Access granted

While retina scans, fingerprint readers and voice recognition may seem more science fiction than real life, biometric devices are beginning to gain corporate acceptance, especially in the climate of heightened security awareness.

  • E-Mail
By  Mark Sutton Published  May 1, 2002

Biometrics on the rise|~||~||~|Biometric devices may at first seem to be more something out of Hollywood than something of interest to the IT industry, but biometrics is beginning to catch on, and in some unexpected deployments. Coupled with increasing reliability and accuracy of hardware, it looks like biometrics-the automated process of identifying a person by their physical characteristics-is starting to make a mark in the corporate arena, and with desktop deployments also on the rise, a biometric boom might not be far behind.

Expenditure on biometrics is expected to rise from $399 million in 2000 to $1.9 billion by 2005, according to industry figures. That money is not just going to be spent on large public sector projects either, which currently account for 70% of biometric expenditure. By 2005, less than 30% of deployments will be in the public sector; the technologies for desktop biometric applications-finger print recognition and middleware will make up 40% of the market. Biometrics looks to be heading for the mid-market.

There are a number of technologies that are being used in the sector, with different applications for each. By far the most accurate is iris scanning technology. With no two irises the same in 1052, iris scanning is highly accurate, and as the iris does not change with age or damage to the eye, and as the average user has two different irises for even greater accuracy, it is usually deployed in high security facilities. It is beginning to make headway into corporate markets though. An express check-in system using iris authentication has been developed at Schipol Airport in Amsterdam; similar schemes are in place at Kennedy Airport in New York and London Heathrow.

Probably the most widely deployed biometric, and the one technology that is getting a wide roll out in desktop hardware is fingerprint recognition. A simple scanner, which may be a standalone device or embedded in a notebook, mouse, keyboard or PDA, reads the fingerprint, and compares it to records of authorised users, to allow authentication of the user. The devices involved are cheap, in the $100-300 range, and with USB connectivity, are simple to deploy. Several vendors are bringing fingerprint scanners into their PC hardware ranges, including IBM, Acer, Fujitsu Siemens and Logitec.

||**||Hardware roll out|~||~||~|Compaq is another vendor that is offering fingerprint readers, through a deal with biometric manufacturer Identix. Its readers are USB devices, slightly smaller than the size of a mouse, that simply attach to a desktop PC to allow user authentication. Thomas Greve, corporate access product manager for Compaq Gulf & Levant, said that the solution was targeted at users who require a greater level of security than either passwords or access hardware like smart cards can offer. "Today the smart card is probably the cheapest option if you want to provide the next level of security above the password," he said. "The problem with smart cards of course is that you can lose them, or people often leave the card in the keyboard and go for lunch. It can be taken out, and if you have a smart card writer, you can actually duplicate the smart card, whereas with your fingerprint, you take that with you when you go for lunch."

The target market for these sorts of products is hard to define, Greve said, although Compaq envisages deployment in the home as well as corporate environments. "It could conceivably be used at home, if you have a PC at home, and you don't want anyone to get access, especially with ADSL permanently on connection, so you may want to protect your PC. In the commercial environment, it could be the finance department, where you have data you don't want to give other people access to-for the general all round office user, it may not be the biggest need in the world, a normal password or smart card may be the best to deploy there, it depends on the user in the company," he said.

"From the channel point of view it is a nice add-on sell, and from a technology point of view, it doesn't require channel training, anybody can install this device," Greve commented.
Of course, the fact that you can't lose your biometric authentication device-be it finger, face, or eyeball-is a major advantage to biometrics, but it is not the only one.

On the security side, fingerprint scanners can be used as authentication devices that sit on top of a regular encrypted password. Most users have trouble remembering anything more than a seven digit code, but if they don't have to remember the password after the initial fingerprint scan, then 256 bit or 512 bit encryption can be used for passwords, creating a much stronger system.
Biometrics also can't be forgotten, stolen, loaned to someone else, or covertly recorded in the same way that pass codes can.

There are non-security benefits too. Alphanumeric password schemes can cost up to $300 per user per year to administer; a biometric solution provides a $150-200 one time solution. "The advantages are not only high security, but added convenience, not just for users, but for network administrators," explained Jamie Brooker, biometrics manager with BASS, a specialist security and automation solution provider. "Typically, passwords are managed by a dedicated member of IT personnel, to update and replace passwords. As soon as you go over to biometrics, you remove this problem. When the HR department enrols a person into the company, you take their finger, face, iris or any combination of all three, and you never have to see them again. You have effectively issued them a lifelong password."

Another biometric that BASS is promoting is face recognition, using the FaceIT software package. Facial recognition software takes a two dimensional image of a person's face, and then compares it to a database of facial images. The software reads and compares a variety of factors, such as bone structure, that are hard to disguise. There have been a number of deployments, such as in Mexico, where it was used to register and authenticate voters in a recent national election.

Face recognition is more commonly used for surveillance purposes. A simple video camera can be used to scan faces, which can then be compared to a database of known criminals, missing persons, or whoever the user wants to find. Improvements to the technology make it possible for around 150 faces to be scanned per second, meaning that although it is still not possible to scan crowds for suspects, there is increasing interest in deployments in airports and other public places where a large number of people pass through a narrow area like a customs gate, and can be scanned as they pass through. In London, a test deployment used facial recognition software linked to a network of 206 CCTV cameras to look for suspects and known criminals on the streets of a certain district, with police automatically alerted when a match was found.

||**||No quick fix|~||~||~|The technology will take some time to penetrate the market though. "I don't think biometrics is going to be a mass market play," said Mustafa Koita, global alliances manager for Visionics, developers of the FaceIT facial recognition software. "I think it is going to be a phased approach. In phase one we are going to see a lot of government, defence, and aviation security. These are the verticals we are going to hit for phase one. Phase two is going to be financial and healthcare, we are going to see some large opportunities there. When you get past those phases, you are going to see the mass market, as the form factors are more efficient."

The technology is gaining ground however, said Brooker. The low-level deployments such as fingerprint readers are pushing the technology into the marketplace and raising awareness. There is some initial resistance to biometrics, mostly because of either the association of fingerprinting with criminality, or because of people's squeamishness about iris scanners.

"It [fingerprint biometrics] will introduce awareness into the marketplace, and will eventually persuade people that biometrics is here, and is nothing to be scared of," Brooker explained. "There is a customer awareness, the technology is very much maturing now, the cost of the sensors and the software is becoming more realistic. I think that the more the fingerprint is used, the less effect it will have on the mindset of the population."

Biometrics is also not just about security. Although many elements of the technology like cameras and scanners are easily deployed, meaning there is no need for forklift upgrades of infrastructure for the desktop, there is also the scope to extend access controls into other areas. Time and attendance, job costing, and even safety are all made possible through extending access controls. Biometrics allows for more certainty about where staff are and what they are doing, which in turn allows for greater management of their time and movement explained Radwan Khader, CEO of Synergy Software Systems.

"There is very basic access control-where you identify a person by whatever technology you are identifying them with, biometrics is just the most sophisticated method-and open the door for them. That is very basic, but access control is much more sophisticated than that, it goes into security, safety. So our angle is that when you invest in the infrastructure for equipping a building or a site with these access control technologies, be it access control using biometrics down to proximity cards or swipe cards, you need to look beyond just simple access."

Synergy offers a suite of products from Interflex, including systems that deploy face, fingerprint and hand geometry recognition-hand geometry simply takes a number of measurements such as length and thickness of fingers to create a biometric. Its systems can integrate with business applications such as ERP and even safety systems. In the event of a fire, the ability to exactly pinpoint the whereabouts of staff can be vital.

As the cost of the solutions come down, so Khader expects to see biometrics taking the place of solutions like card readers. "People are always price sensitive, particularly in this part of the world. Proximity cards are relatively cheap compared to hand readers, to a significant factor, so users will ultimately be driven by budget," he said. "But in time, maybe over the next five years, the technology will evolve to the point where the cost of biometrics as opposed to other technology will become cheaper and cheaper, to the point where it will be cheap enough to put in biometrics by default."||**||

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code