• Support
• | 
• Contact
  • Online
  • USA +1-650-474-4000
  • EMEA +44-203-286-4004
  • Asia +886-2-2735-5586
•     

DigitalPersona Statement on Spoofing

The DigitalPersona U.are.U^® 4500 and 4000B Modules (standalone or as part of the DigitalPersona Reader or Keyboard), when used with DigitalPersona software, have an anti-spoof technology that can detect and reject the most likely attempts to fool it. That is, the U.are.U 4500 and 4000B are highly effective at rejecting photocopies of fingerprints, photographs of fingerprints, and attempts to re-submit any latent fingerprint image on the reader window through dusting, flashlights, misting, etc.

There are Internet reports which describe complex procedures for fooling fingerprint readers in general. These procedures are complex and by no means simple, quick or easy. These methods almost always involve lifting a print, enhancing it, scanning it, digitally processing the image, printing a film of the image, etching a printed circuit board with strong acids, then molding a 3-D model of the finger with gelatin or other substances. Such processes are hardly practical for a malicious hacker. In almost all reported cases the person whose fingerprint was spoofed cooperated in the process. Nevertheless, as with any security technology, with enough effort and financing, a carefully crafted 3-D model of a finger will sometimes be accepted by every fingerprint reader on the market today. It is important to note that this susceptibility applies to all fingerprint reader technologies: optical and semiconductor, be it swipe-style or placement readers.

For any security device, it is important to weigh the risk scenarios and then set the security policies accordingly. For the majority of DigitalPersona's customers, the use of a biometric is an effective and secure solution to the real day-to-day problems with password management and smart cards or even tokens. Loss, theft, forgetting, sharing, phishing, repudiation, and inconvenience are common occurrences with passwords, smart cards and tokens. If an organization considers the remote and expensive possibility of a constructed 3-D fake finger as a real threat, DigitalPersona strongly recommends a multi-factor authentication solution. Additional factors may be PINs, passwords, smart cards, other tokens, or even a human security guard in cases of physical access. Strong security is always layered and any organization will achieve higher security with a multi-factor approach over any single factor.

In summary, the DigitalPersona U.are.U 4500 and 4000B readers used with DigitalPersona software have an anti-spoof technology that can detect and reject the most likely attempts to fool them.