M2SYS Blog On Biometric Technology

Photo Courtesy of: kexino

Today’s guest post is by Natasha Tasha.

More and more international governments and security-intensive companies are using biometric-enabled identity cards for their employees and professionals. As this technology becomes more widespread, the need to make this technology more mobile, and more accessible is becoming clear. Experts all over the globe are pushing for cloud-based biometrics for greater efficiency and mobility.

With this comes a host of concerns. The main one being security and reliability. With major players in cloud computing making the news with outages and security breaches, critics of cloud computing and biometrics integration have only become more vocal. Still, it’s clear that both large governments and organizations need an efficient way to organize and manage this large amount of data. In fact, it’s also becoming evident that sheer CPU power is no longer enough to manage the petabytes of data that biometrics identity systems require.

The overarching immediate need will be to create large-scale cloud-based applications that could house the massive amounts of biometrics data. One big hurdle comes with migrating these massive databases over to cloud computing applications. But experts are convinced this is not much of a hurdle with the powerful virtualization available through virtual servers and cloud hosting providers.

Additionally, many government agency officials believe that cloud computing applications for biometrics would increase security when it comes to large-scale terrorist watch programs. Cloud biometrics management systems could also provide increased efficiency in social services and criminal watch management. Experts posit that streamlined cloud systems could give government agencies access to an individual’s entire history at a glance. This would dramatically cut down the use and drainage of government resources, as cloud data management systems tend to reduce workloads significantly.

In the private sector, particularly with defense-based corporations, cloud systems would serve a similar function. Since defense companies often work with security-sensitive data, cloud applications could increase efficiency by streamlining efforts to manage data and information connected to security clearance. As would be the case in the government sector, all of this information could be easily accessed in one place so complicated data management processes are seamlessly streamlined.

Government agencies, terrorist watch groups and defense contractors are ready and willing to use this technology. But as with any cloud-based data management system, there is the immediate concern of security. When it comes to defense and government data management, heavy encryption is a key component of any cloud-based data security plan. Still, there are several critics of moving sophisticated biometrics data to the cloud. Many of these critics vocalize concern over whether or not the cloud would increase national security risks with the rise of global and politically charged “hacktivists” who have brought down significant websites, like the Federal Bureau of Investigation, as well as major financial institutions, like Visa, MasterCard, Bank of America, Chase and PayPal.

Cloud computing for biometrics advocates push back on these criticisms with assurance that cloud applications used on the government level have multiple and sophisticated layers of security, which have been developed by cutting edge cloud security specialists all over the globe.

Tasha is writer and blogger, currently exploring cloud computing, virtual servers and other popular tech related trends 

Retail Smart Guys

In celebration of the National Retail Federation’s Annual “Retail’s Big Show Convention” this week, we welcomed a guest post from Dan Jablons at Retail Smart Guys. Dan was recently our guest on the monthly #biometricchat where he talked about the value of using biometric technology in a retail environment, especially at point-of-sale for employees. For a copy of that chat transcript, please click here.

I’d like to tell you that this idea came to me while “contemplating in my study” or something as academic and erudite as that.  Truth is, it just sorta came to me while working with a prospective client.  And after it hit me, I realized that this is the basis for survival for all of us.

The person I was working with was in tears.  Too many bills, not enough sales, and their retail business was in great danger.  This person was in a constant state of unbridled worry, sleepless nights, and economic torture.  I suppose we’ve all been through that to some degree or another, and I really just wanted to help that person through this disaster.

It got me thinking about the causes of such stress and worry.  Granted, sales have been down (although they are picking up in some areas), and times are definitely tougher now than they were years ago.  I suppose there are some people who can just naturally handle the stress better than others, or who can simply shake off the bad news.  But that doesn’t really help the people who need help, who are stressed out and need relief.

That’s when it hit me.  It’s a pretty simple solution, amazingly enough.

Worry and stress happen because of uncertainty.  If you are uncertain that you’ll survive, or how you’ll survive, you will worry because the path to success, freedom, and happier times is not visible to you.  As such, everything you look at becomes a problem, everyone you talk to makes you crazy, and life is just unlivable.  Pretty awful.

So what’s the answer?  The antidote to worry and stress is a solid plan, which followed step-by-step would lead you out of the mess you are in, into success.  Simple, right?

The hard part is coming up with the plan, and I believe that it is a rare individual that can do it alone.  Consider this analogy: if you are lost in the woods, you’d need someone who can see where you are, relative to the main road, to help you find your way out.  You might find your own way out, but you’ll wander those dark scary woods alone for a long time before you make it out, and that’s IF you can make it out.

The plan will come from a variety of resources – for retailers, we collect data from their point of sale system, which helps us see the current situation and all the elements that led to it (what was received, what was sold, what we’re stuck with, etc.).  From there, we can look at the current data and derive a solution that gets the retailer out of trouble.  Sure, it’s not easy, and it’s never a quick fix, but with hard work, patience, and most importantly, a solid plan, you can solve anything.

I’ve actually seen this work by applying it to myself.  If I find myself worried about an action plan, a client, or any other area, I call in the experts.  They help me see what I cannot see.  They help me to know what I don’t know, what I cannot figure out on my own, etc.  It plainly, simply, works.

So if you are a retailer and you are struggling, or are worried or stressed out, get a plan.  Contact me for help.

You can also follow Dan on Twitter @danjab

Mobbeel Mobile Biometrics

Today’s guest post is by Mobbeel, who provides biometric security solutions (iris, voice and signature recognition) for mobile devices. Their targeted platforms are Android, iPhone, Blackberry, Symbian, Maemo, Bada and Windows Phone 7.

“Science is built upon approaches that gradually come closer to the truth.” Isaac Asimov.

In 1879, Alphonse Berthillon, head of the French police photography department, suggested that people could be identified by precise physical measurements. His system was based on measuring certain lengths and widths of the head and the body, as well as recording individual marks like tattoos or scars. This system was quickly adopted widely by American and British police forces until system failures began to appear, the main problems with measuring changes. From that time onwards, western police forces started using fingerprinting to identify criminals. In recent years, biometrics has grown from just using a fingerprint, to employING many different identification methods that fall into two broad categories: physiology and behavior.

Physiological biometrics is based on measuring the individual’s unique physical characteristics, such as fingerprint details, patterns of retina veins, iris characteristics or the size and shape of the hand.

Behavioral biometrics identifies unique learning characteristics, such as signature, keystrokes or voice recognition, which compares frequencies and vocal patterns to identify the speaker.

ID cards, PINs and passwords do not actually identify a person, as the owner may transfer any of these identifications to another person. Only biometric readers identify people by unique and unchanging characteristics. If someone steals or guesses your password, the thief could access your information without difficulty, but to impersonate you using your biometric profile, although not impossible, is much harder. We can prove the low reliability of traditional identification methods through iSpy. This is a software package that captures what is written on the cellphone at a distance of 3 to 60 meters. The goal of North Carolina University researchers who have developed iSpy was to check whether the use of cellphones in public places could be a risk. The software succeeds in 90% of the cases identifying which keys the user is pressing.

To solve this security issue, the biometrics industry continues innovating and researching for new biometric methods to identify people such as body odor, ear structure or brain electromagnetic signals. One of the most advanced techniques with great potential due to its simplicity is vascular biometrics. This technique studies the thickness and distance between the veins that lie under our skin. As this is an internal standard, it leaves no trace, providing a high level of security. We can have this technology in our cellphones sooner than we thought.

Unlike laptops, which we sometimes leave at home or in the office, mobiles are always with us wherever we stay, wherever we go. This fact awakens the interest of thieves, who are attracted by device price-size relationship, but if we think carefully, the information it contains can be worth much more. A survey performed by GetSafeOnline.org says that smartphone ‘malware’ has increased by 800% in just 4 months. For this reason, biometrics will pass in a not-so-distant future from being ‘an interesting concept’ to be ‘a need’ in all smartphones.

ABI Research suggests in a recent survey that people are feeling more comfortable using biometric security, which could result in a $3 billion spending increase in biometrics over the next five years. Supporting this prediction, we find cases such as India, which will pass from recognizing their people through their membership to a group, according to their caste, tribe or religion, to identifying all its citizens trough iris recognition. On the other hand, Isabelle Moeller of the Biometrics Institute, considers that ‘Public acceptance of biometrics has been slow to grow, and will continue to be an issue until issues of privacy and security of data have been brought up to a level acceptable by the majority of people’.

Another survey done by Goode Intelligence about mobile biometrics foresees an increase from 4 million mobile biometric users that exist in 2011 to 39 million in 2015. The survey also details how biometrics will work on cellphones, focusing on device protection, e-commerce security, NFC security and replacement of PINs and passwords. According to the survey, fingerprint sensors and voice recognition technology will be the first to appear.

Jose Luis Huertas, CEO at Mobbeel, a company based on the creation of biometric solutions for smartphones,  gives us his opinion about these facts. ‘Every day we perform more transactions with our smartphones and we store more and more both personal and professional private information. Until now, we could only protect that information with a large amount of forgettable passwords. Furthermore, it is difficult to type long and complex passwords with a tiny smartphone keyboard, so we finally preferred to use passwords which are easy to remember and to type in exchange for losing security. Biometrics is the solution to combine security and comfort and soon all of us will have a high level of security without having to remember anything, anytime, anywhere’.

Facial recognition

The following is a guest post from Carl Gohringer, founder of Allevate Limited (www.allevate.com)

A Surveillance Society?

I sat in Heathrow waiting for an early morning departure for a business trip. Sipping my coffee, I look casually around trying to spot the cameras. They’re cleverly hidden. Am I being watched? Doubtful. Am I being recorded? Almost certainly.

This is a daily fact of life for most Londoners. It’s widely known that our city is one of the most heavily recorded in the world; a fact that is consistently debated and often criticized. Yet for all the discussion, the fact remains. We don’t like it, but we accept it. Why? Personally, my true dislike is more of the necessity of this fact rather than the fact itself.

Carol Midgley wrote an excellent opinion piece (The Times, Sat 27^th August, 2011) entitled “I’ll pick Big Brother over a hoody every time”. I recommend a read. Though clearly biased, and seemingly designed to stoke the debate with anti-CCTV campaigners, her conclusion was simple: In the wake of the London riots, the privacy-versus-necessity debate of CCTV is now all but dead. Do I agree? Let me come back to this.

Face Recognition and CCTV

Enter Biometrics. Face recognition technology to be precise. This technology, along with the wider field of video analytics, is set to transform CCTV surveillance. Video analytics is arguably a nascent technology, but face recognition on the other hand is here. Ready to deploy. Now. A recent study by the US National Institute of Standards and Technology (NIST)demonstrated that the accuracy achieved by the first place vendor (NEC) can provide clear and measurable benefits to a range of applications, including surveillance.

It seems that every new technology brings a realisation of new benefits and efficiencies, countered by a plethora of malicious uses of the technology by the less desirable elements of our global society, quickly followed by counter-measures and protections. This is a saga that we are all already familiar with in our daily lives. Examples range from the severe and extreme of nuclear medicine versus atomic weapons, through to online credit-card shopping versus financial identity theft. I’ve recently had a credit card used for over £3,500 of illegal transactions. Though this incident was highly inconvenient and disruptive to my life, I did not hesitate to accept a replacement card. Not to do so would have unacceptably disenfranchised me from modern society.

Back to face recognition. It hasn’t taken long for business minded technology companies to devise a whole range of new uses of this technology, all focused on delivering bottom line business benefit. Almost as quickly arrive the cries of the privacy advocates. I’ve been reading with interest the sudden explosion in main stream news over the past few months highlighting new uses of face recognition, while very carefully considering the concerns vociferously raised by the technology’s opponents. A key fact often cited is that the technology is not 100% accurate. Even an excellent identification rate of 97% can produce a significant number of false identifications and / or missed identifications in a large sample population.

Let’s take a look at some examples.

Public Safety and Policing

While I sat here in the terminal waiting for my flight, I’ve already grudgingly accepted that images of me sipping my coffee are almost undoubtedly being recorded. I may not be aware, however, that when I passed through security my photograph was taken. This wasn’t immediately obvious or openly advertised, but it happened. Shortly, my photograph will be taken again when I board my aircraft and compared to the photograph taken at security. International and domestic passengers share a common departure area, and this is done to ensure boarding cards aren’t swapped, thereby potentially enabling an international passenger to transit through to a domestic airport and bypass immigration controls. On a 1:1 verification, false matches are very low. If I’m a legitimate passenger, my concern is that the two photographs do not match, for which the worst case scenario is inconvenience.

Perhaps the borders agency is also comparing my photograph against a known watchlist of suspect individuals. This nature of deployment is usually used to enhance existing procedures, and not replace them. The system will provide increased security, in turn further protecting my safety while flying. I’m OK with this. Of course, there is also the prospect of misidentifying benign travellers. Though unavoidable, as long as the number of false matches are kept sufficiently low to ensure the cost of dealing with these exceptions doesn’t obliterate the benefit realised from the system, it can be argued that the greater good justifies the inconvenience faced by the occasional innocent passenger while their true identity is verified.

Upon my arrival at my destination, I may very well be offered the opportunity to use my new e-passport to speed through immigration at one of the many shiny automatic e-Gates springing into operation. In the early stages these definitely were a great benefit, allowing me to march past the long queues of travellers and expedite my passage through the airport. No complaint from me. As long as false matches are lower than what is achieved by a live border guard (which many studies suggest they are), then security should be improved. And false matches only apply to illegal passengers travelling on a false or stolen passport. Exceptions generated by valid travellers who do not match with their passport will generate some inconvenience by necessitating they speak to a live border guard. As e-gates become more commonplace, I predict I’ll just be queuing in front of an automatic barrier instead of a manned immigration booth. However, the efficiencies achieved should enable the border guards to concentrate on more intelligence-led activities, rather than simple rote inspection of passports, thereby increasing security and putting my taxes to more efficient use.

As I move through the airport, or for that matter in any public location such as a stadium or railway station, law enforcement authorities may be using my captured image to search against a database of suspects. Does this trouble me? Let’s look at a couple of scenarios.

I’m already being recorded. If I were to commit a crime, then it is likely that the video would be retrieved and officers would try to identify me. This is already happening and I doubt anybody would argue that this is an invasion of privacy. If face recognition technology can assist them with this arduous and tedious task, perhaps by automatically trying to match my face against databases of known offenders, and saving countless hours of police time, I’m all for it. Too bad for the criminal.

(I was incensed by the meaningless violence and destruction demonstrated during the recent riots in London. Newspaper reports have indicated that the UK’s police will be examining CCTV footage for years to come in their efforts to bring the perpetrators to justice. I am absolutely in favour of anything that can be done to expedite this process and save police time.)

But as a law-abiding citizen carrying on with my own business, how do I feel about having my face automatically captured and compared against a watchlist database of “individuals of interest”? There is potential to cause disruption to an individual’s life or place them under undue suspicion if they are falsely identified. That my face is being actively processed rather than just recorded gives more cause to pause and consider.

Having done this, I am prepared to accept this use case, if the technology is operating at a sufficient level of accuracy to ensure that the chances of being misidentified while conducting my daily activities remains low. I also expect the technology to be deployed wisely in situations where there is demonstrable benefit to public safety, such as at transport hubs, large gatherings, public events or areas of critical national infrastructure.

Most people already accept that the reality of the world today necessitates certain infringements on our liberties. The introduction of technology is a key tool in the fight against crime. No system is perfect, and the potential for an undesirable outcome of a system should not always result in the abolishment of that system. Few would argue, for example, to abolish our judicial systems and close our prisons to eliminate the possibility of a miscarriage of justice. Similarly, the benefits to public safety from face recognition are too great to ignore, though we must continuously strive to minimise the false identifications.

I agree with Ms. Midgley on this one.

Commercial Applications

Most criticism that I have been reading in the press in the past view months appears to be levelled at the widening application of face recognition in business related or commercial applications, not with public safety.

My flight is about to board, so let’s continue my journey through the terminal. As I saunter to my gate, my attention is caught by an impressive advertising display; a multi-plasma video wall. It was the amazing technology that caught my attention rather than the advert itself. Just as I’m about to glance away, the sunlit beach and blue ocean depicting the under 30’s surfing holiday fades away, to be replaced by a two-for-one spectacle offer, followed by a distinguished gentleman telling me how easy it was for him to “wash that grey away”.

As I self-consciously stroke the hair at my temples, I wonder: Was this a mere co-incidence? Multiple vendors delivering solutions for advertising have announced technology that can count the number of people watching an advert at any given time, and even estimate their age, dwell time, sex and race. While providing invaluable information for the advertiser, it can also allow them to dynamically change the adverts in real time to more appropriately target the demographic of the current viewer(s). Recent reports in the Los Angeles Times (21^st August 2011) suggests that this is already widely deployed in Japan, and is being considered by the likes of Adidas and Kraft in the UK and the US.

While this is not technically face recognition, it is still worth noting as much of what I have been reading has been lumping the two technologies together. The key consideration here is that this form of technology is not actually identifying anybody, or extracting personally identifiable information. This doesn’t bother me in the least. Businesses have always tried to use whatever edge they can to more tightly tailor their message to their customer’s specific needs and wants. It may even benefit me by alerting me to more relevant products or services.

What if, on the other hand, the advertiser had negotiated an arrangement with another organisation, for example a social networking site such as Facebook. If they supplied them with an image of my face, along with information on which portion of the advert caught my attention, Facebook might be able to identify me from its database of photographs, enabling them to harvest valuable information about me. While I can see this would present a huge commercial advantage to them, and whomever they chose to sell this information on to, I can only hope that the commercial damage from the backlash of incensed users would outweigh the gain.

If I have some leisure time while on my business trip, there will doubtlessly be many activities at my destination to occupy me. I may have a quiet drink in a bar, or perhaps take a punt at the tables in the local casino. And yes, face recognition technology is being used even in these places. It’s been reported that bars and clubs are using gender and age distinguishing cameras to count people in and out, and make this information available over mobile phone apps. The youth of today can now determine before they set out which establishment holds their best chance of success. While I am well beyond having any use for this particular application, I can see how this may catch on in certain demographics of society. Any reputable establishment should clearly display such technology is in use and should make no attempt to harvest or make available any personally identifying information. Are all establishments reputable?

More concerning to me is the increasing use of face recognition by social network sites. Both Google and Facebook are actively exploring uses. Automatic tagging of photographs being uploaded to Facebook is already occurring. Being inadvertently photographed while on my business trip and automatically tagged when the photographer uploads it does not appeal to me, no matter how innocuous my activities at the time may happen to be.

Recent studies published by Carnegie Melon University demonstrating the potential to use large databases of photographs on social networking sites to glean confidential information should also be a cause for concern. The younger generation of today appear more and more willing to share intimate and private details online, without any thought (in my view) of the longer term or wider ramifications of doing so. This is an issue that is much larger than face recognition, but I can understand the worry that face recognition can help to tie it all together.

Improved Benefit or Erosion of Privacy?

When I first entered the biometrics field, I was attracted by the “neatness” factor of the technology, and of the potential for it to deliver benefits to society. I have to admit I paid scant attention to privacy concerns. Over time, as the voices of privacy advocates grew louder and more numerous, I started to listen and then to actively seek out their opinions. I am still a firm believer in this amazing technology, and endeavour to play an active role in its application for the positive transformation of society. However, I am grateful for the messages and insight provided by these campaigners; they have definitely transformed my thinking, and have made me consider much more carefully the application of biometrics.

From a law-enforcement and public safety viewpoint, face recognition holds great potential to increase the security of our society. By its very nature, our government holds power over us and our society, which is why it is our responsibility to choose our governments carefully. We have no choice but to hold a certain level of trust and faith in our law-enforcement organisations. Our society today contains more checks and balances than ever before, and our politicians our more in-tune with and responsive to the public mood. If this faith breaks down, then so does society.

In commercial applications, I also believe there is the potential for significant benefit to be realised from face recognition to both the consumer and businesses, but I am more concerned about the potential for abuse. To a certain level, the market will decide if the application of the technology is appropriate or not. Ventures people don’t like will fail. However we cannot always rely on market forces, and it is our collective responsibility to speak out when the need arises. Though it often lags behind, over time legislation keeps up with the advancement of technology. As our society changes with technical innovation, so too will the rules we collectively decide to govern our society. We will settle into an equilibrium reflecting the needs and views of all. But there will be a learning curve, and we will make mistakes along the way. That’s how society works.

So, does face recognition represent an improved benefit, or an erosion of privacy? I suggest it has the potential to be both. It is everybody’s responsibility to ensure the benefit is worth the price paid. I absolutely believe we must have both the proponents of this technology and the advocators of privacy; we all have a role to play to decide how face recognition will be applied over time.

The abolishment of either the technology or the voices of those monitoring its use and advocating our privacy would be to the detriment of society.

Final Thought

Just before I board my flight, let me leave you with this final thought. Imagine for a moment that a loved one of yours has come to harm. The authorities can use face recognition to aide in their recovery, and / or to ensure that justice is done. Are you concerned with privacy?

As founder of Allevate Limited (allevate.com), Carl’s focuses on the promotion and marketing of large-scale and global identification infrastructure projects using biometric technology.  

ACS church management software check-in with the M2-EasyScan Reader

Please enjoy this guest blog post from ACS Technologies, a M2SYS partner who provides excellence in information management solutions for the faith-based community.

This post was written by Eleanor Pierce, Communications Strategist at ACS Technologies.  A link to the ACS Community Blog page can be found here.

Imagine the rush of people at check-in before church services on a Sunday morning. Hundreds of families, all trying to move through the process as quickly as possible so they’re not the one trying to sneak in after the sermon has already started. Today’s churches are looking for anything that can a) speed the process of checking kids in and b) assure the security of kids and c) create accurate attendance records and pickup lists.

Checking-in 350 kids in 10 minutes

Northwoods Community Church in Peoria, Ill., checks in about 800 kids every weekend, between its four services at two different campuses.

“For our 11 o’clock service, it’s probably close to 350,” said Jason Lee, Information Technology Director at the church. “We’re trying to process that many children in, let’s say a 10 minute window.” Creating a smooth check-in experience isn’t optional, it’s necessary.

“People don’t come early just to check in. We needed to create something that accommodates the attendees, because we could say sure, we’ll just put in one kiosk, but you’ve got to come 30 minutes early to church to check in,” Jason said—but of course, that approach wouldn’t won’t work for the attendees.

That’s why Northwoods has several self-check-in stations that use biometric technology. There’s a guest services desk for those who are not yet in the church’s database, or those who have brought a child that’s a guest, perhaps a cousin or neighbor. For those who are already entered in the system, there are stations where parents can check-in their kids quickly and easily, using a biometric scanner.

The preregistration requirement allows the Northwoods staff to be sure they know the kids who are being checked in and to assure that parents have signed any release forms. Once the paperwork has been handled, staff help parents pre-scan their finger so that they’re entered into the M2SYS system.

Returning parents who have been entered into the system can check-in at an express kiosk. “They walk up, scan their finger, and then it comes up and displays all the children in their family that can be checked in,” Jason explained.

Using the finger scanner with parents instead of the kids assures that parents are actually dropping their kids off in person, rather than just pulling up their cars out front and letting their child come inside alone.  While it might save a parent time, Northwoods doesn’t like the safety issues for kids younger than 5^th grade.

One key benefit to biometric scanners is that there’s no way to forget what you need to check in.

“You could use a barcode, any sort of RFID, but you can forget those at home,” Jason said, “But it’s pretty challenging to forget your fingers unless you get in a fight with a lawnmower.”

Midwest dry skin = tough-to-capture fingerprints

Northwoods initially used a fingerprint scanner, but tough Midwestern weather means that there can be problems getting a good fingerprint. One problem is that cold winters and dry air can make fingerprints difficult to capture. Also, people who work outside and have calloused hands just might not have a good fingerprint at all. For that reason, Northwoods is in the process of transitioning to finger vein scanners for all check-in. They’ve already begun using the new scanners at one of their satellite campuses, and they’re getting ready to move the 1,500 parents who have been entered into their system using finger prints to re-scan using finger veins.

“The scanners are easier to use, the technology is not environmentally dependent, and it’s very accurate,” Jason said. While testing the machines with his own hand, he tried to create an error.

“I tried to get my finger to scan wrong, and unless I turned my finger sideways, it worked,” he said.

A real partnership

One aspect he’s been very happy with is the working relationship between ACS Technologies and M2SYS. Northwoods uses M2SYS in conjunction with its ACS Technolgies check-in software. It’s a totally integrated system that helps the church keep track of the families that attend the chuch.

“It’s nice to have a partner. That ACS Technologies said M2SYS is good, go work with them, and it’s not some just random third party that we’ve picked up off the shelf, that’s key for us; knowing that we have the support and backing of ACS Technologies and that they have the backing and support of M2SYS.”

Jason Lee also writes a blog called “Bytes about bits in church IT”