Biometrics: Brave new world?

• Article 7 of 33
• SC Magazine, January 2007
• View the original article online

Page 1 | Page 2 | Page 3 | Page 4 | All 4 Pages

As a security measure, there's a touch of James Bond to biometrics. Until recently, hand geometry, iris, face and voice recognition seemed like a great idea, but one that may be more the realm of fiction when it came to implementation. The idea that they could be used as part of an organisation's security infrastructure seemed equally far-fetched. Enterprises that tried biometrics found these suspicions confirmed.

But as the technology has improved, biometrics have steadily been creeping into everyday life. The Government is already issuing passports containing biometric information and is planning a national ID card scheme along similar lines. Manufacturers of laptops have started to offer fingerprint authentication as an alternative to passwords. Various organisations, from schools to data centres and banks, are using biometrics for staff authentication, payment and to speed up queues for priority customers.

“The promise is starting to be realised. It's something we've been anticipating for a long time,” says Tim Best, director for global identity solutions at LogicaCMG. “The technology coming along is more useable. It's faster, better, cheaper and it works very well.”

There is a multitude of biometrics in use. Deciding which to choose is as much about the context in which it will be used as about the biometric itself.

At heart, biometrics are probabilistic. The readings taken by the system indicate whether the person providing the data is probably the person they claim to be. Depending on the thresholds used, it's possible for the system to let in people who shouldn't be authorised or to refuse admission to those who have the correct credentials, even if the hardware and software are working correctly.

Indeed, the accuracy of the reading is closely linked to the choice of biometric. Iris recognition, for instance, is one of the most accurate options. However, recording an iris is time-consuming and requires expensive hardware as well as exact positioning of the subject's head relative to the camera. Some users also find the process invasive, and it's very hard to equip a laptop or BlackBerry with iris recognition equipment.

Fingerprint recognition, one of the most mature biometric technologies, is often used instead. The equipment is cheaper, it's easy to swipe a finger over a reader, and the hardware is readily incorporated into laptops or other systems. However, it is more prone to mistakes in environmental extremes, such as high humidity or heat, and often fails when the user has been doing manual work or has dry skin. In some countries, such as Japan, people prefer biometrics that involve no contact with a reader that has been touched by other people.

No perfect method
Other biometrics have similar balances of pros and cons: facial recognition is simple to perform and non-invasive, but is vulnerable to contrast problems and requires more computing power than fingerprinting. Hand geometry, which measures the hand for simple distances, is easy to use but is less accurate at differentiating large groups of people. Voice identification can be performed remotely but has problems when dealing with freeform speech and large datasets; and so on. Some methodologies are more applicable to certain environments than others. And vendors will fight over which is best.

“Iris recognition is very expensive,” says David McIntosh, CEO of OmniPerception, a company that sells face recognition technology. “For really good hardware, you have to pay £15,000. It's very accurate, but you have to hold terribly still. When the UK Passport Service tried it, 39 per cent couldn't enrol.” Face recognition, he says, is non-invasive and more like the kind of biometric used in the real world.

“You're not going to get perfect results with facial recognition,” argues Carl Gohringer, head of security at NEC UK. “I wouldn't advocate its use in access control, but it's fine in immigration, for example, where you just want the top-ten faces in a database of a million.” He claims fingerprinting is far more accurate.

Page 1 | Page 2 | Page 3 | Page 4 | All 4 Pages