Biometrics Slouches Toward the Mainstream

Biometric systems are getting cheaper, but accuracy and acceptance kinks remain

September 04, 2002 — CSO — With face recognition systems turning up in airports, palm geometry scanners installed at "secure" Exodus hosting facilities, and Panasonic selling the Authenticam iris recognition system for less than $200, biometrics have finally moved from the laboratory to the marketplace. Indeed, the International Biometrics Group pegs the market at $524 million in 2001, growing to $729 million in 2002. But if you screen out the hype, you'll soon discover that few of those applications have progressed beyond technology demonstrations and early adopters. Having lived with a voice-print lock on my front door for seven years, I have a few words of advice to CSOs: Step slowly when deploying biometric systems within your organization. Instead of using biometrics to let people log in to their computer systems, start by using them to control physical access to buildings and high-security areas. Finally, make sure that you have a backup for when the system fails—because eventually, it will.Fingerprints EverywhereAs the name implies, biometrics involves measuring the human body. In theory, any aspect of the body that is different for each person and that can be consistently measured can serve as a unique identifier. In practice, the biometrics being deployed can be packaged into readers costing $300 or less, which today means principally fingerprint-, iris- or voice-recognition systems.

Automatic fingerprint identification systems have been used with great success by law enforcement agencies since the 1980s. Fingerprints are by far the most widely used biometric today, and the most widely respected. Most people take it as a matter of faith that each person has his own unique fingerprint and that a computer can rapidly search out one person's fingerprint from a database of millions. Indeed, we have become so enamored with the concept of fingerprints that the word is popping up all over: DNA-based identification systems are known as DNA fingerprinting; and the MD5 message digest code is commonly referred to as the fingerprint for a file.

But it's important to realize that the fingerprint systems that have been developed and refined for law enforcement are not the fingerprint readers that are making their way onto desktop computers. Law enforcement agencies use trained technicians to record fingerprints with ink and paper on 10-print cards; those cards are then digitized using an optical scanner and analyzed using proprietary algorithms. Pen-and-ink systems obviously can't work in a corporate desktop environment, so a number of companies have tried to create so-called "live-scan" readers that will scan a fingerprint directly from a finger into the computer. The catch: Those readers don't work for everybody. "Many live-scan fingerprint readers have a hard time getting a good fingerprint on, for example, people who have dry skin," says Charles Wilson, a biometric expert at the National Institute of Standards and Technology. Those readers can also fail with thin skin or shallow ridges—traits common among the elderly. Depending on the reader, roughly one person in 1,000 may not scan successfully.

1 2 3 »

RESOURCE CENTER

buy a link »

VIRTUAL CONFERENCE

Data Center Directions Virtual Conference

Attend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.

» Learn more and register here

WEBCAST

Safeguarding the New Currency of Business

Watch this webcast to learn how your organization can leverage PricewaterhouseCoopers' Global Information Security Survey 2008, the world's largest survey on privacy and infosec practices.