Eye-dentify yourself

Following the September 11 attacks on the World Trade Centre, airports, defence establishments and corporate offices are scrambling to get their security systems updated. Pin numbers, smart cards and security keys have become outdated. Windows Middle East explores the possibilities of the new word in security — biometrics.

  • E-Mail
By  Vijaya George Published  March 31, 2002

I|~||~||~|In times past, important documents and currency were stored safely in a bank vault. The only real concern was that somebody could break into the bank physically and take them. These days, however, intellectual property and confidential data such as credit card details and business information are stored on personal hard disks and servers. The moment you connect to the Internet, this data becomes vulnerable to security breaches. Any person from any part of the world can break in and access the information on your computer if it is not well secured.

By 2003, over 50% of all small-and-medium businesses using the Internet for more than e-mail will experience hacked websites and computer viruses, states Gartner Group. Credit card details stored on servers of e-malls, and classified personal and business data on local hard disks stand the risk of being viewed and misused by third parties. Moreover, security problems will increase along with the value of data on the Internet, and will reach an estimated $1.3 trillion by 2003, according to International Data Corporation (IDC).

Consequently, there is fear of negative impacts on profit margins and lack of customer confidence. This, in turn, is compelling businesses to re-evaluate their current security measures. Security measures such as PIN number and passwords (something you know) and swipe cards and security keys (something you possess) can be easily bypassed, misused or lost. More companies are, therefore, turning to the possibility of using biometric technologies (something about you) to secure their systems.

Biometrics refers to the use of a person’s physical characteristics such as a fingerprint, hand, face, eye, voice or signature to authenticate his identity. It eliminates inconveniences such as remembering passwords, keying in pin numbers, and carrying swipe cards. With biometrics, all you need to carry to verify your identity is yourself. One of the most commonly used biometric procedures is fingerprint scanning.

A system using fingerprint scanning, for instance, converts your fingerprint into digital data when you put your finger onto a biometric sensor. This data is then stored in a computer database to represent you. In future, access to that particular security area or data will require your fingerprint, which will be checked against the pre-memorised data in the computer database before you are allowed access. This technology is said to enable quick and accurate authentication of an individual’s claimed identity.

||**||II|~||~||~|Consequently, biometric revenues are expected to grow from US $399 million in 2000 to US $1.9 billion by 2005, according to the Biometric group. And revenues currently associated with large-scale public sector usage of biometric technologies are likely to drop from 70% to under 30% by 2005. Instead, finger-scan and biometric middleware will emerge as two critical technologies for the desktop, together comprising approximately 40% of the biometric market by 2005.

A few of these biometric systems have entered the Middle East market as well. And it has not caught just the fancy of corporate offices but individuals as well. A simple, easy-to-use product that uses biometric technology, for instance, is the TravelMate 743LCF (US $2690) from Acer. This notebook has a security software and special sensor built into the palm rest for fingerprint identification. The integrated fingerprint-recognition system restricts access to sensitive data. Moreover, this notebook can store up to 160 fingerprints, with just one system administrator.

Shashank Sharma, business development manager, Acer Middle East recommends that “marketing executives, CEOs, lawyers and people who carry data that is confidential to themselves, their clients or their company make use of this technology.” He cites the example of a manager working on special deals for a range of his company’s products which will be on sale at Computer Shopper, the retail arm of the Gulf Information Technology Exhibition (GITEX). “This is clearly confidential information that could make or break your sales during that period. And for anybody who wants access to your pricing, 10 minutes on your laptop will be sufficient to get everything he needs. Now, if your company intends to sell about $2 million worth of products during Gitex, and your competitor has got hold of your pricing, it could jeopardise your selling strategy. That is when you begin to realise how significant biometrics is.” Access to the laptop will be restricted to all but the owner of the fingerprint.

Like Acer, IBM is also building new levels of trust into personal computing by supporting biometric technology. “The transformation to a digital economy comes with new rewards, and new risks,” says Sameh Farid, regional manager, personal systems group, IBM Middle East, Egypt and Pakistan. “Businesses in the Middle East need to carefully investigate the issue of security. Usability and trust are extremely important in long term PC ownership, and IBM is focusing on these concerns as much as it focuses on performance and reliability.”
Big Blue has conducted extensive research into biometric technology and offers comprehensive solutions for the same to its corporate customers. For now, however, the Middle East region has to content itself with notebooks from IBM, which can accommodate optional buys such as fingerprint readers and proximity badges, and Client Security Software that supports their use.

||**||III|~||~||~|Fujitsu Siemens Computers (FSC) has also taken a more proactive approach to marketing its biometric solutions although they have been in the market for the last year. FSC’s biometric systems range from high-end notebooks (approximately $4000 ) such as the Celsius A and the G models to smaller and cheaper products such as mice with biometric sensors and smart security kits for the average company. However, these products are not available off the shelf as FSC is targeting only defence organisations, banks, airlines and other sectors that require high security. It recently sold 120 such notebooks to the Ministry of Defence in Algeria. For those who might be nursing fears of the possibility of being harmed by attackers to gain fingerprint access to their notebook, Colin Britto, business development manager, FSC Gulf, is quick to assure that the Celsius A notebook “is a capacity biometric, which means it does not read only access points on the finger but has a temperature sensor as well. So, if a finger is cut off and placed on it, it will not give the person access,” he explains.

Although such integrated biometric solutions are expensive, there are others that are not. Simpler options are available worldwide and can be purchased on the Internet, if they are not available in the local market. A U.are.U Personal from Digital Persona, for instance, is an external fingerprint scanner for desktop users, who use the Windows XP operating system. Smaller than the average mouse, the U.are.U uses a normal USB interface and can be purchased for $69 from www.digitalpersona.com. On the one hand, this acts as a password replacement system and a quick click for those who are lazy or tend to forget their passwords easily. On the other hand, it can also be used to lock e-mail accounts or specific files which can only be accessed when the finger touches the sensor.

A similar stand-alone unit called the Targus DEFCON Authenticator is slated to hit the Middle East market by May. This is the first time Targus is launching its product as a single retail unit, which is available for $120 from its Web site www.targus.com. Previously, the company’s biometric fingerprint readers have always been built into PC Cards and made available on notebooks of vendors such as IBM and Toshiba. The DEFCON Authenticator incorporates a two-port USB hub and features an attachable three foot/0.91 meter USB cable for desktop users who want to leave their unit on their desktop permanently. Instead of a password, you use your fingerprint to gain access to your PC.

A lesser known solution is a biometric-enabled memory stick called Thumb drive. This little storage device uses fingerprint scanning and can be connected easily to the USB port of a desktop or a notebook. This is especially useful for professionals such as lawyers, doctors, and consultants who might want to ensure restricted access to information critical to their clients.

||**||IV|~||~||~|Fingerprint scanning is clearly emerging as the most popular and convenient biometric technology used worldwide. However, those using other technologies have thought fingerprint scanning to have some disadvantages. Says Jamie Brooker, biometrics manager of Dubai-based Business Automation & Security Systems (BASS), which is marketing the use of its face-recognition software called Visionics FaceIT in shopping malls and airports: “Fingerprints have been associated with criminal detection for over one hundred years, so people are reluctant to use fingerprint recognition; there are similar connotations with iris scanners, and people are nervous about their eyes. Also, you have to learn how to put your fingerprint on to a scanner — it sounds silly but you have to address the lowest common denominator [with biometrics]. Fingerprint recognition is 10-20% more accurate when the user has been trained,” he says. Sharma is not likely to agree. “The people who use this technology and have bought our biometric notebooks are reasonably sophisticated. No customer has ever come back to us and said, ‘I configured my fingerprint for my notebook and now, it has failed to identify me’.”

But Brooker has a point. As organisations such as banks consider placing biometric scanners whether for scanning fingerprints, retinas or other physical traits at their ATM kiosks, they will need to consider ease of use for the average, unsophisticated customer. This is what Brooker’s company promises through FaceIT, which is primarily used for surveillance and authentication. For surveillance, FaceIT can be used to unobtrusively scan faces in environments such as shopping malls or airports, which can then be compared against a database to screen for undesirables or missing persons. The software is designed to identify faces from drawings, artist impressions, e-fits and video capture as well. Given that the system can scan and match up to 150 faces per second running on 600MHz, 256Mb RAM PC, with an error rate of less than 1%, it sounds impressive. For authentication purposes such as door controls or computer logons, users have to face a camera to activate the recognition technology. “A swipe card or password anyone can use, but only one person can use a face, and it is a lot more convenient from the user’s point of view, and the administrator’s point of view, as you don”t have to worry about lost cards or forgotten passwords,” explains Brooker.

The technology works by mapping over 300 different differentials on a two-dimensional, greyscale image of a human face, such as the spacing of the eye sockets, and then comparing an algorithmic template of that face against a database of recorded faces. Airports and other public sector organisations are seriously considering the deployment of biometric systems such as these following the September 11 attacks on the World Trade Centre in the US. Such systems are designed to identify and register each individual, recognise and detain likely suspects and decline entry to unauthorised personnel and passengers.

||**||V|~||~||~|Similar biometric systems are being touted by LG Electronics as well. The Korean giant is reported to be the only company in the world currently capable of mass producing iris recognition systems for industrial deployment, according to South China Morning Post, Hong Kong's English language paper. LG has developed an iris recognition software called IRISAccess System, which was recently installed at Amsterdam’s Schiphol Airport for security check. LG is also negotiating deals with banks, hospitals and defence establishments in the region about the possibility of deploying similar identity-verification methods at their premises.

B.H Ahn, product manager, Digital media products, LG Electronics Gulf explains why LG chose iris recognition. “Patterns in the human eye stabilise one year after birth and remain unchanged throughout a lifetime. They are, therefore, more individual than a fingerprint and almost impossible to counterfeit.”
The Schiphol system scans and registers 266 traits of the colour around the pupil of the right eye and records the data onto a personal ID card allowing passengers to use fast check-in counters or zip through passport control by looking into the scanner for a second or two. Similar systems from other vendors have been deployed at Kennedy and Heathrow airports, which use iris recognition on their fast track check in. Sore eyes, the use of contact lenses or spectacles do not affect iris readings. As a result, iris recognition is said to have 99% accuracy and is thought to be the most accredited biometric currently available.

Likewise, with retinal scans. Christopher Head, head of sales and technical operations of security solutions providers Secutech, Dubai testifies to that fact. “There will always be some points of recognition irrespective of visual impairments in individuals,” says Head, who has continued to use retinal scan successfully for access to secure areas despite suffering severe damage to his eyes in an accident.

While biometric technology is gaining acceptance as a security method that can operate independently, Chris Christiansen, programme vice president of IDC’s Internet Infrastructure and Security Software services states that there is a growing demand for software platforms that can support a heterogeneous mix of biometrics, tokens, and smart cards. “Simultaneously, physical security and surveillance technologies are coalescing with hardware and software authentication technologies,” explains Christiansen. Consequently, IDC predicts that corporations will adopt multiple authentication methods such as biometric hardware and software solutions to ensure that a user’s identity is checked more thoroughly. Along with biometrics, physical access solutions, which control entry to a building, what departments people can visit and what network resources they can use, will be critical to reducing security threats.

Jonathan Elcombe, general manager of smart card manufacturer ORGA card systems, Dubai agrees. ORGA has successfully worked with the Indian state of Gujarat to supply it with smart-card driving licenses. When a person is issued a driving license in Gujarat, his fingerprint is taken and the data is encrypted and stored on his smart-card driving license as well as on the state government’s data server. When a driver is asked to produce his license by the police, the data in the smart card is verified against his finger print to ensure that the person who has been issued the driving license is the one driving the car. This type of multiple-identification method is now being deployed in the Indian state of Uttar Pradesh as well as the US. Meanwhile, the governments of Bahrain and the UAE are also considering the possibility of combining smart cards and biometric technologies for their national ID projects.

Another reason for combining these technologies in an office environment is convenience. FSC’s smart security kit, for instance, comes with a smart card, a keyboard with a fingerprint sensor as well as related software. Ordinarily, a fingerprint sensor on the keyboard should do to access your own PC at your office. “But a smart card will help the “roaming” user,” says Britto. “If I am in my office, for example, but working on another person’s machine and want to check my mail, I’ll ordinarily have to configure Outlook on that person’s machine. But if I have my smart card, I can just insert it into the person’s keyboard (assuming that the office has deployed the solution on all the machines), put my finger on the sensor and I’m logged into my user profile. When I’m done, all I have to do is log out,” explains Britto. This is both convenient and secure.

||**||VI|~||~||~|Despite the enormous possibilities of security afforded by such systems, “biometrics in the region is still largely restricted to access control for PC networks or buildings and is being used only in what we call ‘closed communities’ i.e. companies,” explains Elcombe.

The resistance comes from both quarters — the users as well as those who might consider deploying it. For one, people are uncomfortable with the thought of undergoing fingerprint scans, which have been associated for decades with criminals. Moreover, there is a certain justified cause for concern among people that personal information read through biometric facilities at airports and other public sector facilities may be accessed in identifiable form by different government bodies without the consent of the individual. Currently, biometric technologies have only evolved to the stage where control over an individual’s personal information is taken out of his hands. But this is true for other security systems as well. As Head of Secutech rightly points out, “You can’t get into a commercial aircraft today without your personal information being violated. That is the price you pay for security.” Nevertheless, IBM assures people that biometric systems will reach a point where they can be configured to put the power of the biometric into the hands of the individual, as opposed to the government.

Meanwhile, companies who are rethinking their security measures are plagued by several concerns. Is biometric technology here to stay? (Atul Verma of LG explains that it is the best possible and most advanced solution available in the market so far.) Will it guarantee 100% security? (“99%” and “almost impossible to counterfeit” is as far as even LG will venture to promise.) Can anybody break into your system despite biometric security? (“In a few years perhaps, as nothing is unbreakable to the human mind,” says Sharma of Acer.)

Despite these cautious responses from vendors, investors only need to look at the statistics on the projected use of biometric technologies by 2004 to be convinced that this technology, although still in its beta phase, will be the most trusted and popular security solution deployed worldwide. There is no doubt that the biometric code will be cracked eventually. But, when it is, the world would have found itself another security solution — as it always has.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code