Ring of proof? Cybersecurity company develops a piece of jewellery with an embedded fingerprint pattern that can be used to unlock an iPhone or authenticate a digital payment
- Biometrics are increasingly replacing conventional passwords and pin codes
- Once compromised, however, such authentication tools are forever ruined
- The 3D printed signet ring provides an alternative that can be reset if needed
- However, maker Kaspersky has no current plans to sell the rings commercially
Cybersecurity firm Kaspersky has developed a signet ring containing a unique fingerprint pattern that can be used to unlock a phone or authenticate a payment.
The 3D printed jewellery — made in tandem with a Swedish designer — is intended to address the issues that can arise if an individual’s biometric data is stolen.
Unlike real fingerprints which cannot be changed and are therefore forever compromised, the ring could be easily switched for another unique replacement.
Unfortunately, the security-enhancing jewellery is only a proof-of-concept, with the Russia-based firm not planning to make such rings commercially available.
Cybersecurity firm Kaspersky has developed a signet ring containing a unique fingerprint pattern that can be used to unlock a phone or authenticate a payment
Modern devices are increasingly providing the facility to replace traditional pin codes and passwords with biometric authentication systems.
These see users unlock their smartphones, make payments and even gain access to their homes and offices using their fingerprints, eye scans or even faces.
While such biometric data is unique to each person — and may therefore seem more secure than a password or pin that could be guessed, cracked or stolen — the use of such does come with its own complications.
While compromised pins and passwords can be reset — and different ones can be used with different systems to minimise the extent of the risk should they be exposed — our biometric data is fixed and universal.
Once our biometric data is compromised, therefore, it is so for good — and exposes any system protected by the same physical features.
To address this, Kaspersky teamed up with 3D designer Benjamin Waye to create a unique artificial fingerprint — made from a rubber compound containing thousands of conductive fibres — built into a 3D-printed silver signet ring.
Just like a normal finger, the surface of the ring can be pressed against a biometric scanner to unlock a phone, door or validate a financial transfer.
To ensure each ring’s pattern is one of a kind, the mould for the artificial fingerprint is produced using a specialist piece of software which is then made unique by the randomly distributed conductive fibres that serve to activate fingerprint readers.
Should the ring be lost — or its ‘biometric’ pattern compromised — one could simply delete it as an authentication method and replace it with another ring with a different, unique pattern instead.
‘Not only is [the ring] considered beautiful, but it has been designed with the aim of helping to solve a quite serious problem in today’s modern life,’ said Mr Waye, the designer of the unusual piece of jewellery.
‘It helps preserve our uniqueness in a world where everything could otherwise be copied.’
The 3D printed jewellery — made in tandem with a Swedish designer — is intended to address the issues that can arise if an individual’s biometric data is stolen
Unlike real fingerprints which cannot be changed and are therefore forever compromised if their data is stolen, the ring could be easily switched for another unique replacement
The security issues that the ring concept addresses are far from theoretical.
In 2015, for example, a hack of the US Office of Personnel Management — the body which oversees the government’s civilian workforce — saw around 5.6 million fingerprints of civil servants leaked.
More recently, Israeli security researchers Noam Rotem and Ran Locar found that security firm Suprema’s ‘Biostar 2’ fingerprint and facial recognition database — used by the UK’s Metropolitan police, banks and defence contractors — was unsecured.
This would have meant that around 1 million people’s biometric data could have been stolen by bad actors and misused.
Unfortunately, the security-enhancing jewellery is only a proof-of-concept, with the Russia-based firm not planning to make such rings commercially available
To ensure each ring’s pattern is one of a kind, the mould for the artificial fingerprint is produced using a specialist piece of software which is then made unique by the randomly distributed conductive fibres that serve to activate fingerprint readers
Those looking forward to enhance their security along with their jewellery collection, however, may be disappointed to hear that Kaspersky presently has no plans to actually sell the ring.
‘It is not a product but the result of a collaboration between us and the designer, aimed at drawing more attention to security related issues surrounding biometrics,’ Kaspersky said in a blog post.
The blog continues by noting that Kaspersky ‘wouldn’t advise producing [such a] ring at home’, with the biometric part of the item being ‘moulded and this is a complicated process.’
‘We believe they must be solved through technology and on the devices that are used to process such valuable data, not by customers,’ they added.
Such a solution, noted Kaspersky director Marco Preuss, ‘is yet to be developed and to be honest, the current situation surrounding the safety of biometrics is not where it needs to be.
‘Nevertheless, with the increasing adoption of these technologies, it is extremely important that we start the conversation within the relevant industries to develop a collaborative approach to ensure this data is protected.’
HOW WILL FINGERPRINT BANK CARDS WORK?
Dutch chipmaker Gemalto has launched a range of bank cards with an in-built fingerprint scanner.
This authenticates the payment and replaces the traditional PIN (Personal Identification Numbers).
Customers scan their fingerprint on a small sensor found on the right hand-side of the bank card.
Fingerprint data is stored on the card, not on a central database.
Since the biometric card works with current standards, there is no need to change the existing infrastructure.
The magnetic field generated by the card machine used for payment powers the scanner, meaning no battery is needed.
For biometric cards, little will have to change. Customers will need to register their fingerprint at their local bank via a tablet. This then stores the biometric data of every person on their card, but not on a central database
Source: Read Full Article