Printer Friendly

The right look can open doors.

INCREASING INTEREST IN USING BIOmetric technology to enhance physical and information access control applications is being shown by commercial organizations as well as government agencies and the military.

Biometrics use physiological and behavioral characteristics to provide automated methods for personal identity verification. This analysis compares the six main types of biometrics commercially available today--fingerprints, hand geometry, keystroke dynamics, retina patterns, signature dynamics, and voice verification.

This analysis also describes future applications developments and discusses some major factors, such as price considerations, user acceptance issues, performance improvements, and integration and support issues that influence the expansion of biometric usage.

The term biometrics strictly relates to the statistical analysis of biological phenomena and measurements, but it has become widely accepted in the security profession to describe technologies used for personal identity verification.

Progress toward the wider use of biometric solutions for identity-related security problems requires more research into system needs rather that specific technological development. Although initially successful in physical access control environments, some analysts see the future volume markets for biometrics to be in fields such as mass payments and national and international personal identity schemes. These demand high levels of user acceptance, reliability, and performance.

USING COMPUTERS TO AID THE ANALYSIS of human physiological or behavioral characteristics for the purpose of identifying individuals is not new. First introduced in the 1970s, a variety of biometrics have become commercially available. These biometrics have already been used in a many small-scale niche market applications with some degree of success. Typically, these have been physical access control applications involving relatively small but "closed" populations, such as are characterized by one company's employees. The ultimate application population for any biometric, however, is the public. No biometric yet has been successfully tried in such an "open" environment.

Thus, despite analysts' initial enthusiastic forecasts and some undoubted technological progress, the market will remain small until the existing wrinkles in these systems are ironed out.

Biometric security is based on measuring something about an individual, rather than something that he or she knows, such as a PIN (personal identification number) or password.

Identity claims are usually supported by the existence of a digitized representation, or template, of the person enrolled. Reducing that template code by data compaction has a number of advantages, including the speeding up of operational throughput. This enables the template to be held economically in a central data base or in some portable computing device, such as a smart card or token. One developer even claims to have squeezed fingerprint data on to the 79-character track of a conventional magnetic stripe card.

Indisputable identification of individuals has nevertheless proved to be a challenging task. So, too, has cost, in part due to the small product volumes so far attained.

Evidence suggests that the requirements for the successful implementation of biometrics are not yet clearly understood. Further research into the particular needs of business, government, and industry is essential before these mechanisms can be used to full advantage.

Two categories of biometric technique are available in the market today:

* physiological, such as faceprints, fingerprints, hand geometry, nonretinal and retinal blood vessel analysis

* behavioral, such as keystroke and signature dynamics and voiceprints

Physiological techniques deal with fixed human characteristics that, in theory, do not change but may be affected by individual behavior. Of these, retinal blood vessel scanning and fingerprinting have important performance advantages. But on the grounds of cost and user acceptance, these two methods are probably only suitable commercially in specific low-volume application sectors.

Faceprint systems, previously thought too complex and expensive, have been successfully developed following the availability of low-cost chip cameras and "fuzzy logic" techniques such as neural networking.

Behavioral techniques involve measurements of individual actions with the user able to exercise a degree of control over performance. This can be both an advantage and a disadvantage.

Some writers vary their signatures either to improve acceptance or as a result of nervousness, leading to increased errors. Mood and other factors, too, may affect voice verification. Faceprints are less susceptible to such changes, and fingerprints not at all. Nonretinal (such as hand) blood vessel scanning is affected by recent exercise and temperatures but not by conscious control.

Exhibits 1 and 2 show that no one biometric is likely to dominate the marketplace since all have limitations that compromise the system solutions possible.

As levels of cost come down, it might also be desirable in certain applications to use two biometrics in combination--for example, keystroke dynamics and faceprint for continuous terminal user monitoring.

A number of biometric subsystems already operate in combination with cardbased TABULAR DATA OMITTED PIN entry mechanisms. The Voice Action System, developed by First National Bank of South Africa, is just such a system. Here, the combination of PIN entry and a voiceprint template file ensures a secure payments service.

Biometric mechanisms can also be categorized in terms of their cost, user acceptance, performance, speed, integration potential, and conformance with standards.

Cost. To date, the high cost of biometric products has made them an expensive alternative to other automated security solutions. The add-on cost of providing a biometric solution has to be assessed against the benefit that the use of such a biometric provides.

The components of biometric subsystems (see exhibit 1) are commonly integrated into some form of terminal system, the sole exception being the input sensor device, such as a chip camera or attached pen.

Therefore, as a first approximation, cost can be determined by the input sensor cost alone. This is the reason why voice verification, where the input device is usually a simple telephone microphone, has such potential.

User acceptance. To be universally acceptable, biometrics must be legally and physically robust, safe to use, not invade the user's privacy, or be perceived as socially unpalatable. Thus, certain powerful methods, such as injected radio tags or tattooed bar codes used to identify livestock and pets, are obviously unacceptable.

Equally widespread acceptance of fingerprints with their overtones of criminality is dubious, despite recent advances in the promotion of such methods.

On the other hand, it is argued that dynamic signature verification (DSV) would be acceptable to people of all ages and social groups so long as they are literate, since the signature is already a widely used form of personal identification. In countries where literacy is not so widespread, voice verification may be more suitable. Similarly, few honest people should object to presenting their hands or faces as a means of identification.

Performance. Since biometric mechanisms cannot be relied on consistently to make correct decisions regarding the identification claims made, biometrics are based on statistical probability rather than definitive yes or no answers.

A biometric system may make two types of error: rejection of an authorized individual or the incorrect acceptance of someone who is not authorized. These are often referred to as the insult and imposter rates, respectively. Ideally, these should be zero or near zero.

Software within the biometric mechanism can be adjusted so that the threshold for acceptance or rejection may be adjusted for individual requirements of the overall application system. Nonetheless, it remains a difficult task for designers and users of biometric systems to optimize values for a particular application.

Research continues in an effort to reduce error levels in most biometric systems. For example, dynamic signature systems are known to be susceptible to variable signers, such as those whose signatures are not statistically consistent even where the system is set up to monitor and revise its template in accordance with change.

This suggests that current correlative methods should be discarded in favor of time-domain processing as used in speech recognition, based on using sophisticated mathematical techniques. However, improvements become increasingly difficult to attain and add to system complexity. Implementors are finding that the use of additional system procedures, such as user profiling based on expert systems methods, may be the best way to attain required performance levels.

Speed. The criteria here is for the biometric to do at least as well or better than any available alternative and that any delay should not be perceptible to the user. The primary complaint against most available biometrics has been that they are too slow--several seconds of verification time is common. Although the availability of enhanced computing power and improved data-handling techniques will overcome this problem to a large extent.

Integration potential and standards. The introduction of new technologies, such as biometrics, is a complex process that has to be done with care and minimal disruption to existing services. For this reason, several organizations in Europe and the United States have participated in low-volume trials of specific biometric products. Such trials have added considerably to security practitioners' understanding of some of the problems of introducing biometrics.

Associated with the need for further and larger scale trials is the issue of developing operational standards. These are essential to ensure that wide-scale purchasing and supply and systems interworking can progress in an orderly fashion. Preliminary discussions on this important issue have taken place recently in the United Kingdom and United States.

INDEPENDENT EVALUATIONS OF NEW technologies is essential to their general acceptance, and to date, only limited testing of biometrics has been carried out by independent agencies.

Best known is the work of the US Department of Energy's Sandia National Laboratories, which released the results of its second round of tests on biometric devices in mid-1990. But these tests have to be questioned, since they assessed equipment from only six US vendors: fingerprint--Indentix's Touchlock; hand geometry--Recognition systems' ID-3D-U; retinal scan--Eye-dentify's Model 8/5; signature dynamics--Autosig's Sign/On; voice verifiers--Alpha Micro's Ver-a tel and International Electronics' VoiceKey.

This is hardly a truly representative sample of internationally available biometric products. Nonetheless, these tests are the only comprehensive evaluations available. They showed that DSV is by far the cheapest of the evaluated product types, although these tests also reveal that DSV rejects a disturbingly high proportion of properly enrolled individuals.

Hand geometry had a low rate of false rejections, especially if more than one attempt was made and was much better than signature in this respect. But hand geometry costs more than twice as much as signature dynamics. Strangely, the poorest performer was voice verification, with the device exhibiting high false rejection rates and a relatively high false acceptance rate.

These results are important to the embryonic US biometrics industry since Sandia is relied on by US government agencies as an independent test center. Its relevance outside the United States, however, is less certain. The establishment of an internationally accepted test facility based on agreed standards for comparison remains a requirement that is as yet unfulfilled.

Over the past two years, UK banks have been actively evaluating the potential usefulness of DSV systems in retail applications. A sequence of trials have been conducted that have confirmed doubts expressed about this new technology. Although evidence from the more recent tests carried out presents a more encouraging picture, no bank has gone beyond product trial and into system implementation.

Voice verification systems, in the meantime, have been implemented by a number of financial institutions in association with the introduction of telephone banking services. Voice-based services are clearly seen by the banks to offer the most immediately rewarding area of biometric systems.

BIOMETRICS HAVE YET TO FULFILL THEIR early promise but will emerge as a powerful component in a wide variety of applications. The need now is to identify those areas of the application that will prove profitable to users and vendors alike.

User acceptance will depend on the ability of the vendor companies to adapt to these emerging requirements, agree and develop standardized testing methods that will ensure accurate comparison of products, and produce devices in sufficient quantity to reduce prices substantially.

Nonetheless, biometrics companies still face an uphill battle to convince the public and, more particularly, the skeptical security professionals, that biometric systems are safe, reliable, and worthwhile. Widespread acceptance of biometrics is forecast to be at least 10 years away, and during that time many existing but financially unstable specialist biometrics vendors can be expected to go to the wall.

Voice-related biometrics appear to hold the most long-term promise today. Once speaker-dependent, continuous-speech recognition technology has stabilized, it can be combined with other artificial intelligence techniques to provide interactive systems that appear to have intelligence. This will provide management with the opportunity to interface into corporate and public domain information pools in easy-to-use ways that are currently feasible.

Robin L. Sherman is an independent consultant with over 30 years' experience in information technology.

Exhibit 2

The Advantages of Selected Biometrics


Totally noninvasive sampling. Can monitor terminal usage after log-on.


Positive identification, except for certain classes of worker, such as chemists and miners.

Hand geometry

No literacy skills required.

Keystroke dynamics

Monitors continuing usage of terminal keyboard after log-on.

Signature dynamics

Based on socially and legally accepted practice (Europe and the United States).


Can work remotely via telephone network. Requires no literacy skills.
COPYRIGHT 1992 American Society for Industrial Security
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 1992 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:includes related articles; biometrics in personal identification
Author:Sherman, Robin L.
Publication:Security Management
Date:Oct 1, 1992
Previous Article:Protecting Disney's wonderful world.
Next Article:Physical education for campus security.

Related Articles
From sci-fi to daily life.
Air Force adopts biometrics security systems.
Fingerprint recognition.

Terms of use | Copyright © 2016 Farlex, Inc. | Feedback | For webmasters