 |
 |
||||||
 |
 |
 |
 |
 |
 |
 |
|
 |
 |
||||||
  |
|||||||
 |
|||||||
| Research overview |
| Articles |
| PLM debate |
| White papers |
| Reports |
| Resources |
| Free stuff |
|
Biometric Technologies
- Industrial Strength?
1. Introduction 1. Introduction Over the last few years there have been several waves of hype over Biometrics, often promising more than could be delivered - which is a pity, as they mask the fact that these technologies really are maturing, and now have a lot to offer. The other problem with the hype is that it makes the whole subject appear esoteric and complicated. It is not. Ultimately, the various tools that are called 'Biometric Technologies' are simply means of obtaining very basic data about the identity of human beings. What you do with that data is down to traditional I.T., and, of course, to policy makers within the organisation. In this article the different technologies are examined and set against the political and social issues they raise. Then sections 5 and 6 describe the common areas of application, both in general and as they apply specifically in manufacturing industry. 2. What do we mean by Biometrics? It is the use of technology to measure physiological characteristics that are intrinsic to human beings, almost always with the goal of uniquely identifying an individual. The idea is that physical identity tokens (stripe cards, chip cards, keys etc.) can be lost, stolen or copied, and learned or remembered tokens (passwords, PIN numbers) can be forgotten, compromised by being written down or passed on, or even obtained by threat. By contrast, the inherent characteristics that define each individual person generally avoid all these problems, and also offer the benefit of being constantly available without the need for the user to carry or remember anything (depending on implementation model). In identifying people there are two main questions that can be asked and answered: " Who are you? Yes, I know who you are /
No, you are a stranger. And these two questions have different applications as covered below.
There are many different human characteristics that can be used for biometric purposes. Some are well established, some still experimental. Important factors to consider in selecting an appropriate technology include: " Ease of enrollment The main technologies in use today are: " Hand Geometry " Fingerprints " Retinal scan " Iris scan " Signature " Voice " Facial recognition
It will be seen from above that some technologies are better suited to verification and others to identification, so in some cases a combination of technologies, as well as traditional tokens or passwords, are used.
Areas to be considered include the domain of identities being referenced (who are they, who holds their data), accuracy and control of the enrollment process, the willingness of users to cooperate with the technology, the trade-off between accuracy, convenience, security and speed, and the fall-back options in case the technology fails, or fails to provide helpful information. There are also social, legal and political issues to do with privacy, data protection and non-repudiation. If you are going to match someone's inherent characteristics (presented at the time of checking) using biometrics, then you must have access to previously captured and rigorously authenticated templates, so there has to be a dataset. For a government identity card, there can be a national user set, for a company, an employee dataset, but if commercial organisations are going to allow cooperative processes (such as one bank allowing customers of a different bank to draw funds) then either the data needs to be shared, or the candidate has to carry it on a token (a dataset of one), in a mutually agreed format. It is also vital that the enrollment process is very tightly controlled to prevent assigning an individual a false identity, the validity of which will be relied upon in future. For the same reason, ID templates must be maintained secure from interference. Traditional identification techniques will have to be available alongside biometrics until all possible candidates are enrolled, but will also have to be maintained to cope with any failure in the system, or for any of a number of anomalous conditions. These include candidates who are unable to enrol (worn fingerprints, poor eye coordination or many other reasons), candidates who do not have their ID template with them when required, or candidates that the system fails to identify (or identifies as undesirable) or to verify. These cases all need referring to secondary identification. Each of the technologies suffers from limitation in its accuracy - either due to the technology, the environment (such as the affect of ambient light on facial recognition) or more often due to the scope for variation in the characteristic presented (dirty or damaged fingerprints, tiredness in the voice etc.) To some extent these are handled by taking multiple measurements during enrollment, and allowing some latitude in verification. But this latitude allows the possibility of incorrect matching or failure to match. If systems are tuned to minimise the cases where genuine candidates are accidentally rejected (False Rejects) then the incidence of bogus candidates being erroneously accepted (False Accepts) tends to rise, and vice-versa. System designers are constantly striving to narrow the gap between these points of failure. The consequences of higher False Accept Rates and higher False Reject Rates depend on the application, and the inconvenience to the candidates caused by the need to refer to secondary identification, balanced against the need for security and control. Failure to allow uninhibited access to a sensitive research lab might be a price worth paying, holding up a queue of workers trying to 'punch in' at the start of their shift would be a problem, denying customers access to their money might lie somewhere in between. In general terms, more latitude can be tolerated in verification applications than in one-to-many identification. It will be seen that whilst the technology is quite straightforward, and the data it provides is very simple (typically a percentage reliability of identification), the way in which it is implemented needs very careful planning.
To date most of the high profile pilot projects for the use of biometrics have been in two areas - government identity documents and passport control, and financial transactions. Many of these installations have now moved to live use. There is also a well-established but less glamorous use of biometrics for control of access to premises. Major examples include passenger and staff clearance at airports by iris scan and hand geometry, voter and social security registration by fingerprint, financial transaction authorisation by iris scan and signature verification, police identification of known criminals from CCTV by facial recognition, and many examples of building access control and time & attendance recording using several different technologies.
Once one starts thinking of applications it becomes apparent that the only limitations are imagination and, more practically, cost justification. Business is rightly concerned about physical and logical security, both from internal and external threats. It is important to control who has access to any place or process, and to know which individuals are involved at every stage of the company's business operations. Since the employees of any business represent an easily defined and influenced closed user group, biometric technology can be readily used not only for verification, but also for identification. Areas where accuracy, security and simplicity are important include access control to restricted facilities (eg research labs) or systems (eg confidential data), time & attendance monitoring (where biometrics prevent friends from using tokens to falsely record attendance for each other), sign-off authorisation for sensitive process control steps, tracability records of all individuals involved in the production of sensitive items, and the replacement of cash by electronic authorisation in company sales outlets (like canteens).
As more and more pilot systems turn into live installations, led in particular by highly visible government projects, biometrics has moved from science fiction, through technological novelty, to mainstream business tool. Increasing volumes of sale are driving prices of hardware and software down, and, although the internal processes of individual technologies remain largely proprietary, standards are now emerging for the usable output from the devices. The issue of public acceptance of these technologies remains a challenge to large scale open implementations, but within the boundaries of a corporate implementation (including the extended family of sub-contractors, suppliers etc.) they are much easier to manage. But even in the wider public, acceptance is growing too, partly in response to the perceived benefits of easier service through 'fast-track' options, and to a large extent by a willingness to make some sacrifices to protect against identity theft, which has increased six-fold in the UK over the last five years. With proper planning and consideration for the effect on operational procedures, biometrics are now ready to take their place in the technology kit bag of every organisation.
A very useful and detailed review of different biometric technologies can be found on the U.S. General Accounting Office website. Much of the document is written from the viewpoint of implementing border-control systems, but the technology reviews provide good general information. See www.gao.gov/new.items/d03174.pdf. Biometrics is also an area that attracts attention from the UK Department of Trade and Industry, see, for example "UK Biometrics & Related technologies 2004" Crown Copyright URN 03/1352.1k-10/03. In the UK perhaps the greatest catalyst for the development of new solutions will be the proposed biometric passports and ID cards. See www.identitycards.gov.uk. For regular updates (with a good deal of
manufacturer input) see "Biometric Technology Today" published
monthly by Elsevier, www.biometrics-today.com.
|
|
|
