TechRepublic.com, July 6, 2010, by Tom Olzak – Biometrics has received a lot of bad press during its short life.
Fingerprint technologies have issues many businesses, and security professionals, would rather not deal with. And then there is the cost. So is there a technology that may provide security, involve low maintenance costs, minimize management headaches, and is acceptable to users?
Fingerprint technologies have issues many businesses, and security professionals, would rather not deal with. And then there is the cost. So is there a technology that may provide security, involve low maintenance costs, minimize management headaches, and is acceptable to users?
The problem with fingerprints
Fingerprint scanning solutions promised a panacea for the tired and embattled password. Either as a standalone solution or as a supporting second-factor for authentication, use of a fingerprint is superficially a great idea. However, the years have shown that early implementers faced challenges still present today:
Sensors cost money. This is okay if they work as advertised. However, the remaining bullets represent hidden costs in addition to those of software and hardware.
Users must touch the sensor. In a manufacturing or other environment with impurities in the air and on hands, the sensor quickly becomes unusable. If not unusable, then it is often frustrating to users standing in line while people in front of them try repeatedly before getting a positive response from the system. Further, today’s user is cognizant of the risks associated with touching something used by others. No one knows where the finger has been nor whether a previous user is suffering from a disease capable of hand or other surface transmission. And even if the risk is actually low, user perception may not agree with management’s acceptance of it.
And then there is the security issue. Time and again individuals have demonstrated how to “fool” a fingerprint system. Yes, there are solutions with a very high resistance to such attacks. But how many businesses are willing to spend the premium required to upgrade?
There are other issues with fingerprint biometrics, but these will suffice to show why it has disappointed us.
The promise of iris scans
The solution to these issues seems to be a technology that has been around for some time: iris scans. It addresses the provided list of challenges with decreasing management costs, user resistance, and increasing accuracy. Before demonstrating the benefits, let’s look at how iris scanning works.
As shown in Figure A (howstuffworks.com, courtesy of Iridian Technologies), the iris is the colored portion of the eye. It is as individual as a retina or fingerprint. Unlike the retina, which lies at the back of the eye and requires a more intrusive scan, the iris is easily scanned with simple camera technology.
Figure A
Scanning the iris requires no physical contact with the sensor. As shown in Figure B (Gearfuse.com), an individual simply stands within defined proximity and an image is collected and analyzed.
Figure B
The technology used for the scan is typically the same used in digital cameras. And as the technology improves, so does the effectiveness of iris scanners. Today, iris scans are as accurate as finger or hand geometry scans.
Finally, the nature of the technology resists counterfeiting. Is it impossible to defeat it as an access control? Nothing is impossible. However, the level of effort required today is very, very high.
Finally, the nature of the technology resists counterfeiting. Is it impossible to defeat it as an access control? Nothing is impossible. However, the level of effort required today is very, very high.
Still has challenges
As the old adage tells us, nothing is perfect. There are still barriers to wide acceptance of iris scanning as a complete business replacement for other types of biometrics:
The cost is high. The reader shown in Figure B is listed at over $2400. This is a big jump over most fingerprint solutions.
The sensors are somewhat cumbersome to place on a user’s desk for second factor for system login. Although many vendors do supply a USB cable for PC connectivity, this technology looks like it will be relegated to physical security applications in the short term.
The future of iris scanning
Regardless of the challenges, the popularity of iris scanning—and its cousin, facial recognition technology—is growing. This is particularly true in physical security applications, like those used at some airports and government installations.
To process large numbers of individuals, a biometrics solution must be fast and non-intrusive. Products like Sarnoff’s Iris On the Move (IOM) (video) allows the scanning of up to 30 people per minute from a distance of several feet. The scanned individuals do not even have to stop. Compare this with an expected throughput of 10 to 15 people per minute with high-end hand or fingerprint scanners.
No-contact scanning is the future of biometrics. Iris scanning is positioned to take a central role.
As the old adage tells us, nothing is perfect. There are still barriers to wide acceptance of iris scanning as a complete business replacement for other types of biometrics:
The cost is high. The reader shown in Figure B is listed at over $2400. This is a big jump over most fingerprint solutions.
The sensors are somewhat cumbersome to place on a user’s desk for second factor for system login. Although many vendors do supply a USB cable for PC connectivity, this technology looks like it will be relegated to physical security applications in the short term.
The future of iris scanning
Regardless of the challenges, the popularity of iris scanning—and its cousin, facial recognition technology—is growing. This is particularly true in physical security applications, like those used at some airports and government installations.
To process large numbers of individuals, a biometrics solution must be fast and non-intrusive. Products like Sarnoff’s Iris On the Move (IOM) (video) allows the scanning of up to 30 people per minute from a distance of several feet. The scanned individuals do not even have to stop. Compare this with an expected throughput of 10 to 15 people per minute with high-end hand or fingerprint scanners.
No-contact scanning is the future of biometrics. Iris scanning is positioned to take a central role.
Biometric Technology
Iris recognition is a biometric identification system that requires a high-resolution picture of the irides of the subject’s eye. Pattern recognition software is then used to match that picture against future iris scans
Biometrics Technologies Measure Up
Biometrics technologies have come a long way from a slow start in the early 80s. Now they can be found almost anywhere and soon, almost everywhere.
Eye Scanners
Iris scanning technology was first thought of in 1936 by ophthalmologist Frank Burch. He noticed that each person’s iris – the part of the eye that gives color – is unique. It wasn’t till 1994 when the algorithm for detecting these differences was patented by John Daugman of Iridian Technologies
.
Iris scans analyze the features in the colored tissue surrounding the pupil. There are many unique points for comparison including rings, furrows and filaments. The scans use a regular video camera to capture the iris pattern.
The user looks into the device so that he can see the reflection of his own eye. The device captures the iris pattern and compares it to one in a database. Distance varies, but some models can make positive identification at up to 2 feet. Verification times vary – generally less than 5 seconds – but only require a quick glance to activate the identification process.
To prevent a fake eye from being used to fool the system, some models vary the light levels shone into the eye and watch for pupil dilation – a fixed pupil means a fake eye.
Biometrics technologies have come a long way from a slow start in the early 80s. Now they can be found almost anywhere and soon, almost everywhere.
Eye Scanners
Iris scanning technology was first thought of in 1936 by ophthalmologist Frank Burch. He noticed that each person’s iris – the part of the eye that gives color – is unique. It wasn’t till 1994 when the algorithm for detecting these differences was patented by John Daugman of Iridian Technologies
.
Iris scans analyze the features in the colored tissue surrounding the pupil. There are many unique points for comparison including rings, furrows and filaments. The scans use a regular video camera to capture the iris pattern.
The user looks into the device so that he can see the reflection of his own eye. The device captures the iris pattern and compares it to one in a database. Distance varies, but some models can make positive identification at up to 2 feet. Verification times vary – generally less than 5 seconds – but only require a quick glance to activate the identification process.
To prevent a fake eye from being used to fool the system, some models vary the light levels shone into the eye and watch for pupil dilation – a fixed pupil means a fake eye.
ris scanners are now in use in various military and criminal justice facilities but have never gained the wide favor that fingerprint scanners now enjoy even though the technology is considered more secure. Devices tend to be bulky in comparison to fingerprint scanners.
Retinal scanners are similar in operation but require the user to be very close to a special camera. This camera takes an image of the patterns created by tiny blood vessels illuminated by a low intensity laser in the back of the eye – the retina.
Retinal scans are considered impossible to fake and these scanners can be found in areas needing very high security. High cost and the need to actually put your eye very close to the camera prevent them from being used more widely.
Retinal scanners are similar in operation but require the user to be very close to a special camera. This camera takes an image of the patterns created by tiny blood vessels illuminated by a low intensity laser in the back of the eye – the retina.
Retinal scans are considered impossible to fake and these scanners can be found in areas needing very high security. High cost and the need to actually put your eye very close to the camera prevent them from being used more widely.
Face Recognition
Never forget a face? Why? Because each persons face is unique – enough so that this new technology promises to change they way people are identified. It also has some serious ethical and privacy concerns.
Unlike the other technologies mentioned that require the user to participate actively, this technology can do everything without you ever being aware of its presence.
It works by taking a picture of your face and comparing things like the distance between your eyes, the width of your mouth and up to 50 other defining facial traits. It then searches a database for matches, displaying those that are similar or exactly equal to an operator.
During the 2000 Olympics in Sidney, Australia, police identified two drug traffickers from Mexico wanted in the US. They followed them to the airport then alerted US authorities who picked them up when their return flight made a refueling stop in Hawaii. They had been traveling with high quality faked papers, so were quite surprised when the FBI led them off in cuffs.
The suspects had unwittingly stumbled into the police’s hands during a visit to the main sports arena. Australian authorities had just installed a face identification system in order to thwart possible terrorist attacks. They loaded the system with all known terrorist’s and criminal’s photos from a huge database. When the drug traffickers passed through the gates – they, along with hundreds of thousands of others, were imaged and identified.
This same technology is used by London police to identify known criminals in commercial areas like malls. Large retail chains have also been using this technology to spot shoplifters although some have removed it after privacy advocates and customers objected.
Recent studies have shown that even in optimal conditions these systems, which are still being developed, have failure rates of close to 40% making them unsuitable for primary identification without some other form of verification.
However, their ability to work with existing digital and CCTV surveillance systems makes them attractive retrofits. Just install a computer with the face recognition software and photo database, connect it to your cameras and your ready to identify possible malefactors.
More reliable systems are available using stereoscopic cameras. Two or more cameras work together to construct a 3D image in a computer. This allows for more facial features to be cataloged thus greatly reducing error rates. It does, however, require active participation from the users to get original pictures for the database – for the time being. Future models will no doubt be able to take pictures from behind two way glass.
Errors caused by camera angle and poor image quality, however, require more investment and care in camera placement. Most systems can deal with things like hats, sunglass and acute image angles, but they increase the possibility of false identification.
Privacy advocates cite 4th Amendment protection against unreasonable search and seizures. Law enforcement agencies say it’s just an extension of their own observational powers and an unobtrusive way to identify people.
PhysOrg.com
Unlike the other technologies mentioned that require the user to participate actively, this technology can do everything without you ever being aware of its presence.
It works by taking a picture of your face and comparing things like the distance between your eyes, the width of your mouth and up to 50 other defining facial traits. It then searches a database for matches, displaying those that are similar or exactly equal to an operator.
During the 2000 Olympics in Sidney, Australia, police identified two drug traffickers from Mexico wanted in the US. They followed them to the airport then alerted US authorities who picked them up when their return flight made a refueling stop in Hawaii. They had been traveling with high quality faked papers, so were quite surprised when the FBI led them off in cuffs.
The suspects had unwittingly stumbled into the police’s hands during a visit to the main sports arena. Australian authorities had just installed a face identification system in order to thwart possible terrorist attacks. They loaded the system with all known terrorist’s and criminal’s photos from a huge database. When the drug traffickers passed through the gates – they, along with hundreds of thousands of others, were imaged and identified.
This same technology is used by London police to identify known criminals in commercial areas like malls. Large retail chains have also been using this technology to spot shoplifters although some have removed it after privacy advocates and customers objected.
Recent studies have shown that even in optimal conditions these systems, which are still being developed, have failure rates of close to 40% making them unsuitable for primary identification without some other form of verification.
However, their ability to work with existing digital and CCTV surveillance systems makes them attractive retrofits. Just install a computer with the face recognition software and photo database, connect it to your cameras and your ready to identify possible malefactors.
More reliable systems are available using stereoscopic cameras. Two or more cameras work together to construct a 3D image in a computer. This allows for more facial features to be cataloged thus greatly reducing error rates. It does, however, require active participation from the users to get original pictures for the database – for the time being. Future models will no doubt be able to take pictures from behind two way glass.
Errors caused by camera angle and poor image quality, however, require more investment and care in camera placement. Most systems can deal with things like hats, sunglass and acute image angles, but they increase the possibility of false identification.
Privacy advocates cite 4th Amendment protection against unreasonable search and seizures. Law enforcement agencies say it’s just an extension of their own observational powers and an unobtrusive way to identify people.
PhysOrg.com
