Personal touch

Personal touch<@VM>Face recognition debuts as an antiterrorism tool

The lowdown

  • What is it? A biometric device is a combination of hardware and software that measures human physical characteristics such as fingerprints, hands, faces, irises, voice patterns and signatures.


  • When do you need one? You need a biometric device to augment or replace traditional security measures for PCs, networks, buildings or entire areas such as airports.


  • When don't you need one? Even an inexpensive biometric device adds unnecessary expense to PCs and systems that don't contain sensitive information.


  • Must know info? Biometric devices are not single, silver-bullet solutions for security problems. Each is best used in combination with other biometric technologies or with traditional security methods such as passwords, personal identification numbers and smart cards.

  • SecuGen Corp.'s EyeD keyboard includes an optical fingerprint reader. It's priced at $129 to $139.

    Precise Biometrics' Precise 100 SC combines a smart-card reader and silicon fingerprint scanner. It's priced at $200.

    Iridian Technologies Inc. offers the Panasonic Authenticam, above, with Private ID software. It's priced at $239.

    The Cyber-Sign signature verification software from Cyber-Sign Inc. measures the shape, pressure and timing of signatures. It's priced at $99.

    Biometric devices take user authentication to new levels

    Last year, they were cool PC accessories. This year, they are serious security tools.

    Biometric authentication devices that measure finger, face, iris and voice characteristics are getting a fresh look at organizations where controlling access is a priority.

    Although they work on different parts of the body, all biometric devices function similarly. First, they collect information using a scanner for fingers or hands, a camera for the face or eyes, or a microphone for the voice. The devices work with software that converts the information into a mathematical template, a type of algorithm that is encrypted and usually stored on a host computer's hard drive. Taken together, the information can authenticate individuals' identity.

    Besides their security benefits, biometric tools are cost-effective. Plenty of devices are priced at around $200, and they're catching on in the computer marketplace. Virtually every new PC and laptop will incorporate one or more biometric devices by 2005, according to the International Biometrics Group, a New York test lab and consulting group. The market for biometric authentication products will grow to about $1.8 billion annually by 2004, according to IDC, a high-tech market research company in Framingham, Mass.

    Despite some concerns about privacy and how well the devices work in real-world settings, biometric devices are beginning to prove their mettle.

    Already in use

    Face recognition technology is being used at soccer games in Europe to identify known hooligans before they wreak havoc. Banks are beginning to use fingerprint recognition technology to prevent check fraud and provide quick and easy user identification at point-of-sale terminals and automated teller machines. Iris recognition technology can grant or deny access at mission-critical sites in federal office buildings.

    As a result of the recent terrorist attacks, airports worldwide will most certainly employ more biometric tools to help identify and intercept possible terrorists before they board.

    Biometric identification technologies aren't infallible, but they do have some advantages over the traditional passwords, personal identification numbers or smart cards.

    Hackers can guess passwords, or even find them written down near a PC. Users also aren't diligent about changing their passwords frequently. A personal identification number attached to a credit card or used to open a keyless lock gives no security in the wrong hands. And smart cards can be lost, stolen or left at home.

    But fingers, hands, eyes, faces and voices all bear unique and individual imprints. They can't be copied like passwords or misplaced like smart cards.

    That makes a compelling argument for the use of biometric access devices, at least in conjunction with other security measures.

    Here's a rundown of some of the most popular and affordable biometric technologies to date:

    Fingerprint readers. Fingerprint readers are among the least expensive and most widely used biometric devices. They are designed around two basic sensor technologies: optical and silicon.

    Optical readers such as Digital Persona Inc.'s U.are.U Pro can take up to 100 scans of a fingerprint, run them through an algorithm, and store them as a mathematical template for matching a subject's fingerprints against those stored in a database.

    Optical readers use Universal Serial Bus or parallel-port connections, and can stand alone or be built into other peripherals such as keyboards or mice.

    Ethentica Inc.'s MS 3000 PC Card and MS 2500 are examples of fingerprint readers with built-in silicon chips that measure a finger's electrical impulses rather than its optical image for user authentication.

    Used correctly, fingerprint readers are difficult to defeat. But a misplaced finger, a movement, or factors such as perspiration or a finger injury can delay or defeat correct readings. Optical readers typically perform slightly better and are more durable than silicon-chip devices, which tend to be faster and more accurate. Their tiny size suits them for use with cell phones and personal digital assistants.

    Iris recognition. Iris recognition is a highly accurate technology that measures the unique patterns of human irises. Systems such as Iridian Technologies Inc.'s $239 Authenticam with Private ID use video cameras to take pictures of a subject's iris, digitize the images and save them in a database record via bundled software.

    Iridian also makes high-end, network-based iris recognition software.

    Although iris recognition is equipment-intensive and requires users to sit still for a few seconds, it is potentially very effective in high-security settings. It's probably overkill, however, in offices where password authentication suffices for ordinary levels of security.

    Voice authentication. Voice authentication ranks high among biometric technologies when you weigh accuracy, convenience and cost, according to IDC.

    Voice recognition isn't used much for personal PC and network log-on procedures to date, but that could change as more companies bring the technology to market.

    Veritel Corp.'s Talk Direct software, for instance, converts unique voice imprints into numerical algorithms that verify an individual user's identity. The company is working on software that will provide voice authentication over the Web.

    The downside to voice authentication is that authorized users could be denied access to facilities or equipment if their voice patterns change due to illness or injury.

    Signature verification. Cyber-Sign Inc.'s $99 Cyber-Sign for Acrobat Signature 4.0 is one of the few biometric products that authenticate users by analyzing both the shape of the signatures and their signing dynamics'speed, pressure, timing.

    But critics say that because everyone's signature varies significantly over time, the software could lock out an otherwise authorized user.

    Multimodal systems. Because each biometric technology has its flaws, a few companies have built multimodal systems that include one or more biometric technologies along with password or smart-card protection.

    Net Nanny Software Inc.'s BioPassword 4.5 is network software that measures users' keystroke dynamics in addition to traditional passwords for authentication.

    Keyware's $4,000 CAS SignOn for Windows 1.0 confirms users' identities by measuring a number of biometric variables, including face, voice or fingerprints, which are used in conjunction with text passwords.

    BioId America Inc.'s BioID Client/Server 2.11 is multimodal software that measures face, voice and lips using standard PC webcams and microphones. Password protection may or may not be used with the system.

    J.B. Miles of Pahoa, Hawaii, writes about communications and computers. E-mail him at jbmiles@gte.net. Face recognition software is likely to become an important tool in the U.S. war on terrorism, as a means of identifying suspects.

    One such product, Viisage Inc.'s FaceNet, is a software engine that translates the characteristics of a human face into a set of numbers called an eigenface, which provides both identification and verification for real-time comparisons against a database of other faces.

    Viisage has built a suite of face recognition products to prevent identity fraud, improve security at sporting events and key public installations, and establish user verification for point-of-sale transactions and automated teller machines.

    It also makes keyless entry products for offices, dormitories and government facilities, such as FacePass. The company's FaceExplorer 3.0 is used by law enforcement agencies to match images and computer composites against large image databases of suspects and known criminals.

    Visionics Corp.'s FaceIT creates face prints by precisely measuring the distance between prominent features such as the nose and cheekbones.

    In early August, the Defense Advanced Research Projects Agency awarded the company $2 million to improve its technology for use by military and intelligence agencies.

    The company plans to design software for use in a movable camera system capable of scanning peoples' faces from as far as 300 feet away and comparing the images to those in databases of known terrorists.

    Related Articles

    Reader Comments

    Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

    Please type the letters/numbers you see above