Biometrics: How does it Reduce the Risk of Security Breaches?

The following is a guest post by Robert Kramers.

In one way or another, biometrics has been around for a long time. Film fans may remember it from the 1993 film Demolition Man. This film is often cited as “predicting” the use of biometrics in security, but the truth is that this idea has been floating around since the discovery of fingerprints.

So, what is bio-security?

Bio-security uses biometrics as a way of identification and access control. It involves the use of body parts as an identification process, and works in a similar way we know fingerprint scanning works. An eye scanner, for instance, can detect all of the minute differences in the human eye, which are much more visible than people think, as evidenced by the photo below.

iris recognition biometric identification management

When it comes to biometric security, everything from your face to your DNA can be used to identify you. This technology is not just the stuff of science fiction anymore and biometric security and is currently used on consumer tablets and smartphones as well as access to sensitive information and hardware within high level corporations.

Biometrics has the potential to be used everywhere, from top-end businesses keeping entire buildings secure to artists, writers and photographers looking to secure the safety and protection of their intellectual property. Biosecurity is far more advanced than any other form of security, and contains fewer holes and breaches that leave more traditional systems vulnerable.

Fast Access to Personal Information

The main advantage of biometric technology over traditional security systems is that it detects things that are unique to the individual quickly and accurately.

This means that a place of business can ensure that only the employees gain access and attempted crime can be pinpointed faster.

Biometrics and a number of advancing technologies, including wireless power through resonant induction, have the ability to work cohesively. Items like this biometric sensor, which is printed directly on to human flesh (aka the biostamp) means, that a number of personally identifiable features has the ability to be obtained from the likes of a patient, in just seconds. Wireless power would provide the ability for the biostamp to communicate with internal devices like LVADs. This has the potential to help with medical information security, monitoring and identification.

Accuracy of Identification

Despite the misconception provided by popular sci-fi action movies, in real life modern biometric scanners detect capillary flow behind the eye or the finger, which means that they can only be used by a living, breathing person.

Biometrics can also be used to stop security holes that other systems can not detect.

For example, at Disney World, where a 5-day ticket can cost up to US$350, biometric fingerprint scanners are used to ensure that only the person who purchased a ticket can enter the park, which stops people from lending, sharing or even selling their ticket to others.

 

fingerprint biometrics for identification, finger scanner

Biometrics in use at Disney World (photo courtesy of Wikipedia)

Absence of Anonymity

Every time an eye scanner, fingerprint scanner or any other form of biometric is used to allow access for one person, that person’s details can be stored in a database. Not only is their physiological data stored which can be used to find their name, address and more but also information on when and where they logged in.

By scanning for fingerprints, irises and other unique parts of an individual’s physiology, it ensures that it knows exactly who is trying to gain access at any given time.

This information can be used across the board, from employers who simply want to make sure their employees are logging in and doing their work when they should, to those investigating crimes on the premises.

Unauthorized Duplication

We live in an age where everything from luxury handbags to prescription medication can be copied to the finest details, and this also applies to keys and key cards, the very things that keep us secure using current security standards. The beauty of biometrics is the near impossibility of duplication.

As each individual is unique, and due to the complex nature of the biometric systems, moulds and other inanimate things cease to work.

Loss and Theft

Finally, whereas keys and codes can be lost, biometrics can not.

Simply put, you can’t lose you.

Not only does this mean that you will always have access, but it also guarantees that you are not leaving open access to your property on the subway or in the back of a taxi. Where your access is, you are also – which adds another layer of complexity and security to accessed gained.

In conclusion, the idea of biometrics and security have an increasing number reasons to be adopted particularly for reasons related to security. Additionally, it is very possible that some forms of biometric security like vein pattern recognition and eye scanning will have the ability to provide hygiene benefits due to non-contact biometric interpretation.


This was written by Robert Kramers. The technology enthused freelance blogger at RobertKramers.com

Hedging Risk in Biometric Identification Management Deployments

The use of hybrid biometric hardware devices helps to hedge the risk of a deployment

The use of hybrid biometric modalities – fingerprint and finger vein for example – helps to hedge the risk of biometric identification management deployments.

As biometric identification management deployments continue to evolve around the world, the scope and complexity of administering these projects continues to grow as program administrators begin to expand the technology’s reach to more and more segments of society. A technology once used exclusively by government entities mostly in a military capacity has expanded to include virtually all classes and cultures thanks in large part to advances in system inefficiencies, lower costs, and wider acceptance and understanding of the benefits by the public.

The intricacies and conditions of biometric identification deployments from initial set up to enrollment to identification/verification and the ever present push to achieve near 100% identification accuracy has been a key motivator for biometric identification management vendors who design and build the software and hardware that power deployments. There is little doubt that biometric systems have become more user-friendly, customizable, ergonomical, and efficient, however end users don’t assess the effectiveness or develop opinions on the use of biometrics based on these factors. They are much more in tune with the basic tenet of just about any piece of technology they come in contact with — does it work and do I trust it? Faith and trust in a biometric identification system is largely defined by the ability of the technology to accomplish what it promises and that is to accurately identify individuals, no matter what the conditions.

End users expectations are that biometric identification management systems will be able to identify them regardless of the condition of their own physiological attributes or the environment where the system is used. After all, the effectiveness and security of a biometric system hinges on its ability to enroll as many eligible end users as possible, and accurately identify them on subsequent use of the system. Unfortunately, limitations in the ability of certain biometric hardware modalities to effectively capture individual biometrics due to problems like skin integrity, or climate as well as the use of unimodal (biometric systems that comprise one hardware modality) systems for larger scale deployments raise the risk that the technology will not perform as expected.

Factors that effect risk in biometric identification management deployments are defined by multiple categories including:

  • Spoofing and Mimicry Attacks
  • Server Side – Fake Template Risks
  • Communication Links Risk
  • Cross-System Risk
  • Component Alteration Risk
  • Emrollment, Administration, and System Use Risks
  • Noise and Power Loss Risks
  • Power and Timing Analysis Risks
  • Residual Characteristic Risk
  • Similar Template — Similar Characteristics Risk
  • Brute Force Attack Risk

While not all of these potential risks can be mitigated by strategic use of biometric hardware, technological advances for the selection of a proper biometric device to capture, store, and identify/authenticate end users have helped system administrators to help hedge some risk such as Spoofing and Mimicry Attacks, and Enrollment, Administration, and System Use Risks. Particularly effective and rising quickly in the battle to hedge risk is the use of modern, sophisticated, hybrid, fused biometric hardware devices that simultaneously captures two biometric attributes or identifiers and that can perform both one-to-many (1:N) and one-to-one (1:1) matching in a single environment. Plus, due to increases in spoofing and forgery, more end users are choosing hybrid biometric devices in a multimodal (biometric deployments that combine two or more unique biometric atttributes) capacity that also include “liveness detection” which simultaneously looks at and beneath the skin surface, provides protection from published and unpublished finger copying methods, and is highly adaptable for future spoof threats.

Despite their clear superiority over other more traditional forms of identification, unimodal biometric systems are not without accuracy limitations when deployed in certain environments, depending on a number of factors, including:

  • Noisy sensor data: “Noise,” or factors affecting the quality of the image produce by the biometric device, can be present in the acquired biometric data mainly due to defects or environmental conditions.
  • Non-universality: If every individual in the target population is able to present the biometric trait for recognition, the trait is said to be universal; however, not all biometric traits are truly universal (e.g. – people with hand related disabilities, manual workers with low skin integrity caused by cuts and bruises on their fingertips, and people with very oily or dry fingers). The National Institute of Standards & Technology reported that 2% of the world’s population can’t enroll in biometric fingerprint systems[i] because of skin integrity issues.
  • Lack of individuality: Features extracted from biometric characteristics of different individuals can be very similar (e.g. – a small proportion of the population can have nearly identical facial appearances due to genetic factors).
  • Intra-class variations: The biometric data acquired from a user during verification will not be identical to the data used for generating the user’s template during initial enrollment.
  • Spoofing: Although it is extremely difficult to steal someone’s biometric traits, it is possible with some biometric devices for an impostor to circumvent a biometric system using spoofed traits (behavioral traits like voice and signature are more susceptible to these types of attacks than those based on physiological traits).

Advances in biometric identification management hardware and software solutions over the past few years have presented opportunities for end users to hedge risk and raise the integrity of a matching system by not relying on a single physiological characteristic, which can be significant in very sensitive or high-security environments. Therefore, the ability of a unimodal biometric system to accurately and consistently identify 100% of a population is limited. In addition, because of the rapid growth of large-scale deployments, a unimodal system can be considered undesirable unless combined with a second biometric modality.

While there are many more ways to hedge additional risk in biometric identification management deployments, the use of hybrid hardware that combines two modalities is certainly a step in the right direction.

What other ways can you hedge risk in biometric identification management deployments?

Introducing M2-FuseID™ – a New Hybrid Fingerprint and Finger Vein Biometric Scanner with Sophisticated Liveness Detection

M2-FuseID is a new hybrid biometric hardware device that combines fingerprint and finger vein technology in a single reader for large deployment environments covering millions of end users.

The new versatile. ergonomic M2-FuseID™ hybrid fingerprint and finger vein reader is ideal for dual factor environments.

If you missed the news, M2SYS Technology recently introduced a new, hybrid biometric scanner called M2-FuseID™ that simultaneously captures both fingerprint and finger vein images with the single touch of a finger. Why is this new biometric hardware considered to be a revolutionary advancement in biometric hardware?

 

 

 

Here are a few reasons:

  • Incorporates state-of-the-art technology combining two separate sensors into a single unit
  • The only biometric fused device that can perform both one-to-one (1:1) and one-to-many (1:N) matching for both fingerprint and finger vein templates in a PC-based environment
  • Designed to read 100% of end users eliminating the limitations of relying on fingerprint recognition alone
  • Sophisticated “liveness” detection (see below for a more detailed explanation)

The dynamics of biometric identificaiton projects around the world necessitate ongoing innovation on hardware design that delivers greater accuracy and speed, especially for deployments that cover large databases consisting of millions of end users. When paired with our Hybrid Biometric matching systems the M2-FuseID™ fused fingerprint and finger vein reader is the only device that allows customers to perform one-to-many matching of millions of fingerprint and finger vein templates in seconds.

Plus, we equipped the versatile, ergonomic M2-FuseID™ hybrid fingerprint and finger vein reader with sophisticated “liveness detection” to prevent spoofing, a concern by end users who want to prevent the use of fake and spoofed fingerprints trying to trick the system. Our M2-FuseID™ device simultaneously looks at and beneath the skin surface to protect against spoofing plus the device provides protection from published and unpublished finger copying methods rendering it adaptable against future spoof threats through consistent experiments and analysis of research in liveness detection.

Ideal for deployments covering large databases, here are some sample deployment environments that the M2-FuseID™ hybrid fingerprint and finger vein reader is best suited to:

  • Civil ID
  • Patient identification in healthcare
  • Banking
  • Visitor Management
  • Border Control
  • Voter Registration
  • ePassorts

To learn more about how the new M2-FuseID™ hybrid fingerprint and finger vein reader can help achieve 100% read rates in a dual factor environment, please contact us at:

1-770-393-0986 x1
sales@m2sys.com

Why Apple’s use of Fingerprint Biometrics is Boon to Industry, not the Modality

fingerprint biometrics are just one of many modalities set for strong future growth

Apple’s use of fingerprint biometrics for security is a boon to the entire industry

Unless you are living under a rock, you have no doubt heard about Apple’s recent addition of fingerprint biometrics as an added security feature to their new generation of iPhones. it’s exciting to see a company like Apple dive into the foray of using biometrics for security, largely because it further propels biometric technology into the mainstream, raises the awareness of the technology, and opens new doors for it’s applicability and use in many different markets.

What should be made clear is that Apple’s use of biometric technology isn’t a boon for the fingerprint biometrics industry – it’s a lift for the entire industry. That’s why we were a little bit surprised to see this article prognosticating about the future potential uses of fingerprint biometrics in common, everyday life. The article authors suggest that we could see fingerprint biometrics used in the following capacities in the near future:

1. Automobiles
2. Gun safety
3. Home entertainment systems
4. Access control for a home or office
5. ATM withdraws
6. Entry into nightclubs or bars

We agree with the idea that these are indeed places that could see the use of biometrics in the future, but what we don’t agree with is using fingerprints as a biometric modality in all these applications. Yes, fingerprint biometrics are in fact the most common modality in the industry but also have distinct limitations in their effectiveness due to problems with; skin integrity, climate, ethnicity, and hygiene. How long do you think a hotel for example would rely on fingerprints for room access when they discover that a certain percentage of their patronage is not able to use the technology due because of some of the problems listed above, or refusal to use the biometric device because of hygiene reasons?

What’s much more realistic is a combination of fingerprint biometrics with other modalities like palm vein, finger vein, iris, and voice for these deployment examples, not just fingerprint alone. Vascular biometric modalities like finger vein and palm vein present certain advantages over fingerprints like: no contact with a sensor, scanning beneath the surface of the skin to alleviate skin integrity problems, an increased difficulty to recreate someone’s biometric template because the sensor of the vascular scanner needs the hand and blood flow to register an image, etc. The use of biometrics for ATM authentication is already widespread in places like Europe and Asia, and the preferred modality is usually palm vein or finger vein because of the advantages that they present over fingerprint.

Understanding that fingerprint biometrics are an excellent modality but have limitations that are overcome by more modern biometric hardware is key to envisioning more widespread use of the technology in everyday applications.

 

Finger Vein Biometrics Identification for Membership Management Software

University of Vermont is using M2SYS finger vein biometrics for student membership management

Finger vein biometric technology for membership management

An article published today in the University of Vermont’s campus newspaper The Vermont Cynic reported that the campus recreation center has adopted M2SYS finger vein technology for student member identification. Tim Lewis, associate director for campus recreation made the decision to use finger vein biometrics for member identification after brainstorming ideas on how to eliminate students carrying ID cards. Happy to see our finger vein biometric identification system used at the University of Vermont through a partnership we have with Vermont Systems, a recreation and parks software provider based in Essex Junction, VT.

Modern day membership management software is  designed to help create efficiencies that antiquated methods simply can’t provide. In an effort to eliminate ID cards, prevent identity fraud, and create a more convenient user experience, many membership management facilities are evaluating vascular biometrics (finger vein and palm vein) for identification because of the distinct advantages it offers. Specifically, using biometrics for member identification has proven to be the most effective and affordable solution for safe and secure management of sensitive information. Installation of a biometric member identification system is fast and easy, providing a convenient experience for members who no longer have to remember their ID Cards and a comforting feeling to recreation center staff who can feel confident that no unauthorized members are gaining access to the facility.

Although fingerprint biometrics is traditionally seen as the most common modality, many membership management facilities have discovered that vascular biometrics (finger vein and palm vein) are more effective in their environments for identifying members who may have skin integrity issues that would limit the effectiveness of fingerprint readers. The University of Vermont decided that finger vein biometrics, which uses near infrared light to map the vein pattern beneath a finger for identification was a preferred biometric modality for their end users. After a brief 2 – 3 minute enrollment period, on subsequent visits students can be identified in about 2 seconds.

Could finger vein or palm vein biometrics help your membership management facility to create efficiencies, save time and resources, and create a more convenient user experience? Please contact us for a price quote or membership management software provider reference.