Fujitsu is combining its innovative biometric authentication technology, FUJITSU PalmSecure, with OpenLimit’s truedentity solution to protect identity and sensitive data during virtual or physical transactions such as online payment. The design of FUJITSU PalmSecure truedentity is based on a new electronic identity card (eID) technology. It meets even the stringent security guidelines such as those of German Federal Office for Information Security (BSI) and helps enterprises to anticipate new European Community regulations.
The FUJITSU PalmSecure truedentity solution stack comprises both user and server technology designed based on a new identity card technology according to BSI technical guidelines. A basic principle ensures that user authentication data – in this case, palm vein pattern and associated ID data – is only provided when requested by the service supplier and actively permitted by the user. On mutual approval to proceed, authentication data is transferred over secured communication channels for each and every transaction. Within this communication, the so-called ‘Identity Provider’ – in this case using truedentity technology – is integrated as an additional service in a mediation role for mutual authentication.
Thomas Bengs, Director and Head of Security Products and Solutions at Fujitsu said, “In the arms race between hackers and financial institutions, with the increasing cost of security breaches, and the problem that passwords are compromised on a daily basis, there is an urgent need to implement more sophisticated security measures such as reliable biometric authentication. The FUJITSU PalmSecure truedentity solution addresses this requirement, and gives users easy-to-use, convenient and trustworthy access to services. Furthermore, by withholding access of users’ authentication data from service providers there is a greatly reduced possibility of fraud or misuse.”
The cost to organizations of cyber-fraud and hacking continue to rise, while customers and citizens alike are losing faith in online service providers, banks and even government departments to secure their transactions. As hackers become more and more sophisticated in their ability to steal data, transfer funds or cause targeted damage, so even the most complex passwords alone are not sufficient. Tackling this, trusted authentication in combination with biometric attributes means that ‘hacked’ passwords or stolen cards simply become useless, since Fujitsu’s PalmSecure system requires biometric credentials – using the unique vein pattern in the palm – in addition to other authentication measures such as chip and pin, or passwords.
“Unambiguous identities are the basis for secure transactions in the digital world. FUJITSU PalmSecure truedentity achieves unambiguous online authentication of the parties with whom people come into virtual contact. A third mode of logical identification, such as FUJITSU PalmSecure technology, increases the degree of faith that users and organizations are able to place in verifying the true identity of citizens, customers, and the employees of service providers – and so reliably protecting their systems and data from unauthorized access,” commented Marc Gurov, CEO, OpenLimit SignCubes AG
FUJITSU PalmSecure truedentity provides a fast and flexible track enabling organizations to comply with individual governmental regulations such as Electronic Identification and Trust Service (eIDAS) in Europe, while also meeting all required privacy rules.