Palm Authentication is a security process that relies on a palm print of an individual to verify that they are who the say they are. A palm authentication system compares the palm of the user that is trying to authenticate with a template of the existing users palm. This biometric template can be stored on a database or locally on the device. If the palm of the user matches the stored biometric data, the user is authenticated.
Some palm authentication products are utilize a decentralized security model such as FIDO Authentication which ensures a user’s palm imprint is secured on the user’s personal mobile device. In such instances a user’s palm scan is verified locally against itself, and is used to sign a challenge issued by a service provider from which access is granted. The biometric template itself is not stored centrally and is therefore not trivially susceptible to replay or credential reuse attacks.
“On my flight from Dallas, I used a palm scanner at the airport to verify my identity. The biometric template seems to be housed in a government database, so I’m naturally concerned about the security and privacy implications of how my biometric is stored.”