Security in the Palm of your Hands

0 Copyright 2016 FUJITSU

Fujitsu Forum 2016

#FujitsuForum


Security in the Palm of your Hands

Thomas Bengs

Director & Head of PalmSecureTM EMEIA

Fujitsu Technology Solutions


About Identity…

Each creature is unique and it has its own individual identity

It starts from that our parents give us our identity at our birth

Our first identity document is the certificate of birth

Later on we get our 1st passport and national id card

But we also get other and we also collect other identity instruments during our live:

• Driver License, insurance cards, debit cards, credit cards, loyalty cards, email accounts, PC accounts, bank accounts, online shopping accounts, e-government accounts, travel accounts, memberships, etc. etc. etc.


Identity abuse – Identity theft…

It is not possible to steal somebody's individual identity, but it is possible to abuse it…

Online shopping, Online bets, Online auctions, Online banking

Name abusing in blogs

Creating fake profiles in social networks

Pretense of fraud facts

Fake president attacks

Payment diversions

Social identity attacking


The Reality is…

49,2%

19,2%

15,8%

9,9%

5,9%

3,5% 3,3%

3,7% Government / SocialSec. Fraud

Other Fraud

Credit Card Fraud

Phone & UtilitiesFraud

Bank Fraud

Loan Fraud

How Victims identity is misused in 2015 USA 0

500.000

1.000.000

1.500.000

2.000.000

2.500.000

3.000.000

3.500.000

2012 2013 2014 2015

Fraud Complaints

Other ConsumerComplaints

Identity TheftComplaints

Total

Identity Theft & Fraud Complaints 2012 -2015 in USA

Source: Federal Trade Commission, Consumer Sentinel Network, 2016

15 Billion US$ stolen from 13,1 Million US citizens

112 Billion US$ have been stolen by Identity Thieves the last 6 years

Identity Theft increased by more than 47% from 2014

As US credit cards became more protected the ID theft focus moved to new account fraud

Many ID thefts have been caused by personal information collected by ID thieves in the internet


How to protect my ID?

Our passports, national ID cards using biometric features

However, we daily use desktops, tablets, mobiles to get into the internet to perform operations and actions requiring our ID

We are using Pins, Tokens, Smartcards, Passwords, Images to secure our user name which stands for our ID

We try to make it more safe by using multiple factors, but…


…is that really safe enough?

Large corporations reported a cyber

breach in the past year

93 %

Small businesses reported a cyber breach

in the past year

87 %

The time it takes for 60% of security vulnerabilities

to be identified

9 Months

Source - Mandiant

It is not anymore a question of „if“, but more a question of „when“ it will happen


We need to establish a strong IAM

Business

Access Management Identity Management

User Roles / Groups Resources

Technology

Membership Access Right

Identity Access Management is not just a product – it is a SOLUTION

IAM starts with identification but it includes then also the way of communication forward & backward to/from the resources to work

with

• Business: - Defining the the IAM processes like

access rights, protection levels,

protected areas, building up a

meta directory

• Technology: - Interfacing the different applications

and platforms to interact together

• Enterprise Access Management:

- Defining access roles / groups

- Defining authentication processing

- Defining identitity management

- Defining external access management


A real world IAM example with Fujitsu PalmSecure

Your best choice to build up an IAM solution

../../../Videos/BWO_Handbiometrie-Fujitsu_Cut-1080p_10Mbits_270315 - FINALVERSION.mp4


Why Biometrics is the right choice for IAM

Risk of Fraud Ownership Knowledge Biometrics

To be transferred Yes Yes No

To be stolen Yes Yes No

To be forgotten Yes Yes No

To be copied Yes Yes No

To be lost Yes Yes No

To be altered Yes Yes No

Keys Password VeinTokens Pin Iris

Smart Cards "Selfie" FingerprintFaceVoice

Key stroke

Known methods

Possible authentication methods Precision of Biometrics

Biometrics clearly is the superior method for processes requiring authentication


How PalmSecure works

Hand positioned over sensor

Sensor focuses & detects live hand

Hand scanned with infrared light

Hand veins recorded

Secure biometric template stored

Biometric template converted individual key assigned & 2nd

AES encryption

Transmitted to PC

1st AES coding


PalmSecure at a glance

Very hygienic because contact-free

Easy and intuitive operation

High level of privacy because hidden under the skin

Palm veins are complex >5 million reference points

Palm has thicker veins than fingers – easier to identify

Palm veins are not sensitive to external factors

Hidden under the skin

Unique (even in the case of twins)

Traits do not change for entire lifetime

Live hand detection: only used if blood circulation detected

1 Highest level of security & performance

Extremely precise

Accepted everywhere 2 3


PalmSecure Portfolio Overview

OEMs & SIs Desktop Application Platform Software

• PS Sensor

• PS SDK

• PS U-Guide

• PS Embedded ARM Board

• PS PC Mouse

• PS Sensor Guide Kit

• PS Desktop Sensor

• PS USB Stick (planned)

• PS ID MATCH

• PS ID MOBILE

• PS ID ACCESS / T&A

• PS Ultra Secure Thin Client

• PS Truedentity

for client / server / web service

• PS Biolock for client / server

• PS Ultra Secure Thin Client

Linux/ Citrix /VMware

• Workplace Protect Client

• PS Secure Printing

• mPollux

State of the Art Biometrics for

• Industry

• Automotive

• Social Security

Secured Log in / SSO for:

• LEs & SMEs

• Banks & Insurances

• Gov. & Public Sector

High Level Security for:

• Gov. & Public Sector

• Retail & Banks

• Critical Infrastructures

Solutions which fits:

• Log in / SSO / Web services

• Mobile / Payment Security

• Cloud Security

http://mediaportal.ts.fujitsu.com/pages/view.php?ref=35625&search=palm+secure&offset=0&order_by=field12&sort=DESC&archive=0&k=


Client Computing Devices with PalmSecure Option

LIFEBOOK U904 Ultrabook PalmSecure™

CELSIUS H760 Workstation PalmSecure™

LIFEBOOK U745 Notebook PalmSecure™

LIFEBOOK S936 Notebook PalmSecure™

ESPRIMO Q956 Desktop PalmSecure™

STYLISTIC Q736 Tablet PalmSecure™

Super-thin and light 14-inch business Ultrabook™ at 19 mm and 1.55 kg – optional unique anti-glare touch display

Variety of interfaces – VGA and DisplayPort

2nd Fujitsu Ultrabook™ that supports patented PalmSecure technology, optional port replicator

World's first notebook with integrated PalmSecure

Only .61 inches thick and weights just above 3 lbs

Ultra-sharp frameless 14-inch WQHD + IGZO display -Touchscreen option

Workstation performance for mobile use, extremely secure with PalmSecure

15.6-inch workstation with comprehensive set of ISV certifications combines top performance with numerous connectivity options

True Workstation Performance On-the-Go Intel® Core™ i5, i7 and Xeon processors Professional NVIDIA® Quadro® graphic cards with up to 660 CUDA cores

Best screen real estate on 13.3-inch anti-glare display

Best-in-class connectivity including NFC & PalmSecure option

Boosted efficiency with optional accessories, common cradle

Comfortable viewing experience with clear-cut WQHD IGZO or FHD 13.3-inch display with optional touch

Ultimate security supported by patented PalmSecure

Unlimited computing with 24 hours battery runtime and unique-in-its-class modular bay concept

Up to 6th Gen Intel®

Core™ i7 vPro™ processors

Flexible bay – select security or storage devices, such as SC reader, PalmSecure or optical drives

Lowest power consumption

Zero Noise PC – whisper quiet operation in the office

Integrated VESA mount


Components

■ Sensors with palm rest (SDK for integration needed)

■ Available sensors:

■ M1E (for OEM‘s)

■ MP1 (SL Sensor)

■ MP2 (inside Notebooks)

■ M5 (successor of M1E, Launch in Q2/2017)


PalmSecure Generationen

2004 2006 2008 2012

LxBxHmm 80x80x35 35x35x27 27x27x11 20x20x6

Erste Generation mit Fujitsu Unique API

M1/M1E mit Bio API

MP1 SL Type Desktop

MP2 Notebook Type


NEU! -PalmSecure Serie M5 – PalmSecure F pro

Arithmetic logical

unit

Memory

CMOS Sensor USB I/F

CPU

Encrypting Function

Aufbau M5 Sensor

• Die CPU hat u.a. eine Verschlüsselungsfunktion

• Auf Programme und Daten des Memory‘s wird über die Verschlüsselungsfunktion zugegriffen

• Der Schlüssel ist für jeden Sensor unterschiedlich

Verfügbar in März 2017


*1 : Default is normal power mode. Can be switched by setting.

*2 : Specification of 1 to 10,000 is only supported by I33-format mode on Enterprise Edition.

*3 : Authentication Library V30 and later is supported.

Items PalmSecure Sensor/V2

M5 sensor

External dimensions 35×35×27(mm) 29×29×13(mm)

Types Bare Standard Mouse

Bare Standard Mouse

Guide Stand Guide (flipflop) Mouse Guide U Guide

Standard Guide Mouse Guide U Guide

Material of Sensor’s Surface

Glass Glass

Capturing range

Enrollment : 40~60mm Verification : 35~70ｍｍ

Enrollment : 40~60mm Verification : 35~70ｍｍ

Host interface USB2.0 USB2.0 USB3.0

Power supply mode － Normal power mode *1 High power mode(USB3.0 only)

Lighting tolerance Enrollment : 2,000lux Verification: 3,000lux

Enrollment : TBD Verification: Normal power mode : 5,000lux High power mode : 80,000lux

Usage environment 0~60℃ To be decided within the range of -40~85℃.

Items PalmSecure Sensor/V2

M5 sensor

Sensor Security － Encrypting the data on the memory of sensor. Genuine check function

Functions/ Features

1 to 1 verification 1 to N identification (10,000) *2 I33-format mode I-format mode With/without guide mode Continuous Capture

1 to 1 verification 1 to N identification (10,000) *2 I33-format mode I-format mode With/without guide mode Continuous Capture

Compatibility － M1E templates supported *3

Authentication accuracy

■I33-format (Capture 2 time) FRR : 0.01％ FAR : 0.00001％ ■I-format (Capture 1 time) FRR : 0.01％ FAR : 0.00008％

Same as M1E (Except for the compatibility authentication between M5 sensor and M1E sensor

Template size (byte)

I33-format : Maxinum15,000 I-format : Maximum 3,072

I33-format : Maximum 15,000 +For new function(TBD) I-format : Maximum 3,072

Processing time

Capture(1 time) : 850ms Verification : 150ms

TBD

PalmSecure M1E Vergleich zu PalmSecure M5


ID-Match platform

■ Programmable

■ Supports multi-factor authentication

■ Network interface

■ New I/O module (Relais, Wiegand protocol)

Physical Access Control Applications

Financial Transaction Applications

POS / Retail Applications

Multi Card Applications

Social Security Applications


Portfolio element

■ Secure access ■ Access control, authorized access only ■ Variety of application areas and usage

scenarios

Application area

■ Data center ■ Facilities and large building complexes ■ Turnstiles (e.g. public transportation,

Casinos) ■ Locker (e.g. Banks) ■ Stadium protection

More information

■ Fujitsu Terminal PSN900 standalone or centrally managed

■ Fujitsu platform ID-Match with I/O plugin ■ Further solutions in cooperation with OEM

partners

Access control


Time & attendance

Portfolio element

■ Secure recording and monitoring of the presence of authorized personnel

■ Automation of processes, e.g. accounting and social security

■ Possible SAP integration

Application area

■ Manufacturing plants (industry) ■ Food industry ■ Pharmaceutical industry

More information

■ Actual solutions in cooperation with OEM partners


Fujitsu Workplace Protect

Software Workplace Protect

■ User Authentication for Microsoft Windows using ■ PalmSecure ■ SmartCard ■ Fingerprint ■ RFID card ■ Face recognition

■ Pre-boot Authentication based on PalmSecure, fingerprint or SmartCard to be presented at BIOS level

■ Multifactor Authentication (MFA) ■ Template-On-Card for fingerprint and palm-vein ■ Additional secret (e.g. personal password in addition to

biometric data) ■ Configurable Single-Sign-On to Microsoft Windows ■ Password Safe, stores your secret login details needed to logon to

protected websites ■ Encrypted Container, a virtual disk encryption to protect important

user data

PA

LM S

EC

UR

E


Realtime bioLock™ for SAP

Software bioLock™

■ Control and monitoring of SAP applications based on customer-defined checkpoints with renewed authentication

■ The only SAP certified biometric security solution ■ Granular security configurable on screen or field level ■ Maximum security level for SAP applications and transactions

Secure SAP transactions

PA

LM S

EC

UR

E

■ Fraud prevention

■ Protection of data against unauthorized reading / export

■ Controls and authorizes financial transactions

■ SAP transaction monitoring and logging

■ Granular secured processes, e.g.

■ Financial transactions ■ Personal data ■ Customer data ■ ...


Authentication platform truedentity

Portfolio element

■ Secure access with electronic identities ■ Central authentication service for distributed

organizations ■ 2-factor authentication (Biometrics and ID-

card / user name)

Application area

■ Authentication of Windows Clients in AD environment

■ Authentication of Web-applications (supports Kiosk devices)

■ Authentication based on embedded devices (ID-Match)

More information

■ Actual solution in cooperation with OEM partner OpenLimit

■ Cloud based solution (private or public Cloud)


The UltraSecure IAM solution for an Enterprise…

Secured Access Log In / SSO Time Attendance Secured DMS Consuming

Single software platform Supporting Linux, eLux,

Vmware, Citrix, MS IOT MS Embedded

Secured file transfer

Central administration Central data base like

MS AD, or SQL Virtualization


Where we will go next…

Biometric Security demanding Areas

Enterprise Mobile Payment Financial Transactions Healthcare

DatacenterEntertainment /

Recreation / EventsAutomotive Logistics Government / Industry

Video Surveillance Mobile Apps IDaaS/Cloud Physical Access Control

Time Attendance Log in / SSO Web Services Perimeter

Biometric Solution Portfolio Elements - Single Platform

Biometric Modality Hardware Platform

PalmSecure FingerprintFace Recognition / Iris

RecognitionVoice Recognition


And please – do not forget…

http://practice.purplealder.co.uk/threatMap/test3.html

Security in the Palm of your Hands

Technology

Transcript of Security in the Palm of your Hands