Home >  Articles > Giving the finger takes on more meaning

•  
•  
•  
•  

Faced with threats ranging from potential terrorist attack to hacking, theft and wilful destruction, companies are constantly searching for ways to make both their IT systems and physical facilities more secure. Ian Grayson explains how biometrics are no long-er a novelty as they become mainstream.

Where once pass codes and PIN numbers were considered sufficient for most applications, many organisations are now embracing the rapidly evolving area of biometrics.

Whether wanting to restrict access to IT systems, allow secure customer transactions or accurately identify staff, the range of potential biometric systems is growing all the time.

Areas of focus for vendors active in the area include everything from fingerprint recognition to iris, voice, hand and even tracking the way a person walks.

While work is progressing in each of these areas, and enthusiast groups are choosing their favourites, research shows that the different types of biometrics have different levels of success.

A study was recently conducted in the United Kingdom by the UK Passport Service which is considering a range of biometric measures to be included in future passports and ID cards. A trial was conducted using some 10,000 participants who agreed to test facial, iris and fingerprint recognition systems. The six-month trial measured everything from the amount of time required to collect the biometric details to the levels of usability and accuracy of the systems.

According to a report on the trial, the lowest verification success rate of the three biometrics used was facial recognition, which had a success rate of 69%. Staff conducting the tests found difficulties with lighting, clothing and camera angles contributed to the difficulties.

Iris recognition was found to be the most accurate with a reported 96% success rate while fingerprint recognition recorded a success rate of 81%.

In Australia, the federal government is undertaking a number of trial biometric tests, including high-profile projects at the nation's major airports.

It recently announced a $2.7 million, six-month trial of a so-called "identity assurance" border control system at Sydney Airport.

The trial system will be used to capture an iris scan, fingerprints and facial recognition image of participants which will be held in a central database for future verification purposes.

The trial will involve two types of people: incoming passengers referred by Customs officers for further investigation, and people arriving from Africa as refugees.

The federal government is also making progress on its $60 million SmartGate project which uses facial recognition technology to automate the processing of arriving international air passengers.

The system matches a live image of each passenger's face with an electronic version held in a chip contained in their passport. The trial began with Qantas flight crews in late 2002 and was extended to more than 6000 frequent flyers early last year.

However, early problems with accuracy and the ability to scale processing to larger numbers of passengers have caused delays to the project. It is not yet known when its usage will be extended beyond the original trial.

Clau Hansen, South Asia vice president of biometrics and smartcard specialist Axalto, says most projects are still in pilot or early deployment stages and tend to be found in the travel document sector. However, as acceptance of the technology increases, the next area of growth will be health.

"In the health care sector, the annual global biometrics revenue is projected to witness a seven-fold increase to $197 million in 2008," he says.

"On a geographic basis, the US and Europe are probably generally more aggressive about biometrics with smart cards. At the same time in Asia, we are seeing projects especially in Hong Kong, Japan, Singapore, India and Australia."

Of all the biometric techniques available, it is fingerprint scanning that has become an early favourite and is being examined by a number of Australian companies.

One of the most popular applications of this technology is to improve the security of laptop computers. Security expert with PC manufacturer Lenovo, David Nicol says access-level security has tended to be overlooked by companies which tend to focus their efforts at the network and server level.

Nicol says Lenovo is integrating fingerprint readers into more of its laptop offerings, giving users greater data security and improving ease of use. The reader works in conjunction with a dedicated security chip inside the machine which stores all log-on names, passwords and images of the users' fingerprints.

"As well as helping with the Windows log-on, the system can also be configured to give access to specific applications and websites," he says. "All required log-on names and passwords are stored in the security chip and accessed as required."

Despite the success of fingerprint scans, others are focusing their efforts on a different part of the human hand - the palm.

Japanese electronics giant Fujitsu recently released a contactless palm vein scanner it says is capable of identifying people more accurately than fingerprints.

Called PalmSecure, the device requires people to hold the palm of their hand a couple of centimetres from the device and have it scanned by a near infrared beam. While the haemoglobin in the blood absorbs the light, other parts of the palm reflect it, resulting in a detailed image.

Fujitsu Consulting security expert Charles Wale says the image is used to create a pattern unique to that person which can later be compared with their palm to determine their identity.

"We expect the device to be of particular appeal in the medical sector where the contactless nature of its operation makes it hygienic to use," he says.

Wale says Fujitsu is also working with a range of Japanese banks and has already installed the reader in some 2000 automatic teller machines. Here, the biometric details are either stored on a smartcard carried by the customer or held centrally by the bank.

Proponents of such systems say the human palm carries 300 times more information than a single finger, allowing a significantly higher level of accuracy and security.

"There are a number of ways of getting around fingerprint devices," says Wade. "Palm scanning is also more appealing for people than, say, iris scanning as they don't have to put their eye near a device."

He says a test completed by Fujitsu in Japan involving 70,000 people showed the palm scanning system enjoyed a false success rate of just 0.00008% and a false rejection rate of 0.1%.

"I think their widespread use is still a little way off but there is certainly interest in the market," he says.

The palm trials highlight an important factor in the implementation of biometrics - where the secure information is held.

Many experts are concerned about systems which hold details centrally because of what they see as the potential for identity theft. They believe systems which store the details on a chip carried by the individual are a better option.

Another branch of biometrics rapidly gaining acceptance involves systems based on speech recognition. The appeal of this technology is that it can be used remotely as it does not require an individual to interact with a physical scanner or reader device.

Chief technology officer with speech recognition specialist Ve-commerce, Brett Feldon, says considerable work has been undertaken during the past 12 months to improve the accuracy of voice recognition and enable it to be used in security applications.

"When compared with other biometric techniques it holds up very well," he says. "The instances of getting a positive lock on a voice are very high."

Voice biometrics works by using sophisticated recognition software to identify the unique characteristics of a person's vocal tract. These allow the creation of a voice print which can then be compared to future spoken words and sentences.

"Normally biometric systems are measured in terms of their equal error rates," says Feldon. "This is where the numbers of the two types of errors - false rejections and false acceptances - are equal. You can usually aim for an equal error rate of 1% with voice biometrics, which makes it very accurate."

Feldon says that in applications like telephone banking, the number of people trying to access their own accounts will always be much larger than the number trying to gain fraudulent access, and so systems can be tuned with that in mind to make them even more accurate.

Another area of biometrics gaining increased attention for its security potential is facial recognition. Here, tools can be used to ensure a person matches the photo and details in their passport or even pick faces out of a crowd and compare them with a database of known offenders.

The systems analyse each face using what are called nodal points - distance between the eyes, size of cheekbones, depth of eye sockets, etc - to generate a unique pattern. These patterns can be rapidly compared with thousands of others with accurate matches made in seconds.

Francois Romanet, Australian managing director of French electronics company Sagem, which specialises in biometric security, says facial recognition technology is particularly useful in places such as airports where it can significantly speed up the flow of passengers through customs.

Sagem has been working with the federal government on its SmartGate project and Romanet says the successes there will result in the technology being used more broadly in the future.

"The ability of biometrics to make life easier makes it very appealing," he says. "People will get used to using different forms of the technology every day to assist them and also to protect their privacy."

Romanet points to future developments such as incorporating a fingerprint reader into mobile phones to make transactions more secure as an example of how biometrics will become a part of daily life.

"If people see something that is easy to use and more cost effective then they will use it."

Experts agree that biometric technology will become widely used in both corporate and private life during the next few years. Its potential to offer a combination of heightened security and ease of use make it difficult to ignore.

• Share this Article:
• digg this
• add to del.icio.us
• StumbleUpon
• RSS Feeds