Fingerprint Identification Technology Articles - Biometrics and Access Control Technology


Biometric Technology	Back to Homepage

Extract from THE ECONOMIST - SEPTEMBER 9TH 2000 The measure of man "Biometric" technology, which can recognise people from their fingerprints, eyes or other bodily characteristics, is becoming cheaper and more powerful. Is it about to become ubiquitous? On the Internet, goes the old gag, nobody knows you're a dog. The usual way to prove who you are when picking up e mail, shopping online or visiting a closed area of a website is to type in a password a surprisingly old fashioned form of security that would be recognisable to a Roman soldier. But though passwords are simple, they are far from secure. Many people use the same one for everything. Worse, they may use a common word such as "hello", their phone number or their dog's name any of which could be guessed by an intruder. Which is why some people champion a more high tech approach. Rather than using a password to identify yourself to a computer, why not use a physical characteristic such as your voice, face or fingerprint? Such bodily measures, known as biometrics, have the appeal that they cannot be lost, forgotten or passed from one person to another, and they are very hard to forge. Proponents of biometric technology imagine a world in which you sign on to your office computer using a fingerprint scanner, take money from a cash machine that scans your eye to ensure you are the account holder, identify yourself to your bank over the telephone via a voiceprint, and check in for flights by walking past an airport camera that identifies you as a frequent traveller. Being digital Biometrics come in many forms. The idea is said to date back to ancient Egypt, when records of distinguishing features and bodily measurements were used to make sure that people were who they claimed to be. Modern computer based biometric systems are employed for two basic functions. The first is identification ("who is this person?"), in which a subject's identity is determined by comparing a measured biometric against a database of stored records a one to many comparison. The second is verification ("is this person who they claim to be?"), which makes a one to one comparison between a measured biometric and one known to come from a particular person. Fingerprints are the most widely used biometric. Ink based fingerprints have been in use for over a century, but in recent years they have gone digital. Modern electronic systems distil the arches, loops and whorls of conventional fingerprints into a numerical code. This can be compared with a database in seconds and with an extraordinary degree of accuracy. Fingerprints have the advantage of being cheaper and simpler than most other biometrics, and account for around 40% of the market (see chart). Finger scans are tipped to become the biometric of choice for logging on to corporate networks. Technology companies note that a large proportion of calls to helpdesks are due to forgotten passwords, so they are pushing finger scans as a way to reduce support costs. Polaroid's new finger scanner, announced in May, costs around $50 and is being incorporated into some new PC keyboards. At the other end of the scale, Argentina is spending five years and $I billion to digitise its fingerprint records, which are kept (in paper form) for every citizen, in order to combat identity fraud. Another popular biometric is hand geometry. Unlike fingerprint scanning, which is widely regarded as demeaning in America and Western Europe, it is not stigmatised by an association with law enforcement. It involves scanning the shape, size and other characteristics (such as finger length) of some or all of the hand. Users are required to make some claim about who they are by swiping a card, for example before a scan. The biometric template of the person they claim to be (which, in some cases, is stored on the card itself) is then compared with the scan. Hand geometry systems are already used to control access and verify identities at many airports, offices, factories, schools, hospitals, nuclear power plants and high security government buildings. They are also used in "time and attendance" systems, in which shift workers clock on and off using their handprints preventing time card fraud through "buddy punching". The best known example of the technology is the INSPASS programme, which allows frequent travellers to the United States to skip immigration queues at seven big airports by swiping a card and placing their hand on a scanner. Recognition Systems of Campbell, California, which supplies the scanners for the INSPASS programme, says that over 35,000 of them are in use around the world. An eye for an eye Then there are the eye scanning systems familiar from spy thrillers. Scanning the fibres, furrows and freckles in the iris (the coloured part of the eye) using a video camera at arm's length from the eye provides enough information to identify somebody. But while the technology is regarded as by far the most reliable biometric, it is relatively expensive. Some users also consider having their eyes scanned as even more intrusive than fingerprinting. Not all users, however, have a choice: iris scanners supplied by IriScan of Marlton, New Jersey are used in over 20 jails in America to identify prisoners, staff and visitors and ensure the right people are let in and out. Iris scanners have also been tested by banks in Britain, Japan and America, as a way of identifying users of cash machines. Since the iris scan identifies each customer, there is no need to insert a bankcard or remember a personal identification number (PIN). In July, US Airways began trials of an iris recognition system at two airports. The idea is that passengers step up to a machine and get their boarding cards automatically. Another biometric is facial recognition, a technology that has gained ground in recent years thanks to the falling price of computer power. It works by analysing a video image or photograph and identifying the positions of several dozen fixed "nodal points" on a person's face. These nodal points, mostly between the forehead and the upper lip, are unaffected by expression or the presence of facial hair, says Joseph Atick of Visionics, a leading vendor of face recognition technology based in New Jersey. Facial recognition is becoming more widespread, says Dr Atick, because it can exploit existing cameras and existing databases of facial images from driving licences and passports. Facial recognition is used mainly to verify identity. But if the database of possible matches is kept small, it can be used for identification. Unlike other biometrics, facial recognition can also operate "passively" i.e., without people realising they are being scanned. It can thus help to spot terrorists at airports, football hooligans at ports, and cheats at casinos. Visionics' FaceIt system was also used to combat vote rigging in Mexico, by analysing the database of images from voter registration cards and identifying duplicates where the same person had registered under several different names. A list of invalid cards was drawn up to prevent multiple voting. Similar schemes have been used in some American states to identify people making multiple applications for driving licences or welfare payments. Another form of biometric that does not require special equipment is voice recognition, which works by analysing an individual's fundamental vocal characteristics. But while this technology is cheap, it is less reliable than other biometrics, particularly when only a few seconds of speech are available. The market share of voice recognition has fallen over the past two years, while that of facial recognition has grown. A handwritten signature can also be a biometric, because how you sign your name is a "behavioral" characteristic. As pen based computers and personal organisers become more popular, the hardware required to capture a signature is increasingly available. Several firms are championing signature analysis as a friendly biometric that can be introduced wherever signatures are already used. But as with voice recognition, reliability can be a problem. According to Jackie Fenn of Gartner, a consultancy based in Lowell, Massachusetts, firms that experiment with signatures are likely to go on to adopt other biometrics instead. There are a handful of other biometric technologies, including body odour recognition, thermal facial imaging, and acoustic head resonance. But although they each have advantages of their own (thermal imaging, unlike conventional facial recognition, is supposedly able to distinguish between identical twins), compared with other biometrics they are either too expensive or too impractical, and so none has been commercialised. Searching for the killer app This optimism stems in part from the fact that this summer America, Britain and Ireland passed laws making digital signatures legally binding. The new regulations mean that a digital signature has the same legal force as an ink based one. But a digital signature can be stolen or used by somebody other than its owner. Proponents of biometrics argue that only by protecting digital signatures with biometrics (so that a signature is released only if the owner's finger is presented, for example) can people be sure who they are dealing with online. Another significant development was Microsoft's announcement in May that it would provide support for biometrics in the next big revision of its Windows operating system , to enable users to log on to their computers "and conduct secure e commerce transactions". Dr Atick, a proponent of face recognition systems, has also welcomed the first prototype mobile phones and personal organisers with tiny built in cameras. As it becomes possible to conduct transactions from mobile devices, he argues, it will become increasingly important to be able to verify the identity of the user of a particular device. "I think this is the killer app," he says. The biometrics industry has done its best to allay these privacy concerns. In many applications, the spectre of an Orwellian central database can be avoided if users carry their own biometrics around on smart cards, as they do with INSPASS. Only if the biometric stored on the card matches the user's handprint is access granted. Similarly, with face recognition systems, verifying an identity can be done by comparing the photograph in a passport with the face of its bearer; there is no need for a database. Indeed, says Richard Norton, executive director of the IBIA biometrics can be used in ways that enhance rather than diminish privacy. A finger scanning system could, for example, be used to ensure that only authorised personnel have access to medical records in a hospital. Biometrics might even enable patients to find out who had looked at their records, and when. Part of the motivation for the formation of the IBIA was to counter the growing perception that biometrics inherently undermine privacy; the association's policy is that government use of biometrics must be strictly regulated, and that private companies that use the technology must do so transparently. Besides, the nightmare vision of vast computers, correlating biometric scans to monitor citizens' activities, assumes a level of technical expertise on the part of governments that is lacking in the real world. John Woodward, a legal consultant who specialises in biometrics, has coined the term "biometric balkanisation" to describe the inability of biometric systems from different vendors to talk to each other something that, he argues, serves to protect privacy. Scanning the future Biometrics are sure to grow in importance for both governments and companies. In welfare offices, prisons, high security facilities or when providing access control to networks, the technology can be imposed on users, the security of the entire system is under central control, and the biometric scanners are used by many people, spreading their costs. But the outlook for voluntary adoption of biometrics by consumers is less rosy. In some fields, such as airports or banking, customers may volunteer to use them if they can see a tangible benefit such as faster service, lower charges, or points in a loyalty scheme. Systems that allow consumers to opt in will do much to dispel some of the myths surrounding the technology, and could prepare the ground for wider use.

Back to Technology	Back to top