“Biometric fraud!” read one headline. “Fingerprints can be faked!” said another.
This past week, such headlines reigned in the world of biometrics because of a research project, sponsored by NYU, in which Philip Bontrager and colleagues created a “DeepMasterPrint” that could be used to hack some fingerprinting systems.
This study received many favorable press mentions because it plays into two current fears: (1) identity theft, an all-too-common occurrence in the modern era, and (2) false humanity, or machines masquerading as humans (a common trope we see in science-fiction, from West World to Terminator and way back to Bladerunner). Stories like “DeepMasterPrint” spread because of fear.
We believe that fingerprints are a valid way to securely authenticate real humans. But how serious is this biometric threat? And what are the security and biometrics experts at SureID doing about this threat?
What Does the Research Tell Us?
First, it’s important to understand what the research taught us. In essence, Bontrager and colleagues proved that, with enough sample fingerprints from the right sources, it is possible to create what they called a “DeepMasterPrint.” This set of prints, which will not match any actual specific human’s fingerprints, can generalize some key bits of data to fool low-fidelity fingerprint sensors. You can read all about it in their published paper.
So yes, this research shows us that the fingerprint you put into your phone might be hackable. But phones use a rather low-fidelity fingerprint sensor, and they only scan a small portion of a single finger for comparison (less than half an inch square on most devices). Really, they don’t have a lot to go on.
With such a small amount of data, phone fingerprint scanners may allow someone else’s finger – or the NYU 3D generated fake finger – to open your device. And if you use a similar single-finger scanner to enter your car, open your house, or even get money from your bank account, then yes, your stuff may be vulnerable.
Of course, to really hack even these systems, the hackers would need a pretty good algorithm team, a great funding environment, and a specialized 3D printer…but hey, we’re James Bonding it up here.
The SureID Advantage: How We Protect Biometric Information
The SureID system can’t be hacked like this. Our device is much more secure and protected than the low-end scanner on your phone, in your car, or even possibly at your bank.
Here are just four of the ways SureID protects the validity of fingerprints:
1. Our system is patent-pending and FBI certified
First, the scanner we use on our SureID Registration Station is designed to capture high-fidelity fingerprints. The scanner meets stringent FBI standards for fingerprint comparison, meaning that your fingerprints have to be good enough to stand up to incredible machine and human scrutiny. Your standard handheld device doesn’t have any of that! Oh, and we have patents pending for our station, too – so literally no one else out there has what we have.
2. We capture more of your fingerprint
Second, we capture a much larger area of your fingerprint than everyday scanners do. Rather than that half-inch square, we can capture both a flat and a rolled image of your fingerprint – so, pretty much the whole tip of your finger. Every millimeter we capture creates a larger identity attack surface, making it harder to hack or fake.
3. We capture all your fingerprints, not just one
Third, we never let anyone access data using a single fingerprint. In fact, we require you to provide all the fingerprints you have before you can request your data. If you have a finger, and it has ridges and whorls at the end of it, we need that fingerprint. That’s how the law works, and that’s how we’d want to do it anyway to protect your private information.
4. A trained technician helps capture your fingerprints
To get your fingerprints taken at our stations, you have to prove your identity using government-issued ID documents. These same technicians then help you capture your fingerprints using our scanner. Clearly, they’re going to notice if someone tries to use fake prints or prosthetics!
And these are just some of the ways we protect your data. Our company’s many additional layers of security ensure your information doesn’t fall into the wrong hands and can’t be misused in even the most innocuous of ways.
Tricks and Fraud Don’t Work on SureID
In short, the tricks you’re seeing with glue molds, AI-generated images, or even the “DeepMasterPrint” from NYU aren’t going let some random stranger out there access your data through the SureID network. We keep up with cutting-edge research and make sure our network is protected against such hazards. In fact, our network of over 800 nationwide locations is the only one that collects high-fidelity fingerprints using military-grade security, and we transmit that data through an encrypted end-to-end channel for even more protection.
As the world moves toward easier, more personalized information access, we believe we’ll see biometrics used in more IOT systems. And as these changes occur, SureID intends to be there, with our best-in-class security protocols designed to keep your information in your hands only. SureID will always protect you.
Want to know more about our system security? Have questions? Reach out to us at firstname.lastname@example.org or 844.787.3431. We’re happy to hear from you!