Banking under Enduring Power of Attorney

[Ian Batten]

On 9 Apr 2009, at 11:39, Nicholas Bohm wrote:
>
> Do you have any details of the claimed error rates?

It's the Fujitsu PalmSecure technology (we should eat our own  
dogfood), integrated into a lock system compatible with the pre- 
existing equipment we have.

> Internal research by Fujitsu resulted in a false acceptance rate of  
> less than 0.00007% and a false rejection rate of only 0.00004%.  
> False acceptance rate is a rate at which someone other than the  
> actual person is falsely recognized. False rejection rate is a rate  
> at which the actual person is not recognized accurately.
>



There are two modes: one in which you load a bunch of peoples'  
patterns into the system and it authenticates against the presentation  
of a hand, and one in which you associate prints with proximity cards  
and the system confirms that the card matches the print and the duo  
are valid.  We're currently running the former, but will transition to  
the latter.

Clearly, once you throw a proximity card into the mix the risk drops a  
little, because

(a) you have to be able to steal or duplicate the card and

(b) you have to be able to fool the system on the print that the card  
is associated with, rather than an arbitrary one of the prints stored  
in the system.

Or, of course, (c) you have to force recognition without the correct  
credentials or a close-enough replica of them.  But that's a system  
attack rather than an authentication method attack, and is slightly  
different to attacks on the palm print mechanism itself.

ian