Biometrics is the new buzz-word. It is projected as the technology that can
save us from terrorist attacks or even credit card frauds. A technology that can
save us from long waits at the security check counters at the airports. But don’t
be overwhelmed by the promised technology so soon. It will also give
unimaginable power to the Big Brother who always loves to be watching!
When
your thumb impression is linked to your identity, all that is required to make
your private life totally transparent is a central database linked to a
nation-wide network of computer terminals with attached thumb scanners! Your
biometric identity can be linked to your income tax permanent account number,
your credit card, your driving license or even your college or workplace
identity card.
On the negative side there is the real danger of an individual being
converted to Mr 4782-9684-5134-6897 and being constantly tracked. On the
positive side there is the biggest convenience of proving your identity quickly
beyond doubt, and the possibility of tracking the criminals and terrorists
wherever they go and of bringing them to justice.
The Mexican government used face-recognition software during the country’s
2000 presidential election to make sure that registered voters voted only once.
New York State welfare system has been using fingerprinting technology since
1998 to make recipients of state benefits get one and only one set of benefits,
saving the state millions in potential fraud.
Not yet perfect
Talking of biometrics, there is no single "best" biometric
technology. Different authenti-cation environments require different solutions.
-
There are technologies, which
provide high accuracy ... but they may be expensive or difficult to use,
like the 3D-face geometry. -
There are technologies, which
require almost no effort to use ... but they may be unable to provide a high
enough level of accuracy. There may be many false rejections. -
There are technologies, which are
easily integrated into existing infrastructure ... but they may not perform
quickly enough to be deployed in many situations.
No single technology is ideally suited for all situations.
Luckily, there is a biometric technology (or combination of technologies) to
suit nearly every authentication need, from point of sale identification of a
credit card holder to high security installations like national R&D labs and
nuclear installations.
Setting better standards
One must also re-member that biometric security systems are not yet perfect.
For example, most face-recognition systems can be thrown off the track if the
camera’s view of a face is more than 15 percent off center.
The success of standards development is critical to
biometrics’ adoption in large-scale public and private institutions. Attempts
at standardization are underway in various areas of biometric technology,
including the mechanics of image capture, the density and type of data required,
the accuracy of "data" as it is extracted, legal and legislative
issues, security and privacy issues, and interoperability of devices.
The acceptance of biometrics in small-scale private
applications may not depend so much on standardization, but government and
financial institutions are often bound by stringent rules and guidelines
regarding standards. As long as stan-dardization efforts are conducted
intelligently and with proper inputs from all parties concerned, the biometric
industry will gain much more than it may lose through acceptance of standards as
against development of proprietary specifications.
Biometrics is not only important for security checks in
physical access control, it is equally important for the network or information
security applications. Biometric authen-tication when implemented can provide
levels of security and network access control much better than that provided by
passwords, PINs, or smart cards. Biometrics is on the verge of becoming an
essential part of a comprehensive information security framework of individual
authentication, and will soon become indispensable.
Flavors of biometrics
Biometric technologies can be broadly classified into three major groups:
Chip-based finger scanning: Chip-based sensors have no
moving parts and involve users placing their fingers directly onto silicon
chips. Chip-based finger scanners are now replacing optical finger scanners and
have gained significant market share because of their small size and low power
consumption.
This technology however is facing a controversy over fears of
public outcry over potential finger scanning projects involving customers, as
fingerprinting has long been associated with criminal investigation. But it is
not difficult to explain to customers the differences between fingerprinting and
finger scanning, as well as demons-trate the benefits the latter will provide.
Once customers understand the ease of pro-viding a fingerscan sample, and the
benefits of increased security, the reluctance will slowly go away.
Eye-scanning technologies: There are two parts of the
eye that are used for biometric identification and verification: the retina and
the iris. Both technologies appear to be very similar. However, the techno-logies
are very different in operation and each requires different levels of effort to
implement and operate successfully.
Face geometry: The FERET Database is a large
collection of facial images developed by the United States Army Research Labs to
advance the state-of-the-art in face recognition. A typical setup works by
taking 128 measurements of each face, such as the distance between the eyes, and
converts those dimensions into a unique binary code, which is then compared with
a photo database. Developers of the face geometry identification system claim
that a person can be identified with samples taken even up to ten years earlier
and even if the person gains weight during that period.
On the legal front there are still many unanswered ques-tions
about biometric techno-logy. Some of these include:
-
Can biometric database be sold or
exchanged? -
Can biometric information be
obtained without consent? -
How do you secure the storage of
the biometric templates? -
What happens if a legitimate
customer is falsely rejected? -
How can one ensure that a given
biometric submission is being used for a specific transaction and not
misused for additional transactions without the knowledge of the customer?
Let us hope that these questions will be answered soon and
that the biometrics stan-dardization also goes through without any hassles.
There is no doubt that biometric technology holds the promise of a safer world
for coming generations.
Ashok Dongre can be contacted via e-mail at dongre@usa.net