Identify yourself

Identix Inc. offers two of the increasingly common types of biometric access control: the $179 Bio Touch PC Card, for individual PC security.

The second biometric access control: FaceIt Argus, an enterprise facial recognition system priced at $10,000 per camera.

Biometric devices make leap from niche novelty to urgent priority

In the days before Sept. 11, 2001, the talk about biometrics was as much about data security as physical security. By recognizing a person's unique fingerprint, voice or iris pattern'often using an inexpensive device'biometrics was becoming a feasible way to prevent unauthorized people from accessing PCs, notebooks, networks and data.

But with the heightened awareness of threats against people and governments, biometrics has been propelled into its golden age. And control of physical access is now the main goal, though information security remains an important, if radically transformed, objective.

Homeland security is the driving factor, and related initiatives such as the U.S. Visitor and Immigrant Status Indication Technology system, known as U.S. Visit, as well as laws such as the USA Patriot Act even prescribe biometrics for border control, visa processing, nuclear plant access and airport screening.

The overarching concern obviously is to catch the next Mohammed Atta before he boards a commuter plane at a regional airport, perhaps with facial-recognition cameras and software that can match passersby against huge databases of known suspects.

These same surveillance applications are among the most threatening to civil liberties advocates, who worry that law enforcement agencies could use the technology to spy on innocent citizens. But vendors and analysts say Congress and state legislatures have done a decent job of creating legal safeguards that will let biometrics move forward.

An arguably bigger concern is reassuring citizens that their identifying information'which with biometrics is now far more personal than a simple password or Social Security number'won't be misused.

The technology itself is here, and the options are numerous. Fingerprint readers are the most mature, stable and inexpensive. Most cost less than $100, but combined with powerful PC databases, they go beyond simple PC security to become an affordable screening option.

The high-end automated finger identification systems are often in large, expensive fingerprinting stations used by law enforcement, but increasingly also in mobile terminals for on-the-spot checks against an ever-growing store of data.

'The FBI has the largest database'over 40 million fingerprints,' said Prianka Chopra, senior industry analyst for biometrics and smart cards for consultant Frost & Sullivan of New York.

Facial recognition is getting more attention of late, in part because it has the unique benefit of potentially drawing from the world's 1.2 billion photographs on passports and driver's licenses, said Joseph Atick, president and chief executive officer of Identix Inc.

The company's BioEngine fingerprint technology is used by the departments of Defense and State, the Homeland Security Department's Bureau of Citizenship and Immigration Services, and other agencies, and its FaceIt facial recognition has been a part of federal surveillance projects.

A third up-and-coming technology, iris recognition, purportedly has the best accuracy of current commercial systems. Retinal scans were more accurate, but the devices are no longer sold, Chopra said.

Low-cost PC cameras, such as Authenticam from Panasonic Security & Digital Imaging Co., make iris systems mainstream and affordable, and users need only get within about a foot and look at a small light. But there are no large databases of irises for identifying an individual among millions, so the technology is not likely to become mainstream soon.

Of the remaining technologies, hand geometry recognition is the most widely deployed, especially for controlling entry to secure buildings where it is often paired with smart cards and for time-and-attendance tracking.
It doesn't have the whiff of criminality that fingerprints have, and it can identify users, such as construction workers, whose hands are too soiled for fingerprints, Chopra said. But the sensors are much larger and more expensive than fingerprint readers.

They're popular, though. The HandKey and HandReader series from the Ingersoll-Rand division of Recognition Systems Inc., for example, are used at border crossings, school cafeterias and municipal buildings.

No bandwidth buster

Vendors say that along with constant improvements in recognition algorithms and sensors, the growing use of data mining and wireless access are helping agencies bring biometrics to the field. This creates new demands on database infrastructures, but networking is easily handled if wireless networks are sufficiently secure. Biometric applications typically place little strain on bandwidth because only small templates, not the actual biometric images, are transmitted.

When people buy biometric access devices, they usually have one, maybe two, of four common applications in mind. They want to control access to IT resources such as PCs'a category dominated by fingerprint scanners'or to doors of secure buildings.

The physical access devices, typically fingerprint or hand geometry readers, are usually mounted beside doors and tied to existing security hardware.

A less clearly defined category of screening and personal identification devices employs assorted biometrics to validate people at social services agencies, airports and border crossings. Finally, surveillance and law enforcement applications use fingerprint and facial databases to identify suspects.

You can also categorize devices by the level of matching that each can provide, which is mostly a function of the breadth of databases to compare against.

In authentication, also called verification, you're trying to check that the person seeking entry has been previously enrolled in a local database created for the purpose. Hand geometry, for example, can only do such one-to-one matching'or one-to-few, Chopra said'because there's no huge database of hands to compare against.

In contrast, fingerprint and facial readers can try to identify an unknown person by searching for a match against a large database. Rather than simply addressing the question, 'Am I who I claim to be?' Chopra said, these systems can answer, 'Who am I?'

The accompanying chart lists a sampling of widely used devices for all four applications. Not shown are pricey law enforcement equipment, such as large stations for automated fingerprint identification systems.

Proponents admit that biometrics was oversold in the months after the Sept. 11 terrorist attacks. That's no panacea. False rejects are a common disappointment, and one-to-many identification requires database investments beyond what you'll spend on biometric gateways. So a formal pilot is a smart idea.

David Essex is a free-lance technology writer based in Antrim, N.H.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.