Using Biometrics|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Using Biometrics
It was in 1933 that A. Edward Sutherland's film International House was released featuring the great W.C.Eields and a host of stars. Like the majority of W.C.Fields extravaganzas this delightful piece of cinema was way ahead of its time, pioneering many elements of current film making technique and, among other things predicting long range live television.
We all suspected that this technology was inevitable and would probably be commonplace sooner or later, but somehow it was not quite there. A chocolate dessert just a shelf too high for us to reach. This is not dissimilar to how biometric verification was viewed by many at the start of this decade. We all agreed that this was the way to go. After all, surely the technology offered considerable benefits when compared to conventional personal identification techniques such as access tokens, photo I.D. cards and the like? Abraham Lincoln once said 'common looking people are the best in the world, that is the reason the Lord makes so many of them'. The trouble is they are damn difficult to tell apart, especially if they have a vested interest in remaining incognito. Biometric verification techniques provided a potential solution to a long standing problem in this respect.
Why then, in this fast moving world of technological innovation has it taken so long for biometric verification to be utilised in mainstream applications? Was it perhaps portrayed clumsily by the security industry? Did they lead us to expect too much from what was an emerging technology? That other great man of the cinema, Jacques Tati would have made the perfect biometric demonstrator in those formative days. One could imagine him proudly and solemnly presenting the latest biometric device, which would of course fail immediately. Monsieur Tati would have been able to improvise on the spot and salvage the situation, probably with considerable panache. Unfortunately, not many security industry personnel had his sense of style.
The truth is, early implementations of biometric technology were far from the perfect solution that many expected them to be. With hindsight, this was partly because expectations had been raised too high by over enthusiastic industry claims and partly because, like any emerging technology, there was a learning curve, especially in the areas of ergonomics, user response and consistency.
Nowadays we have the benefit of practical experience and continued refinement over time with several products turning in excellent performance figures coupled to relative ease of use and integration. In addition, costs are a lot more realistic and biometric readers represent a viable alternative to token technology in many instances. However, we are not out of the woods yet and I believe we will see continuing rationalisation and development in coming years, possibly with greater integration into other sub systems and applications.
Should we implement biometric systems now?
Certainly. There are very real benefits to be realised across a variety of application areas in a cost effective and relatively straightforward manner. Existing systems in immigration, law enforcement, physical and logical access control, time monitoring and other areas have proven the concept beyond doubt. Whilst it is still a relatively low profile technology outside of the immediate industry, public awareness is considerably greater now than it was a decade ago and many initially perceived user objections have weakened with the passage of time. Everyday users are often intrigued to find that the technology actually works, is not difficult to use and does not steal their souls.
How do we choose a biometric system?
Different technologies may suggest themselves for different applications depending upon perceived user profile, the need to interface with other systems or databases, environmental conditions and a host of other parameters specific to the application at hand. Whilst there are some obvious areas of application for certain technologies, it is probably wise to seek specialist advice in this context and independent bodies such as The Association for Biometrics would represent a good starting place for the newcomer to this technology. Similarly, there are existing publications and software tutorials to guide the potential user or systems integrator. Biometric parameters such as hand geometry, fingerprint scanning, iris scanning, voice verification, retinal scanning, signature verification and others are all well established with their own particular characteristics which will suit different circumstances and applications accordingly. Their practical performance might in many instances be better than you supposed, with the cost of implementation realistic in comparison with conventional methods such as token technology.
How do they work?
By sampling an individual physiological and / or behavioural characteristic such as hand geometry, voice pattern, or the way we write our signature and creating a unique template against which the user will be verified in subsequent transactions. Typically, three or more samples are taken at time of enrolment and averaged to produce a reliable template for the individual in question. The storage requirement for this template varies between nine bytes (in the case of hand geometry) and around one thousand bytes, making it feasible to store large numbers of templates in standard memory media, or indeed, incorporate the template on a token of some description. The majority of available products are verification systems. This means that the user is verified against a single template which he or she claims is theirs. Biometric identification is another kettle of fish altogether, where the system seeks to identify the individual from a list of templates held in a database.
This is an important distinction with interesting implications and only a few systems currently offer this facility. However, the potential biometric user must ask what he is trying to achieve when considering this point. In many cases biometric verification will probably be appropriate, unless we are searching for multiple enrolments of the same individual or wish to use the template as search criteria for other reasons. But when designing a system, should we be placing the emphasis on the front end, or should we be considering the system as a whole? What happens behind the identity verification? Should we be planning for today_s immediate requirements only or should we allow an open systems approach in order to accommodate future requirements and advances in technology?
A criticism sometimes levelled at the security industry is that of developing closed loop proprietary systems which to all intents and purposes remain static in their functionality, especially regarding potential interfaces to other systems. It is unlikely that such a software programme from one of the security vendors would answer all requirements across all applications, and yet we continue to see this approach. The alternative has often been bespoke solutions created at significant cost in order to tackle a particular requirement, often with their own set of teething troubles.
This is unfortunate as advances in parallel areas of technology are beginning to provide for a truly modular open systems approach, utilising standard tools which will be found in the majority of corporate IT departments. Take operating systems and networking for example. If there is an identifiable trend towards hardware platforms, operating systems, local and wide area networking, display characteristics and other disciplines within corporate IT, then surely it makes some sense to utilise these standards wherever possible, providing a familiar environment for the end user. If we additionally incorporate standard data formats and links, then we have the basis for a flexible open ended approach to our security and related applications. This is becoming easier as we witness the trend towards strategic alliances in the IT industry aimed at promoting compatibility at both software, hardware and comms levels. An example of this is the recent alliance between Compaq, Novell and Microsoft to provide a particularly cost effective and stable networking environment using the PC as a platform and Windows NT as the core operating system. This is good news for the systems developer who can utilise these standard tool sets to good effect.
So how does this bode for the future of biometric and related applications? Well, lets consider the constituent parts of a typical system. We have the user interface at the reader or data acquisition point, the communications sub system which will probably include a degree of distributed intelligence and processing, the control and programming interface which may be at a central, or possibly multiple points, and the main software engine. Given the importance of these last two parameters it would seem to make sense to incorporate as much commonality and flexibility as possible, providing for a familiar and intuitive interface whilst allowing interaction with other systems and formats where applicable. The software is in fact the heart and brains of the system, utilising a variety of peripheral devices and technologies as necessary to suit the application. It is in this area where one foresees future advances and benefits, particularly in areas of integration. It is likely for example that digital imaging technology will sit side by side with biometric verification technology in many instances. In turn, both of these might require interaction with existing databases and report generating methodology. They might all be subject to standard communications protocols. The peripheral components such as biometric readers, imaging devices and in/out controllers will develop in their own right and at their own pace. The user may choose different technologies in different areas of application in this respect, all interfacing to a common master system, providing of course that their exists a suitable degree of compatibility.
Another opportunity for integration in the context of personal I.D is the portable token or badge. Egbert Souse (accent grave over the 'e') in The Bank Dick might have had an I.D. card incorporating a digitally produced photograph on the front, together with a signature, company logo and other information. On the reverse, a data storage area, possibly 2D bargraph or similar, would contain at least one biometric template together with the encrypted photo and / or signature in machine readable format. The token itself might be dual technology allowing its use as a conventional access control token where applicable. The esteemed Mr.Souse would now enjoy verified access control into confidential facilities down at the bank together with a positive and secure personal I.D. format in case certain little girls decided to bounce rocks off of his head, necessitating a trip to the infirmary. Far fetched? Not at all, this is perfectly feasible right now, utilising available and cost effective technology. The controlling software would integrate all the required functionality to run the system, produce the tokens, co-ordinate the imaging requirements and so on. But why stop there? If we have a communications network, input/output devices, image processing and standard software controls, perhaps there are other things we can achieve utilising these elements within a typical corporate environment.
Visual verification of events whether security related or otherwise might usefully be incorporated, as might point monitoring for both security and building management purposes. The ability to programme automated responses to certain exceptional conditions. Energy management. Personnel management. A low cost corporate visual communications system. All of this and much more might be provided via a simple tool set utilising standard contemporary IT technology. Perhaps we should blur the lines a little between traditional security system methodology and the broader based IT requirement, utilising the best of both worlds to provide scaleable open systems which can be tailored as appropriate without incurring high costs of obsolescence or redundancy.
Biometric technology viewed in isolation is interesting enough. When viewed as a complimentary part of a larger system tool set, we can foresee a considerable upsurge in its implementation. Perhaps we have been looking too closely at the individual reading technologies and not closely enough at the broader application picture. If we re-made International House today, we would maybe depict the use of a common biometrically verified identity token being used across a variety of systems and cultures. Standard individually addressable devices would control everything in our corporate environment via intuitive user interfaces and a common data bus. Visual communication would be the norm and the Internet would contain useful information. Mind you, Cab Calloway would still be playing the same tune and we could never replace dear W.C.Fields.
