The basics of biometrics

Featured eBooks
The State of Trust in Government
Cybersecurity in State and Local Government
Building Data Literacy in the State and Local Workforce
By Edmund X. DeJesus
 

Connecting state and local government leaders

By Edmund X. DeJesus

|

Biometrics can improve security and, if done right, even make life easier for users. But you have to choose carefully when deciding on a technology for your agency.

Although hand readers and fingerprint readers are employed in about 80 percent of biometric access applications, any of those modes can verify your identity.They differ, however, in many characteristics, including:Each mode ' and, in some cases, each product ' differs greatly in approach and installation, so direct comparison is difficult during a typical bid process. Moreover, each mode involves some trade-offs. For instance, iris identification is accurate but can be slow and requires more cooperation from users than some other types of biometrics.There are a number of other major issues to consider in selecting the best biometric mode.First and foremost, don't let a biometric solution lull you into a false sense of security. Don't abandon your firewalls, encryption, passwords and other security precautions just because you have biometrics. The measurements for comparison reside in a database, which must be encrypted and subject to security. 'Always save the raw data of each measurement,' said Chris Crooks, an associate at Booz Allen Hamilton. As capacity for detail improves, you'll find uses for it, and keeping that data in a standard format makes data sharing across agencies possible.You may want to avoid large, centralized databases of biometric information. Self-contained, individual fingerprint readers, for example, can verify identity and keep the biometric data out of the centralized database. Users also feel more comfortable knowing that their fingerprints aren't in some massive repository. But losing a reader can be expensive and annoying.And bear in mind that biometric technologies have limitations. Some portion of the population will always be physiologically unable to use certain modes. It's not just that one-armed man, either: Approximately 4 percent of people can't use fingerprint technology because of dry skin.Psychological and political issues are no less important. 'Most Europeans ' and many Americans ' are unwilling to entrust their fingerprints,' Crooks said. Others are squeamish about exposing their eyes to scanners, no matter how harmless they are. Even the chance of infection from a fingerprint scanner is objectionable to some people.Biometric systems can also be costly and complicated to deploy. That makes it all the more important to work carefully with vendors. 'Focus on the overall solution, not just the product or even the specific technology,' Berger said. 'Stretch your goals. Ask for a lot from vendors: ideas and possibilities, not just products.'Don't forget about scalability. Depending on the intent of the biometric implementation, the number of people using it will probably grow, sometimes rapidly. For example, biometric-controlled access may be mandatory first for one group working on a network, then for another and another until all users must be enrolled. Your biometric solution should be scalable to handle increases in users and locations.Finally, although standards for biometrics are just emerging, you should ensure that your solutions are based on existing standards and not dependent on a vendor's proprietary technology. For one thing, using standards-based components permits a wider range of possible solutions and vendors for each component.Furthermore, standards-based technology lets you upgrade more easily when newer, better, faster widgets come along ' and they will. The field of biometrics is far from mature, and new modes and implementations come along each year. 'Fingerprints are already being replaced by other modes,' Zekster said. Try to select a vendor with a reputation for keeping up with evolving standards.When comparing solutions, you'll likely need to do some probing to get the information you need.Suppose you want to know how fast a prospective biometric solution can handle people waiting for access. The vendor may quote the verification time for the reader, which is the elapsed time from the user presenting themselves at the device until identity verification. This is certainly part of the total time you're looking for, but it's not the whole story. What you need is the total time it takes for a person to use the device.Depending on environmental conditions at your location, you may also need to look closely at each solution's durability. Does your environment include abrasive sand, electrostatic shock, high or low temperatures, direct sun or radiation, chemicals, rain or snow, wind-driven grit, or other difficult circumstances? If so, make sure the mode and its implementation match the need.Biometric solutions must also integrate with existing systems. Products that are interoperable will have a longer useful life and greater flexibility. Choose solutions that are independent of operating system and hardware. The ability to acquire hardware from one vendor and software from another can be crucial for creating best-of-breed solutions.If you need to do special application development, a software development kit can simplify things. You may also require remote enrollment or management capabilities for facilities in multiple locations.Finally, be aware that the biometrics business is pretty wild these days. Companies merge or acquire one another and sometimes go out of business entirely. This has its advantages: One company may offer many technologies. But there are also potential downsides. For example, long-term product support may be unpredictable and unstable. Working collaboratively with knowledgeable and imaginative systems integrators is vital in a technology that is so complex.Biometrics is one technology where government agencies have the advantage over businesses.The government is by far the biggest customer for biometric security, so government agencies get to see the newest and best ideas first. 'Government agencies have a moral responsibility to pioneer and shape biometric solutions,' Berger said. Use this advantage to create a biometric solution that's perfect for your agency.XXXSPLITXXX-Implementing a biometric solution to secure access is a major project that will affect many aspects of your organization. Here are the questions you should consider before committing resources to a particular solution. XXXSPLITXXX-For more information on biometrics, check these Web sites: http://www.biometrics.dod.mil http://www.bioapi.org http://www.biometrics.org http://www.biometricscatalog.org http://www.fbi.gov/hq/cjisd/iafis.htm http://www.nationalbiometric.orgXXXSPLITXXX-

If you doubt your employees have strong opinions about their computers, just watch the number of complaints to your help desk spike when you add layers of security. It's understandable: Passwords are a pain, especially if you have to change them often.

Biometrics, if properly implemented, offers a win-win solution. Biometric security ' which uses measurements of human characteristics to confirm identity ' can at once enhance security and free users from the plague of passwords.

And biometrics can be applied to more than just computers. It can be used to control access to buildings, rooms, networks and other resources. Proponents of the technology say simply using any kind of biometrics sends a powerful psychological message that your agency takes security seriously, which can produce an important mood of vigilance.

Finally, increased security may be the primary goal of biometrics, but don't let it be the only one. 'Agencies narrow themselves out of solutions,' said Vic Berger, a technologist at reseller CDW.

By deciding too quickly what you want, you may be missing more complete solutions that offer additional benefits. For example, placing video cameras in a corridor may give you all the security you need, but facial-recognition and tracking software can add significant information, including insights into traffic patterns, behavior and resource usage.

'Don't jump into a request for proposals if a request for information is more appropriate,' Berger said.

Put your finger on biometrics

Once the province of James Bond-style movies with futuristic facilities, biometrics is becoming commonplace ' even showing up as standard equipment on Dell laptop PCs. The list of available biometric modes is growing all the time:


  • Eye, including iris and retina.
  • Hand, including fingerprint, palmprint and hand shape.
  • Head, including face, earlobe and lips.
  • Biochemistry, including DNA and odor.
  • Behavior, including voice, signature, keystroke and gait.




  • Ease of enrolling individuals.
  • Accuracy in distinguishing individuals.
  • Speed of identification.
  • Size of reader.
  • Operation in various environments.
  • Cost.





  • Ease of enrollment. You need to enroll new individuals quickly and simply, not just to save time but to maintain staff goodwill ' and make no mistake, biometrics depends on goodwill just as any other type of security does.

    You are asking people to expose their eyes, allow themselves to be fingerprinted or permit other essentially intrusive procedures. Expect resistance for religious or political reasons but also simply because bodies are private, and people aren't comfortable exposing body parts, even for excellent reasons.

  • Error rates. Error rates are not a big problem with small populations, but a high error rate with a large population is a recipe for disaster because user patience tends to decrease as error rates increase.

  • Recognition speed. Speed of identification can play a similar role. For example, fingerprint identification is relatively slow and most suitable for low-volume applications, not for hundreds of workers waiting impatiently to check into the facility each morning.

  • Device size. Size of the sensor device is most important in small areas, such as next to doors.

  • Environment. The environment can affect the choice of modes in subtle ways. For example, if you're protecting a lab where the staff wears gloves, fingerprint readers probably aren't a good choice. 'Voice recognition ' or a combination of modes ' might make more sense,' said Gregory Zekster, an associate at consultant Booz Allen Hamilton.

  • Cost. Especially for low-volume operations, cost is a key consideration. Biometrics saves the burden and expense of a card-based system, not to mention eliminating the headache of lost or stolen cards. People don't often forget their hands.

  • Multiple-factor authentication. What if other constraints push you to biometric solutions that are comparatively less secure? 'Multimodal solutions using two or more different biometrics are becoming more common,' Zekster said. Multimodality can also be more flexible, with certain kinds of access requiring only one mode and others requiring more.

Hurdles to clear

















Weighing the options

















  • Before exploring an isolated biometric solution, consider how it might also apply to other areas, such as single sign-on, tracking, scheduling and so forth. Try to get as much utility as possible.

  • Seek vendors ' or vendor-independent integrators ' who can come up with imaginative solutions that combine hardware, software and supporting components. They should have customer references in the government area.

  • What kinds of biometric modes will your employees accept? Are they willing to be fingerprinted or give their DNA? Will they permit iris or retina scans? Does it make sense for them to carry individual biometric tokens? Do vendors poll workers to identify their concerns? Can vendors educate staff to help them understand and accept possible biometric solutions? How will you handle security for those who cannot or will not use the biometric solution?

  • What constraints of the work environment ' such as required gloves, masks or hats that hide fingerprints, faces or eyes ' affect biometric choices? Do vendors offer a variety of modes to suit these restrictions?

  • What other environmental factors affect the possible biometric solution? This might be as simple as a reader that must fit next to a door. But consider extremes of heat and cold, rain or snow, sunlight, radiation, chemicals, vibration, dust and sand. Can vendors provide biometric devices hardened for the necessary environments?

  • How much security do you need this solution to provide? Which biometric modes provide the level of security you need? If environmental restrictions preclude the most secure modes, can a combination of less-secure modes fill the bill? Can your vendors provide all modes and the means to tie them together logically?

  • How easy is it to enroll individuals? How accurate are the modes in distinguishing individuals?

  • How fast can the system identify individuals and grant access? Is that fast enough to handle the expected number of users? Is the error rate so high that employees and administrators will become frustrated with the system?

  • What is the cost of possible solutions? Because biometric devices can break down at the worst possible times, can you get spares?

  • How many locations will the biometric security apply to? Is this likely to increase? Do some locations need to be managed remotely? How easy is that to do? How many people will be using the solution? Is that likely to increase?

  • How and where will biometric data be stored? How will that data be secured? Is the data in formats that support data sharing across agencies?

  • How will the biometric solution integrate with existing security, physical infrastructure, computer infrastructure and applications? Is the solution standards-based? How does software interoperate with existing platforms, operating systems and applications?

  • How stable are the vendors? Will they be around in five years? How easy would it be to acquire and integrate similar components from alternate vendors?



    • Army's Biometric Task Force



    BioAPI Consortium



    Biometric Consortium



    Biometrics Catalog



    Integrated Automated Fingerprint Identification System



    National Biometric Security Project


    Biometric security



















    VENDOR PRODUCT NOTES
    123ID

    (218) 773-3084

    www.123id.us    		 Universal Matching
    System Software
    Development Kit
    		 Fingerprint-matching software with
    one-to-many (identify) and one-to-one
    (verify) matching from any live scanner.
    Cogent

    (626) 463-6000

    www.cogentsystems.com    		 CAPFIS

    CLS-i3

    		 Automated palm print and fingerprint
    identification software.


    Cogent applicant livescan.
    Cognitec Systems

    (978) 692-1251

    www.cognitec.com    		 FaceVACS-Alert,
    FaceVACS-Acquisition     		Biometric facial-identification system for video surveillance and image capture.
    Communication Intelligence

    (650) 802-7770

    www.cic.com    		 Sign-it, Sign-it XF Electronic signature (eSignature) software.
    Cross Match Technologies

    (561) 622-1650

    www.crossmatch.com    		 Cross Match L SCAN Guardian


    Cross Match PIV
    One Enrollment Suite

    		 Compact scanner for autocapture of fingerprint images in under 15 seconds.


    Facilitates collecting and creating electronic biometric records for creating PIV-
    certified credentials.

    Digital Defense Group

    (402) 397-2273

    www.myDigitalDefense.com    		 Factor4 On-card, self-enrolling biometric-based radio frequency identification access control device.
    Fujitsu Microelectronics America

    (408) 737-5600

    www.fma.fujitsu.com    		 MBF200


    MBF320

    		Single-touch fingerprint sensor with 500-dpi 8-bit grayscale.


    Capacitive-based fingerprint sweep sensor with automatic finger detection.
    Ingersoll Rand Security Technologies

    (408) 341-4100

    www.schlage.com    		 HandKey II


    FingerKey

    		 Automatically takes a 3-D reading of the size and shape of a hand and verifies user's identity in less than one second.


    Fingerprint reader.
    L-1 Identity Solutions

    203-504-1100

    www.l1id.com    		 DFR 2080
    		 Single fingerprint reader with 500 ppi resolution in rugged, compact design.
    NEC

    (214) 262-2000

    www.necam.com    		 Automated Fingerprint Identification System Advanced identification solution for law enforcement, government, civil and commercial applications.
    Panasonic System Solutions

    (201) 271-3493

    www.panasonic.com/security    		 BM-ET200 Iris Reader
    		 Biometric iris-recognition technology for fast and accurate identity verification and access control.
    Privaris

    (703) 592-1180

    www.privaris.com    		 plusID Multifunction, personal biometric token with built-in fingerprint reader and secure processor.
    SecuGen

    (408) 727-7787

    www.secugen.com    		 SecuGen Hamster IV


    FDx SDK Pro

    		Rugged and durable USB fingerprint reader.


    Software developer kit includes APIs and tools to help developers build software applications.
    SOFTPRO North America

    (302) 504-0606

    www.softpro-na.com
    		 SignCheck Automatic verification of single signatures and signing rules.
    UPEK

    (510) 420-2600

    www.upek.com    		 TouchChip Fingerprint Sensor (TCS1) Silicon fingerprint sensor.

    NEXT STORY: Getting a grip

    X
    This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
    Accept Cookies
    X
    Cookie Preferences Cookie List

    Do Not Sell My Personal Information

    When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

    Allow All Cookies

    Manage Consent Preferences

    Strictly Necessary Cookies - Always Active

    We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

    Sale of Personal Data, Targeting & Social Media Cookies

    Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

    If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

    Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

    Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

    If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

    Save Settings
    Cookie Preferences Cookie List

    Cookie List

    A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

    Strictly Necessary Cookies

    We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

    Functional Cookies

    We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

    Performance Cookies

    We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

    Sale of Personal Data

    We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

    Social Media Cookies

    We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

    Targeting Cookies

    We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.