john Gill technology header image

Developments in Biometrics

Dr. John Gill
March 2005


There is increasing interest in systems which help confirm a person's identity. From the government's perspective this is, in part, motivated by security considerations at a time of international terrorism. At the individual level there is concern over identity theft leading to financial loss. Identity fraud is estimated to cost the UK over a billion pounds each year split equally between the public and private sectors.

There are three elements of a person's identity:

  1. Things which you 'are' (ie your biometric identity). These are attributes that are unique to an individual (e.g. fingerprints).
  2. Things are given to you (ie your attributed identity). These include full name, date and place of birth.
  3. Things which happen to you during your life (ie your biographical identity). This includes educational qualifications, electoral register entries, and history of interaction with organisations such as banks.

Biometrics permits the automatic identification of an individual based on his or her distinguishing physiological and/or behavioural characteristics. Biometric identification involves comparing with a database of templates to find out who you are, but biometric verification is where the template is compared to the one supplied with your claimed identity. Some biometric systems cannot do identification but can only verify the claimed identity of a person.

For the user, it should be easy and comfortable to use the system. Many users would prefer methods which do not require physical contact between the individual and the device. Consumers need confidence that the system will reliably correctly identify them while not permitting other users access; no current biometric system achieves 100% success in both these aspects.

Numerous biometric systems have been developed; these systems include:

It is the last three methods which are likely to be the preferred systems for international travel documents.

Facial recognition
Facial recognition can have an unacceptable level of either false positives or false negatives. It is technically best used to say "is this the same person" rather than "who is this person". Thus it is an appropriate technology when used with a secure token such as a smart card. From the users perspective it's non-intrusive nature is a major advantage, and users are likely to accept such a system if it can provide a decision quickly and is seen to be protecting their interests.

In passport applications, a false rejection will only result in a referral to an immigration officer who can handle problems such as changes in facial appearance.

This type of system is already used on large building sites in the UK for employees to "clock-on" and "clock-off". In this application, when the system fails to produce a match it sends an electronic photograph to the pay office where a clerk compares it to a photograph on file. An interesting aspect of this system is that the biometric template is automatically updated every ten times the employee uses the system; this lessens the problem of a gradual change of appearance such as caused by growing a beard.

Fingerprint systems
Fingerprint systems are good for the low number of false acceptances, but can be problematic for those with damaged fingers or with prosthetic hands. Some users will associate fingerprints with criminal investigations, so may be reluctant to use the system.

Iris recognition
Iris recognition is a secure system, but the user has to position their eye in relation to a camera. This can give problems for users who are very tall, very short, or in a wheelchair. There are obvious problems for users who are blind or have a visual prosthesis. In addition some ethnic and religious groups may consider such a system unacceptable.

Updating
The biometric information can be stored in a central database or on a smart card. Users are likely to prefer the information to be stored on their card rather than on a remote database. However, it is easier to regularly update the database with revised biometric data as the user's characteristics change.

Users should have the facility to choose an alternative verification system even if it is a PIN (personal identification number - usually 4 digits). However this choice may be subject to regulatory or legal requirements imposed on the service provider. The user should be advised if the alternative is less secure, but it is recommended that the decision to use an alternative system should be left to the user.

In the UK the government has decided that all central and local government issued cards should have the ability to incorporate information about the user's preferred interface (eg large characters on a screen or speech output); this information is only added to the card at the user's request. This coding is now being extended to include the user's preferences relating to biometric systems.

 



John Gill Technology Limited Footer
John Gill Technology Limited Footer