1,816.6 2,154.4 2,525.8 2,965.7
Other Modalities 54.0 85.6 107.5 131.8 154.2 184.9
Annual Total 3,422.3 4,356.9 5,423.6 6,581.2 7,846.7 9,368.9
Copyright 2009 FUJITSU LIMITED45
―PalmSecure‖ certified to IT security ―Common Criteria‖.Fujitsu PalmSecure Certified Under "Common Criteria" International Security Standard
Tokyo, February 4, 2009 — Fujitsu Limited announced today that its palm vein authentication system, PalmSecure, has been certified under the Common
Criteria(1) for Information Technology Security Evaluation (ISO15408) as Evaluation Assurance Level 2(2). This is the world's first palm vein-based
authentication system, and only the third biometric authentication system of any kind, to be certified under this international standard.
The Fujitsu Group will provide PalmSecure on a global basis to serve those customers, such as government agencies and financial institutions, who require
advanced security.
PalmSecure PC Login Kit(standard model)
In recent years, biometric authentication based on veins, fingerprints, and iris patterns has become widespread in a variety of applications such as PC or
business application login, identity verification at ATMs, and facility access control.
Since the Fujitsu Group has brought palm vein authentication to social infrastructure including banking, healthcare, and academic testing systems, it has
been called upon by customers such as government agencies and financial institutions outside of Japan to put the device through a third-party security
certification process.
Becoming certified under the international standard for IT security, Common Criteria, responds to that call. The Fujitsu Group can tailor solutions using the
high-precision, high-security PalmSecure system to meet customer needs.
1. Common Criteria:
Common Criteria is a set of established criteria for evaluating and certifying the information security of IT products and information systems.
It is currently recognized in 25 countries. Security evaluations based on Common Criteria look at the security performance and reliability (quality
assurance) of the target system. The depth and breadth of the evaluation is indicated by its "Evaluation Assurance Level" (see below).
2. Evaluation Assurance Level 2:
Under Common Criteria, there are seven Evaluation Assurance Levels in increasing order of stringency. A higher Evaluation Assurance Level
means that the security assurance for the Target Of Evaluation (TOE) has been tested over a broader scope, although it does not necessarily
indicate a higher level of security. The Evaluation Assurance Level 2 score earned by PalmSecure indicates that it is structurally tested.
Common Criteria (ISO15408)
Certifying Organization: Bundesamt für Sicherheit in der Informationstechnik(BSI)(Federal Office for Information Security)
Certificate Level: Common Criteria EAL2
Certificate Number:BSI-DSZ-CC-0511-2008
Certificate Date: December 2008
Banco Bradesco S.A.
has 170K accounts,
more than 13K branches
and more than 26K ATM.
Banco Brandesco S.A. adapted PalmSecure on ATM since January 2007.
As of March 2009,4,400 PalmSecue ATM has been used by 470K users.
Bank ATM (Brazil)
Copyright 2009 FUJITSU LIMITED46
ATMの認証センサー部
Larger private commercial bank in Latin America, Banco Bradesco S.A. adapted
PalmSecure after testing various biometrics.
■ 「High Authentication Rate」■ 「Palm vein is information inside body」■ 「Contacless」Those 3 features were considered as the best biometrics for ATM
transaction.
Baco Bradesco S.A. adapted PalmSecure identification for ATM transaction
Copyright 2009 FUJITSU LIMITED
PalmSecure adapted by the State of Art class hospital in USA~Secured patient registration and identification~
• CHS owns, leases or manages 15 hospitals in North and South Carolina, along
with nursing homes, home health agencies, radiation therapy facilities and
physical therapy facilities.
• Together, CHS operations comprise approximately 4,300 licensed beds and
employ approximately 25,000 full-time, part-time and on-call employees.
More than 300K patients are registered with PalmSecure
Patient Identification System (USA)
47
The biggest in North Carolina and South Carolina, the 3rd largest hospital in USA, Carolinas Health Care
System (CHS) adapted PalmSecure for patient identification to prevent insurance fraud and
personal identification.
CHS adapted “PatientSecure” middleware developed by HT System. “PatientSecure” can connect
patient and his/her medical record for security. CHS developed small hand guides for small children to support
all ages.
【Purpose and Effects】
■ Prevent insurance fraud
■ Prevent patient medical record leakeage
■ Prevent double registration of one patient
Patient Registration KIOSK (USA)
Patients only need to place hands for reservation and payment
Allscripts (USA) and Fujitsu announced Allscripts KIOSK ―Patient Kiosk‖ terminal for
healthcare market. Patient KIOSK reduces hospitals cost and increases patient
satisfaction.
PalmSecure enhances securities’ and privacies’ of patients’ medical records.
• The new Allscripts is the clear leader in software, services, information and
connectivity solutions that empower physicians and other healthcare providers to
deliver best-in-class patient safety, clinical outcomes and financial results.
•Nationwide, more than 150,000 physicians, 700 hospitals and thousands of other
healthcare providers in clinics, post-acute care facilities, and homecare agencies
utilize Allscripts solutions to automate and connect their clinical and business
operations. Together with our clients, Allscripts is transforming our disconnected
'healthcare' system into a connected system of 'health'.
Copyright 2009 FUJITSU LIMITED48
Allscripts developed patient registration KIOSK
terminal with PalmSecure~Enhance securities with PalmSecure~
■ No needs to write papers by patients
■ Enhance patients’ securities and privacies
■ Reduce costs of reception
■ Displays health creation plan for patients
49
Pearson VUE adapted PalmSecure for Pearson VUE’s ―Security Testing Frame work™.‖
Pearson VUE offers a service to ―Graduate Management Admission Test (GMAT) of ―Graduate
Management Admission Council(GMAC).‖ For test-takers of GMAT, Pearson VUE adapted PalmSecure
to prevent impersonation.
PalmSecure was adapted as core identification system of ―Security Testing Framework™‖ in India and
Korea at first. Pearson VUE plans to utilize PalmSecure for 107 countries at over 400 locations with
several million test-takers.
Personal Identification for Examination (USA)
49 Copyright 2009 FUJITSU LIMITED
PEARSON (USA) adapted PalmSecure
~Personal identification for test-takers.~
Several millions of test-takes in 107 countries will use PalmSecure
【Why PalmSecure adapted】
Pearson VUE chose PalmSecure based upon neutral 3rd party consultants.
Pearson VUE tested several biometrics for the system.
PalmSecure was chosen because of high authentication rate, authentication speed, ease to use.
50
A railroad company in USA is one of US leading transportation companies.
They provide Rail-Based Transportation Services for 21,000 miles in Eastern USA and Eastern
Canada. There are 70 ocean, river and lake ports. They have thousands of production and distribution
facilities. There are also 230 short line and regional track connections.
Railroad Maintenance Company (USA)
50 Copyright 2009 FUJITSU LIMITED
A railroad maintenance company in USA
adapted PalmSecure & PLD
Several millions of test-takes in 107 countries will use PalmSecure
【Challenge】
・Accountability for engineering maintenance and repair
・Today, 2600 engineers work on equipment for 24hours/7days
・Lack of accountability and responsibility for repairs
・Federal Railroad Administration (FRA) Audits:
- When repair were completed
- What repairs were completed
- Who completed the repairs
【Solution】
・A company wants a Way to Track Work that is performed – Installation, Repair, Maintenance
- KIOSK environment (200+ with computers located in depot facilities (50)
- Engineers would authenticate using PalmSecure and Password Manager (PLD)
・All activities are tracked, accountability is restored.
・Management authrization for parts – office personnel (400)
■ Berlin Branch
Pilot with 2000 account holders
■ Frankfurt Branch
Pilot with 60 bank employees
■ PalmSecure at side board of ATM Frankfurt Branch
Berlin Branch(Q110)
European banks are piloting PalmSecure for ATM transactions
Bank ATM (Germany)
PalmSecure
Copyright 2009 FUJITSU LIMITED51
Deutsche Bank pilots ATM user identification with PalmSecure.
Deutsche Bank established at Berlin in 1870 is a global bank with 1,889
branches over 76 countries.
Copyright 2009 FUJITSU LIMITED
Siemens and Fujitsu collaborate for PalmSecure~The collaboration boosts PalmSecure Global Business~
Fujitsu and Siemens IT Solutions and Services made an agreement for PalmSecure
collaboration.
Siemens implements PalmSecure to Siemens ID Center for global offering. This
collaboration expands PalmSecure business not only to EMEA market, but expands to
global market.
Business collaboration for ID Center with PalmSecure
SIEMENS ID Center
52
Users Sign On From Desktop
Biometric
Devices
Secure
Authentication
Users can
logon from
anywhere in
the enterprise
No need to
remember
username and
password!
SAIL is planning to expand PalmSecure for over 100 steel plants and offices.
As of August 2009, 30 PalmSecue Time & Attenance has been used by 800 users.
Time & Attendnace (India)
Copyright 2009 FUJITSU LIMITED53
ATMの認証センサー部
Largest steel manufacturing company in India, SAIL adapted PalmSecure for
Time&Attendace application for its employees.
■ 「High Authentication Rate」■ 「Cardless operation」■ 「Contacless」Those 3 features were considered as the best biometrics for Time&
Attendance transaction.
SAIL (Steel Authority of India Limited) adapted PalmSecure Time&Attendance for its offices
Copyright 2009 FUJITSU LIMITED
PalmSecure adapted by Mundra Port & Special Economic Zone
More than 10K workers will be registered with PalmSecure
Time & Attenandance (India)
54
The parent company of Mundra Port operates 15 ports throughout in India. The biggest in port operation
Company In India. PMC Projects is planning to expand PalmSecure Time & Attendance and Physical
Access control application to its all 15 ports in India.
【Purpose and Effects】
■ Prevent attendance fraud
■ Protect workers for correct wages
■ Prevent security
55
PalmSecure is globally accepted by global partners.
Access Control System (Germany)
PCS Systemtechnik GmbH
PCS offers very high reliable technologies. Time &
Attendance, Access Control, PDA/MDA, Data Collection,
POI, multimedia and intranet. By PCS INTUS series, PCS
offers the state of art products to Europe.
55 Copyright 2009 FUJITSU LIMITED
Sensometrix in Swiss made 1:N accelerator for PalmSecure library. Sensometrix began
to offer own access controller ―SensoBox™‖.
With PalmSecure V24 library, 1:3000 in 2 seconds
response time is possible without degradation of
FAR and FRR. Currently, SensoBox with 1:3000 is
under trial by pharmaceutical, securities house and
manufacturing vendors.
Copyright 2009 FUJITSU LIMITED56
1:N Accelerator (Switzerland)
THE ONLY SOLUTION COMBINING QUICK
IDENTIFICATION TIMES AND HIGH SECURITY LEVELS
FOR LARGE DATABASES.
Quick identification times
Less than 2 secs for
Large databases
Authentication method
1:N
No card or pin necessary
High security levels
FAR:0,00008%
FRR:0,01%
Encryption
AES more than 128bits
Dimensions
336mm×115mm×7mm
Operating temperature
0 to 60 degrees celsius
SensoBoxTMTAccess Control Reader
PalmVein recognition
Copyright 2009 FUJITSU LIMITED57
Security Essen 2008 (Germany)
■Fujitsu Europe Booth ■Dome PalmSecure on ATM
■PalmSecure
Passport Reader
■PalmSecure Smart Card Reader
PCS wins Security Innovation Award 2008
In Essen Security Show
For the first time this year, the trade fair Security has conferred the Security Innovation Award. Over
70 companies have applied to be candidates for the Security Innovation Award. With the prize, the
fair Security will honor pioneering developments in the categories "Technology & Products" and
"Services and Marketing".
PCS has been awarded with a bronze medal in the category "Technology & Products" for its
innovative palm vein authentication reader INTUS PS. PCS is showing again its leading position as
an innovative company in the field of security.
Security Essen 2008 (Germany)
Copyright 2009 FUJITSU LIMITED59
Security Essen 2008 (Germany)
Copyright 2009 FUJITSU LIMITED
中国初!中国電子商務協会様が手のひら静脈認証装置を採用
PalmSecure business in China since April 2008
PalmSecure in China
Annual growth rate of Chinese security market is 20 to 30% per year. The market size is over US$1.6B
(100B Chinese Yen).
By the end of 2010, Chinese security market is expected be US$3B market. In addition,
global companies penetrating Chinese market require quality and security control.
PalmSecure is targeting these global companies as well as Chinese government.
中国南京擎天科技有限公司様が手のひら静脈認証装置を採用したソリューションを提供開始
60
PalmSecure Time & Attendance at construction site~青島文達通社 developed PalmSecure Time & Attendance~
In China, in order to avoid salary payment problems, Time & Attendance market is
growing. In China, they used to use ID card, but impersonation was possible with ID
card. Chinese companies are looking at biometrics for personal identification.
【About 青島文達通】Name:青島文達通科技発展有限公司Established:October 2001
President:管延成(かん えんせい)Location:山東省青島市
PalmSecure Time & Attendance Terminal
PalmSecure Time & Attendance available in China now
Time & Attendance (China)
青島文達通 is a famous company for fingerprint Time & Attendance
systems. However, due to high FRR of fingerprints, 青鳥文達通 was
looking for good FRR biometrics. Since PalmSeucre has good FRR
and easy to use, 青島文達通 adapted PalmSecure for their Time &
Attendance System.
With PalmSecure, Chinese companies can avoid salary problems.
Copyright 2009 FUJITSU LIMITED
PalmSecure has major differences from fingerprints
Fujitsu continues to advance PalmSecure
Easy to useJust place a hand
over a sensor
HygieneContactless
Small foot printsCan be embedded
Good FAR and High ReliabilityLarge number of vein information
Why PalmSecure is adapted in global
62
Copyright 2009 FUJITSU LIMITED
Possibilities are infinite by PalmSecure
63
Fujitsu PalmSecure TV Commercial
Use cases of PalmSecure introduction by TV commercial
① ATM transaction without bank cards
② Shopping without money and credit cards
③ Door control without keys and cards
Copyright 2009 FUJITSU LIMITED64
Recommended