In this article:
Attention enterprise security leaders: Biometrics, including face and voice recognition, are not only getting better but better integrated with other security technologies and mobile devices to provide higher security, more convenience or both.
Shaking off yesterday’s reputation as an expensive headache, these new-age solutions have gained increased respect thanks to government, financial and even consumer uses as well as developments outside the United States, where – for numerous reasons – integrated biometrics is more accepted.
Fabrizio Vargas, for one, has his fingers on typical biometrics. His firm, Itautec, the influential Brazilian manufacturer/integrator of consumer electronics, banking and retail automation, is now deploying the first 12,000 of a 33,000-unit ATM network with Lumidigm’s multispectral fingerprint readers for one of Latin America’s largest private banks. The biometric fingerprint readers minimize the problems of ID theft and reduce waste, fraud and abuse prevalent with PIN-accessed ATMs.
The multinational bank had concerns that multiple identities were being employed by some people within their banking system. The organization needed a way to ensure that each person had only one identity and provide all customers with secure access to their accounts. A biometric would solve both challenges. To be successful, high reliability was critical at the ATMs because their use is not typically supervised; there may not be a person on hand for customers to consult if there is a problem with a transaction. “The system must work each and every time in order to provide the level of security and performance demanded by banking customers. This deployment is leading the way in showing the world’s banking community how to take the next step in providing convenience to their customers and security for themselves,” says Vargas.
Also in Brazil, its second largest state-owned bank, CAIXA, via partners Diebold, supplying the ATMs, and Griaule, with its supporting software, uses Lumidigm fingerprint readers within that nation’s Bolsa Família Program, which provides payments to low income families to help keep their children in school. Biometrics in this case is as much a convenience as a security effort. Many users in the program do not have bank accounts and use the ATM only once a month to get their stipend. As such, they often forgot their passwords, and bank managers were spending too much time resolving getting PINs renewed or changed. CAIXA has more than 58 million registered customers.
But integrated biometrics has gone beyond, way beyond the typical.
Take what Noah Heinle and Michael Starosciak of Datamatics Management Services call Total Control Security Access. Starting with the relationship between their firm and ZK Technology, Datamatics developed proprietary firmware installed on ZK’s biometric readers. The firmware allows TC-1, Datamatics’ time and labor management software system, to control and communicate with ZK’s biometric readers.
TC-1, which has been evolving since the early 1980s, included an access control module. Datamatics took the basis for that access control module and transformed it into a standalone system – Total Control Security Access.
The solution can go beyond. ZK’s biometric readers are installed on an enterprise’s doors, safes, machines and other equipment. Managing the readers, controlling access, setting up alerts and running the reports are done remotely using a standard Internet connection and the software, says Heinle. The software can control one single location, or a chain with thousands of locations.
Because of the ability of the solution to go just about anywhere, there also is a ZK reader for outdoor use, adds Starosciak.
Along with the ease of remote access management and identity, the real-time reporting is what sets the system apart, contends Heinle. Data collected by the biometric readers can be reviewed in real-time, allowing enterprise security leaders to know what “event” happened, where it happened, when it happened and for how long it happened. Security can also have text message alerts sent out instantly whenever suspicious activity occurs.
In another unique biometrics solution, integrator Stanley Convergent Security Solutions is the exclusive distributor for Eyelock Corporation’s iris recognition technology. According to Blaine Frederick, product manager, biometrics and integration, the in-motion capable solution identifies people walking to it at doorways and turnstiles, for instance, and in such high-throughput environments, processing from 20 to up to 50 persons a minute.
Like other biometrics approaches, there is an enrollment process. “But this can be hosted or a closed network enrollment,” adds Frederick, who contends that iris identification is the most unique among biometric choices and “the most stable of all biometrics.”
Using a megapixel camera mounted in a reader that has special near infrared lights, the system can capture, enroll and then recognize iris patterns in just a few seconds. The camera/reader combo can mount at eye level in conjunction with turnstile over a door portal. In a typical facility walking entrances, the integrated biometric solution untypically allows a person to just glance up as he or she enters.
For the nay-sayers, eyeglasses and sunglasses (except for polarized sunglasses) don’t slow down the entrance.
The approach also can scale up or down. One iris recognition reader is not much larger than a set of goggles and a USB-connected unit aims at iris-based network access control.
Another “beyond” is so-called behavioral analytics tied to video surveillance.
One leading source, BRS Labs, has garnered attention by a number of municipalities for citywide surveillance programs with the aim to proactively identify unusual behavioral activities and notify security and law enforcement staff of the potential threats. BRS Labs’ software attaches to existing video surveillance infrastructure to watch, learn and identify unusual behavioral patterns in real-time. The idea is to go beyond setting rules to more of a system that can “learn” from its image environment.
When it comes to emerging biometrics approaches that can link into the security mission, voice recognition may be more of a way to control a security system than to securely identify a person. It’s basically the process of taking the spoken word as an input to a computer program.
Most voice recognition systems are discrete word systems, and these are easiest to implement. For this type of system, the speaker must pause between words. This is fine for situations where the user is required to give only one word responses or commands, but is very unnatural for multiple word inputs. In a connected word voice recognition system, the user is allowed to speak in multiple word phrases, but he or she must still be careful to articulate each word and not slur the end of one word into the beginning of the next word. Totally natural, continuous speech includes a great deal of “coarticulation,” where adjacent words run together without pauses or any other apparent division between words. A speech recognition system that handles continuous speech is the most difficult to implement.
But Siri has made a big impact.
Siri is an intelligent personal assistant and knowledge navigator which works as an application for Apple’s iOS. The application uses a natural language user interface to answer questions, make recommendations and perform actions by delegating requests to a set of Web services. In a biometrics way, Apple claims that the software adapts to the user’s individual preferences over time and personalizes results, and performing tasks such as finding recommendations for nearby restaurants, or getting directions.
Another evolving biometrics is facial recognition, identifying or verifying a person from a digital image or a video frame from a video source. One of the ways to do this is by comparing selected facial features from the image and a facial database. It is typically used in security systems and can be compared to other biometrics such as fingerprint or iris recognition systems. However, a recent Apple patent application concerning face recognition technology suggests an interesting security update for iOS. And that could be just the beginning of what the technology might enable for consumers and then, possibly, for enterprise security.
The patent, “3D Object Recognition,” describes a way to generate 3-D models using 2-D images. The technology uses multiple photos or video to create a 3-D representation of a user’s face. With this 3-D representation locked in, it could then be compared, on the fly, to a 3-D representation built in real-time from a 2-D image captured from a security camera or a consumer’s phone.
The patent concedes there are challenges in facial recognition technology in system security. Variations in ambient illumination and face positioning can make it difficult to reliably match source images to real-time camera images. Apple suggests a “get around” the lighting roadblock by analyzing features like corners and other spatial points of reference rather than performing direct image correlation or comparisons of image parts. As for the positioning issue, it can be resolved by using multiple images for a security system’s source material.
Internet protocol also impacts biometrics.
Biometrics also is integrating with mobile devices.
For example, early this year, Iris ID Systems engineered interoperability between its IrisAccess platform and NFC-enabled BlackBerry smartphones equipped with credential technology for HID Global’s iCLASS platform. This is a key step toward adding biometrics capabilities to NFC-enabled smartphones.
According to HID Global, the same benefits associated with storing biometric templates on physical smartcards also apply to the mobile access control model. Next-generation mobile access platforms enable users to implement biometrics templates in the same way they do with traditional physical credentials, with the added convenience of being able to carry them in their smartphones. For instance, just like a traditional credential, a smartphone can carry credentials that securely store biometric templates, such as those for iris recognition. These credentials can be presented for authentication by simply holding the NFC-enabled smartphone in front of an iris recognition camera. A variety of biometric templates can be securely stored in the digital credential, including fingerprints, hand geometry or vein patterns.
The mobile access control model also makes it easier for organizations to deploy and manage biometric security and other multi-factor authentication applications. For instance, in situations requiring extra security, two-factor authentication could be dynamically turned when intelligence leads to an elevated threat level. An application can easily be pushed to the phone that requires the user to enter a 4-digit PIN, perform a gesture swipe on the phone or present biometric data within the phone to a reader before it sends the message to open the door. Multi-factor authentication becomes a contextual, real-time managed service.
This article was previously published in the print magazine as "Biometrics? Time to Go Beyond – Video, Face, Voice and More."
Taking a Bite Out of Biometrics
While diverse people have diverse definitions of biometrics, here is one call from HID Global.
It is generally accepted that organizations can increase the probability that an individual presenting a card at a reader is the same person to whom the card was initially issued if multiple factors of authentication are used, including something the person has (e.g., a card), something the person knows (e.g., a password), and something the person is (e.g., a biometric). Ideally, the use of all three factors is best, although adding just one additional factor can also be effective. Where higher levels of security are required, the use of biometric readers insures that the person presenting the card is actually the same person that was issued the card. In other words, the only way to trust the identifier is to know that it represents the person that is presenting it.
Biometrics works to authenticate identity by measuring and verifying an individual’s unique physical characteristics, such as fingerprints, hand and face geometry, or patterns found the eye’s iris. Since these identifiers can’t be borrowed or stolen, biometrics provide identity authentication with a strong degree of confidence. In other words, biometrics verifies the binding of the card holder to the card, using something that can’t be shared and is only possessed by the person to whom the card was issued. In addition to being unique to each individual, biometric data is impossible to forget, lose or steal. Compared to conventional identification methods, biometric technology offers enhanced security as it does not rely on passwords, pin codes or photographic ID, and it is too complex to forge, thereby creating a strong link between the person and their digital identity.
The technology is either a verification system or an identification system. A verification system checks a biometric presented by a specific person against the biometric already in the database linked to that person’s file. These are usually described as one-to-one matching systems, which require a sensor on the front end and a matching system, located remotely in a data center, on the back end. Identification systems are often referred to as one-to-many systems because they seek to identify an unknown person or unknown biometric. In this scenario someone new comes across the border, and there is no record of that person in the system. These types of systems require a middle tier, sometimes called the transaction management level, which seeks to match a biometric to existing records or which sets up a new file if none is found.