In the past, Biometrics has been deemed too complicated and too expensive. 2020 Vision has been testing Biometric security to see if it can now genuinely replace the traditional smart card solutions.
Smart cards provide users with an identity and admission to controlled areas. Unfortunately, there is nothing in their design that can stop users from forgetting or losing them or other people from borrowing or stealing them. Biometrics aims to solve this problem by eliminating non-secure approximation, forcing users to use their own identities to gain access to secure areas.
For security purposes, Biometrics refers to measurable biological characteristics or physical attributes that can be automatically checked for identification or verification purposes, as opposed to behavioural biometrics such as keystroke or typing recognition. In essence, the devices capture an image, process the image and extract appropriate features, and store the data for comparison or compare the image with stored templates.
Although there are a number of Biometric technologies available there are five types commonly used in security
- Finger Print
- Hand Geometry
- Iris and retinal Scanning
- Voice Authentication.
Generally, fingerprint scanning is the most common and cost effective for security applications. Dependant on cost, they use either capacitance sensing or more frequently optical scanning, which is more robust and longer life. These readers scan and analyse the actual fingerprint ridges and valley patterns, the arch, loop and whorl, while the more expensive readers also scan the presence of blood, size, shape and other features. The higher the scanning resolution and the larger the sensing area; generally the more secure and accurate the device. Some makes capture full 3D images, making them very difficult to deceive. Unfortunately, ‘fingerprint’ often inspires thoughts of criminal connotations making some people wary of their use.
Hand geometry recognition is often perceived as less invasive than other forms and as the name implies, uses the individual features of a person’s hand. A camera takes an image of the hand which is placed palm down on the reader plate: the hand structure; length of fingers, palm, width, thickness and surface area of the palm are all identified. Although not considered unique enough to guarantee personal identification, sufficient different characteristics exist to confirm identity when compared to stored patterns in a database. As the hand can change during, weight loss or gain, illness or ageing, these devices are time sensitive, however, with typically less than 5 seconds processing time, they are considered fast. They are accepted and proven in many business environments including factories and offices, where they are often used for time and attendance tracking.
Facial recognition works using complex algorithms to analyse key facial features such as the position, size, shape and relative position of eyes, ears, mouth and jaw line from a 2D image of the individuals head or face. More recently, real time 3D image capture has improved identification and reliability, although variations in the environment, lighting, camera positioning and angle of viewing can still affect results. Today, it is possible to pick and match faces out of the crowd on the street and match it with images of known criminal and terrorist suspects saved on a central database using video surveillance and appropriate software.
Iris and retinal scanning, known as “ocular-based” identification technologies, both use data capture to analyse individually unique eye patterns but work by scanning different eye parts. Retinal scanners cast an unperceived beam of low-energy infrared light to trace a standardised path on the retina and map the patterns of capillary blood vessels at the back of a person’s eye, through an eyeglass. Iris scanning, on the other hand, uses a high definition camera with subtle infrared illumination to acquire and scrutinises the pupil and coloured ring that surrounds the eye using mathematical pattern recognition. Both technologies provide low false accept and reject rates, high reliability and rapid verification due to the uniqueness of the eye characteristics, whilst also providing strong protection against spoofing attacks.
However, the complexity and cost of retinal scanning, the effects of some eye conditions such as diabetes on accuracy and the invasive nature of the process to capture an image renders them impractical for commercial security applications. Conversely, millions of people globally have been enrolled in Iris recognition systems for national ID and border crossing. Government agencies have adopted iris scanning due to its speed of matching, extreme resistance to false matches, stability and the fact the iris is an internally protected but externally visible organ of the eye, making it a non-invasive and user friendly technology.
Voice Authentication is the analysis of vocal patterns. Vocal behaviour, tone, pitch, cadence and frequencies are compared to previously recorded samples. Since every voice is distinct and can be measured, it is effective for identifying persons in security applications. A significant advantage of voice print recognition is the facility to detect duress through the analysis of stress patterns in the stored sample voiceprint, providing a safeguard against forced or coerced entry.
Although, biometric technology is continually improving and many people believe it will play an increasing role in security applications, particularly in e-commerce and accessing personal computers and communications devices, at some point virtually all commercial devices have suffered a breach. Fingerprints have been lifted and copied to fool finger print scanners, MP3 recorders to spoof voice recognition and digital photos to compromise facial recognition systems. However, considerable effort and resourcefulness was required.
As with any security discipline, when considering Biometrics for security purposes it is essential to conduct a thorough risk assessment and define an operational requirement. Risk Assessment is looking at the asset(s) to be protected, the threat to the asset such as a break-in and vulnerability, a weakness or gap in the security protection. The Operational requirement defines what the system is needed for and designed to achieve. Furthermore, the layout of the physical area requiring protection needs assessing along with throughput; the volume of traffic or people flow, there is no point in using facial recognition in a high traffic area such as a busy lobby. In addition, the level of security required is pertinent to the choice of technology, and usually allied with cost, the higher the security level required, the dearer the technology. It is also worth checking the technology type is socially acceptable to users and appropriate to the business needs. For example, it would be better to use a non-contact type reader in a hospital situation where infection control is a major priority. Finally, check that the proposed system costs per user and support are within budget and represent a sound return on investment.