Art and all:
I got this email and permission to post it:
To whom it may concern,
I was thinking of buying SAFtyLatch for my computer, but I have a few questions I was hoping you could answer. First of all, is just
voice ID used, or can I use fingerprints and Face ID? Secondly, how
secure are these technologies? Could a tape-recording of my voice
suffice to defeat SAFtyLatch? What about a picture of me with face ID (assuming I have a compatible camera)?
Moving on to your other offerings, specifically your web based biometric identification software, how safe is that from being compromised? Is the biometric scan encrypted? Can the biometric scans be fooled (i.e. tape recording)? Finally, how accurate is voice identification as compared to the other forms of biometric identification, and why is SAFtyLatch available with voice and not, say fingerprint ID?
Dear Sir,
Thank you for your inquiry about our SAFtyLatch Data Security for Windows product. The product is also available to corporate purchasers with either fingerprint, voice, or facial image biometric technologies. SAFtyLatch is designed to be compliant with the Human Authentication API specification standard, just as our other network security products are. This provides inherent flexibility to interchange multiple biometric technologies to meet the varying requirements of the enterprise. For the mass distribution market, we have chosen to package our standard product in a retail box with voice authentication technology (and a microphone) to appeal to a broader audience. This provides a low-cost way to experience our products without the user making an additional investment in video camera or fingerprint sensor peripheral devices.
Regarding your question whether a tape recording of your voice would suffice to defeat SAFtyLatch, the answer is that it is theoretically possible but very difficult to achieve. Such a recording would have to be of sufficient fidelity and close proximity to the speaker to be impractical for most clandestine scenarios that we can visualize. A portable tape recorder hidden near to your desktop computer would not likely produce a recording of sufficient quality to defeat the matching algorithm which uses a range of measurements of the speech utterance. When compared to simple passwords that are often written down or which are easy to guess or hack, the improvement in security and privacy is substantial. In addition, the user has the option to change their pass phrase at any time. Also, in the example of a stolen laptop computer, there would be no possibility that the thief would have access to the recorded speech utterance.
You also asked about a picture of a face being able to defeat the facial image recognition algorithm. The technology that we use uses motion video to create a stereoscopic composite of the image from an average of three images. A two- dimensional photo placed in front of the camera should not meet the requirements of the algorithm. Notice that I am careful to avoid saying that it could never happen, just that it is considered to be highly unlikely, according to our facial image technology partner, Visionics, Inc. It is probably fair to say that no information security component (encryption, firewall, intrusion detection, biometrics, etc.) is totally protected from a determined hacker. However, biometrics provides a significantly higher degree of difficulty to info-crooks attempting to gain access to a computer or network when compared to simple passwords.
Regarding our Web-based products (as well as our other network security products) all message traffic between the client and the server is encrypted to prevent interception of biometric data being passed over the network. Regarding the question about accuracy, each biometric technology has its unique set of considerations that can effect accuracy. In a normal environment with a cooperating user, any high quality biometric technology should perform quite well. However, voice technology can be affected by high background noise situations (like in a factory) and face can be affected adversely by significant variations in the lighting. Likewise, the accuracy performance of fingerprint technology can be affected by skin problems, cuts and other injuries, or age. That is why it is important that a biometric solution provide the flexibility to integrate multiple biometric technologies. For example, scientists in a laboratory may not be permitted to use a fingerprint sensor since, by policy, they must wear latex gloves at all times. A user that is handicapped may use voice to control a computer (and also to authenticate). In a scenario where a user has multiple biometric characteristics enrolled in the system, it is possible to revert to a secondary biometric if a primary (normal) biometric fails or is unavailable for some reason. These considerations are all part of the implementation planning process that we go through with our customers. Our commitment to multi-biometric standards and our strategic relationship with a wide range of proven biometric technology suppliers, gives us our discriminator in the market for flexible and robust data security and network security solutions.
I hope that this information is useful to you, and I look forward to your becoming a satisfied user of SAFtyLatch.
Best regards,
Walter Hamilton
Director, Business Development
SAFLINK Corporation
2502 Rocky Point Dr., Suite 100
Tampa, Florida 33607
I know you are wondering. Yes, I ordered it.
Regards,
Bob |
