The biometric decision

Access & Identity Management Handbook 2017 Editor's Choice, Access Control & Identity Management, Integrated Solutions

The topic of biometrics is nothing new in the pages of the Access & Identity Management Handbook. As has become the norm, this issue will examine how and where biometrics are being used in the broader access field. In this article, however, we look at the various biometric options available and their acceptance. We will also touch briefly on what is required from a biometric system to make it a reliable and accurate access and authentication mechanism for today’s end-user.

For those readers wanting more than the brief overview below, there are two resources (among many) offering insights and more information on the topic. The first is a paper by Jain, et al, 20161; the second is a presentation, also by Jain2 which is far more concise and easier to read, covering the same data.

What biometric?

Fingerprints are by far the most widespread biometric trait used globally, primarily due to the long history of research and the ease and convenience with which fingerprints can be captured and compared. Today, however, other forms of biometrics are gaining ground and being used in various situations. Some of these include face, iris, palm or finger vein, signature, voice and even deoxyribonucleic acid (DNA).

One of the keys to biometric use is that the trait chosen must offer a high probability of identifying an individual, even when the biometric is read in different conditions (poor or bright light, dry or wet conditions, and so on). Similarly, it must have a very low probability of identifying the wrong individual. For example, no matter how similar two people’s faces are, the facial recognition system must be able to reliably tell them apart.

While all of the trait mentioned above will be able to identify an individual in the right circumstances, the research into these other traits stands at different levels of technical advancement. This means that the convenience and ease of obtaining and comparing data are very different – just take DNA, which was really only first used in 1986 as an example of a long, drawn-out process as opposed to fingerprints.

When choosing a biometric for use in one’s own environment, you therefore need to find something that fits your requirements in terms of ease of use and reliability (and speed). Jain et al, (2016) notes that the utility of a biometric trait for a specific environment “depends on the degree to which the following properties are satisfied: (i) uniqueness or distinctiveness, (ii) permanence, (iii) universality, (iv) collectability, (v) performance, (vi) user acceptance, (vii) invulnerability, and (viii) integration.”

Meeting these requirements, the most popular biometrics in use today are fingerprint, facial and iris recognition. There are other traits that are being used successfully, such as vein and/or general hand geometry systems, but the three mentioned are the primary ones used by over one billion people around the world.

Historic foundations

As noted, fingerprints have the longest history of research and use. The science of fingerprint recognition can be traced back to Henry Faulds, who published an article on fingerprints in 1880. However, fingerprints have been in use for far longer, as a fingerprint on a clay seal confirms – dated somewhere between 1000 BC and 2000 BC. Fingerprints, however, are a biometric format that requires overt acceptance from the user, who is expected to place their finger/s on a reader for a second or more. This excludes latent fingerprint gathering, for example at crime scenes.

Facial recognition goes back as far as 1964, or perhaps to the beginning of the 20th century when 35 mm still cameras started appearing. Facial biometrics is perhaps the most popular form as it doesn’t require anything from the user, they don’t touch anything and recognition and authentication is not affected by your mood or facial expression (supposedly, real life is sometimes somewhat different). Facial is also popular among governments as these readings can be taken covertly – such as in a crowd – allowing for broader identification programmes, as well as less privacy. Fortunately, the quality of these ‘readings’ is still a work in progress, but the technology will improve dramatically over the next few years.

Iris recognition got a start in 1936 when Frank Burch raised the idea of using these patterns for identification, but the first patent was only granted in 1985 (Jain, 2013.) While iris biometrics could be a covert operation, technology does not yet allow for ‘on-the-fly’ readings, although this technology is used effectively in the UAE, at airports for example.

Quality is key

In all types of biometrics, the quality of the data is critical in the ultimate accuracy of the system, both for capturing the biometric as well as comparison. For this reason, it is wise to choose your biometric trait carefully – there may be problems when using fingerprints for identity and authentication for manual labourers like miners, as their fingerprints can be worn down due to their jobs.

Similarly, it is equally, if not more important to choose your products carefully. In today’s globalised world, there is always someone with a cheaper option that promises to do everything a more expensive product will. But will these cheaper readers capture the data accurately enough and ensure accurate comparisons?

The benefits and speed of biometrics quickly turn into a disaster when, for example, using a cheaper solution results in fingerprints having to be scanned multiple times before they are recognised, or they may not be recognised at all even though they were initially captured. The worst scenario is if one person’s biometrics is mistaken for another individual’s, negating the purpose of using biometrics in the first place.

While even a cheap reader will work in ideal conditions, the day-to-day conditions of a working environment are seldom ideal. This is where better design and build delivers the goods as the companies which have put money into R&D focus on addressing those ‘non-ideal’ conditions – which will include fraudulent activity like fingerprint spoofing, or standing too far away from an iris reader or keeping your eyes half closed.

Other issues which affect quality and the ability to identify individuals include the ageing process. We all know our bodies change as we get older and this includes various biometrics, including fingerprints and our faces. Many algorithms have been developed to cater for ageing and these will improve over time to deal with the changes we all go through.

The environment is also a factor in identification, as noted, requiring significant investments in research to allow for imperfect scanning conditions.

Faking it

A final thought when it comes to selecting biometrics is the abilities of criminals to fool the readers using a fake fingerprint or some kind of mask. Jain notes that there are two primary vulnerabilities when it comes to fooling biometrics: spoofing (where a fake biometric is presented to a reader) and attacks on the template database.

“Spoof detection is a critical requirement, especially in unsupervised applications (e.g., authentication on a smartphone) where the presence of a user is not being monitored” (Jain, 2013). To prevent spoofing, the biometric product chosen must have the ability for ‘liveness detection’, in other words, proving that the biometric presented is attached to a living person and not a plastic mould, for example.

There are many ways of doing this, but they rely on measuring some physiological aspect of the person, behavioural patterns, or a challenge-response mechanism. In most cases the liveness checks are handled automatically so as not to waste time or inconvenience legitimate users, but when dealing with sensitive access, challenge-response may be required to ensure people are who they are supposed to be (such as asking for a random finger to be scanned each time the person authenticates).

When it comes to protecting the biometric templates stored in databases, smaller applications may find it worthwhile to decentralise their storage to smartcards the users carry. In other situations, a central server may be required, in which case the biometric will be stored as a key, or in a numeric format according to an algorithm which is (hopefully) secure.

Jain et al, (2016) recommends three requirements for storing a biometric template:

• Non-invertability, to prevent the conversion of a template back into a biometric feature such as a fingerprint,

• Non-linkability, meaning it should be possible to create multiple unique templates of the same biometric, and

• Discriminability, in that the template should not degrade the reader’s accuracy in recognition.

Advancing market

It’s clear that biometric technology has come a long way over the past years and is being used in a variety of situations all over the world, from time and attendance functions through to national identification databases. The research and development into this technology is also ongoing, and will allow for further rollouts and usage in more environments over time, as well as the introduction of new biometric traits as well as improvements in existing ones.

Arguably, the most effort is being focused on DNA as the unbeatable biometric trait, and we have seen advances in the time it takes to analyse DNA. This branch of biometrics has a long way to go before it is as fast and convenient as fingerprints, for example, and even longer before it is as cost-effective as fingerprint biometrics. Then of course, the other traits are also advancing, such as touchless fingerprint recognition and more. And let’s not forget how biometrics has even found a place on your smartphone, allowing the user to unlock their device or authorise payments with a fingerprint or by pointing the camera at your face.

To sum up, the choice of biometrics is therefore a reasonable one when considering identification and authentication needs in business, but it’s a case of buyer beware. Opting for the cheapest offering on the market may indeed meet your T&A requirements in a normal, small-office environment, but don’t expect exceptional or trouble-free performance. Doing your homework will enable the buyer to make better decisions based on what they require and what is available. Biometric systems aren’t cheap, but it is a competitive market and advancing technology works in the enduser’s favour.

1 Jain, A. K., Nandakumar, K. & Ross, A., 2016. 50 years of biometric research: Accomplishments, challenges, and opportunities. Available at: http://www.cse.msu.edu/rgroups/biometrics/Publications/GeneralBiometrics/JainNandakumarRoss_50Years_PRL2016.pdf (short URL: http://securitysa.com/*cm823a).

2 Jain, A., 2013. 50 Years of Biometric Research: Almost Solved, The Unsolved, and The Unexplored. Talk delivered at The International Conference on Biometrics, Madrid, Spain, 2013. Presentation available at: http://biometrics.cse.msu.edu/Presentations/AnilJain_50YearsBiometricsResearch_SolvedUnsolvedUnexplored_ICB13.pdf, (short URL: http://securitysa.com/*cm823b).



Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Amendments to the Private Security Industry Regulations
Technews Publishing Agriculture (Industry) News & Events Associations
SANSEA, SASA, National Security Forum, CEO, TAPSOSA, and LASA oppose recently published Amendments to the Private Security Industry Regulations regarding firearms.

Read more...
Local is a lekker challenge
Secutel Technologies Technews Publishing AI & Data Analytics
There are a number of companies focused on producing solutions locally, primarily in the software arena, but we still have hardware producers churning out products, many doing business locally and internationally.

Read more...
A passport to offline backups
SMART Security Solutions Technews Publishing Editor's Choice Infrastructure Smart Home Automation
SMART Security Solutions tested a 6 TB WD My Passport and found it is much more than simply another portable hard drive when considering the free security software the company includes with the device.

Read more...
Navigating the complexities of privileged access management
Editor's Choice Access Control & Identity Management
Privileged Access Management and Identity Access Management are critical pillars of modern cybersecurity, designed to secure access to sensitive resources, enforce principles like least privilege, and implement just-in-time access controls.

Read more...
Rewriting the rules of reputation
Technews Publishing Editor's Choice Security Services & Risk Management
Public Relations is more crucial than ever in the generative AI and LLMs age. AI-driven search engines no longer just scan social media or reviews, they prioritise authoritative, editorial content.

Read more...
Efficient, future-proof estate security and management
Technews Publishing ElementC Solutions Duxbury Networking Fang Fences & Guards Secutel Technologies OneSpace Technologies DeepAlert SMART Security Solutions Editor's Choice Information Security Security Services & Risk Management Residential Estate (Industry) AI & Data Analytics IoT & Automation
In February this year, SMART Security Solutions travelled to Cape Town to experience the unbelievable experience of a city where potholes are fixed, and traffic lights work; and to host the Cape Town SMART Estate Security Conference 2025.

Read more...
From the editor's desk: What’s a trillion between friends?
Technews Publishing News & Events
Back in the bad old days of 2015, some (who didn’t want to take the blame for coming up with that number) estimated the amount of money lost to corruption by the South African government to be around ...

Read more...
Paxton opens second experience centre
Paxton News & Events Access Control & Identity Management
Security technology manufacturer, Paxton, has opened a new experience centre in Cape Town on 12 February in partnership with its exclusive distributors, Reditron and Regal Security.

Read more...
Gallagher Security expands Digital Badge Programme
News & Events Access Control & Identity Management Training & Education
Following a successful launch and roll out across Australia and Papua New Guinea in 2023, Gallagher announced its Digital Badge programme is now available to channel partners and end users across the rest of APAC IMEA.

Read more...
Integrated Control Technology and Ingram Micro sign distribution agreement
News & Events Access Control & Identity Management
Integrated Control Technology, a global manufacturer of intelligent electronic access control and security solutions, announced it has extended its presence in the Middle East and Africa region by entering a distribution agreement with Ingram Micro.

Read more...