InHardFocus.com

TABULA RASA is the intriguingly-named effort by the European Commission to make biometric systems practically hack-proof.

Fingerprint and facial biometric systems are especially prone to direct attacks, also known as spoofs. A spoof works just like in the movies: the bad guys falsify a biometric trait (like, somebody’s fingerprint) and present it to the biometric system to gain access to the bank vault or robot factory. This is actually do-able by copying the person’s fingerprint and creating an artificial (or gummy) finger.

Surprisingly, TABULA RASA claims that the spoofing issue doesn’t just affect large companies with advanced security. In fact, it’s also hitting emerging small and medium sized enterprises that wish to sell biometric technologies in emerging fields.

Seeking justice, the TABULA RASA project hopes to address the need for a draft set of standards to examine the spoofing problem and propose countermeasures such as combining biometric information from multiple sources.

They’re also hoping to examine novel biometrics that may be inherently robust to direct attacks. These might include vascular (vein) biometrics, electro-physiological signals like heartbeat (very cool), or even unique gait. Not surprisingly, all these have the potential to be harder to replicate than an iris or fingerprint.

Yesterday, we reported that a New York hospital is using vein-recognition technology to access patient data. Now, a Florida school district is also getting in on the action--and leading the trend toward a fully wallet-free future.

Fujitsu's PalmSecure provides a highly reliable biometric authentication system based on palm vein pattern recognition technology. The Pinellas County School District, near St. Petersburg, Fla., will use PalmSecure in its cafeterias to enable students to make purchases without cash, cards or phones.

How does it work? Vein-recognition tech uses a near-infrared light that shines up from the detector. The user waves a hand over the light, and it instantly maps the unique pattern of veins in his or her hand. This pattern is then stored, not as an image, but as a unique identifier.

Vascular pattern recognition technology has already been in use for years, especially in access control applications. However, its use as a method of payment is exciting. Biometric payment is exceedingly more secure than cash, credit cards and even cell phone wallets. (Plus, it's cool!)

For now, the cost of the system is prohibitive for most retail locations. But our bet is that shoppers will start seeing them in their favorite stores in only a few years.

The New York Times reported today on the U.S. military’s impressive biometric database of Iraqi and Afghan residents: a bank of information that helps officials identify more than 3.7 million people in the two countries.

The database was created and is operated by American, NATO and local forces. Amazingly, one in every 14 Iraq citizens and one in every 20 Afghan residents have been added to the database.

Collecting the biometric information is a tall order. Soldiers and police officers in the two nations take digital scans of each person’s eyes, as well as photos of their face and fingerprints. All detainees and prisoners—as well as applicants for government jobs—also must undergo biometric screening.

Most of the Iraqi and Afghan residents in the database are males, because they cause much more trouble for the U.S. military than local women. But by now, the technology is everywhere in Iraq and Afghanistan:

"A citizen in Afghanistan or Iraq would almost have to spend every minute in a home village and never seek government services to avoid ever crossing paths with a biometric system."

And the capabilities are proving invaluable:

"What is different from traditional fingerprinting is that the government can scan through millions of digital files in a matter of seconds, even at remote checkpoints, using hand-held devices distributed widely across the security forces."

In fact, the database has proven so useful in the Middle East, some wonder if the U.S. will bring the idea home. While several government and law enforcement agencies have sought similar technology for building a biometric database, privacy protections have won out every time.

Read even more backstory here.