Bruce Schneier
Schneier on Security
A blog covering security and security technology.
« The Inner Workings of an FBI Surveillance Device | Main | Mobile Phone Privacy App Contest »
May 17, 2011
Fingerprint Scanner that Works at a Distance
Scanning fingerprints from six feet away.
Slightly smaller than a square tissue box, AIRprint houses two 1.3 megapixel cameras and a source of polarized light. One camera receives horizontally polarized light, while the other receives vertically polarized light. When light hits a finger, the ridges of the fingerprint reflect one polarization of light, while the valleys reflect another. "That's where the real kicker is, because if you look at an image without any polarization, you can kind of see fingerprints, but not really well," says Burcham. By separating the vertical and the horizontal polarization, the device can overlap those images to produce an accurate fingerprint, which is fed to a computer for verification.
No information on how accurate it is, but it'll only get better.
Posted on May 17, 2011 at 7:46 AM • 43 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
HJohn • May 17, 2011 8:06 AM
Same concept as when I warn people about things like collecting too much information. They may accurately say things like "we don't have the ability to process that much data." To which I say they should finish the sentence with "yet."
It wasn't too long that a terabyte would have been a science fiction fantasy.
Does this make it possible to fingerprint someone without their knowledge?
The article seems to indicate that a source of polarized light is needed.
But if the fingerprints ridges/valley favor one polarization over another in their reflections, can the filtered cameras recover fingerprints from non-polarized light?
Kevin Granade • May 17, 2011 8:42 AM
@karrde it has been possible to fingerprint someone for a very long time without their knowledge, this just makes it faster and automated.
Chelloveck • May 17, 2011 8:51 AM
I can't wait until the CSI writers get wind of this. Of course, their version will be able to identify fingerprints from half a dozen pixels taken by a grainy security camera...
Hawkins Dale • May 17, 2011 8:53 AM
@karrde: it appears that the machine has its own source of polarized light.
Also, there are lots of ways to take fingerprints without the subject knowing: just lift a print from something that they've touched (like a drinking glass or something else smooth). As Mr. Granade points out, this just makes it possible to record fingerprints wholesale.
ChristianO • May 17, 2011 9:14 AM
@Chelloveck
1.3 megapixel seems to be about half a dozen...
I just imagine that with higher resolution (and good lenses) e.g. Two Smartphone cams CSI will be able to identify fingerprints from half a mile away.
Albatross • May 17, 2011 9:15 AM
This technique ought to work extremely well with the raised lettering on credit cards, too.
SJ • May 17, 2011 9:21 AM
Isn't this almost bye-bye to biometric security. Imagine, you have an building protected with biometrics. You park for example an car with this device build in near the building, let it scan all the fingers it can detect. And record the ppl movement via other cams.
Once you have one, you can create a fake fingerprint and get access.
Lot easier then trying to find a glass, table, door handle etc that was held by somebody identified earlier.
Cpt. Rex Kramer • May 17, 2011 9:21 AM
@ChristianO
1.3 mpixels should be ore then enough,given a proper optical path (i.e. not a wimpy cellphone lens).
It's just that people have been brainwashed into wanting more and more megapixels, even if the objective is not able to produce that resolution due to diffraction and other optical aberrations.
I think it would be more accurate to say that it is receiving an image through a polarized filter. Ambient light is sufficient.
Although, it would be interesting to defeat this by carrying around a strong source of polarized light. If the polarization of your light source lines up with one of the cameras on the device, it might make it harder to correlate the "bright" and "dim" images.
John • May 17, 2011 9:34 AM
Time to start biking to work eh? Oh, but what about the facial recognition software... and the stuff that scans your gait and identifies you uniquely...
http://sheikyermami.com/wp-content/uploads/...
Well, so much for that.
Terrorists won.
HJohn • May 17, 2011 10:07 AM
@Chelloveck: "I can't wait until the CSI writers get wind of this. Of course, their version will be able to identify fingerprints from half a dozen pixels taken by a grainy security camera..."
____________
Too easy. In their script, they'll take fingerprints from reflections off rear view mirrors in a dark parking garage and acertain the real culrpit is the suspects long lost evil identical twin brother thought to have died at birth who was really kidnapped by a post partpartenly depressed nurse who lost her fertility when the doctor she was working for drugged her to abort their child so his wife wouldn't find and he would have gotten away with it if he wouldn't have kicked the suspects dog and started an altercation resulting in his death.
.
Chris S • May 17, 2011 10:20 AM
Simultaneous reception of multiple light polarizations?
Sounds like someone has been inspired by mantis shrimp eyes!
TV Addict • May 17, 2011 10:25 AM
@HJohn,
Nah, you've got it wrong. 'Ripped from the headlines' is the signature of the L&O series of shows.
kashmarek • May 17, 2011 11:00 AM
Isn't the result a derivative work? That is, producing a computer generated result from a (questionable) original input? We have already seen how DNA can be manipulated to indicate a match. They already do this with license plates and pretend they are one and the same as yours? This type of result needs corroborating evidence to substantiate the allegation. This is also done (image enhancement) in satellite photography and serves as a useful tool but not courtroom evidence.
Dirk Praet • May 17, 2011 12:35 PM
Interesting technique, the implication of which being that once adopted by TSA and the like, wearing gloves will earn you an extra check on the list of surveillance drones.
Seiran • May 17, 2011 12:35 PM
Hawkins Dale: "Also, there are lots of ways to take fingerprints without the subject knowing: just lift a print from something that they've touched (like a drinking glass or something else smooth)."
They did this in National Treasure (2004).
Even better, there are reports that latent fingerprints left on the readers themselves can be used to gain entry. Just breathe on them, or carefully press a piece of plastic film onto the pad. This would hopefully not work on readers that use static voltage or other features to perform "live sample detection".
Jude • May 17, 2011 12:59 PM
Off topic, but related to fingerprints, this is interesting:
http://www.ynetnews.com/articles/...
The Israeli government recently turned down a suggestion by renowned Prof. Adi Shamir for a secure fingerprints database, and decided to opt for a less-secure solution.
BF Skinner • May 17, 2011 1:23 PM
@Serian "They did this in National Treasure (2004)."
And Jill St John did the same in Diamonds are Forever (1971) in her underwear. You can keep your fancy new stuff. The old ways are best.
HJohn • May 17, 2011 1:31 PM
How's the quote go? Technology has given us the ability to contol everything except technology.
Alan Kaminsky • May 17, 2011 1:54 PM
In Regency England, the fashion (at least among the ton) was for men and women always to wear gloves. I guess they were smarter than we are.
Alan Kaminsky • May 17, 2011 1:57 PM
@BF Skinner: "And Jill St John did the same in Diamonds are Forever (1971) in her underwear."
And James Bond foiled this by pasting latex copies of the fingerprints of the guy he was impersonating over his own fingers.
BF Skinner • May 17, 2011 3:26 PM
@Alan Kaminsky "James Bond foiled this"
There was more to the movie after that?
Are you sure?
You're putting me on.
MW • May 17, 2011 6:43 PM
Nobody has yet asked the really important question. Can fake gummy bear fingerprints fool this system?
Interesting story. A mate of mine is a PhD researcher and has just published their latest research on fingerprint analysis, investigating how accurate fingerprint experts actually are. Fortunately, it seems they're not too bad, but they still do make mistakes - there's a summary article here: http://www.sciencedaily.com/releases/2011/05/...
Richard Steven Hack • May 18, 2011 4:15 AM
BF Skinner: So you missed the scene where Jill was on a waterbed in her birthday suit (covered by fur blankets, of course)? Or the bikini with the tape cartridge sticking out of her butt when they were on Blofeld's oil rig operational site? Not to mention Natalie Wood's VERY busty sister, Lana, as "Plenty O'Toole"?
You really need to see that movie again! :-)
As for fingerprint foiling, I've heard using what is called "Liquid Bandage", a liquid that is painted on the fingers and forms a protective rubbery layer which is mostly unnoticeable (but smells bad), can be used to obliterate fingerprints without wearing clothes. Other people allegedly use cobblers cement.
I wonder if that sort of stuff would mess up the long-range fingerprint scan, too.
Richard Steven Hack • May 18, 2011 4:18 AM
OTOH, if someone is trying to print you from a distance, and they can't get a decent print because you foiled it, well, if you weren't under suspicion before, you are now. :-)
So, yeah, it would probably be better to do what Bond did and use someone else's fingerprints.
But that person better look like you because when they run the prints through the database and the picture comes back as a 250 pound black guy and you're a 150 pound white guy, well...
Frankly, your best bet is just shoot the son-of-a-bitch trying to fingerprint you...if you notice him, of course.
str8upNOT • May 18, 2011 5:06 AM
To quote a friend:
"WHAT IN THE WORLD?!".
You all sure are paranoid.
So, let's say I wack someone. Then I take my kid to the park the next day. Are you jamokes trying to tell me some pinhead cop is gonna be sitting in his car aiming some shiny thing at my hands? Which hang by my hips?
So some strange dude's got a camera pointed at me and my kid? Eh, well, I don't know which of us it is, do I? But I'm the protective type, so I give the nod and Tony and Vinny slip up, bash his head in, and take his toy.
No problem.
You guys need to just relax. You watch too many movies.
BF Skinner • May 18, 2011 6:15 AM
@RSH "really need to see that movie again"
I do recall Bond breaking in to Willard Wyte's Space thingamajig factory. One of the best examples of tailgating (with thanks to Ed Bishop) I've ever seen. Use it in your AIS briefings.
BF Skinner • May 18, 2011 6:33 AM
@trog "mate of mine is a PhD researcher and has just published their latest research "
Thanks and that's an interesting article but could you post a citation to Tangen et al.'s published paper? All Science Daily says is that it will be published eventually in Psychological Science.
Dick Alstein • May 18, 2011 7:28 AM
@Chilly Willy "Time to start wearing thick gloves all year long."
Time for _Obama_ to start wearing gloves. Or some "journalist" takes a snapshot and soon, every crook will be wearing latex gloves with the president's fingerprints.
echowit • May 18, 2011 10:11 AM
@ BF Skinner, Richard Steven Hack,
Pix??
Somewhat seriously, I wonder what are the legal ramifications of going about in public, even doing non-contracual business, in disquise? Knowing, as noted above (@D Praet), that such behavior will get you on someone's list.
BF Skinner • May 18, 2011 3:56 PM
@echowit "Pix?? . . . will get you on someone's list."
Don't Google image them. I can't believe the amount of phony infected PC popup's infecting images out there.
Re: Legal ramification while you might end up on a list of interesting persons most likely nobody except Mrs Kavitz will notice. Even then I think the argument is the same as changing your name. Here in the US you can call yourself anything you like and it's legal as long as it's not advancing a fraud.
+1 for the Mrs.Kravitz reference.
Mr. K vs Mrs. K. Good times, good times...
I wonder where Aunt Hagatha would fit into all this.
( Please don't say,"Falling into message boards where she doesn't belong." )
Retarded Genius • May 23, 2011 4:22 PM
Step 1)
Dip finger in highly combustible/inflammable liquid
Step 2)
Ignite liquid with laser
Step 3)
Record spectrum of gasses released at combustion
Step 4)
Program an array of lazers to fire their beams in a line
Step 5)
Create a device which change the direction of the laser arrays through angling crystalline or via carbon-silica nanotubes
step 6) create enough arrays so that each 'line' of scanning beams is one femtosecond in scanning position behind the last scan.
Step 7)
power the device so that each beam is energetic enough to evaporate the combustible liquid in a manner which causes the liquid to immediately become a gas and then ignite
Step 8)
record the data
Step 9)
Science I don't know! Have each laser array read the spectrum of the liquid, evaporated gas and combusted product, as well as record the spectrum of the heat and light created from the ignition
step 10)
Not only read individual fingerprints, as the finger and skin will cause unique results in 3 Dimensional Graphical space ( for each spectrum and heat signature - and femtosecond difference between occurrences of such), but will also hint at the person's habits, health and personal dermal excretion
Step 11)
Make your finger feel as if it is burning every time you need authorization!
Step 12)
Come up with another idea off the top of your head and profit.
Subscribe to comments on this entry
Post a comment
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.
|
| Subscribe |
Subscribe via Kindle |
| Blog Menu |
SearchPowered by DuckDuckGoBlog Home Page
Archives by Date2013 J F M A M
Tags  |
| Latest Book |
more books by Bruce Schneier |
Comments