printer friendly version

Central biometric matching system

Europe sets the standard in border control and biometric identification.

Gillian Ormiston, currently director, Business Development Identification Solutions at Morpho, part of the Safran Group (formerly Sagem Sécurité), is well qualified to comment on the current trends in biometric identification and access systems. Over the past three years, she has been involved in a number of government projects involving biometric enrolment solutions for e-passport and visas and the creation of an identity assurance solution across a Ministry of Justice information chain. In addition, she has helped with the development of mobile AFIS solutions for border control, the development of a facial recognition solution for driving licences and a border passenger identification solution.

Gillian Ormiston

Before joining Morpho, through the acquisition of the Motorola Biometrics Business Unit known as Printrak, Ormiston worked in the capacity of Deputy Programme Officer for the European Commission DG Justice, Freedom and Security Large Scale IT unit. In this role, she was instrumental in developing the requirements and managing the implementation of projects such as EURODAC, Schengen Information System (SIS II) and the Visa Information System (EU VIS).

Prüm

Published in June 2008, the European Union’s Prüm Regulation, allows the police forces of the 29 signatory countries to compare and exchange data more easily. The primary aspects of this are data sharing on fingerprints, DNA samples and vehicle registrations.

Ormiston said that Prüm is a decentralised data model and that five of the EU member countries are already exchanging fingerprints with the remainder at various stages of addressing it.

Countries will have the ability to determine automatically and immediately whether a member state holds matching DNA or fingerprint information, but they will not have automatic access to the alphanumeric information itself.

Top priority is given to improving the administration of the common visa policy and the implementation of a visa information system (VIS) to facilitate the exchange of information between member states. The BMS supplied by Morpho through the Bridge Consortium will link biometric identifiers to individual persons, thereby helping to establish and verify their identity.

“At present, member states do not know if a person applying for a Visa has already made a previous application in another member state,” said Ormiston. In the BMS-VIS environment, an applicant for a visa will, in addition to having their biographic data stored in VIS, be fingerprinted and the fingerprint record will be searched against all existing fingerprint records in BMS-VIS prior to the issuance of a visa.

There is also no way of checking if the person using a visa is, in fact, the person who applied in the first instance, for example, a visa issued at a German embassy abroad cannot electronically be verified at the Dutch border. In the BMS-VIS environment, a visa holder arriving at an external border will be checked against their existing fingerprint record, confirming a direct link to the application and its status.

It is anticipated that the BMS will also act as the central biometric identity assurance tool for all of its pan European applications, for example, SIS II, Eurodac, Registered Traveller and AFIS.

The VIS is designed to alert officials in any EU embassy or consulate if an applicant has been refused a visa in the past by another member state. The system:

* Will process 20 million visa requests a year from citizens of 134 countries.

* Estimates 25% of visa requests will not be issued.

* Expects that 20% of visas will be from repeat applicants.

* Will receive visa data from 30 states supporting up to 3500 consular posts and 12 000 end users.

Norwegian precedent

Ormiston pointed out that the major challenges faced in the project are ensuring that all 30 member country national legislations correspond and are put into place before the current June 2011 deadline. “I worked very closely on the Norwegian solution which has set a precedent for the other members of the European Union. We were tasked with a number of requirements for the system and a great deal of time was spent on designing and manufacturing the optimum solution.

“Firstly, the Norwegian authorities wanted the system to be attractive and user friendly. Because not everyone being processed by this system was literate or Norwegian-speaking, we chose animation without words as the most effective mode of communication and instruction. Secondly, the solution had to be suitable for both visa applicants and for Norwegian passport applicants to meet the recent requirement of storing fingerprints in European passports. Fingerprints, an electronic signature and a facial image were captured for identification on the solution for both on passports and visas,” Ormiston explained.

The project commenced in 2006, took two years to complete and 12 months to roll out. “Training of operational staff was crucial, especially since this was to be a global solution,” said Ormiston. Over 300 custom-made kiosks are now available worldwide within Norwegian embassies and other points of visa/passport identity data verification.

“The client also asked us to provide a solution that could be carried in a suitcase, since they also needed a mobile enrolment version when applications were taken in non-office environments. Managing to incorporate all necessary equipment into such a small container posed huge design challenges for the team,” Ormiston added.

Interpol’s APFIS

In March 1999, Morpho supplied Interpol with its first automated fingerprint identification system. In 2008, this cooperation continued with the signature of a new agreement between Morpho and Interpol that aims at equipping the international body with an APFIS (automated palm and fingerprints identification system) that is in line with its development and ambitions.

The APFIS is also suited to the new architecture of the Interpol information system and integrates palm prints as well as fingerprints, ensuring a more sophisticated and comprehensive database. In this new version, the entire comparison process is automated to the maximum extent to increase flows. The contract also includes the delivery of a mobile identification system for operations in the field.

At the same time, to facilitate exchanges between member states and the centralised APFIS, the agreement makes provision for equipping each member state with proprietary Morpho software. Morpho therefore granted the 187 member states licences for the NIST Viewer software, to view the 10-print information exchanged with Interpol headquarters. The CardScan tool, meanwhile, allows these cards to be scanned, digitised and sent to the headquarters in an international format drawn up by the NIST, with a quality defined by the IQS specifications. These tools will further increase the quality of the Interpol APFIS as the body tries to increase the size of the database.

Currently, Interpol exchanges data with South Africa on fingerprints within its database. “South Africa, however, is not using biometric verification and validation for visas. Should South Africa choose to use biometrics as its visa control system, then it will obviously need to go through a similar process as the European Union countries in order to roll out a successful solution,” Ormiston pointed out.

“I would strongly suggest that any country that wishes to see a reduction in visa fraud, should consider implementing a compliant biometric identification system,” Ormiston said. “In the past EU countries have had major problems with various forms of visa fraud. This could be in the form of a multi-entry visa whereby the original visa holder arrives at his/her chosen destination then express posts the visa back to recipients in their home country for them to use for entry into the destination country. By applying biometrics verification and validation to visas, the system identifies the original applicant as a unique person and thus halts the use of the visa by another party.”

Swiss mobile devices

Ormiston was also part of the task team involved in the design and deployment of a mobile biometric system for the Swiss Police force in preparation for the influx of foreign visitors to the Euro Football Cup in 2008.

“Most tourists enter Switzerland on trains so the project was designed to support officers who concentrated largely on the train stations. We designed and supplied 125 mobile devices, which were carried by roaming policemen. The police force was trained in the use of the biometric fingerprint readers and, typically, they would approach suspicious looking individuals and request them to place two fingers on the readers for capture of their fingerprints. This data was transmitted to a central database (AFIS) and compared to the fingerprints of interesting persons,” Ormiston explained.

“It took a lot of collaboration and effort to get the final solution, but from the feedback we have received from the Swiss Police, the solution is now very effective in the field,” said Ormiston. “In spite of the initial tweaking required, on the first day of operation the solution scored a hit and a wanted person was apprehended as a result of this. This type of result has also been reflected in two other large-scale mobile projects active in Poland and the UK.”

While overseas mobile readers tend to be geared towards multiple applications, Ormiston pointed out that in South Africa the tendency is towards using them predominantly (by the traffic police) to verify and validate driver’s licences at mobile checking points (road blocks). “This could very easily be rolled out to incorporate checking of fingerprints for a wider set of applications, including visa and passport control.”

She said that a major challenge that she has faced over the years with mobile biometric systems is that the police force generally wants to have the same features available on their mobile devices as they have available to them on their desktop systems. “This tends to make the design process very complex for the engineering team and although we can incorporate many of the desktop features into the mobile devices, it is very important to manage expectations and communicate limitations to the end users.”

It is now common practice overseas for members of the police force to use Blackberry or Smartphones as data terminals and then have plug-in Bluetooth devices to add specific functionality. “The police also often capture facial data using the inbuilt camera and this is used in conjunction with the physical fingerprint data gathered to aid the identification process in the field,” Ormiston said.

False imprisonment

In an interesting case in the Netherlands, the judicial system discovered that people in prison are not always the people who were actually convicted of the crime. “In many cases, the person who committed the crime has paid another person to serve their sentence for them,” Ormiston said.

“In a landmark process there has been the implementation of a total identity check chain within the area of justice. This process starts at the time of the arrest of the perpetrator of the crime, followed by the booking procedure; sentencing of the criminal; his/her incarceration and finally, the release of the criminal (if applicable) from prison,” Ormiston said. The system thus ensures that the person who leaves the prison is the one who actually committed the crime. “This effectively forces the police, justice (courts) system and prison authorities to all work together to make sure this type of identity fraud is eliminated in the early stages and counteracted in the future.”

The solution used by the Netherlands Police is fingerprint identification coupled with a high-quality picture of the person and alphanumeric data.

North Carolina refines driver’s licence verification

In the USA, an individual’s driver’s licence is virtually their internal passport to overall identification. This single-card system simplifies the problems associated with multiple identification documents, but is also open to abuse.

The authorities in the state of North Carolina decided that drastic action was needed to counter the ongoing and increasing proliferation of identification fraud. “They had determined that in the majority of cases, their solution was just not secure,” said Ormiston. “This was attributed to three weak spots – the authenticity of the card itself, the back office processes, and the printing process end result.

“It was virtually impossible to determine a card’s validity so new technology is being introduced to eliminate past failures. It starts with the capture of multiple 2D images of the person, which are printed onto the driver’s licence or ID card in a patented laser 3D manner. All printing is centralised in order to ensure complete security and compliance of the technology,” Ormiston explained.

Centralisation of all commodities also involved in the production of the polycarbonate cards means that there are no longer missing or unaccounted-for cards. “A centralised infrastructure has also been introduced to further enhance the verification and authenticity process, which ultimately results in the production of valid and unique driver’s licences which are also de facto ID cards in the US,” Ormiston added.

By using facial recognition technology to eliminate duplicate applications for every card issued, the North Carolina authorities are able to ensure that the whole end-to-end process guarantees unique driving licences. “The system was additionally linked into other stakeholders, such as the credit reference bureaux, to afford full transparency in the validation of supporting information within the application process,” Ormiston said.

Facial recognition versus fingerprinting

Ormiston said that fingerprint technology has matured over the past 30 years to a point where it is 99,99% accurate and as such is understood and accepted on a government level. “Some countries in the world still rely solely on fingerprints for verification and validation of identity. However, they are missing a huge opportunity to provide more finite validation of identity if they discard biometric facial recognition out of hand. Together, the two processes provide a virtually foolproof means of verification and authentication without the need for human intervention.”

Facial recognition is still an emerging technology, but although it is still not able to achieve the same levels of accuracy that fingerprint (and more lately, palm print) technology is producing, the results are increasingly pleasing. “Facial recognition was introduced about 15 years ago and, especially in the last five years, we have seen huge advances in the accuracy of facial identity and a greater understanding of what this accuracy actually entails,” Ormiston said.

“At the end of the day accuracy of identification is of the utmost importance since a false identification could have very negative consequences for the parties concerned. There are certain elements which make facial recognition more accurate and these include high-resolution images; a complete image of the face; minimal ageing differences between an original picture and the current live image; and a straight-on camera angle. Together, these factors will allow for accuracy of 80% and above.”

With the increasing sophistication of cameras, it is now possible, though certainly not preferable, for identification to be achieved on partially hidden or angled faces.

Ormiston cited a current airport project as a challenging example of facial recognition. “The authorities were often presented with no passports or travel documents on passengers arriving at the border. In order to alleviate this, the management decided to use video image capture. This entails a video image being taken when the traveller exits the plane and it is compared to a high-quality image taken at the border,” said Ormiston.

She said this system works extremely well. “This solution allows you to quickly and efficiently identify these people through video data captured as they leave a plane and then again when they try to cross the border.”

Facial recognition using mug shots and video footage of crime in retail centres recently exhibited its potential for huge success in a trial where half a millon face images were captured and analysed. “A total of 44 crimes, some of which were violent, were solved in this trial. This provides the industry with a huge incentive to continue developing and refining such systems,” Ormiston said.

Standard or classic and on-the-fly facial recognition

According to Ormiston, border control in South Africa currently involves the use of an infrared camera on entry. “There is potential for the authorities to use automated gate technology. This would very effectively eliminate queues as a match would be made using on-the-fly facial recognition on people while they continued walking over a distance of less than 2,5 metres. Once they reach the gate, as long as their identification is verified from facial images stored on their visas and/or passports, the solution would allow the gate to open on acceptance of the identification.

“Many existing deployments of automated gates worldwide have used Standard or Classic technology where the traveller needs to ‘stop-stand-look’ at a camera, however, face-on-the-fly technology eliminates this need. Obviously, either method is ideally used with biometric fingerprint technology to ensure a double-check validation,” said Ormiston.

She pointed out that in this way one border guard could monitor up to six gates and his extra time could be spent looking for behavioural cues. “Behavioural analysis is becoming very popular and involves a watcher or spotter (in this case, the border guard) analysing body language and other visual cues of people in customs queues. If he feels their behaviour warrants further investigation he could then pull people out of the queue for closer examination and/or questioning.”

Apart from the time saving attributes of a combined facial recognition and fingerprint system, there are other tangible advantages over the typical identification by a border guard. A border guard’s duties involve asking himself:

(1) Do I know this person (are they the same person as exhibited in their visa/passport)? and

(2) Do I want this person to enter my country? Since there are over 300 types of valid passports within Europe, along with a variety of security features, this leaves positive identification open to subjective analysis.

“We are also assuming that the border guard is technically capable of recognising an identity document as being false. A number of interfering factors, such as a natural inability to recognise the differences between persons of differing races, as well as his own personal state of mind on a particular day can have a major negative contributing influence on the eventual outcome. Automated gates do systematic checks on every passport, so there is absolutely no discrimination between people. This is an emotionless and fatigue-free system that results in increased security and reduced processing time,” Ormiston concluded.

Information sources: www.nws-sa.com; www.edri.org; www.morpho.com

Share this article:

Further reading: