State of the art in biometrics is still the fingerprint
- By Susan M. Menke
- May 19, 2004
The future of biometric authentication, as the past, lies in fingerprints, FBI experts believe.
Monte C. Strait, chief of the FBI's Criminal Justice Information Services Division, said the bureau's Integrated Automated Fingerprint Identification System, with its 46.9 million digital prints of criminals, remains the nation's only large biometric repository.
IAFIS receives 50,000 queries a day from 17,000 law enforcement agencies, Strait said at a recent biometric symposium in Washington.
Most get a response within two hours, but 'human intervention is required,' Strait said. 'It's not all electronic.'
In contrast, 'facial recognition doesn't have a field-proven application yet,' Strait said, and no large iris-scan database exists.
But the bureau is looking ahead. It's building a photo database and capturing DNA cheek swabs of possible terrorists here and abroad in cooperation with the Defense and State departments, because 'facial recognition will have future utility,' Strait said.
'We are starting to take criminals' photos more than just straight-on and sideways' to enable the compilation of a composite image with a more three-dimensional character.
Strait said he sometimes dispatches FBI agents to violent- crime scenes in Iraq and Afghanistan to retrieve partial fingerprint evidence, for example from harnesses for rocket-propelled grenades or from suicide bombers' hands.
As the FBI's criminal records grow, so do nonsuspect civilian records of volunteers and job applicants whom the FBI investigates for public and private sources.
'We're interested in decriminalizing their fingerprinting,' Strait said. 'We want to capture prints faster and less intrusively for the next-generation IAFIS.'
Duane M. Blackburn, an FBI analyst who serves on the National Science and Technology Council's interagency biometrics panel, said he believes 'biometric technologies are going to have to improve,' although no organization yet can set clear requirements for developing products.
'We need decision-support tools,' he said. 'How do you merge results from, say, five facial images to get a superior one? How do you merge facial results' from formerly separate Visionics Corp. and Identix Inc. systems?
Beyond those questions, he said, policy-makers have yet to unsnarl the tangled legal, social and privacy issues of identity data collection.
The Defense Department has a slightly different take on authentication methods. DOD's Biometrics Fusion Center in Bridgeport, W.Va., culls a sample from each new generation of biometric products for testing.
Center director Samuel Cava said the primary question to answer is, 'Does it work?'
Sometimes it just doesn't work. He cited a USB memory stick to which a vendor had added a fingerprint sensor to prevent unauthorized use.
'It looked like an ordinary USB key chain drive, so the tester tried to pull off the cover, and the sensor came off,' Cava said.
To do controlled environmental testing, the center will soon move into a larger facility, also in West Virginia. Employees will stress-test biometric devices under dusty, hot and electrostatically charged conditions.
Cava said he also wants to see the center do statistical modeling of device accuracy as well as vulnerability testing of sensors' algorithmic software.
The center at present is testing biometric log-ins to classified networks, fingerprint products for logical rather than physical access, and portable systems for fingerprinting suspected criminals or terrorists.Standardization
Gradually it is building a knowledge base of biometric information, at www.biometrics.dod.mil
, to help vendors make products that work better.
'Standardization and interoperability across the department are our key priorities,' Cava said. The center will take part in a new testing-and-evaluation biometrics working group in addition to six policy, smart-card, identity management and other interagency working groups to which it belongs.
The Defense Department's broadest smart-card rollout for biometric authentication is happening in South Korea, Japan and Europe'not the United States, said Kenneth C. Scheflen, director of the Defense Manpower Data Center.
The pieces 'are not all there yet for an enterprise biometric solution,' Scheflen said. Vendors' products are still closed to interoperability.
Although DOD continues to push vendors toward an interoperable smart-card business model, it has managed 'to badge individuals without DOD credentials in the largest biometric access program in the department,' Scheflen said.
The Defense Biometric Identification System, or DBIDS, places a digital fingerprint and photo on a smart card in a scalable format that local authorities can adapt to their requirements.
The cards go to individuals who do not qualify for DOD's Common Access Card, although CAC holders in those locations must also register in DBIDS.
Some laborers, for example, have scarred fingertips unsuitable for fingerprint readers, so hand-geometry readers might be needed instead to admit them to work sites.
The Biometrics Fusion Center is testing many finger, face, hand, iris and other scanners for such needs.
'The DBIDS fingerprint database refreshes daily' from a central database server to notebook computers at local checkpoints, Scheflen said. So far, about 650,000 military users and contractors have registered in DBIDS at European sites, Japan, Kuwait and the Naval Postgraduate School at Monterey, Calif.
Under consideration by the center are similar U.S. visitor badging and cross-credentialing programs for contractors and military dependents, Scheflen said.