security

encyclopedia

palm authentication

Palm Authentication is a security process that relies on a palm print of an individual to verify that they are who the say they are. A palm authentication system compares the palm of the user that is trying to authenticate with a template of the existing users palm. This biometric template can be stored on a database or locally on the device. If the palm of the user matches the stored biometric data, the user is authenticated.

Some palm authentication products are utilize a decentralized security model such as FIDO Authentication which ensures a user’s palm imprint is secured on the user’s personal mobile device. In such instances a user’s palm scan is verified locally against itself, and is used to sign a challenge issued by a service provider from which access is granted. The biometric template itself is not stored centrally and is therefore not trivially susceptible to replay or credential reuse attacks.

Example:

“On my flight from Dallas, I used a palm scanner at the airport to verify my identity. The biometric template seems to be housed in a government database, so I’m naturally concerned about the security and privacy implications of how my biometric is stored.”

hypr_trial_ad
hypr_trial_ad