At the turn of the nineties, the explosion of the internet and e-commerce created tremendous difficulties in identifying people who could not be met face-to-face. Tired methods such as passwords and PINs no longer cut the mustard anymore. Easily forgotten, and effortlessly hacked, the security industry cried out for a viable alternative to these old authentication systems. Then, just over a decade ago, biometric security devices crept onto the scene. Touted as the final word in security technology, biometrics were supposed to change the face of the identification industry. So what went wrong?A biometric record is a mathematical representation of an individual’s unique characteristic, stored in digital form. The record can be based on a wide range of methods including fingerprint scans, iris scans and facial recognition. Although it carries distinct advantages over driver’s licenses and passports, (it’s near-impossible to steal someone’s fingerprint for one), biometric security is still fairly unreliable. Despite the technology being around for many years, biometrics have been restricted by large running costs and the complexity of the devices which use it. Thus, its take-up has been limited to military and other high-security applications where security takes precedence over cost and convenience.
But the landscape is finally changing. Biometrics devices are rapidly gaining market acceptance by private companies, governments and consumers who recognise the potential of the technology. Now providers need to repay the faith by developing ironclad security products which are cost-effective and easy-to-use. The security industry is seeing a convergence of physical and virtual devices and access is becoming integrated with computer networks and databases. But biometrics aren’t quite good enough just yet. Even as microphones and digital cameras become standard equipment, voice or facial recognition devices are scarce. For this to change the technology needs to find the right balance between rejecting legitimate users and allowing unauthorized ones to log on.
One way biometric security technology can improve is in the way in which it detects stress levels. Currently, that type of recognition is reserved for harsh image and sound variations in the surrounding area. For instance, a user could be denied access if he tried to use a voiceprint security gateway in a noisy room. In similar fashion, a facial recognition program could reject a user who is sporting a new hair cut or has naturally aged. Alternatively, it may accept an unauthorized user who bears a strong resemblance to a legitimate one. In fact, research by Atos Origin, who ran the UK Passport Agency Biometrics Trial, showed that the failure rate for face recognition was one person in ten. In addition, they warned facial recognition could be fooled simply by obtaining a good image of an individual’s face with a high-resolution photograph or a video recording.
Finger print patterns present a different problem. Because they are not unique to any one individual, a print on a passport or identity card could easily be the same as that of someone else. Also, finger prints required careful expertise to ensure a good print is recorded. Worn finger prints (such as manual workers), and dirty fingers will result in the scan failing. This means that fingerprint verification in shops and banks would be very unsuitable. To make matters worse, research in Germany revealed that fingerprint recognition could be cheated by ‘lifting’ prints using adhesive tape and using them hundreds of times. Or even worse, the technology might not recognise any prints at all. Take the story of a cancer sufferer in America, for instance. The gentleman was detained at an airport after side-effects of his treatment drug left immigration officials unable to take a print from his fingers.
Iris recognition requires specialist cameras and good lighting to work properly. In other words, it’s damn expensive. Even under perfect conditions there is still a failure rate of 1 in 100 people and companies admit that iris photography is not yet proven on a scale required to support the whole UK population. Typically, the proposed biometric passport will use the two most unreliable applications (face and finger recognition), while the identity card will have all three. The Home Affairs Select Committee have suggested that all three biometrics should be taken to reduce the risk of error. In contrast experts contend that this merely increases the failure rate. Add to that the impracticality of providing three separate biometric scans every time you travel and you have a non-starter.
Iris recognition requires specialist cameras and good lighting to work properly. In other words, it’s damn expensive. Even under perfect conditions there is still a failure rate of 1 in 100 people and companies admit that iris photography is not yet proven on a scale required to support the whole UK population. Typically, the proposed biometric passport will use the two most unreliable applications (face and finger recognition), while the identity card will have all three. The Home Affairs Select Committee have suggested that all three biometrics should be taken to reduce the risk of error. In contrast experts contend that this merely increases the failure rate. Add to that the impracticality of providing three separate biometric scans every time you travel and you have a non-starter.
But it’s not all bad, biometrics are gradually improving. New devices can sense an electro-magnetic pulse so any villain-style use of chopped off hands and fingers are thankfully a thing of the past. And the future’s looking rosier too. Experts predict that by 2013 the biometric security market will be worth £650 million dollars. They also predicted profound changes in the industry in the coming years now that the technology has completed its proof of concept stage and can start turning a profit. Governments are likely to be the early adopters, with business applications taking a backseat.
Eventually, widespread adoption will bring about consolidation in the industry, as investors push for profits and the companies that win the big private and government contracts will be at a considerable advantage over smaller start-ups. When the dust settles, it’s possible that hundreds of small companies will have merged with others, leaving only a handful remaining. What’s definite is that we will be hearing a lot more about biometric ID management. It’s time for biometrics to live up to their reputation.
(Smartcard News Ltd, 2009)
Eventually, widespread adoption will bring about consolidation in the industry, as investors push for profits and the companies that win the big private and government contracts will be at a considerable advantage over smaller start-ups. When the dust settles, it’s possible that hundreds of small companies will have merged with others, leaving only a handful remaining. What’s definite is that we will be hearing a lot more about biometric ID management. It’s time for biometrics to live up to their reputation.
(Smartcard News Ltd, 2009)
1 comments:
Tom, very interesting analysis.
It seems you are not aware of the newly domain in biometrics: the Age verification sensor that can identify children under the age of 14. The system does not use any kind of database so it overcomes all the drawbacks you mentioned in your article.
www.verificage.com
Post a Comment