Mobile Authentication and Identification: It’s About What You Are

Government agencies across government have been using some form of biometric identification for years. Whether determining if a suspect has a criminal record, positively identifying someone before they enter the country, or simply validating identity to enter a government building, biometrics provides valuable and viable means of identification.

Biometrics, generally fingerprint or iris scanning, have become a critical tool in the effort to accurately authenticate and identify people. Biometrics are particularly effective, especially when used with another form of authentication—either something you know (such as a password) or something you have (like a token or card). Today, biometric technology is widely used for everything from law enforcement and border control to contractor identity.

There's clearly a role for biometrics in safeguarding mobile devices for government use. Government employees could use the technology to easily authenticate themselves to their phones or tablets. Biometrics could also help identify citizens, both for purposes of security and to provide access to government services.

Mobile devices are already uniquely suited to be equipped with biometric identification and authentication capabilities. They already have input sensors, including microphones, cameras and touchscreens, all of which are idea for biometric applications.

"There is so much potential for mobile biometrics in government," says Josh Dixon, Manager for B2B Emerging Products at Samsung. "It puts identification and authentication into a small, efficient, and relatively inexpensive format that’s already available today."

Outside the government realm, millions of people in dozens of industries take advantage of these capabilities. According to Biometrics Research Group (BRG), more than 650 million people today use biometrics on mobile devices. BRG predicts 2 billion users will use biometric smartphones by 2020.

Despite the clear benefits, the U.S. government has not yet developed a standard it considers secure enough or scalable enough to manage biometrics on mobile devices. That means the federal government still doesn’t accept fingerprint recognition as an authorized authentication mechanism for mobile devices. NIST, the federal government’s standards body, is making progress though. Various reports indicate it expects to have a standard developed within a year or two.

Once that standard is issued, agencies will be ready to incorporate commercial mobile biometrics solutions into their workflows. These standards will also pave the way for other forms of biometric identification like voice and facial recognition. NIST expects these to become more prevalent.

Voice biometrics capture and measure the sound, pattern and rhythm of a person's voice, which is as unique to a person as a fingerprint. Voiceprints are useless to hackers because they are represented as a string of characters and numbers.

Facial recognition technology is a little different. It uses a device’s digital camera or video to record data about the shape of a face and its distinctive features, storing all of it—including measurements like the depth of eye sockets and width of the nose—as a faceprint. It then matches those features against similar measurements stored in a database. Some facial recognition technology uses 3D images instead of 2D, which improves accuracy.

Once NIST works out its interoperability, security and scalability issues, Dixon believes fingerprint and iris scanning on mobile devices could become commonplace in government. This could happen within a few years. It may take a few years longer for voiceprints and facial recognition to gain similar momentum.