Now being adopted to provide access control to buildings and late model vehicles; to enable school children to purchase lunches, register attendance and take out library books; and to lock down laptops and mobile phones; biometric technology looks set to make a move into the mainstream.
However, business managers are still showing some scepticism over the effectiveness of biometrics – fuelled by reports of systems com-promised by fake body parts and perceived user concerns over privacy. However, the increasing number of successful trials that have turned into full roll-outs are starting to convince many senior managers that biometrics have their place in an overall security system.
The eyes have it
Iris recognition technology – which scans the coloured part of the eye – is one of the more well-known biometric systems and has been in use in various forms in the UK for more than a decade.
Iris scanners work by detecting the unique patterns and markings on each iris. These are stored as an algorithm in a database and on a portable data chip, such as a passport or ID card, which can then be compared and used to verify identity.
The technology is already in use in the UK through the Iris Recognition Immigration System (IRIS) at airports around the country. UK residents and those who travel frequently to the UK are eligible to pass through an automated immigration barrier without having to queue for passport control.
Travellers enrolling for the programme have their iris scanned and personal details entered into a database before their flight. On re-entering the UK their iris is scanned to ensure they are on the database and, once confirmed, they are free to enter the UK.
A similar scheme has been operating at Amsterdam’s Schipol Airport since 2001. Its Privium programme fast-tracks members through special automated gates by the use of a smart cards containing an iris scan and personal data, checked against the passenger’s eye to verify their identity.
Rather than queuing at a manned desk, a Privium member inserts their card to open a first turnstile, before their iris is checked against stored data. Passport details are simultaneously checked against the systems of the Dutch border police. The process takes less than 12 seconds and more than 32,000 European citizens have enrolled for the scheme.
While commonly used to verify identity at airports, iris recognition technology – along with fingerprints and facial scans – is also likely to form part of the government’s ID cards project, which is due to be rolled out from 2008.
Biometrics involve measuring and confirming an individual’s identity from certain physical characteristics like finger-prints, face or veins, or from personal traits such as gait, voice pattern or handwriting.
Chiefly used to verify and protect identity, biometrics ensure security of buildings, vehicles and equipment.
The technology has also been proposed as a key solution in the fight against falsification of personal documents and subsequent identity fraud, particularly as public awareness of the weaknesses of passwords and PINs has convinced many that there must be a better way to ensure their identity is protected.
As well as improving security, biometric systems are sold on the basis that once installed they save money. There are few major costs after installation say suppliers, and IT staff are largely freed from time consuming administration that results from lost or forgotten passwords. In the first year, the costs of implementation are usually equivalent to the annual cost of administering a password-based system, say analysts; payback is generally achieved after around 18 months.
But how can biometric systems best be used? At present, some of the most popular solutions on the market including iris recognition, voice recognition, finger-print and palm-vein technologies are particularly suited to certain applications. For example, voice recognition biometrics have great potential in call centre environments where a caller needs to authenticate themselves in order to change their password.
Finger-print scans are used to provide access to vehicles and intensive care doctors at the Royal National Orthopaedic Hospital in London are using a combination of smartcards and fingerprint readers to access patient records at the bedside – making records more secure and easier to access.
Palm-vein scanners are being used by schools in Scotland, eliminating the need for children to hand over cash for school lunches, and the Bank of Tokyo Mitsubishi in Japan has employed the technology as an alternative to PIN codes for its cash machines.
As these technologies are moved into the mainstream, they become less the stuff of Bond films and science fiction, and more like the access keys of tomorrow.
Facial recognition has gained significant media coverage in the past 12 months through its adoption as the primary form of security to be included in the UK’s new biometric passports.
The facial recognition system works by measuring up to 80 different landmarks on the face, such as the distance between eyes, nose, ears and cheekbones. As with iris scans and other forms of biometrics, these are digitally coded and used to verify identity.
These measures have been introduced as a result of the September 11 terror attacks to counter identity fraud and help detect counterfeit documents. As one of 27 countries signed up to the US Visa Waiver Program, UK passports issued after October 2006 must contain a machine readable chip with the passport holder’s details and a digital photograph as a biometric identifier to enable UK citizens to enter the US without a visa.
In addition to immigration security, the police are investigating how facial recognition software can be incorporated into the Facial Images National Database (FIND), a national mugshot database that is currently being trialled. The ID cards project, which is due to be rolled out from 2008, is also expected to utilise facial recognition technology.