pp1-20.qxd
5/8/01
4:27 PM
Page 3
NEWS manufacturing techniques are bound to accelerate the growth curve”. Contact: Rick Norton at IBIA, Tel: +1 202 783 7272, email:
[email protected]
Testing
UK’s biometric test results are made publicly available Following a six month trial project, the results of the UK Biometric Working Group’s (UK BWG) first wave of biometric product testing have now been published. The trial was conducted by the National Physical Laboratory (NPL) in the UK. Seven technologies were tested including Recognition Systems’ HandkeyII, Visionics’ FaceIt Verification Demo, the Veritouch vr3 with Infineon’s capacitive FingerTip sensor, OTG’s SecurePBX speaker verification demo and Iridian’s IriScan2200. Infineon also supplied algorithms from a newer SDK which were used to enrol and verify off-line the same images captured by the Veritouch device. The actual three month test period included 200 volunteers and provided useful indications as to the performance of biometric templates over time: most technologies showed a poorer verification rate on later use. Also underlined by the testing was the distinction between ‘Failure to Acquire’ and ‘Failure to Enrol’ rates. The project intention was not to endorse particular technologies, but to validate the testing methodology set out in the ‘Best Practices in Testing of Biometric Devices’ document and to generate results that reasonably establish the current general status of biometric technology. The next issue of Btt will look more closely at this report. Contact: CESG, www.cesg.gov.uk/biometrics/index.htm
Healthcare/Layered Biometrics
Centralized biometric solution works for DBIS Burns unit doctors working in the Netherlands can now routinely use biometrics to access a web-based database detailing medical records of burns patients throughout the country. If successful, the database could be extended to include records of patients across Europe.
Biometric Technology Today • May 2001
The Dutch Burn Information System (DBIS) was created by the Dutch Burn Foundation, a nonprofit organization that conducts research about burn injuries. Only burns specialists, who have been registered and authorized by a public notary will have access to the database. Clearly, a system such as this had to be highly secure, so the addition of numerous security measures was appropriate. The system will use a combination of layered biometric technology and a central authentication server from Keyware, a PKI from Baltimore Technologies, digital certificates issued by DigiNotar and smart cards from Gemplus. The DBIS database and Keyware servers are physically stored at DigiNotar’s secure facility. Potential users of the system are legally registered by DigiNotar and are given a smart card that contains two digital certificates and two of their enrolled biometric templates. When the user wants to access the burns patient records via their PC, the first certificate is released from the smart card and sent across the internet to DigiNotar. This certificate is then checked to prove the validity and authenticity of the smart card. (DigiNotar could have revoked the smart card’s certificate, for example, effectively ending the transaction at this point.) Once the smart card’s validity is confirmed, a secure tunnel between the smart card and Keyware’s central authentication server is established. The user is then prompted to give fresh biometric samples (voice then fingerprint) and these are checked against templates which are released by the smart card. If approved by the server, a second certificate is released to set up a secure connection between the computer’s browser and DBIS. Although this system seems slightly long winded, European legal guidelines regarding the processing of personal data meant that DBIS had to follow strict authentication procedures before granting any user access to the system. Plus, the user’s biometric templates could not be stored on a central database, as it would have contravened privacy laws. Luc Taal, DBIS project manager, told Btt: “Initially 30 people spread across three burns units in the Netherlands will use the system, although this could proliferate to include general hospitals or burns units across Europe. Potentially there could be 2000 users of the system. The advantages for patients would be the creation of evidence-based protocols. Annually there are relatively few burns admissions, so this system would allow for a much larger database of knowledge and help doctors to administer the right treatment at the right time. We are going to present the system to our European colleagues at a conference in September to see if we get a good response.”
In brief • The Republic of El Salvador is to introduce a US$3 million fingerprint-based civil identification system for its four million citizens. The system, which is to be supplied by Motorola’s wholly-owned subsidiary Printrak, will support a database of up to three million fingerprint records. The prime contractor on the project is Docusal, a subsidiary of identification security systems provider Cosmocolor. This deal extends the use of biometrics in Latin American ID schemes – countries including Guatemala and Argentina are already using Printrak’s system. • Smith & Wesson has reportedly been given a US$1.8 million grant from the US Justice Department to develop a smart gun, designed to prevent anybody but the authorized users from firing the weapon. The supplier has indicated it will use the money to further research fingerprint technology and other electronic firing systems. • Imagis Technologies has released a software developers kit based on facial recognition. The ID-2000 SDK is designed for use in multiple applications, such as e-commerce, access control, airport environments, law enforcement and gaming. The SDK is available as an evaluation version for appraisal by software developers. • Novell has announced a series of new partnerships including a number of biometric companies. Fingerprint authentication solution supplier Biometric Access Corporation and face recognition technology supplier VisionSphere will join the growing list of biometric companies integrating their solutions with Novell’s NDS eDirectory and its security framework, Novell Modular Authentication Services (NMAS).
3