All Rights Reserved, Copyright © FUJITSU LTD. 2003 1 Information Security Measures and FUJITSU’s...
-
Upload
thomasine-bradley -
Category
Documents
-
view
218 -
download
3
Transcript of All Rights Reserved, Copyright © FUJITSU LTD. 2003 1 Information Security Measures and FUJITSU’s...
All Rights Reserved, Copyright © FUJITSU LTD. 20031
Information Security Measures and FUJITSU’s Solutions
19 Nov 2003FUJITSU LIMITED
All Rights Reserved, Copyright © FUJITSU LTD. 20032
FUJITSU Corporate Profile
Current Situation of Cyber Space
Case Study of Unauthorized Access
How to maintain IT security Conclusion
Example of FUJITSU’s Solutions and Dem
onstration
CONTENTS
All Rights Reserved, Copyright © FUJITSU LTD. 20033
FUJITSU Corporate Profile
All Rights Reserved, Copyright © FUJITSU LTD. 20034
Fujitsu at a Glance
Fujitsu is a leading provider of customer-focused IT and communications solutions for the global marketplace. Comprising more than 500 subsidiaries and affiliates, the Fujitsu Group operates in over 60 countries across the globe.
Established: June 1935 Stock Exchange Listings: Tokyo, Osaka, Nagoya, Frankfurt,
London, Swiss Consolidated Revenues: 4.6 trillion yen (US$38.3 billion) Employees: 157,000 worldwide R&D Expenditure: 286 billion yen (US$2.4 billion) Principal Business Areas: Software & Services, Platforms,
Electronic DevicesNote: FY2002 consolidated net sales; US$1=¥120; WW employees as of March 31, 2003
All Rights Reserved, Copyright © FUJITSU LTD. 20035
Global Scale, Local Presence
Fujitsu employees the world over take pride in providing high-quality products and services, and they are committed to solving customers’ problems and contributing to their business success. * Not including employees of Fujitsu Siemens Computers.
Europe, Middle East
& Africa*
Americas
Asia-Pacific
Japan
19,000
21,000
108,5008,500
All Rights Reserved, Copyright © FUJITSU LTD. 20036
• Company Name Fujitsu Systems Business(Thailand) Ltd.• Address 12th Floor, Olympia Thai Tower,
444 Rachadapisek Rd.,Samsennok, Huay Kwang, Bangkok 10310, THAILAND
• Registered Capital 50 Million Baht• Establishment September 1990• Organization Mr. Takafumi Mikuni as Managing Director• Employees about 200 persons• Business Field
Solutions: ERP/CRM /System Management/ E-commerce/Banking/ Retail /Personnel Management /Office Workflow/ Business Intelligence etc.
Products:IA Server and Unix Server/PC and Notebook/ATM Terminal/POS Terminal/Storage/Network/Peripheral Products (Scanner, Hard Disk, Magneto Optical Disk Drive, Dot Matrix Printer, Plasma Display,Handheld Terminal etc.)
FSBT Profile
All Rights Reserved, Copyright © FUJITSU LTD. 20037
Current Situation of Cyber SpaceCurrent Situation of Cyber Space
All Rights Reserved, Copyright © FUJITSU LTD. 20038
Successive Occurrences of Security Incidents
Damage caused by virus, highest no. of cases ever reported
Damage caused by virus, highest no. of cases ever reported
leak customer data from UFJ Securities
leak customer data from UFJ Securities
Worst security hole for
Windows XP ever seen
Worst security hole for
Windows XP ever seen
Hacker intrusion caused confidential and customer data to leak at New York Times.
Hacker intrusion caused confidential and customer data to leak at New York Times.
Hacking disaster at AOL, targeting
member’s personal data
Hacking disaster at AOL, targeting
member’s personal data
the Ministry of Health and Welfare cracks
down on virus-infected mail spam of
120,000 mails.the Ministry of Health and Welfare cracks
down on virus-infected mail spam of
120,000 mails.
Several times that the
Japanese government
website has been defaced
by hacker
Several times that the
Japanese government
website has been defaced
by hacker
Tokyo Stock Exchange sent out virus-infected emails to about 8000 people
Tokyo Stock Exchange sent out virus-infected emails to about 8000 people
The most
damaging virus
ever seen,
W32/Nimda
The most
damaging virus
ever seen,
W32/Nimda
All Rights Reserved, Copyright © FUJITSU LTD. 20039
Current Situation of Information Security
90% of the corporate in the world experienced unauthorized access
85% experienced harm caused by computer virus
Cyber spying targeting companies is on the rise
Threat from Cyber Terrorism
Source : FBI/CSI Research 「 Computer Crime and Security Survey 」
All Rights Reserved, Copyright © FUJITSU LTD. 200310
■Increasing illegal accessCases reported to CERT/CC ( Computer Emergency Response Team ) Jan 2003 ~ Sep 2002: 114,855 cases
■Worst virus incident ever took place Cases reported to IPA (IT Promotion Agency, Japan) between Jan and Dec 2002: 20,352 cases
Route taken by computer virus
1998
2000
External source mail download miscellaneousYear
97.1%
1.7%0.6%
4.1%
67.0% 5.9%
0.9%
34.4% 40.6% 21.2%3.8%
20020.6%
No. of virus incidents
0
5,000
10,000
15,000
20,000
19951996199719981999 年2000
2,0353,6452,640
11,109
700688
24,261
2001
Threats on Network ComputingThreats on Network Computing
1
10
100
1,000
10,000
100,000
8889 90919293 949596 97989900 0102
2002
20,352
All Rights Reserved, Copyright © FUJITSU LTD. 200311
012345678910
1
2
3
4
56
7
8
9
系列1系列2
組織
運用
教育
物理管理
利用者管理( )サーバ ホスト データ管理
監査
データ管理
管理
PC/ WS
ネットワーク
平均値
国際標準
How likely that your corporation would face cyber attack
主な企業の業種 レベル4以上残存
/製造 流通 91 147 社/公共 自治体 79 92 社( / )文教 学校 研究所 43 55 社/情報 通信 30 43 社/金融 証券 15 25 社
医療 1 3 社エネルギー 2 2 社
母数
■Users who conduced attack test ( Fujitsu’s customer data )
■Mentality on security management ( Fujitsu survey ; 450 companies )
While server data management is always a concern, not many pay enough attention to terminal data management, education and network management.
70% of each company is prone to cyber attackLevel 1:-Level 2: AlertLevel 3: Alarmed
Level 4: High RiskLevel 5: Fatal
Manufacturing/Retail
PublicEducation
IT/Telecommunication
Finance
Hospital
Energy
Organization
Operation
Education
Physical
User Manage.Server Manage.
PC/WS Manage.
Network
Audit
Business FieldNo. of
Organization
International averageJapan
Higher than Level 4
All Rights Reserved, Copyright © FUJITSU LTD. 200312
CodeRed / Nimda Virus
Resource : www.security.nl/misc/codered-stats/
CodeRed/Nimda Effect
※Researched by Symantec
Loss due to CodeRed : approx. 325 billion yen Nimda :approx. 65 billion yen※
All Rights Reserved, Copyright © FUJITSU LTD. 200313
Case Study of Unauthorized AccessCase Study of Unauthorized Access
All Rights Reserved, Copyright © FUJITSU LTD. 200314
Case Study: SCM of Company A (1)
Inventory Management System
Intra Network
Receipt and Shipping
Division A
Inventory Management Host Computer
Regional Server
•Parts list•Inventory data•Delivery data
etc
All Rights Reserved, Copyright © FUJITSU LTD. 200315
Server went down Recreate DB Server went down Sign of clacking
Check by an expertCheck by an expertSomething is strange with the server.
Intra Network
Receipt and Shipping
Regional Server
Division A
How a trouble starts?
Case Study: SCM of Company A (2)
All Rights Reserved, Copyright © FUJITSU LTD. 200316
Intra Network
Division A
Unauthorized access from the company inside Data on a regional server is deleted. Fake data is sent to a host server. An malicious program is implanted.
malicious Program
Fake data
Monitoring device
Stocktaking of relevant stock Shipping instruction by fax
Unauthorized access using common IDUnauthorized access using common ID
Altering Operation Data
Case Study: SCM of Company A (3)
All Rights Reserved, Copyright © FUJITSU LTD. 200317
How to Deal with Moral Hazard
Set up “Mental Barrier” Individual Identification ( ID/Password Biometrics ) Obtaining access log and regular check Setting penalty Education Third party audit ( e.g., other division )
All Rights Reserved, Copyright © FUJITSU LTD. 200318
1. To decide security policy ( clarify basic principles )2. To carry out security audit3. To specify security provision in a contract4. To pay extra attention to contract wording5. To observe regular regulation
6. To consider subscribing to an exclusive
insurance services
7. To be aware of the activities of other companies
from the same industry
A Lawyer’s Suggestions
7 rules to follow if your company wants to avoid a security-related trial ( Daniel Rangin )
All Rights Reserved, Copyright © FUJITSU LTD. 200319
1. To decide security policy ( clarify basic principles )2. To carry out security audit3. To specify security provision in a contract4. To pay extra attention to contract wording5. To observe regular regulation
6. To consider subscribing to an exclusive
insurance services
7. To be aware of the activities of other companies
from the same industry
A Lawyer’s Suggestions
7 rules to follow if your company wants to avoid a security-related trial ( Daniel Rangin )
The company itself must seriously review their current IT policies to determine
whether there is a need to strengthen their security tactics in order to avoid indictment
risk.
All Rights Reserved, Copyright © FUJITSU LTD. 200320
Latest Trends-higher technique to attack-
Random attack regardless of
industry and company size
Firewall isn’t perfect
Blended Threat
Amazing spreading speed
Infection coming from intranet
All Rights Reserved, Copyright © FUJITSU LTD. 200321
Increasing threats to be expected from now on
Attack targeting mobile phone
Attack targeting PDA
Attack on internet Appliance(IPv6)
Attack via game machine
Intrusion/bugging through wireless
LAN
~ Full-time connection, New media ~
All Rights Reserved, Copyright © FUJITSU LTD. 200322
How to maintain IT securityHow to maintain IT security
All Rights Reserved, Copyright © FUJITSU LTD. 200323
To maintain IT security
The following 3 criteria must be satisfied in terms of information and service.
C onfidentiality
I ntegrity
A vailability
All Rights Reserved, Copyright © FUJITSU LTD. 200324
Balancing between Information Systems
HR and Admin System
Basic System
Accounting System
Development SystemManagement
System
HR and AdminSystem
Basic System
Accounting System
Development System
OA System
Management System
It is absolutely necessary to have a plan to centralize thesecurity policy.
It is absolutely necessary to have a plan to centralize thesecurity policy.
OA System
All Rights Reserved, Copyright © FUJITSU LTD. 200325
It is absolutely necessary to centralize the security policyIt is absolutely necessary to centralize the security policy
User security
If security policies are centralized
Equipment Management
Information
Infomation
System Management
Education
Equipment Management
User security
Operation Management( User management )
Security function( ID/password etc )
System Management
Education
Promoting Security Policy
Promoting Security Policy
If security policies are NOT centralized
Balancing between each Security Policy
Operation Management( Managing users etc )
Security functions( ID/password etc )
All Rights Reserved, Copyright © FUJITSU LTD. 200326
Enforcement of the counter measurements
Enforcement of the counter measurements
Security auditSecurity auditPlanning security strategyPlanning security strategy
・ Adopt Information Technology・ Organization/training arrangements・ Arrangement of the operation flow outline
・ Security operation audit・ Detect new threats
・ Planning of the corporate security policy・ Planning of the counter measurements
Improvement cycle for the IT security strategy
All Rights Reserved, Copyright © FUJITSU LTD. 200327
To consolidate ways of protection
Security Policy
Anti-virus
End-user training
Anti-unauthorized Access
Secu
rity
Team
ApplicationLayer
InfrastructureLayer
Organization Layer
Security Certification
Anti-information leakingDatacenter
ID ManagementElectric Document GuaranteeSecure Application
Contents Protection
All Rights Reserved, Copyright © FUJITSU LTD. 200328
Organization Measures
・ Security Policy
・ Security check and assessment
・ Obtain official recognition on security profile ISO15408 ISO17799(BS7799) Privacy Mark
・ Training and education for end-user
■ Infrastructure■ Infrastructure
■ Organization■ Organization
■ Application■ Application
All Rights Reserved, Copyright © FUJITSU LTD. 200329
If no security plan existsIf no security plan exists If a security plan existsIf a security plan exists
Impossible to explain security level of own company
Security Plan Document
Security Plan Document
From networking companies; “Security is fine despite network connection.”
Norm of joint companies; “We will maintain the security the same way with our own company.”
Conditions of providing network service; “What is the security level of your company ?”
A request from government agency; “How does industry tackle security”
Lawsuit related to security incidents; “Is the security level appropriate for a particular industry?”
Could get ISO recognition in the future
Necessity of Security PolicyNecessity of Security Policy
What should we do?
We have a security plan!
Certified
All Rights Reserved, Copyright © FUJITSU LTD. 200330
Operation Security PlanOperation Security Plan System Security PlanSystem Security Plan
Company security planning
Information security basic regulation
Information security measure standard
Basic regulation
Baseline
Operation
Manual
Operation
ManualAll kinds of
manual
All kinds of
manualSystem
implementation
System
implementation System operation
manual
System operation
manualSystem operation
manual
System operation
manual
Steps of security planning
Steps of planning
Set up environmentSteps of Implementation
Security CheckSteps of Checking
IS015408
recognition
IS015408
recognition
ISO17799/BS7799
recognition
ISO17799/BS7799
recognition
Steps to obtain official
recognition
Co
mp
an
y u
nit
Syste
m/o
pe
ratio
n
un
it
To prescribe a framework that includes: maintain information security/ structure organization to promote/ organization/ penalty regulations/ staff security/maintaintraining as part of security policy.
To promote information security policy, We must prescribe: system access restrictions To combat against potential threat, / resource access restriction/memory mediummanagement/ network management/data exchange management/document management etc
Security Policy StructureSecurity Policy Structure
All Rights Reserved, Copyright © FUJITSU LTD. 200331
◆IT security basic information
◆Information security measure standard
Cp1 information management securityCp2 documentation managementCp3 Memory medium managementCp4 office managementCp5 info system equipment managementCp6 standard to protect personal dataCp7 study information securityCp8 operating continuation plan
Cp9 Staff managementCp10 Outsourcing contractCp11 Facilities management
Cp12 Design security functionCp13 Product quality managementCp14 Development environment managementCp15 Use delegation security
IT Security DeclarationChapter 1 General RulesChapter 2 Information asset management classifiedChapter 3 IT Security PolicyChapter 4 Info security organization/role
Chapter 5 Reviewing information securityChapter 6 Legal terms to followChapter 7 PenaltyChapter 8 RevisionAdditional Rule
Cp29 User securityCp30 Email securityCp31 PC management securityCp32 Mobile securityCp33 Training standard on IT security
Cp16 IT system operation managementCp17 System change managementCp18 IT security accident managementCp19 Backup managementCp20 User registration managementCp21 External data exchange managementCp22 Host/Server managementCp23 Computer virus policiesCp24 Software managementCp25 Machine room management
Cp26 Network managementCp27 Remote access managementCp28 Network connecting affiliated companies management
2 HR Department
1 Shared Section
3 IT System ImplementationRule
4 IT System Operation
5 Network
6 User Management
Rule Appendix
Sample of Security Policy Sample of Security Policy Documents
All Rights Reserved, Copyright © FUJITSU LTD. 200332
Security Policy Promotion Team
Security team should be given
authority
Assignment of network/security
officer
Defining security policy and
auditing
Daily comprehensive security
monitoring
Education/Training on security
etc
All Rights Reserved, Copyright © FUJITSU LTD. 200333
Infrastructure Measures
Data Center
Secure network
Anti earthquake structure, monitoring camera, in-out control, installation of security areas etc.
・ Measurements to information leaking Burglary protection, encryption, IPR protection
・ Contents Protection Long term digital data back-up
Secure contents
・ Barrier segment(Zone defense, VPN)・ Virus protection・ Intrusion monitoring(24x365)・ High quality/density security attack
■Infrastructure■Infrastructure
■ Organization■ Organization
■ ■ ApplicationApplication■ ■ ApplicationApplication
All Rights Reserved, Copyright © FUJITSU LTD. 200334
Barrier Segment Method
Router
Firewall
Operation administration
server
ExternalProxy
Public WWW
External Mail
server
RADIUSServer
Internet
DMZ
Corporate network
Intrusion detection(IDS)
PublicISDN
ExternalDNS
Internal DNS
Internal Proxy
CorporateWWW
Internal Mail
serverDuplication
Network Server・ Suspend unused services・ Periodic Software upgrade, patching・ Delete unused CGI・ Measurements to SPAM mail・ Set appropriate access limit
Monitoring and logging・ Save & check various logs・ Delete log files, prevent alter・ Detection of unauthorized attack・ Mail/URL filtering and audit
Administration・ Installation of the software/setting・ Physical/Logical protection of Servers & network devices・ Password for administrator・ Documentation of System administrator’s job and Service level agreement
Virus protection・ Protection from Internet intrusion・ Protection for Clients and servers
Others
Network configuration/firewall・ Minimize security risk/Install firewall・ Adopt DMZ configuration・ Prohibit external access though Telnet and FTP
・ Internal firewall/Filtering・ Prohibit internal dial-up connection・Attack test
Virus Check
All Rights Reserved, Copyright © FUJITSU LTD. 200335
Application Measures
■ Organizationguideline■ Organizationguideline
■ Infrastructure■ Infrastructure
・ Application development guideline- Regulation of Web application source code
(Check function/factor and input characters)- Java application development guideline
・ Application authentication/access control- Selection of authentication method ( ID/password, onetime password, Biometric, electronic certificate and so on)
- Study PKI implementation Decide target business Decide to self operate or outsource CA Decide the operation guideline of the certificates
(Issue/invalidation/reissue) PKI products (CA, RA, repository, smartcard etc.) Outsourcing (Verisign, JCSI)
・ Electric Document Guarantee
Application
All Rights Reserved, Copyright © FUJITSU LTD. 200336
Classification of security holesNo of case
Things to consider when it comes to coding
346162138
2987
Things to consider when it comes to design196178
Things to consider when it comes to operation6617
Things to refer to 50
Other144
Total 1341UnknownUnknown
Error when checking input data size
Error in verifying input data content
processing error of input data outside specified range
a dangerous competitive state will occurthe atomic nature of processing is not guaranteedprocessing procedure is not guaranteed
error in granting access restrictionthings left out at designing stage
problem in default configurationError in considering user environment
Bug from the original source managed to spread across
Environment ErrorConfiguration Error
Origin Validation Error
Atomicity ErrorSerialization Error
Access Validation ErrorDesign Error
Input Validation ErrorBoundary Condition Error
Failure to HandleRace Condition Error
コーディング上51%
設計上28%
運用上6%
参照元4%
不明11%
Coding error is seen as the source of theProblem in 50% of all cases
690cases374cases
Classification of security holes reported to Bugtraq
All Rights Reserved, Copyright © FUJITSU LTD. 200337
Conclusion
All Rights Reserved, Copyright © FUJITSU LTD. 200338
1)Awareness2)Responsibility3)Response4)Ethics5)Democracy6)Risk Assessment7)Security design and
implementation8)Security Management9)ReassessmentGuideline on Information System Security (OECD: 2002 )
Principles in IT Security
All Rights Reserved, Copyright © FUJITSU LTD. 200339
Fujitsu’s Attack Test Service Logical Protection of PCs (Safetywin)Biometric (Palm Vein Pattern Recognition)
Examples of FUJITSU’s Solutionsand Demonstration
All Rights Reserved, Copyright © FUJITSU LTD. 200340
Customer Internet site
Firewall
WWW serverMail server etc
Scanning
Apply forIP address
(US and Europe)Scanning server
Cooperation
Provide high reputation Qualys (USA) QualysGuard™ service first in Japan. Rapid countermeasurements to security holes. When a new security hole was discovered, reflects the attack pattern which detects the corresponded security hole generally in one day. High speed scanning (15-20min/server)
Provide high reputation Qualys (USA) QualysGuard™ service first in Japan. Rapid countermeasurements to security holes. When a new security hole was discovered, reflects the attack pattern which detects the corresponded security hole generally in one day. High speed scanning (15-20min/server)
Fujitsu’s Attack Test Service (1)
Results report
All Rights Reserved, Copyright © FUJITSU LTD. 200341
Reference : Example of result report ( 1 )
High speed diagnosis : 1 server only 15 to 20 minutes.High speed diagnosis : 1 server only 15 to 20 minutes.
Visual display of security risks.Visual display of security risks.
Fujitsu’s Attack Test Service (2)
All Rights Reserved, Copyright © FUJITSU LTD. 200342
Easy to further analyze why the administrator judged the particular security fragileness by providing diagnosis logs
Easy to further analyze why the administrator judged the particular security fragileness by providing diagnosis logs
High quality and easy diagnosis report in Japanese (Only Fujitsu)High quality and easy diagnosis report in Japanese (Only Fujitsu)
Display diagnosis result and proposed measurements separatelyDisplay diagnosis result and proposed measurements separately
Reference : Example of the result report ( 2 )
Fujitsu’s Attack Test Service (3)
All Rights Reserved, Copyright © FUJITSU LTD. 200343
Attack Test Service Express EnhanceAttack Test Service Express’s system is enhanced in the following manner: ・ On top of the conventional scanning using the internet as a media, Fujitsu can also provide you now with intranet scanning. Using the latest knowledge, this is an extensive intranet server scanning service. With 1 appliance server, it is possible to scan up to 5000 units within one day. ・ Consultation on test report is an additional option.
Remote Scanner
Database Server
Remote Scanner
Web Application Server
FirewallInternet
Intranet
Servers
BrowserQualys Data Center
Intranet Scanner
Customer’s site
All Rights Reserved, Copyright © FUJITSU LTD. 200344
Logical Protection of PCs (Safetywin) Logical Protection of PCs (Safetywin)
•Practical measures to prevent system problems by
setting restrictions to the basic functions of Windows
OS.
•A reduction in the time spent on trouble-shooting and
maintenance.
•Practical system environment to suit each user’s PC
skill.
All Rights Reserved, Copyright © FUJITSU LTD. 200345
Protects PCs by setting restrictions on the functions of Windows OS.
Provides a higher level of security by setting access authorities.
Applicable to various system environments.
• Protects the system from unsuitable operations.
• Applications which are not Windows standard can also be controlled.
• Restrictions can be easily set by clicking the check boxes on the screen.
• Prohibits the installation of software
• Guards specified drives/folders/files
• Limits the applications which can be performed.
• Each client machine environment can be easily set by clicking the icon on the server machine (Server option required).• A change of the guard settings can be automatically dispatched from the server to clients (Server option required).
A suitable environment can be provided for each user.
System administrator
The number of telephone calls will
be reduced.
Safetywin Key features– for system administratorsSafetywin Key features– for system administrators
All Rights Reserved, Copyright © FUJITSU LTD. 200346
Users can operate PCs without concern for system environment
Safetywin is a preventive measure for system problems.
• No need to worry about changing the control panel
settings accidentally.
• No need to worry about destroying valuable
system assets accidentally.
• No confusing windows or applications appear on
the screen.
Users
Users cannot feel secure when restoration is the only solution.
Safetywin Key features – for usersSafetywin Key features – for users
All Rights Reserved, Copyright © FUJITSU LTD. 200347
Safetywin setting example 1: Public terminal
All Rights Reserved, Copyright © FUJITSU LTD. 200348
Only necessary icons will be displayed on the
Desktop
Only necessary icons will be displayed on the
Desktop
Safetywin setting example 1: Public terminal
All Rights Reserved, Copyright © FUJITSU LTD. 200349
Safetywin setting example 2: School computer
All Rights Reserved, Copyright © FUJITSU LTD. 200350
Access to the specified control panel item will
be prohibited.
Access to the specified control panel item will
be prohibited.
Safetywin setting example 2: School computer
All Rights Reserved, Copyright © FUJITSU LTD. 200351
Safetywin setting example 3: Internet access
All Rights Reserved, Copyright © FUJITSU LTD. 200352
Access to the URL which contains the specified
keyword will be prohibited.
Access to the URL which contains the specified
keyword will be prohibited.
Safetywin setting example 3: Internet access
All Rights Reserved, Copyright © FUJITSU LTD. 200353
Biometric (Palm Vein Pattern Recognition)
Palm vein pattern recognition is one
of biometric authentication. This is a
technology to confirm that person’s
identity based on palm vein pattern.
A palm vein pattern is extracted from
a picture taken by an infrared light
A palm vein pattern is checked
against patterns stored in the system.Infrared image
Vein and hand contour image
All Rights Reserved, Copyright © FUJITSU LTD. 200354
Merits of Palm Vein Pattern
The palm vein pattern…
will not vary over the course of person’s
lifetime after setting while still in the mother’s
womb, apart from size.
lies under the skin makes it that much harder
for others to read.
is unique to every individual even in twins.
All Rights Reserved, Copyright © FUJITSU LTD. 200355
The World’s First Contactless Method
High precision of individual’s identification
Tested with the cooperation of 700 people
aged 10 to 70 from different walks of life, a
total of 1,400 palm profiles were collected.
The system had a false rejection rate of
1% and a false acceptance rate of 0.5%, in
case that two vein patterns are used in
registration.Contactless palm vein recognitio
n unit
All Rights Reserved, Copyright © FUJITSU LTD. 200356