Primary-Net's fingerprint scanner aims to kill PINs
By Shona Ghosh
Posted on 24 Oct 2013 at 16:50
A Dutch R&D company has unveiled an online identification system using fingerprint scanning that it claims is the internet equivalent of a "cure for cancer".
Primary-Net has unveiled its "biocryptology" tech, claiming it's safer than rival biometric solutions and could do away with PINs and passwords entirely.
Demonstrating the tech at the Science Museum in London, Primary-Net said unlike other scanners, Biocryptology detects when an actual finger is being used. The scanner uses infrared to detect, for example, oxygen levels in the blood to prevent against fake imprints.
And where other scanners are vulnerable to hackers stealing the actual biometric data, Primary-Net's scanner encrypts fingerprint information on the hardware.
Confirmation of authentication and decryption then takes place in one of Primary-Net's three data centres. That, according to the company, means it's impossible for a hacker to intercept and steal that data, or even for Primary-Net to access the information itself.
Can it work?
The company has so far installed the technology on two devices: its cashless payment system Nexus SmartPay, and its personal finger scanner Primary Pass.
The company has been testing the NexusPay systems in the US, allowing consumers to register their fingerprint with their bank or card provider, and then buy items from local retailers with a swipe of their finger.
Primary-Net's business development chief, Chris Edwards, told PC Pro that the company has just signed up its first US bank for the trial, and has courted interest from others.
Edwards said there were no plans to extend the trial to Europe as yet.
Where Nexus SmartPay is targeted at retailers and banks, Primary-Net is also offering the individual Primary Pass scanners to consumers and businesses. It claims the scanners could be used by individuals to transfer files more securely or make online transactions.
The Primary Pass is a small, mouse-shaped device that sits comfortably in the palm of your hand and plugs into a PC's USB port.
Unlike the payment terminals, the Primary Pass devices are unique to a single user - meaning you'd have to register your biometric information with Primary-Net, then carry your scanner with you whenever you wanted to use it. And while biometric data is encrypted on the hardware, actual files are encrypted using standard SSL.
Primary-Net hasn't revealed pricing details but charges a "minimal" upfront cost for its hardware, then a subscription of $3.99 a month thereafter.
While the Primary Pass might be a safer alternative to passwords than other biometric technologies, it isn't clear how they would be used in practice.
For example, using the Primary Pass with a third-party service such as Dropbox to transfer files would require a partnership between the two firms. That seems like a major hurdle, given the number of partnerships potentially required to make the devices useful to office workers.
Edwards wouldn't confirm if Primary-Net had held any talks with potential software partners, or even if it had persuaded any British companies to buy Primary Pass devices.
Still, after spending €30 million and eight years on development, company chairman Klaas Zwaart has grand visions for the technology. "[This is] something of the magnitude of a cure for cancer, but for the internet," he said. "We believe this is the most revolutionary security mechanism since the creation of internet."
"detects when an actual finger is being used"
This reminds me of an old episode of Blake's 7 where they need to bypass a palm reader security door. They tell the captured security guard "we only need your hand".
"oxygen levels in the blood" would presumably detect if a severed finger were being used?
By Alfresco on 24 Oct 2013
So now all a mugger needs to do is clunk me on the back of the head and drag me (and my wallet) to a cash machine?
By eggjones on 25 Oct 2013
Less violently ...
just print the fingerprint on a thin layer of plastic and stick it onto your own (live) finger. A severed finger/hand probably would not work: it is relatively easy to sense blood oxygen level and pulse using infrared.
The big problem with all biometric identification is that once it is compromised it cannot be (easily) changed.
By JohnAHind on 25 Oct 2013
Hi, I suppose that if this does work that it wouldn't be available to identical twins
By simontompkins on 25 Oct 2013
The prints of identical twins are more alike than the prints of two completely unrelated people - but they're not identical.
By AlphaGeeK on 25 Oct 2013
Are usernames, not passwords.
I like the look of SQRL.
By big_D on 26 Oct 2013
- Google Glass: mugger bait, pub problem and other lessons learned from two dangerous weeks
- Twitter, please don't fiddle with my feed
- How Satya Nadella can get some pay-raise karma
- Windows 10: a step back to go forward
- Michael Dell: Cloud infrastructure is the roads, bridges and highways of the 21st century
- How to check your identity hasn’t been sold to the hackers
- Tim Cook: this is how much TV has changed since the 70s
- Westminster wins the .London battle
- 20 years of PC Pro: from deep pan pizza to virtualisation
- Five reasons why the Apple Watch leaves me cold
- How to write your company's IT security policy
- The key to choosing a secure password
- Please stop reposting fake Facebook messages
- Is Facebook safe for business?
- Don't rely on Chrome's password vault
- Facebook Graph Search: don't panic
- Gmail drafts and Pastebin: could they evade the email snoops?
- Applying for a job at GCHQ? Here's your plain-text password
- Google two-step verification: a must for business email
- Yes, I write down my passwords