This article can also be found in the Premium Editorial Download "Information Security magazine: Improving your network security strategy in a recession."
Download it now to read this article plus other related content.
An accident victim is rushed to the ER. He has no ID -- perhaps his wallet is still in the wreckage of his car, perhaps he simply left it at home. A staff person takes the victim's hand and waves his palm over a vein reader. In seconds, the hospital knows not only who he is, but has access to all his records, including blood type, allergies, pre-existing medical conditions and, yes, insurance. Not every use case for vein reading authentication technology is this dramatic, but health care facilities, along with financial institutions, are prime market targets for Fujitsu's PalmSecure, which has been in use in Japan and is now being marketed through partners in the U.S.
"It makes the registration process, once someone is enrolled, much more streamlined for subsequent visits," said Rogel Reyes, director of patient access for Pleasanton, Calif.-based ValleyCare Health System. "Each time they come to a point of service they are not asked for their card or license; they simply place their palm over the scanner."
Fujitsu partner HT Systems markets PalmSecure as a specialized health care authentication package,
Though it's new in the U.S., vein-readingbiometric authentication has had some success in Japan, where Fujitsu's palm-based readers and Hitachi's finger-based vein readers are deployed at tens of thousands of ATMs. PalmSecure is basically a one-inch cube. For general use, it's built into a mouse.
Fujitsu initially offered a small market version, but recently released an enterprise version with support for single sign-on, starting with Citrix but to be extended to other top-tier vendors soon.
Though it's still a small fraction of a biometric authentication market that hasn't exactly taken the U.S. by storm, vein-reading authentication has some advantages. Unlike fingerprint identification, which checks for a physical match, vein-reading biometrics uses infrared technology to detect an individual's unique blood flow pattern. The head, the heart and the hand are the parts of body where veins are most dense. Obviously, the hand is the most practical place to take a reading.
Proponents say it is far more accurate and yields fewer false positives than fingerprint biometrics. And, fingerprints can be spoofed or damaged by injury or rough physical labor. For medical facilities, it's also a matter of hygiene. Waiting rooms, with scores of sick people are bad enough. Imagine all of them touching the same fingerprint reader.
That's why fingerprint readers have been unsuccessful in supermarkets, said Dan Miller, Fujitsu business development manager for PalmSecure.
"People have germs. They didn't want to touch them. They failed miserably," he said. He added that the readers had to be frequently cleaned of a rich coating of grime, hand lotion, melted chocolate…you get the idea. Biometric vein-readers can also read through opaque surgical gloves.
Hygiene and maintenance aside, the impetus for vein-reading in the health care industry is financial.
"The biggest ROI or biggest pain point we're solving, behind the scenes, is fraud," said Miller. "With health insurance at a premium, a lot of people are just giving their cards to family members."
That's not only costly but dangerous. The fraudulent patient could wind up getting medication he can't tolerate, or the wrong blood type.
"Another advantage is simplicity and universality of use," said Gartner analyst Ant Allan. "The interaction with the sensor is not awkward. It doesn't require something as intrusive as iris recognition; you don't have to open your eye lid."
There are downsides, however.
"It's relatively expensive -- several times more expensive than fingerprint, two to three times more than iris recognition," said Allan. "You'll likely see it at a few control points -- passports, for example -- when unit prices isn't barrier. You won't see it in every laptop because of the cost and size of the sensors."
Neil Roiter is senior technology editor of Information Security. Send comments on this article to email@example.com.
This was first published in February 2009