Biometric technology is an industry characterised by “disappointment and broken dreams”.
This stark analysis, voiced by one of the evangelists of biometric technology – David McIntosh, the former chairman of the Intellect Association for Biometrics – underlines just how troubled the history of biometrics has been. Even those with a keen interest in promoting it cannot deny that false promises, clunky technology and intrusive approaches have done little for its cause – particularly within the private sector.
Where biometric technology has flourished, it has been at the hands of government officials as part of large-scale government-mandated implementations, focusing on areas such as border-control and crime-prevention: passports, visa programmes, the ever-controversial UK ID card scheme and massive criminal databases are, it seems, regarded as the technology’s ‘killer app’.
This association has not, it is now evident, been to its benefit. Indeed, the public rows over data privacy and civil liberties, which seem invariably to follow the unveiling of such schemes, have single-handedly served to politicise the technology into near obscurity.
Far from the public gaze, however, IT executives have been quietly undertaking select biometric implementations – at least according to insiders such as Will McMeechan, director of the European Biometrics Forum. “In the
One of the
The trend can also be witnessed globally. Businesses in
“To a large extent, the biometric market has been its own worst enemy in concentrating on security,” he observes. Rather, the peripheral advantages, such as loyalty schemes, increased convenience and the ability to access multiple services, should become a chief focus for the technology developers and marketers, he argues.
But fulfilling such tasks requires biometric technologies more inventive than those that have already made their name and reputation. Iris recognition, fingerprint scanning and the use of facial characteristics have now, by all accounts, reached a level of maturity that make them highly suitable – if not always acceptable – for access and control implementations. But while well-known, these are often intrusive and require client-side hardware.
In some instances, it would be preferable for biometrics to operate in a non-intrusive, seamless way – for example at a distance or without the subject’s knowledge or co-operation. In other cases, biometric authentication that can be operated over the web or over the phone, using established hardware, would be much more appropriate and cost effective. “The point of biometrics,” argues Professor Mark Nixon, head of the Electronics and Computer Science department at
Rather, he counsels, understanding how particular biometrics – however esoteric they might at first appear – can be applied effectively in particular contexts should be a critical goal. This philosophy is already evident at the highest levels. Andrew Tilbrook, director of the Defence Technology Centre, which is co-ordinated and funded by
For example, by combining a thumbprint reader (with an error rate of one in 10,000) with voice recognition and facial recognition software (both with a one in 1,000 error rate) an overall error rate of one in 10 billion can be achieved. Increasingly, this ‘multi-modal’ use of biometrics will come to dominate the application of the technology. For example, palm-vein mapping combined with smart cards, is already replacing PINs in
In this model, future users will be better able to calibrate their risk profiles and customise their applications to suit both their existing hardware and the application context. As the technology showcases below highlight, there is no shortage of creative behavioural and biological biometric technologies by which to achieve this end – from analysing the way someone walks to the unique electrical signal generated by their heart. However, the user community, and technology executives, must be prepared to make the leap.
Walk the walk: Gait analysis
The works of Shakespeare are, by anyone’s measure, an unlikely starting-place when developing cutting-edge technology. But when, in 1994, Professor Mark Nixon, head of the Electronics and Computer Science department at Southampton University, pioneered the idea that ‘human gait’ – the way in which individuals walk – could serve as a unique, identifying characteristic, the Bard’s writing offered several supporting examples of the theory. In fact, says Nixon, Shakespeare’s protagonists are said, on several occasions, to recognise characters by their gait. The hypothesis, Nixon went on to learn, had also been explored in psychological, historical, medical and general literature.
Armed with the theoretical evidence, Nixon and his team at
Nixon’s work – supported by research at MIT and the
Nonetheless, the technology, according to David McIntosh, deputy chair of the Intellect Association for Biometrics, needs to mature for at least another decade before it will be seen in full-scale public sector or commercial implementations. But Nixon is phlegmatic. “We’ve only been working on it for 14 years. We’ve had to design new techniques and new technologies along the way,” he points out. Currently, he adds, the team is addressing the issue of ‘covariants’ – factors that affect or disrupt the identification process such as unusual footwear, long-coats or injury. On this issue, says Nixon, “The jury is still out.”
Type cast: Keystroke biometrics
Despite its name, keystroke biometrics – or keystroke dynamics – owes less to the modern keyboard than it does to one of the oldest means of long-distance communication – Morse code. Since 1844, when the first message was transmitted using Samuel Morse’s innovation, individuals have had their own characteristic tapping rhythm. During the Second World War, military intelligence was able to distinguish ally from enemy using a tapping rhythm methodology known as ‘The Fist of the Sender’. This was developed into a computer security technology by the US National Science Foundation and, later, the National Bureau of Standards.
Principal heir to this research is Washington-based technology company BioPassword, which acquired several keystroke dynamics patents in 2002 and remains one of its leading proponents. A behavioural biometric, keystroke dynamics is predicated on the twin principles that an individual’s typing style is both idiosyncratic and consistent. In order to create a profile, the user is asked to type a passage of a certain length, or type the same word up to ten times. Measurements, relating to a range of variables which determine the user’s typing manner and rhythm, are then recorded. These include the ‘dwell time’ (the time spent pressing down a key) and the ‘flight time’ (the time between each ‘key down’ and the time between ‘key up’. BioPassword processes this data through a neural algorithm, which then determines a primary pattern for future comparison.
Similar technology has been pioneered by the
Some scepticism remains, however, as to its robustness, which many experts argue is only truly viable in a ‘stress-free’ environment. Its application is best applied in a multi-factor authentication set-up, as deployed by BioPassword, explains CEO Mark Upson. “We build a profile around a word phrase, working off a combination of the user’s keystroke rhythm and their user ID and login details.” Used in this configuration, the company claims a 99% accuracy rate. Its application, however, is necessarily confined to computer-based activities and services.
You’re so vein: Vascular pattern recognition
An Eastern innovation, vascular pattern recognition – more widely understood as vein mapping and focused around veins in the hand – has enjoyed widespread take-up in Asia, especially
Finger-vein mapping usesinfrared cameras to scan the random pattern of the hand’s blood vessels. The information is processed using an algorithm similar to that used for biometric fingerprints. The scanner operates irrespective of skin condition (important among some Asian ethnic groups where the thinness of skin makes fingerprint recognition unreliable), and can even scan the hand through thin material, claim the developers. “Because it scans the inside of your hand, the condition of your hand is irrelevant. Also, your ID is not visible to others,” says Ken Ashida, strategic planning director at Fujitsu. Nor is the technology affected by ageing, race or gender.
Fujitsu focuses on palm-vein recognition,
The infrared scanner used is technically contactless, which, in theory, eliminates the hygiene problems of fingerprint scanning that have made fingerprint biometrics so unpopular in
A Japanese library has begun using the technology for book sign-outs, while Fujitsu has just announced that it is to deploy the technology in a Scottish school, in order to automate canteen payments. Evidently, the biometric has already made the step from security control to a service facilitator.
Speak easy: Voice recognition
After its more established peer, facial recognition, voice recognition – the biometric by which an individual is identified according to a range of features unique to their voice – is the most intuitive biometric technology yet developed. Deprived of sight, humans regularly identify one another – chiefly, of course, over the phone – by the character of the voice. Unlike the majority of other biometrics, however, the very action of recording an individual’s voice necessarily serves to degrade the integrity of the information captured.
“When you start recording, you are already destroying certain features that are individualistic,” explains Hermann Künzel, professor of phonetics at the University of Marburg, Germany, who has been working closely with Agnitio, a voice recognition software company based in
Traditional voice identification operates according to a range of parameters such as average vocal pitch, variation in frequency and accent. Modern voice biometrics, however, have been developed according to a much more robust set of physiological parameters: the source, that is the individual’s throat, the pitch of speech and “what happens to the sound before it leaves an individual’s lips and nose”, explains Künzel.
This last parameter is the most fundamental, relating to a set of internal cavities “that are so special in terms of their dimensions and the internal skin”, says Künzel, that the noise generated is entirely distinct from the general noise created by the larynx. With these acoustic parameters, first a spectrum and then a sub-spectrum are created. “You are then left with 19 mathematical reflection coefficients of the reverberations that characterise your internal body parts,” Künzel elucidates.
Global law enforcement agencies, in particular the FBI, have been developing the technology since 2000 and have carried out extensive research into the covariants, such as vocal ageing, ill-health and imitation. Very bad ambient noise, says Künzel, is one of the most problematic covariants. “But worse than technical noise would be other voices. That would make it very difficult for a computer to identify your voice.” Under low-noise conditions, however, the biometric fares very well. Indeed, the FBI’s research appears to have paid off. In one high-profile example seen in August 2007, the leader of a Columbian drug cartel, who had undergone extensive plastic surgery, was identified and arrested using voice information captured over the phone.
In this way, voice recognition biometrics, like gait analysis, can be used without the subject’s knowledge or co-operation. Similarly, it can be deployed – like keystroke biometrics – remotely, using established hardware. For this reason, many banks, including ABN Amro, which has implemented an offering from a company called VoiceVault, have begun to deploy the technology to authenticate telephone banking sessions. In this instance, voice recognition acts as the second authentication factor when speaking a password. Similar applications focusing on call centre-based transactions requiring authentication promise to serve as the technology’s primary commercial niche.
Because the parameters by which modern voice recognition functions are physiological, the biometric is language independent, meaning the same software can be rolled out globally. But what about the voice being impacted by the common cold or a throat virus? Agnitio claims that this is not a problem because the software creates a ‘rolling profile’. “It is not comparing one recent questionable example to one reference sample,” explains Künzel. “You have a profile that is updated every time you use it. This allows the software to keep track of minor alterations.
The truth about biometrics The adoption of biometrics is at a tipping point after decades of failed trials and mistrust.