It's Evident


Spoof Proof Biometrics & Revocable Tokens
◊ Brittan Mitchell, Esquire

With increasing frequency, individuals experience biometric technology for security and authentication in all sectors of society. Here are some examples:
  • Employees in both the public and private sectors use fingerprint and palm scanners to clock in and clock out.1
  • Frequent flyers identify themselves through iris scans stored on smart cards.2
  • Test takers, in distance education programs, use remote proctors to confirm identity based on image, sound, and fingerprint scans.3
  • Home and business owners can purchase deadbolt technology that permits access based on fingerprint scans.4
  • Some states have incorporated biometric information into the standard driver’s license.5
  • The soldiers in the United States military use a biometric device called a Hand-held Interagency Identity Detection Equipment or “HIIDE” to “quickly input and access the name, age, address, religious sect, birthplace, fingerprints, retinal information, and facial photograph of any individual.”6

    We rely on these technological advances to protect our homes, our bank accounts, and even our irreplaceable human identifiers. Confidence naturally declines after reading headlines that suggest fallibility: ‘Researchers crack biometric security with play-doh’7 or the ‘Privacy Rights Clearinghouse has documented over 251 million security breaches of records containing “sensitive personal information” in the last 14 years.’8 These two headlines pinpoint two of the main concerns with biometric technology. The play-doh finger illustrates the first problem—that an intelligent intruder can “spoof” the technology. The clearinghouse of privacy documents examples relate to the second problem—that the stored biometric information may be leaked or comprised.9

    Cutting Edge “Spoof Proof” Biometrics:

    This article highlights three biometric technologies that are on the cutting-edge of defeating the privacy and “spoofing” hurdles--eyeball reflexes, palm-vein patterns, and revocable biometric tokens. The focus is primarily on the “spoof proof” aspect of improving biometric technology and only minimally addresses the active debates over the privacy concerns.10 When an individual “spoofs” a biometric system he/she defeats the device’s security by using a phony sample.11 Biometric researchers must be aware of these deficiencies and vulnerabilities and must strive to assure that the authentication process is reliable.12


    Two Japanese scientists are working to tackle the spoofing and privacy hurdles by combining eyeball reflexes (saccade response) with unique ‘blind spot’ data points.13 The proposed development will not necessitate the secret storage of biometric information, and the researchers claim that the targeted biometric data is “spoof proof.”14

    Their research indicates that “blind spots” alone are insufficient because of the potential to fraudulently copy a blind spot through complex surgery or high-tech contact lenses.15 However, the additional use of eyeball reflexes (saccade response) protects the identification system from replication.16 Specifically, the identification system places a visual target inside and outside the individual’s known blind spot. The system then seeks to track and record the resulting reflexes of the eyeball. These triggered reflexes in turn produce unique information that can identify and authenticate a particular user.17

    Eyeball reflexes, are unique and are seemingly impossible for an imposter to copy since they are “beyond conscious control.”18 This research team is also experimenting with other potentially unique data sets involving the human eye—pupil contractions and vergence eye movements.19


    In another measure to increase the reliability of the authentication process, some industries are moving from fingerprints to palm-vein patterns. This technology uses an infrared scan to examine the veins in an individual’s palm. 20 Palm-vein patterns are unique to individuals, even individuals that share the same DNA. 21 In fact, an individual user will have unique vein patterns even between a left hand and a right hand. 22 Displaying confidence in the difficulty of “spoofing” someone’s unique vein pattern, one commercial developer claims that the key to security is “in the palm of your hand.”23 This developer has successfully installed the palm-vein technology in ATM’s and is planning on integrating the technology for mobile phone security. 24

    Health care providers and hospitals are potentially a great target for this type of biometric identification. In 2007, a hospital in North Carolina installed these palm-vein scanners for identification of patients. 25 Rather than storing a picture of the individual’s palm, the individual is assigned a unique identification number, thereby reducing privacy concerns from leaked information. 26 The hospital administrators felt that the technology would increase patient security because it would minimize the potential for “leaking” private information (i.e. social security numbers) during the registration process of the patient. 27

    Competitive graduate admissions tests are also beginning to utilize this palm-vein scanning technology in the hope that this biometric system will reduce cheating. Fingerprint identification has not proved sufficiently “spoof proof” for takers seeking admission into top business schools.28 Select testing locations utilized these biometric devices in late 2008 and worldwide use is expected by the summer of 2009. 29 This application of the palm-vein biometric technology will store a digital image of the vein pattern. 30 Proponents of the technology feel confident that these vein scans are significantly more difficult to spoof than the traditional fingerprint scan. 31 Regardless of the additional safeguards, privacy advocates argue that personal biometric information should only be stored for a set period of time, and then destroyed or revoked. 32 However, currently the palm-vein scans are intended to permanently remain in the student’s file. 33 The proponents of the technology rebut the privacy argument by pointing out that you “can’t leave a vein pattern at a crime scene;” therefore, the risk that a governmental authority will improperly seize the biometric information and use it to connect the individual to a crime is inconsequential. 34


    The privacy advocates raised issues of revocability in the permanent storage of the palm vein patterns. These advocates and other prudent consumers care about revocability. Individuals, at their convenience, can typically open and close bank accounts, cancel credit cards, and change passwords and security protocols. However, in the realm of biometrics—revocability has not been the standard. Individuals cannot “easily” change their biometric identifiers: fingerprints, palm prints, gait, retina, etc.35

    The biometric industry is realizing that revocability must be incorporated into the technology as an additional safeguard for individual privacy. 36 One approach to revocability is the use of “biotokens.” 37 There are four reasons why these biotokens exhibit increased privacy: (1) a biotoken may combine multiple human identifiers (i.e. the combination of a fingerprint and an iris scan), 38 (2) a biotoken may add a level of encryption to the authentication and storage process which “provides cryptographically strong protection of the original biometric data,” 39 (3) a biotoken may be stored in an alternate location from the original biometric identifiers, 40 and (4) the revocable nature of the biotoken may allow for the token to expire and a new token issued without the recollection of the original biometric identifiers. 41

    A Colorado based company, Securics Inc., is exploring the benefits of biotokens; their unique biotokens are called ‘Biotope revocable identity tokens.’ 42 The company’s self proclaimed goals are to enhance security while protecting privacy. 43 The website indicates that Securics offers the only commercially available revocable biotokens for face and fingerprint. 44 The Biotope technology “transforms the original biometric signature into an alternative revocable form (the Biotope) that protects privacy while it supports a robust distance metric necessary for approximate matching.” 45 The company describes some additional advantages to this technology as follows:

    Network infrastructure is continually compromised by attacks involving man-in-the-middle key exchanges, dictionary attacks, and phishing. Standard biometrics and even secure ID tokens are not immune. Loss from these attacks is estimated to be as high as 3.2 billion dollars. Revocable Biotope tokens are impervious to these issues. At the core of our bio-cryptographic protocols is a Biotope token that is unique on a per transaction basis. This approach completely prevents known attacks; non-public transmitted data is never reused. The Biotope technology supports nesting, allowing stored tokens to be used to generate new tokens in real time — something no other privacy enhanced biometric technology can do. 46

    The initial commercial function for these biotokens is an authentication application for Web-based transactions; however, the company is hoping that the Biotope token will expandable for use in drivers’ licenses and passports.47


    Eyeball reflexes, palm-vein patterns, and revocable biometric tokens are three examples of cutting edge biometric technologies each with a unique approach to spoof proofing and enhancing the privacy of the underlying data. Other approaches to making a biometric device more secure might include adding a password or an additional biometric device. 48 Spoof proofing technologies is an underlying hope for the biometric industry. Many researchers hope to achieve this goal and to create such a technology. Other researchers assert that there is no technology that is spoof proof. 49 These researchers insist that the key to security is to stay technologically ahead of bad guys. 50
    ‘Staying ahead of the bad guys’ is the theme that is driving the biometric industry. Regardless of some of the existing biometric shortcomings, the industry, as a whole, is excelling in today’s economy. An FBI statement made while announcing a $1 billion dollar biometric contract illustrates this sentiment: "Due to the many issues associated with identity theft, lost and stolen documents, and the ability to spoof standard name-based identity management systems, coupled with the rapid advances in technology and the nation's focus on combating terrorism, there are increasing needs for new and improved identification services," 51 It’s evident that spoof-proof biometrics are crucial to the future of forensics!


    End Notes:

    ◊ Brittan Mitchell is a former NCSTL staff member. [LL.M. New York University (expected 2010); J.D. Stetson College of Law (2003); B.S. Accounting Florida State University (2000); B.S. Economics Brigham Young University (1999)].

    1 David Caruso, Fingerprint Scans Replace Clocking In, Mar. 27, 2008, Live Science,
    2 Registered Traveler Cards (rtGO cards) allow individuals to pay a fee for quicker security measures in airports. The identification is based on fingerprint and iris scans. See Registered Traveler Cards Take Flight at the Reno Tahoe International Airport, Contactless News, June 21, 2007,
    3 Distance education test takers can now use the remote proctor software with biometric fingerprint scans to authenticate test taker. See Proctor 2.0, INSIDE HIGHER ED, June 2, 2006,
    4 Tony Kontzer, Biometric Deadbolt Is Latest Assault on Keys, DVICE, 2007,
    5 “Incorporating biometrics into driver licenses was recently mandated in the “Minimum Standards for Driver’s Licenses and Identification Cards Acceptable by Federal Agencies for Official Purposes” issued by the Department of Homeland Security. A biometrically-enhanced driver license system aids in addressing the following key problems: (i) issuance of multiple licenses to a single driver; (ii) issuance of a single license to multiple drivers, and (iii) detection of counterfeited driver licenses.” BioLink Biometrics Incorporated into Hawaii Driver License Program, 1888 PRESS RELEASE, Mar. 3, 2008,; See also L-1 Finds $20M Order for HIIDE Biometric Devices, Oct. 13, 2008, (suggesting that Massachusetts and Mississippi are incorporating a biometric component in their driver’s licenses).
    6 Jeff Emanuel, SecuriMetrics HIIDE® Developed for the US DoD, Aug. 14, 2007,
    7 Robin Arnfield, Researchers Crack Biometric Security with Play-Doh, NEWSFACTOR, (Dec. 13, 2005), ; See also Interview of Dr. Boult on KOAA TV on biometrics and spoofing fingerprints, (showing a demonstration on the ease of “spoofing” fingerprint readers).
    8 Privacy Rights Clearinghouse, (updated Jan. 12, 2009).
    9 Inderscience Publishers, Eyeball Reflexes: Security and Biometrics That Cannot Be Spoofed, Science Daily, Sept. 4, 2008,
    10 Many of the references cited within the footnotes explain the issues that arise in the privacy debates regarding biometric technology.
    11 Clarkson University, Clarkson Engineer and 'Spoofing' Expert Looks To Outwit High-Tech Identity Fraud, Science Daily, Dec. 20, 2005,
    12 Id.
    13 Inderscience Publishers, supra n. 9; See also Masakatsu Nishigaki & Daisuke Arai, A User Authentication Based on Human Reflexes Using Blind Spot and Saccade Response, 1(2) Int’l J. Biometrics 173 (2008) (DOI 10.1504/IJBM.2008.020143):
         The use of biometrics for user authentication has recently attracted attention. Biometrics makes it possible to authenticate a person accurately, but biometric information can easily be leaked and/or copied. It is therefore desirable to devise biometric authentication that does not require biometric information to be secret. This paper proposes a user authentication method that utilises human reflex responses. The expectation is that, even if a person's reflex characteristics are publicly known, it would be difficult for someone else to impersonate that person, since human beings are basically unable to control their own reflexes. In this paper, we demonstrate user authentication using blind spot position and saccade responses as the prototype of a system of authentication based on reflex responses, and also study the feasibility of such a system.
    14 Nishigaki & Arai, supra n. 13; See also Terri Potratz, New Spy Gear: Reflex Biometric Technology,, Sept. 4, 2008 (providing pictures and slideshows of relevant technologies).
    15 Inderscience Publishers, supra n. 9;
    16 Nishigaki & Arai, supra n. 13 (explaining that the blind spot (scotoma) “is a fixed region on the retina of the eye where the optic nerve bundle and blood vessels pass from the eyeball into the brain and so no image can be produced here. Saccade response is the repeated, tiny, left-to-right movements made when our eyes track something moving right to left, and vice versa”); See also Saccade, Wikipedia,
    17 Nishigaki & Arai, supra n. 13.
    18 Id.
    19 Id.
    20 High Tech Patient ID: Information Technologists Design System to Recognize Palm-vein Patterns, Science Daily, Oct. 1, 2007, R&D, Fujitsu Palm Vein Technology,
    21 Id.
    22 Id.
    23 Id.
    24 Id.
    25 High Tech Patient ID, supra n. 20.
    26 Id.
    27 Id.
    28 John Hechinger, Testing Firm Gets High-Tech ID Checks: Biometric Scans to Verify Students Taking GMATS, South Florida Sun-Sentinel, July 27, 2008, at 1-D.
    29 Id.
    30 Id.
    31 Id.
    32 Id.
    33/sup> Id.
    34 Id.
    35 See generally Rebecca Tonn, Revocability Key to Secure Use of Biometrics, Colorado Springs Business Journal, May 9, 2008, ; See also Wayne Heilman, Selling the Security of Biometrics, The Gazette, Sept. 19, 2007,
    36 Tonn, supra n. 35; See also T. Boult, W. Schdrer, & R. Woodworth, Revocable Fingerprint Biotokens: Accuracy and Security Analysis, Computer Vision and Pattern Recognition 1 (June 2007) (DOI: 10.1109/CVPR.2007.383110) (indicating that the “concept of revocable or cancelable biometric-based identity tokens (biotokens), if properly implemented, can provide significant enhancements in both privacy and security and address the biometric dilemma.”) (A link to this publication is available for download on the website of one the authors
    37 Tonn, supra n. 35.
    38 Id.
    39 Securics “Technology” (2008); See also Heilman, supra n. 35.
    40 Securics “Technology, supra n. 39 ; See also Heilman, supra n. 35
    41 Securics “Technology, supra n. 39 ; See also Heilman, supra n. 35.
    42 Securics “Technology, supra n. 39 ; See also Heilman, supra n. 35.
    43 Securics “Technology, supra n. 39.
    44 Id.
    45 Terrance Boult & Robert Woodworth, Advances in Biometrics, 423 (Springer London, 2008) (DOI: 10.1007/978-1-84628-921-7_22;
    46 Securics “Technology, supra n. 39.
    47 Tom Olzak, Biotope Technology to Protect Personal Biometrics, Security Community, Sept. 28, 2007,
    48 Robin Arnfield, Researchers Crack Biometric Security with Play-Doh, Newsfactor, Dec. 13, 2005,
    49 Id.
    50 Id.
    51 Lockheeed Gets $1Billion FBI Biometrics Contract,, Feb. 13, 2008; See also Ellen Nakashima, FBI Building $1B Biometric Database, Deseret Morning News , Dec. 23, 2007, at A02,