Risk
8/31/2006
03:31 AM
50%
50%

Bioscrypt Gets Qualification

Bioscrypt announced that its fingerprint algorithms have been qualified by the GSA

TORONTO -- Bioscrypt Inc. (TSX: BYT), a leading provider of identity verification technology, announced today that its fingerprint algorithms have been qualified by the General Services Administration (GSA) for use in the United States government's Personal Identity Verification (PIV) program.

In August 2004, Homeland Security Presidential Directive 12 (HSPD-12) was issued mandating the establishment of a standard for identification of federal employees and contractors and that a common identification credential be created to access both physical and logical assets. In response to this Directive, the National Institute of Standards and Technology (NIST) published the Federal Information Processing Standard Publication 201 (FIPS 201), Personal Identity Verification (PIV) of Federal Employees and Contractors in February 2005.

Under FIPS 201, the PIV credential is required to contain two fingerprint templates that are compliant with the ANSI/INCITS 378 fingerprint minutiae data interchange format standard, to enable the authentication of an individual. These two standards-based fingerprint templates are mandated to be stored on the PIV card and made available for use by agencies for physical and/or logical access control.

With the GSA listing, Bioscrypt's fingerprint algorithms are now qualified to be used to create the ANSI 378 templates required for PIV card issuance and for cardholder verification.

"The qualification of our minutiae based algorithm for use in the PIV program marks another important stage in the development of our product portfolio for the U.S. Government market", said Dr. Colin Soutar, CTO Bioscrypt Inc. "This qualification is a direct result of our success as one of the initial six interoperable matchers following NIST's Minutiae Interoperability tests."

Bioscrypt Inc.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2208
Published: 2014-12-28
CRLF injection vulnerability in the LightProcess protocol implementation in hphp/util/light-process.cpp in Facebook HipHop Virtual Machine (HHVM) before 2.4.2 allows remote attackers to execute arbitrary commands by entering a \n (newline) character before the end of a string.

CVE-2014-2209
Published: 2014-12-28
Facebook HipHop Virtual Machine (HHVM) before 3.1.0 does not drop supplemental group memberships within hphp/util/capability.cpp and hphp/util/light-process.cpp, which allows remote attackers to bypass intended access restrictions by leveraging group permissions for a file or directory.

CVE-2014-5386
Published: 2014-12-28
The mcrypt_create_iv function in hphp/runtime/ext/mcrypt/ext_mcrypt.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 does not seed the random number generator, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging the use of a single initial...

CVE-2014-6123
Published: 2014-12-28
IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through 8.5.0.1 and Security AppScan Source 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, 9.0 through 9.0.0.1, and 9.0.1 allow local users to obtain sensitive credential information by reading installation logs.

CVE-2014-6160
Published: 2014-12-28
IBM WebSphere Service Registry and Repository (WSRR) 8.5 before 8.5.0.1, when Chrome and WebSEAL are used, does not properly process ServiceRegistryDashboard logout actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.