| Summary
Biometrics
is a technology that can be defined as measurable physiological
and / or behavioral characteristics, which can be utilized to verify
the identity of an individual. Techniques used by this technology
include: fingerprinting, retinal and iris scanning, hand geometry,
voice patterns, and facial recognition. These techniques were initially
used in high security systems, however their use is extending into
a much broader range of applications. Such applications include
physical or logical access control, retail point of sale or banking
transactions, and use in automated border control is being looked
at. With this new development many social and ethical questions
arise. Primarily dealing with the individual rights of people. This
paper will focus on presenting the technology used in biometrics.
I will begin by giving a brief background on the development of
this technology, I will then move to explain the techniques and
methodologies used for verification. I will give examples of applications
being developed and talk about their ethical impact in society.
Lastly I will touch on the future of the technology and provide
my thoughts on the common good of the applications.
Biometric
Background
Most
people tend to think of biometrics as a sci-fi futuristic technology
that was developed in the late twentieth century computer age. But
to everyone's surprise, the basic principles of biometric verification
were understood and practiced thousands of years ago. Individuals
were identified via distinct features such as scars, eye color,
complexion, height and so on. Later in the nineteenth century, a
peak interest in the area of criminal investigation prompted the
development of fingerprinting as the methodology amongst police
forces for identity verification. This became very popular as many
criminals were apprehended. As the world evolved into a more electronic
society, the possibility of using microprocessors to automate identity
verification began to occupy the minds of individuals in both the
military and commercial sectors. This led to the development of
the hand geometry reader. It was a large and clunky device, but
it worked. Refinements later yielded a much smaller and considerably
enhanced hand geometry reader that became one of the cornerstones
of early biometric industry. At the same time fingerprinting verification
was being steadily improved to the point where it became a reliable
method for verification. It wasn't until recently that there has
been interest in iris scanning and facial recognition techniques,
which offer the potential of a non-contact technology. The last
decade has seen the biometric industry expand from a handful of
specialist manufacturers, to a global industry poised for tremendous
growth as large scale applications start to unfold.
Biometric
Methodologies
Fingerprinting:
As the name suggests fingerprinting involves taking a snapshot of
a person's fingers and comparing them to prints done on that same
person before. Fingerprinting is the oldest method used in identifying
a person and by far, has the greatest variety of devices available
on the market. Some of these devices try to emulate the police method
of matching minutiae. Others are straight pattern matching devices,
and still others adopt a very unique approach, including more fringe
patterns and ultrasonics. The more sophisticated devices can detect
when a live finger is presented. Having so many devices available
begs the question, "How accurate are they?" The answer to that question
is up for discussion. Over the years, the absolute uniqueness of
fingerprints have been debated, primarily because of the varying
criteria used to verify a fingerprint. If you add to that the question
of personal interpretation, you just opened up a whole new topic
of discussion. Usage errors amongst users of these devices also
contribute to the inconclusiveness of fingerprints. It might be
a good choice to use these devices for in house systems where adequate
explanation and training can be provided. But that's not the case
with most applications.
Hand
geometry:
Hand geometry is concerned with measuring the physical characteristics
of the users hand and fingers, from a three dimensional perspective.
One of the most established methodologies, hand geometry offers
a good balance of performance characteristics along with its relative
ease of use. This methodology is more suitable where there is a
larger user base. Because it is easy to use and requires very limited
training, accuracy can be maintained. Flexible performance tuning
and configuration of these devices accommodate a wider range of
applications. Which is why this type of device is a definite first
step in biometric implementation.
Voice
verification:
Voice Verification is one of the newer technique used for identity
verification. Considering how much voice communication takes place
in everyday business transactions it was a matter of time before
this methodology was introduced. Some designs have concentrated
on wall-mounted readers while others have looked into integrating
voice verification into conventional telephone handsets. There have
been a number of voice verification products introduced to the market,
but many of them have failed due to the variability of transducers
and local acoustics. In addition, the enrollment procedure for these
types of devices has been more complicated. That has lead to the
perception of voice verification being "unfriendly." Much work continues
to be taken in developing better voice recognition devices as well
as a better enrollment procedure.
Retinal
scanning:
Retinal scanning is an established technology where the unique patterns
of the retina are scanned by a low intensity light source via an
optical coupler. It is a very accurate identification technology
but it does require the user to look into a receptacle and focus
on a given point. Users of glasses may find it inconvenient to use
but there seems to be a greater concern with users making intimate
contact with the reading device. One of the leading products underwent
a redesign in the mid-nineties, which provided enhanced connectivity
and an improved user interface. However, it still has a few user
acceptance problems.
Iris
scanning:
Iris scanning is the least intrusive of the eye related biometric
technologies. It utilizes a conventional ccd camera element and
requires no intimate contact between user and reader. It works well
with glasses and has been demonstrated to work with a variety of
ethnic groups. It also has the potential for higher than average
template matching performance, which is of essence. Ease of use
and system integration have not been strong points with iris scanning,
but improvements in these areas are being made for future products.
Signature
verification:
Signature verification is another form of biometric verification,
although many people would not think it to be. People are used to
signatures as a means of transaction related identity verification.
But there are a number of verification devices out there that have
proved to be reasonably accurate in operation and lend themselves
to applications where the signature is an accepted identifier. However,
there have been relatively few significant applications with this
methodology compared to other biometric methodologies.
Facial
recognition:
Facial recognition is a technique which has attracted much interest
but whose capabilities have often been misunderstood. There have
been unwarranted claims made for facial recognition devices which
have been difficult to substantiate in practice. For example, some
systems claim to be able to unobtrusively detect and verify the
identity of an individual. But those familiar with the technology
beg to differ. There has been very limited success amongst development
of facial recognition systems. This is primarily due to technical
obstacles which need to be overcome. However, much progress continues
to be made in this area and it is only a matter of time before future
implementations have all the bugs worked out. Who knows, this may
become the primary identity methodology used in the future.
Other
biometric methodologies include the use of scent, ear lobes and
various other parameters. These are interesting, but they are far
from being workable solutions in everyday applications.
Ethical
Concerns
Now
that I have introduced the techniques and methods used in biometrics
it is important to concentrate on the implications that this technology
might have in society. Many people are fascinated with the advances
we have made in the technology realm. We've come a long way in the
last quarter century from having virtually no electronic devices,
to relying on them for our everyday living. As we continue be more
reliant on electronics many ethical questions arise. For example,
what does it mean when a persons identity is being jeopardized through
the use of networks for identity purposes? What price are we willing
to pay to create a very concrete authentication system for simple
transactions that might go bad? Equipment malfunction is only part
of the problem. The bigger problem might be society itself.
Biometrics
verification if used on a global basis will use a network similar
to that of the world wide web. This will be popular due to the low
cost connectivity option that it offers. Some of the concerns that
will arise relate to personal privacy and identity authentication.
Many people are concerned over the amount of information that may
be captured about them as an individual. Where is this information
going to be stored? Who's going to maintain the database where it's
being stored? Furthermore, there is a question of control over the
use of such captured data. Who will have access to this information?
The
Internet is a very good example of the types of obstacles that will
be present when the time comes to roll out this technology on a
global basis. There is the issue of vulnerability to fraudulent
misuse. Networks, no matter how secure they claim to be, are not
very secure at all. Sure you can use VPN (virtual private network)
technology and heavy encryption, but to what extent can you really
quantify this? You can also have a firewall policy in place, but
what does that really mean? Nowadays a lot of the major corporations
experience serious security breaches due to hackers easily coming
into their networks and servers. Who's to stop them from accessing
sensitive information about people and using it for their personal
benefit?
The
question of authentication is of great concern, with regard to biometric
user authentication for Internet use. It is easy to get carried
away with the premise that the use of this technology guarantees
user authentication. That all we have to do is supply a device at
the client end and off we go! In reality things are never quite
as clear cut. It is especially important to consider the entire
end-to-end process and understand exactly where the potential weaknesses
lie and what element of risk these represent. Take for example the
biometric related data message that is transmitted from the client,
over the net and to your web / application server in order to claim
an identity. Is the biometric data "live"? Is there a possibility
that it could have been acquired fraudulently and injected into
the process? How does your directory structure work? Is there a
single common directory which additionally holds user biometric
data? Are the two separate? If so, how do they communicate and how
secure is this communication? In what form does the biometric engine
communicate a "passed" result to the application? Can this be interrupted?
Maybe the biometric verification is undertaken at the client end
and simply injects conventional passwords into the process. There
are many architectural possibilities to consider. It is useful to
raise these questions and draw attention to the overall process
rather than focusing simply on the biometric verification element.
What
does the future hold?
Biometrics
as a whole is becoming better equipped by the day. We are seeing
an increasing amount of device choices, especially amongst the fingerprint
vendors, but also an increasing intelligence in ergonomic design
as devices become more practical and intuitive in use. We are beginning
to see the integration of biometric capture devices into computer
keyboards. We can expect to see them incorporated into notebook
computers and PDA's as time moves on, making their presence almost
common place among a wide range of digital computing devices. There
is little doubt that few people who use digital devices will not
come across biometrics in some form or other over the coming years.
Who knows, there might also be potential to use existing multimedia
components such as camera and microphone devices for biometric capture
purposes where applicable. There are enough devices and varying
methodologies to make it reasonable to deploy biometric authentication
technology across the globe. However, all the social and ethical
concerns should be understood in the careful planning and program
management of this technology.
|
