A Look Into: Biometric Technology
This article was first Published on: Feb 26, 2014.
With increasingly more sensitive and personal information being stored on devices nowadays, biometric technology has become more and more important for security, and to ensure that this information doesn’t fall into the wrong hands. The popularity of Apple’s iPhone 5s, with its Touch ID fingerprint scanning technology, should tell you that biometrics is definitely on the rise.
And it’s not just the iPhone 5s either: there were a lot of new tech devices featuring biometric technology at the recent Consumer Electronics Show (CES). And there’s definitely more to come. From smartphones to video game consoles to biometric wristbands, biometric technology is definitely going to make its way to more and more devices over the next few years. Here’s a quick look into the present, and future, of biometric technology.
Golden Rule to Internet Security: Change Your Passwords
This article was first Published on: Feb 26, 2014. With increasingly more sensitive and personal information being stored on devices nowadays, biometric Read more
What Is Biometric Technology?
Biometrics is a form of user identification and access control that uses physiological attributes such as a person’s fingerprints, face and retina in order to identify users. Biometrics can also identify users based on certain behavioral tendencies such as speech patterns and typing rhythm.
Unlike normal forms of access control such as identity cards or PIN numbers, these physiological characteristics are difficult to fake, leading to increased security. These physiological characteristics are also pretty much impossible to misplace, unlike an access card.
Physiological attributes such as fingerprints and retina patterns aren’t just picked at random, though; each of these attributes has to fulfill a number of requirements to ensure that they’re suitable to be used in biometric identification. There are 3 particularly important requirements:
- Inimitable: The attribute must not be reproducible.
- Singularity: The attribrute must be singular and unique enough to diffrentiate one person from another.
- Convenience: The attribute must be convenient to measure and capture.
As far as security is concerned, there are few reasons to prefer traditional password or access card systems over biometrics, except for one problem. With current password systems, it’s easy to provide a new password if the old one is compromised.
However, if a user’s fingerprint or other biometric identifier is somehow compromised, there’s currently no way to “cancel” or “reset” biometrics; after all, there’s no way for a service to issue a user with a new face if their facial recognition data is somehow compromised.
Biometric Technology Today
The most appealing thing about biometrics has to be the way that they might one day replace passwords. Here’s a quick look into some of the ways biometrics are being implemented in consumer devices right now, plus the positives and negatives of each technology when it comes to replacing passwords.
Fingerprint scanning is currently the most common form of biometric technology and, according to Frost & Sullivan, should remain the leading biometric technology for at least the next few years. Fingerprint scanning works by scanning the ridges and valleys on a finger’s surface.
Notable uses of fingerprint scanning in consumer electronics are the fingerprint sensors on the iPhone 5S, HTC One Max and FingerQ’s Q-Case series of smartphone cases. In most of these cases, fingerprint scanning is used to unlock the phone.
Fingerprint scanning definitely fits the criteria for convenience and singularity, but it’s not as inimitable as other forms of biometrics. A perfect example is, of course, how Germany’s Chaos Computer Club managed to beat Apple’s Touch ID.
As the Club pointed out, it’s entirely possible to create a fake fingerprint, as long as a clean fingerprint can be lifted off of a surface. Since we leave hundreds, if not thousands of fingerprints a day, obtaining a fingerprint for this purpose probably isn’t as hard as most of us would like to think.
Iris And Retina Scanning
Retina and iris scanning work on roughly the same principle; iris and retina patterns are unique and this makes them suitable for biometric identification. But where a retinal scan goes deep into the eye to identify users based on their retina pattern, iris scanning identifies users based on their iris pattern, which is visible without deep scanning.
Eyelock’s Myris is an upcoming device that will let you log in to sites and apps simply through iris scanning. Apple also seems to have an interest in iris scanning; if a couple of recent hires are anything to go by, so we may just see iris scanning in an upcoming Apple device.
Both the iris and retina are very much inimitable and singular, with very low false positives and negatives. For instance, Eyelock claims that the chances of a false match with Myris are 1 in 2 trillion. Retina scanning is not particularly convenient, as it requires users to have their eyes extremely close to a dedicated scanning device. This, plus the high cost of retina scanners, makes retinal scanning less desirable for consumer electronics devices.
Iris scanning is a lot more convenient, since it only requires a much more common infra-red camera and can be performed at a distance. One potential issue, though, with both of these methods that the identification accuracy can be effected by medical conditions, eye surgery and alcohol consumption (in the case of iris scanning).
Facial recognition software identifies individuals based on nodal points such as the distance between a person’s eyes, the width of the nose and the shape of cheekbones. Facial recognition is already being used on Facebook, where it’s used to automatically identify people in photos.
It’s also recently made an appearance in both Microsoft’s Xbox One and Sony’s PlayStation 4, both of which use facial recognition to automatically sign users in. Android versions 4.0 and above also come with a Face Unlock feature, which allows users to unlock devices using their face.
One of the biggest issues with facial recognition is that it’s not 100% inimitable. Certain systems are reasonably easy to spoof by simply using a photo of the target. Not all systems suffer from this same weakness though: Google, for example, have patented a liveness test for facial recognition.
Singularity and convenience aren’t huge problems for facial recognition, but the important thing with facial recognition is the recognition software itself. More specifically, it’s important that the software is able to recognise faces under various lighting conditions and when wearing accessories such as glasses or hats.
Voice-based biometric identification isn’t widespread at the moment, but the market is expected to grow within the next few years. Voice recognition, not to be confused with speech recognition, works by identifying characteristics of a person’s voice.
Last year, Authentify launched a mobile security app called Authentify xFA, which links digital credentials with a biometric voice print. In addition, GEO Semiconductor, SpeechFX and VoiceVault launched Granta, a home automation system with voice recognition capabilities.