Hasta La Gadget!

A recent Apple patent and a strongly worded report from the National Research Council suggest that the future of biometrics lies with personalization, not security.

The U.S. Patent and Trademark Office last week granted Apple a patent for biometric-sensor handheld devices that recognize a user by the image of his or her hand. In the not-too-distant future, anyone in the house could pick up an iOS device — or a remote control or camera — and have personalized settings queued up just for them.

The patent (which Apple first applied for in 2005) protects handheld devices with one or more “touch sensors” — buttons, touchscreens or other interfaces — on any of the device’s surfaces. These sensors can take a pixelized image of a user’s hand, match it to a corresponding image on file, and configure the device’s software and user profile accordingly.

It’s a very different use of biometrics than we’ve seen in the movies. Hand and retina scanners have been touted for years as a futuristic gatekeepers to high-security buildings. This is usually a much-embellished version of their real-world use by businesses and government agencies for whom secrecy is a big deal. In the wider world, tiny fingerprint scanners have been built into laptops, but they aren’t widely used for the simple reason that they don’t work reliably enough.

But while they might be insufficient for security, biometrics might work just fine for personalization. Suppose my family shares a future-generation iPad that supports multiple user profiles and a version of this sensor technology. When my wife or I pick it up, the mail application displays each of our inboxes separately. When our young son picks it up, only games and other approved applications are available. If guests or intruders pick it up, a guest profile would make none of your personal information immediately available to them.

Now, an important caveat: The personal-profile dimension of this technology would frankly be stronger than the security implications. You could outwit a 3-year-old, but not a determined hacker. You could hide a sensitive e-mail from a snooping house guest, but not a practiced identity or information thief.

This “soft security” approach may actually be the right approach for technology companies to take with biometrics. Last week the National Research Council issued a report (sponsored by the CIA, Darpa and the Department of Homeland Security, among others) on the state of the art of automated biometric-recognition security. The report argues that existing technologies as implemented are inherently fallible, and that more research and better practices are needed before they can be relied upon in high-security contexts.

Joseph N Pato, HP Labs distinguished technologist and chair of the “Whither Biometrics?” committee that wrote the report, wrote that we’ve been misled by spy-movie fantasies about palm-and-retina-scanning doors: “While some biometric systems can be effective for specific tasks, they are not nearly as infallible as their depiction in popular culture might suggest.”

Thinking for a moment about Apple’s user-sensitive iPad shows the limitations of biometric recognition systems. What if I put my hands in the wrong place, or can’t get the device to load the proper profile? What happens when my son grows up and his hands get bigger? Image-based recognition systems have to be probabilistic, with a certain amount of give, or they won’t work at all.

In fact, when the security thresholds are set too high, the committee found that the sheer number of false alarms led users to ignore them altogether — definitely a dangerous result, but one familiar to anyone who’s disabled an uncooperative smoke alarm or software “security feature.” And even in such high-security cases, an individual’s biometric traits can be publicly known or accessed, in much more prosaic and less gruesome ways than the cinematic fantasy of cutting off a hand or pulling out an eyeball.

Nope — the biometric future probably isn’t a world of impregnable security corridors protected by perfect technology that only the perfect hack can defeat. Instead, it’s a media player that — 90 percent of the time — knows your son likes Curious George more than your Office spreadsheets. Actually, that isn’t too bad.

Image: U.S. Patent and Trademark Office

Apple granted patent for handheld that recognizes your hands [Engadget]
United States Patent 7,800,592 (Sept. 21, 2010) [USPTA]
Automated Biometric Recognition Technologies ‘Inherently Fallible,’ Better Science Base Needed (Press Release) [National Research Council]
Biometric Recognition: Challenges and Opportunities (Full Report) [National Research Council]

See Also:

• Apple Files Patent for a Smart Bike
• New iPhone Security Patent App: User Protection or 1984 iSpy
• Apple's Macs Could Gain a Sense of Touch
• Secrecy Power Sinks Patent Case

The NSA may have its ominously named Perfect Citizen program to guard against potential cyber attacks, but it looks like the U.S. government still isn’t quite satisfied with its surveillance capabilities in the age of the internet. As the New York Times reports, federal officials are now pushing for some expanding wiretapping regulations that would require any communications service — including everything from encrypted BlackBerry messages to Skype to social networking sites — to be “technically capable of complying if served with a wiretap order.” That, officials say, is necessary because their current wiretapping abilities are effectively “going dark” as communications move increasingly online. While complete details are obviously a bit light, the officials do apparently have a few ideas about how such a radical change might be possible, including a regulation that foreign-based companies that do business in the US be required to install a domestic office capable of performing intercepts, and a flat out requirement that “developers of software that enables peer-to-peer communication must redesign their service to allow interception.” Of course, the specifics could still change, but the Obama administration is apparently intent on getting a bill of some sort submitted to Congress next year.

[Image courtesy PBS]

U.S. officials push for broader internet wiretapping regulations originally appeared on Engadget on Tue, 28 Sep 2010 01:11:00 EDT. Please see our terms for use of feeds.

Permalink   |  New York Times  | Email this | Comments

Dell Streak and Accessories, from Dell.com

The Dell Streak was always an odd fit for the consumer market — smaller than other tablets, bigger than other smartphones. But Dell sees a bright future for it in enterprise in general, and medicine in particular.

Dell’s Jamie Coffin and Scott Jenkins recently mapped their healthcare strategy for ZDNet. Because Dell healthcare services already provides IT infrastructure for over 350 hospitals, they can integrate their portable devices and software with the systems already in place — an advantage Apple, Samsung, and other tablet makers can’t match.

Devices that store and handle medical information have to fulfill a very strict set of requirements. Besides hooking into a hospital or healthcare network’s systems, there’s HIPAA, or the Health Insurance Portability & Accountability Act, a 1996 law that protects patient privacy.

There are also security nightmares whenever a device storing confidential information is lost or networked communications are transferred without encryption or or other security protections. Finally, medical devices have to be rugged, germ-resistant, and capable of working in disaster scenarios without ready access to electricity or a data network. This is one significant reason why hospitals’ information systems frequently seem so low-tech; it’s not recalcitrance, but redundancy by design.

For these reasons, medical devices are usually provided by specialized providers who can meet these requirements. They’re typically expensive, with patents or scarcity preventing competition, and UI is (ahem) not particularly a priority. Consumer devices, on the other hand, can beat specialized devices on price and usability. Dell thinks that they can leverage their consumer and enterprise positions to offer the best of both worlds.

Also, it really is just the right size for a lab coat pocket.

Dell Healthcare and Life Sciences [Dell]
Dell’s enterprise Streak plan: Target verticals like healthcare [ZDNet]
Dell Streak may soon be streaking into lab coat pockets [TeleRead]

See Also:

• Hands On: Dell 'Streak' Tablet Feels Like Supersized Phone …
• Dell Streak Priced at $300 For AT&T
• Dell's Streak Tablet Is Priced Like a Phone
• Dell 'Streak' Tablet U.S. Debut in July for $500
• Dell Streak Tablet Official, Crippled by Android 1.6
• Teardown Shows That Resilient Dell Streak Is Easy to Repair …
• Dell Streak
• Obama's Computerized Hospital Vision May Have Blind Spot
• E-Health Gaffe Exposes Hospital

Sony just released its 3.42 software update for PlayStation 3 owners. As a mandatory update, PS3 jockeys must accept it if they want to continue accessing the PlayStation Network or PlayStation Store. While Sony’s American mouthpiece isn’t saying much about the release, Sony Japan says that it fixes a “hardware security issue,” and that’s it. Sounds like a patch for PSJailbreak and its open-source variants to us.

[Thanks to everyone who sent this in]

PS3 3.42 software update reportedly patches jailbreak, hates fun originally appeared on Engadget on Tue, 07 Sep 2010 01:48:00 EDT. Please see our terms for use of feeds.

Permalink Joystiq  |  PlayStation Japan [translated], PlayStation Blog  | Email this | Comments

Just about every mobile operating system manufacturer can remotely delete apps from the smartphones they help provide, but if a recent patent application is any indication, Apple’s looking to lock down the whole enchilada on future devices. The basic concept is as simple as the diagram above — certain activities trigger the phone to think it’s in the wrong hands — but the particular activities and particular remedies Apple suggests extend to audiovisual spying (to detect if a user has a different face or voice than the owner), and complete remote shutdown. While the patent mostly sounds targeted at opt-in security software and would simply send you an alert or perform a remote wipe if your phone were stolen or hacked, jailbreaking and unlocking are also explicitly mentioned as the marks of an unauthorized user, and one line mentions that cellular carriers could shut down or cripple a device when such a user is detected. Sounds great for securing phones at retail, sure, but personally we’d rather devices don’t determine our authority by monitoring our heartbeat (seriously, that’s an option) and we’re plenty happy with the existing Find My iPhone app.

Apple attempts to patent kill switch that roots out unauthorized users, detects jailbreaks originally appeared on Engadget on Sat, 21 Aug 2010 20:58:00 EDT. Please see our terms for use of feeds.

Permalink AppleInsider  |  USPTO  | Email this | Comments