- Email: [email protected]
Break for the border
FEATURE workflow etc), which have been bottlenecks in older bespoke biometric systems. This increases certainty in predicting performance and reduces the risks in developing the system. Integrators can develop the system knowing that they can procure the biometric matching as a commodity element that brings market pressures to pricing and provides multiple sources of algorithms. The SOA approach leads to other key benefits. Integrators know how to develop the surrounding system elements and can estimate these capabilities with certainty using industrial strength middleware and designs. Vendors of biometric matching algorithms can focus their development activity on building a better matching service free from compromises imposed from considering the overall system elements.
“The SOA approach leads to other key benefits. Integrators know how to develop the surrounding system elements and can estimate these capabilities with certainty” Lastly, but no less importantly, new entrants into the biometric matching business can also benefit from lower entry barriers because they can implement a simple matching service rather than having to develop a complete system. This all helps to make the biometric market a vibrant area where innovation and invention can flourish and moves the industry forward.
Future standards challenges The present crop of SC37 led biometric standards cover all of the major modes and modalities of biometrics (finger, hand, iris, face, voice etc) in a binary format, but the increasing need to fully embed biometrics into web-based infrastructures has led to the desire to produce a new generation of standards that include an XML format. This will lead to greater adoption in modern web-based architectures but will require closer working between SC37 and other standards groups (such as OASYS and W3C). The other challenge concerns public engagement, to make biometric technology acceptable in wider application areas. This will require driving biometric standards down into smaller scale (eg smaller time and attendance systems). Public engagement is a critical factor as there is a need to inform and educate a wider audience on the advantages of using biometrics, how to use them securely and how to maintain and manage biometric data. The BSI’s biometric group (IST/44) is taking the lead in this activity by launching in May a Publically Available Specification (PAS) that will provide a starting point for organisations that wish to include biometric technology into their systems. The PAS provides checklists and examples of best practice to give confidence to implementers and users that they can use this technology with confidence and are able to deliver the benefits they seek.
The past 10 years have seen a rapid adoption of biometric technology. This take up has been enabled in a large part by the development of biometric standards led through SC37 and the national bodies that contribute to it such as the BSI. Biometric technology can now be considered a ‘plug and play’ element of systems using components that can be easily interchanged. The biometric industry is now ready to engage with the public and its perceptions of the technology by making it more acceptable and welcomed in new uses and applications. The next step in this journey will be taken in May with the launch of the BSI’s Biometric PAS document.
About the author Dr Peter Waggett is the Emerging Technology Programme Leader based at IBM’s Hursley Laboratory. He is also Chair of the BSI’s Biometric Standards Group (IST/44). He is an active participant of the ISO/IEC/JTC-1 SC37 group and is editor of the Biometric Vocabulary Standard. General information about the BSI’s biometrics activities, and the PAS launch in May, can be found at.
Reference 1
Waggett et al. ‘Reducing risk through largescale testing’. January 2011 NIST. < http://nist.gov/itl/iad/ig/ ibpc2010_presentations.cfm>
Break for the border Steve Gold
Steve Gold
The usage of biometrics at border crossing points is increasing rapidly, but it is more than just hardware that is driving deployments, as Steve Gold reports. Much has been made in the mainstream media of the raft of deployments of biometric-driven border control systems at UK and European Union airports. Ye there have also been breakthroughs outside of the EU, most notably in the Americas, the Far East and Australia. One of the biggest barriers to the rollout of biometrically driven border control systems is the administration of the enrolment process.
February 2011
An entity of some type has to administer the system and BTT readers will be familiar with the politics of adding biometrics to national ID card systems. In the European Union, for example, the EU Presidency proposed as far back as 2005, that biometrics be added to the raft of national ID cards in active or planned use across the Union. Unfortunately for the biometrics industry, various groups have opposed these plans.
Caribbean CARIPASS Progress is being made in some international territories. In the Caribbean, for example, a cluster of 15 countries has been working steadily towards developing its own CARIPASS multi-state identity card to include a biometric facility for some time. Countries participating in the scheme include Antigua and Barbuda, Barbados,
Biometric Technology Today
7
FEATURE co-ordinated by the Implementation Agency for Crime and Security (CARICOM IMPACS).
“The updated CARIPASS documents are the size of a credit card and contain the biometric and biographic data of the cardholder”
Colin McGeachey: the CARIPASS programme has significant potential to become a leading light in border control.
Dominica, Grenada, Guyana, Jamaica, St Kitts & Nevis, Saint Lucia, St Vincent & the Grenadines and Trinidad & Tobago. According to Colin McGeachey, a biometrics specialist with 3M Canada, the CARICOM group of countries started pooling their border control resources in 1972, and today the group has 15 member countries with around 16m people flying through a total of 18 airports throughout the region each year. Speaking at the Biometrics 2010 event in London, McGeachey said that, since 2007, a growing number of members of the CARICOM group of countries have had a biometrics-enabled function on their identity cards. “So far we have 10 countries [fully] on board the programme, which uses fingerprints and facial biometrics to secure the gates,” he says, adding that the optics in the gate assembly are diverse, meaning that the system cannot easily be tampered with. McGeachey, who has worked in the IT industry for 30 years and has been with 3M Security Systems (previously known as AiT) for 17 years, said his extensive global experience with issuance and inspection systems for machine readable travel documents has led him to believe that the CARIPASS programme has significant potential to become a leading light in the biometrics border control arena. His predictions were fulfilled when, in December 2010, CARICOM announced it was ready to ‘go universal’ with a biometric function to the CARIPASS ID card system for all member countries. The updated CARIPASS documents, which are the size of a credit card and contain the biometric and biographic data of the cardholder, will allow CARICOM citizens and residents of participating states aged over 16 to pass through automated border control gates in selected airports. The rollout of the cards, which are valid for a period of either one or three years, is being 8
Biometric Technology Today
As this issue of BTT went to press, CARICOM IMPACS was about to announce a phased plan for all CARICOM member countries to implement biometrics for their border control systems, so creating the world’s first fully trans-national biometrics border control programme.
Australia Australia too is at the forefront of biometricsenabled border crossing, with Sydney Airport having expanded its use of biometric-enabled SmartGates within the airport, claiming they allow passengers to traverse border control and customs facilities in just 38 seconds. In January the airport announced it had boosted its biometrics control complement to sixteen kiosks and eight gates, for use by both Australian and New Zealand e-Passport holders in a transnational deal. Regular travellers wanting to use the gates using a nationally issued e-Passport card, must first answer basic questions at a kiosk, and then have their faces scanned at the gates. These scans are then matched with the Australian Customs and Border Protection passport records. According to Australian federal home affairs minister, Brendan O’Connor, the use of the SmartGates in Australia has risen steadily over the past year. In the six months between the SmartGates beginning operation in July 2008 and January 2010, around a million people had used the biometric technology in Australia. By the end of 2010, that figure had risen to 2.7m, he noted. “There’s strong demand for SmartGates from passengers and these new kiosks and gates help meet the increasing desire for non-invasive, efficient and tech savvy ways to travel,” he says.
“Between July 2009 and January 2011, the percentage of eligible travellers using SmartGate has increased from 32 to 50%” The system is easy to use and it is a safe and convenient alternative for clearing through passport control, he says. According to O’Connor, between July 2009 and January 2011, the per-
Brendan O’Connor: the use of the SmartGates in Australia has risen steadily over the past year.
centage of eligible travellers using SmartGate has increased from 32 to 50%.
Indonesia Australia and New Zealand do not have a monopoly on biometric-enabled border crossings. In March 2010, the Directorate General of Immigration at the Department of Law and Human Rights in Indonesia (IMGRISI) rolled out a biometrics system at 27 airports and seaports in the region. The system, which uses the SITA iBorders platform, has allowed the government to significantly improve the control of its borders through additional checking of watch lists, verification of passports, visas and permits, and integration of visa issuance.
“IMGRISI has more than 300 operational workstations across 27 air and sea ports and is now processing the vast majority of Indonesia’s 20m passenger movements across its international borders” According to IMGRISI, the capture of biometrics from travellers, specifically facial images and fingerprints, will now give the added security that the person at the border is the one who has been checked against all the databases. Erwin Azis, IMGRISI’s director of immigration information systems, said that the use of biometrics adds an extra element to the identification and verification of arrivals. “We can now be confident that people match passports,” he says, adding that the first airport, Adisucipto International Airport serving Yogyakarta in Java, went live in March 2010, and the remaining ports went live during in the summer and autumn.
February 2011
FEATURE Today, IMGRISI has more than 300 operational workstations across 27 air and seaports and is now processing the vast majority of Indonesia’s approximately 20m passenger movements across its international borders.
Portable systems The $64,000 question, of course, is whether biometrics technology is sufficiently reliable and robust enough for use on a regular basis at a major international airport to be considered the de facto means of entering or leaving a country.
“Most experts agree that portable terminals must start appearing at airports and seaports but portable systems are still very much in their infancy” For this to happen, most experts agree that portable terminals must start appearing at airports and seaports but portable systems are still very much in their infancy. One company looking to change that is NEC Europe, which last October took the wraps off its Mobile Biometric Device (MBD) that it says can read all current travel documents. The ruggedised tablet computer-based system is a front-line security device for borders that is capable of identity enrollment and verification at any given control point using multiple biometrics. NEC says that its MBD is suitable for use at movable control points such as outdoor land crossings, ferries, trains, buses and within airport terminals. Kei Nakata, NEC Europe’s manager identification solutions division, says that the agencies need mobile, flexible, enhanced border control solutions to manage the steady rise in global customs and border traffic. “At the same time, potential risks are growing, necessitating better security,” he says. According to Nakata, the NEC MBD includes standalone operation or full back office integration using multiple wireless communication and SIM card covering a variety of communication topologies, including GSM/ GPRS and 3G, Bluetooth and WiFi, with GPS allowing the location of the unit to be logged at all times.
Facial biometrics Another company making great strides in developing biometrics technology suitable for a wide range of deployment situations at border crossing is the UK’s OmniPerception.
February 2011
According to Stewart Hefferman, the firm’s CEO, the key to success in the use of biometrics at border control points is the software that drives the hardware. “We’ve reached the stage where the software can do a quite a lot in today’s biometrics systems. The rate of progress in the field of facial biometrics has been very rapid over the last 12 to 18 months. This is reflection of the fact that the facial biometrics marketplace is still in its embryonic state,” he says. Hefferman says that, in order to advance its expertise in the field of facial biometrics, OmniPerception last year undertook a major research project into facial shapes, developing the technology that allows a facial biometrics system to deal with the pitch and yaw required when coping with people’s faces as they approach a scanning station. Providing the pinch point is effective you can lead people to look towards the scanner wherever possible. By analysing the pitch and yaw of someone approaching a pinch point, and adjusting for these facial variances, Hefferman says that this can significantly reduce the number of false positives generated at a typical surveillance system.
“The problem the industry has to deal with is that the technology will not always work 100% of the time. But that’s not relevant from a scanning perspective. It’s about dealing with the 5% or so cases where you don’t get a proper scan” “The problem the industry has to deal with is that the technology will not always work 100% of the time. But that’s actually not relevant from a scanning perspective. It’s about dealing with the 5% or so cases where you don’t get a proper scan,” he says. Another issue that needs to be addressed is the problem of travellers who use an effective disguise, although Hefferman says that false beards and the like are not as effective as people think. You can, he says, look to beat the facial scanner by holding a mobile phone up on one side of the face, and then use your arms/hands to shield the other side of the face, so reducing the facial area visible to a scanner to around 25%. “It all comes down to filtering. You need to get to the right page on the book and good biometrics filtering software is what achieves this. The hardware is now good enough. It’s the software that needs to be good as well,” he says.
Jeff Carter: the Spanish pilot programme builds on Hoyos’ iris biometrics tests on the Mexico and US border.
Hoyos portal Another company at the forefront of biometrics software development is Hoyos Corporation, formerly known as Global Rainmakers, which late last year developed its HBOX system that it claims has low levels of scan failures. The Philadelphia Port Authority in the US uses the system, which was also deployed in August 2010 on a city-wide basis in Leon, a city of a million people in Mexico. According to the Puerto Rico-based company, HBOX is a multi-modal biometric portal that requires its users to walk through an entryway and quickly look up at the capture device in order to be identified. Jeff Carter, the firm’s chief development officer, says that the HBOX combines iris and facial recognition modalities to deliver a higher level of security.
“The system ensures that anyone taking money out of an ATM, paying for items in a store, or simply catching a bus will have their eyes scanned by hi-tech sensors” In the Leon city-wide deployment, Carter says that the system ensures that anyone taking money out of an ATM, paying for items in a store, or simply catching a bus will have their eyes scanned by hi-tech sensors. In the Leon programme, criminals are automatically being enrolled, with their irises scanned as they are convicted, whilst lawabiding citizens are also being encouraged to enrol as well. Another high profile deployment in the Spanish-speaking world is Hoyos’ installation at Madrid airport, where the airport uses the technology to increase security at the check-in
Biometric Technology Today
9
FEATURE and boarding stages. Hoyos worked with Herta Security on a pilot programme to run at Barajas Airport in Madrid. According to Carter, the Spanish pilot programme builds on Hoyos’ iris biometrics tests on the Mexico and US border with the Mexican immigration officials, which has been capable of scanning up 50 people a minute. Hoyos has also taken the wraps off the EyeSwipe-Nano, which it claims is the first
iris-based biometrics system that is priced to compete with generic card reader systems used at border crossings. According to the company, EyeSwipe-Nano is approximately one quarter of the size of its existing EyeSwipe-Mini and has the same footprint as a dollar bill. The unit, says Carter, can capture the irises of people from a distance and handle up to 20 people a minute in motion.
About the author Steve Gold has been a business journalist and technology writer for 26 years. A qualified accountant and former auditor, he has specialised in IT security, business matters, the Internet and communications for most of that time. He is technical editor of Infosecurity and lectures regularly on criminal psychology and cybercrime.
Securing access to healthcare David Ting, Imprivata
David Ting
Information technology has taken centre stage in the global healthcare market, as the introduction of Electronic Medical Records (EMR) has demanded new levels of IT security. An increased focus on access management and re-authentication has been driven by the requirement to protect these new volumes of sensitive digitised data. Seamless integration of security processes into the user workflow is widely perceived as being of upmost importance, particularly as user adoption is critical to the success of any security protocol. For those who prefer a simpler form factor than devices such as smartcards or tokens, which can be easily lost, forgotten or even shared, biometric technology has been identified as a key enabler for strong, efficient and secure working practices.
Dramatic shift Traditionally, biometric technology has been perceived as state-of-the-art; however, over the past eight to nine years, Gartner claims that there has been a dramatic shift in both the availability and ubiquity of the devices as well as the broad adoption of fingerprint biometrics in environments where simplicity of use and the need for strong authentication are essential1. By obviating the need for the user to carry devices such as smartcards or password tokens, biometric technology has become widely adopted in fast-paced environments where quick access to critical data is essential. Healthcare and law enforcement are two key examples. The fact that the devices are today far more reliable and readily available has also had an impact on the use of biometrics for remote access and browser based systems. Ten years ago, the price and the quality of the scanned biometric image were the main issues but today biometric solutions have become com10
Biometric Technology Today
moditised and as such, factors which differentiate a ‘good’ system from an inadequate system now include additional considerations such as how privacy is safeguarded, simplicity of deployment, troubleshooting problematic use cases and how the device is matched to the workflow of the organisation or individual user. For example, as the number of commercial use cases for biometrics has increased and identity theft has become a real concern, the privacy and protection of biometric identity has become increasingly important. As a result, the way in which biometric images are stored has become a central focus. Potential biometric users are far more aware and concerned today with how their biometric identities are secured and protected from misuse. Unlike compromised logon or credit information, there is no way to reissue a new biometric identity for a user.
System design safeguards System design principles have been developed to help to safeguard biometric identity, ensuring privacy through encryption and also by translating biometric images to templates. Double blind systems that ensure names and identities are not bound with biometric data have also become a fundamental expectation of biometric technologies.
“As the number of commercial use cases for biometrics has increased and identity theft has become a real concern, the privacy and protection of biometric identity has become increasingly important” The quality of biometric solutions has of course developed alongside the many privacy and security improvements. For example, live finger detection and sensitivity across different levels of humidity has drastically improved. Scanners can also now work alongside different kinds of surgical glove, a factor that has vastly changed and affected utilisation of biometric devices within the healthcare sector where clinicians can now use biometric readers to authenticate with minimal disruption to their workflow. In addition to providing a fast and unobtrusive means of authentication, the unique nature of biometric technology also helps businesses to address security regulations, which are themselves becoming increasingly strict. As new regulations are introduced relating to user access at a transactional level, biometric authentication is likely to become increasingly popular. Gartner claims that this rising interest in biometric solutions is due to the ability to balance high levels of accountability with ease of use2.
E-prescriptions This trend has already been seen in the healthcare sector in the US state of Ohio where a
February 2011
“The SOA approach leads to other key benefits. Integrators know how to develop the surrounding system elements and can estimate these capabilities with certainty” Lastly, but no less importantly, new entrants into the biometric matching business can also benefit from lower entry barriers because they can implement a simple matching service rather than having to develop a complete system. This all helps to make the biometric market a vibrant area where innovation and invention can flourish and moves the industry forward.
Future standards challenges The present crop of SC37 led biometric standards cover all of the major modes and modalities of biometrics (finger, hand, iris, face, voice etc) in a binary format, but the increasing need to fully embed biometrics into web-based infrastructures has led to the desire to produce a new generation of standards that include an XML format. This will lead to greater adoption in modern web-based architectures but will require closer working between SC37 and other standards groups (such as OASYS and W3C). The other challenge concerns public engagement, to make biometric technology acceptable in wider application areas. This will require driving biometric standards down into smaller scale (eg smaller time and attendance systems). Public engagement is a critical factor as there is a need to inform and educate a wider audience on the advantages of using biometrics, how to use them securely and how to maintain and manage biometric data. The BSI’s biometric group (IST/44) is taking the lead in this activity by launching in May a Publically Available Specification (PAS) that will provide a starting point for organisations that wish to include biometric technology into their systems. The PAS provides checklists and examples of best practice to give confidence to implementers and users that they can use this technology with confidence and are able to deliver the benefits they seek.
The past 10 years have seen a rapid adoption of biometric technology. This take up has been enabled in a large part by the development of biometric standards led through SC37 and the national bodies that contribute to it such as the BSI. Biometric technology can now be considered a ‘plug and play’ element of systems using components that can be easily interchanged. The biometric industry is now ready to engage with the public and its perceptions of the technology by making it more acceptable and welcomed in new uses and applications. The next step in this journey will be taken in May with the launch of the BSI’s Biometric PAS document.
About the author Dr Peter Waggett is the Emerging Technology Programme Leader based at IBM’s Hursley Laboratory. He is also Chair of the BSI’s Biometric Standards Group (IST/44). He is an active participant of the ISO/IEC/JTC-1 SC37 group and is editor of the Biometric Vocabulary Standard. General information about the BSI’s biometrics activities, and the PAS launch in May, can be found at
Reference 1
Waggett et al. ‘Reducing risk through largescale testing’. January 2011 NIST.
Break for the border Steve Gold
Steve Gold
The usage of biometrics at border crossing points is increasing rapidly, but it is more than just hardware that is driving deployments, as Steve Gold reports. Much has been made in the mainstream media of the raft of deployments of biometric-driven border control systems at UK and European Union airports. Ye there have also been breakthroughs outside of the EU, most notably in the Americas, the Far East and Australia. One of the biggest barriers to the rollout of biometrically driven border control systems is the administration of the enrolment process.
February 2011
An entity of some type has to administer the system and BTT readers will be familiar with the politics of adding biometrics to national ID card systems. In the European Union, for example, the EU Presidency proposed as far back as 2005, that biometrics be added to the raft of national ID cards in active or planned use across the Union. Unfortunately for the biometrics industry, various groups have opposed these plans.
Caribbean CARIPASS Progress is being made in some international territories. In the Caribbean, for example, a cluster of 15 countries has been working steadily towards developing its own CARIPASS multi-state identity card to include a biometric facility for some time. Countries participating in the scheme include Antigua and Barbuda, Barbados,
Biometric Technology Today
7
FEATURE co-ordinated by the Implementation Agency for Crime and Security (CARICOM IMPACS).
“The updated CARIPASS documents are the size of a credit card and contain the biometric and biographic data of the cardholder”
Colin McGeachey: the CARIPASS programme has significant potential to become a leading light in border control.
Dominica, Grenada, Guyana, Jamaica, St Kitts & Nevis, Saint Lucia, St Vincent & the Grenadines and Trinidad & Tobago. According to Colin McGeachey, a biometrics specialist with 3M Canada, the CARICOM group of countries started pooling their border control resources in 1972, and today the group has 15 member countries with around 16m people flying through a total of 18 airports throughout the region each year. Speaking at the Biometrics 2010 event in London, McGeachey said that, since 2007, a growing number of members of the CARICOM group of countries have had a biometrics-enabled function on their identity cards. “So far we have 10 countries [fully] on board the programme, which uses fingerprints and facial biometrics to secure the gates,” he says, adding that the optics in the gate assembly are diverse, meaning that the system cannot easily be tampered with. McGeachey, who has worked in the IT industry for 30 years and has been with 3M Security Systems (previously known as AiT) for 17 years, said his extensive global experience with issuance and inspection systems for machine readable travel documents has led him to believe that the CARIPASS programme has significant potential to become a leading light in the biometrics border control arena. His predictions were fulfilled when, in December 2010, CARICOM announced it was ready to ‘go universal’ with a biometric function to the CARIPASS ID card system for all member countries. The updated CARIPASS documents, which are the size of a credit card and contain the biometric and biographic data of the cardholder, will allow CARICOM citizens and residents of participating states aged over 16 to pass through automated border control gates in selected airports. The rollout of the cards, which are valid for a period of either one or three years, is being 8
Biometric Technology Today
As this issue of BTT went to press, CARICOM IMPACS was about to announce a phased plan for all CARICOM member countries to implement biometrics for their border control systems, so creating the world’s first fully trans-national biometrics border control programme.
Australia Australia too is at the forefront of biometricsenabled border crossing, with Sydney Airport having expanded its use of biometric-enabled SmartGates within the airport, claiming they allow passengers to traverse border control and customs facilities in just 38 seconds. In January the airport announced it had boosted its biometrics control complement to sixteen kiosks and eight gates, for use by both Australian and New Zealand e-Passport holders in a transnational deal. Regular travellers wanting to use the gates using a nationally issued e-Passport card, must first answer basic questions at a kiosk, and then have their faces scanned at the gates. These scans are then matched with the Australian Customs and Border Protection passport records. According to Australian federal home affairs minister, Brendan O’Connor, the use of the SmartGates in Australia has risen steadily over the past year. In the six months between the SmartGates beginning operation in July 2008 and January 2010, around a million people had used the biometric technology in Australia. By the end of 2010, that figure had risen to 2.7m, he noted. “There’s strong demand for SmartGates from passengers and these new kiosks and gates help meet the increasing desire for non-invasive, efficient and tech savvy ways to travel,” he says.
“Between July 2009 and January 2011, the percentage of eligible travellers using SmartGate has increased from 32 to 50%” The system is easy to use and it is a safe and convenient alternative for clearing through passport control, he says. According to O’Connor, between July 2009 and January 2011, the per-
Brendan O’Connor: the use of the SmartGates in Australia has risen steadily over the past year.
centage of eligible travellers using SmartGate has increased from 32 to 50%.
Indonesia Australia and New Zealand do not have a monopoly on biometric-enabled border crossings. In March 2010, the Directorate General of Immigration at the Department of Law and Human Rights in Indonesia (IMGRISI) rolled out a biometrics system at 27 airports and seaports in the region. The system, which uses the SITA iBorders platform, has allowed the government to significantly improve the control of its borders through additional checking of watch lists, verification of passports, visas and permits, and integration of visa issuance.
“IMGRISI has more than 300 operational workstations across 27 air and sea ports and is now processing the vast majority of Indonesia’s 20m passenger movements across its international borders” According to IMGRISI, the capture of biometrics from travellers, specifically facial images and fingerprints, will now give the added security that the person at the border is the one who has been checked against all the databases. Erwin Azis, IMGRISI’s director of immigration information systems, said that the use of biometrics adds an extra element to the identification and verification of arrivals. “We can now be confident that people match passports,” he says, adding that the first airport, Adisucipto International Airport serving Yogyakarta in Java, went live in March 2010, and the remaining ports went live during in the summer and autumn.
February 2011
FEATURE Today, IMGRISI has more than 300 operational workstations across 27 air and seaports and is now processing the vast majority of Indonesia’s approximately 20m passenger movements across its international borders.
Portable systems The $64,000 question, of course, is whether biometrics technology is sufficiently reliable and robust enough for use on a regular basis at a major international airport to be considered the de facto means of entering or leaving a country.
“Most experts agree that portable terminals must start appearing at airports and seaports but portable systems are still very much in their infancy” For this to happen, most experts agree that portable terminals must start appearing at airports and seaports but portable systems are still very much in their infancy. One company looking to change that is NEC Europe, which last October took the wraps off its Mobile Biometric Device (MBD) that it says can read all current travel documents. The ruggedised tablet computer-based system is a front-line security device for borders that is capable of identity enrollment and verification at any given control point using multiple biometrics. NEC says that its MBD is suitable for use at movable control points such as outdoor land crossings, ferries, trains, buses and within airport terminals. Kei Nakata, NEC Europe’s manager identification solutions division, says that the agencies need mobile, flexible, enhanced border control solutions to manage the steady rise in global customs and border traffic. “At the same time, potential risks are growing, necessitating better security,” he says. According to Nakata, the NEC MBD includes standalone operation or full back office integration using multiple wireless communication and SIM card covering a variety of communication topologies, including GSM/ GPRS and 3G, Bluetooth and WiFi, with GPS allowing the location of the unit to be logged at all times.
Facial biometrics Another company making great strides in developing biometrics technology suitable for a wide range of deployment situations at border crossing is the UK’s OmniPerception.
February 2011
According to Stewart Hefferman, the firm’s CEO, the key to success in the use of biometrics at border control points is the software that drives the hardware. “We’ve reached the stage where the software can do a quite a lot in today’s biometrics systems. The rate of progress in the field of facial biometrics has been very rapid over the last 12 to 18 months. This is reflection of the fact that the facial biometrics marketplace is still in its embryonic state,” he says. Hefferman says that, in order to advance its expertise in the field of facial biometrics, OmniPerception last year undertook a major research project into facial shapes, developing the technology that allows a facial biometrics system to deal with the pitch and yaw required when coping with people’s faces as they approach a scanning station. Providing the pinch point is effective you can lead people to look towards the scanner wherever possible. By analysing the pitch and yaw of someone approaching a pinch point, and adjusting for these facial variances, Hefferman says that this can significantly reduce the number of false positives generated at a typical surveillance system.
“The problem the industry has to deal with is that the technology will not always work 100% of the time. But that’s not relevant from a scanning perspective. It’s about dealing with the 5% or so cases where you don’t get a proper scan” “The problem the industry has to deal with is that the technology will not always work 100% of the time. But that’s actually not relevant from a scanning perspective. It’s about dealing with the 5% or so cases where you don’t get a proper scan,” he says. Another issue that needs to be addressed is the problem of travellers who use an effective disguise, although Hefferman says that false beards and the like are not as effective as people think. You can, he says, look to beat the facial scanner by holding a mobile phone up on one side of the face, and then use your arms/hands to shield the other side of the face, so reducing the facial area visible to a scanner to around 25%. “It all comes down to filtering. You need to get to the right page on the book and good biometrics filtering software is what achieves this. The hardware is now good enough. It’s the software that needs to be good as well,” he says.
Jeff Carter: the Spanish pilot programme builds on Hoyos’ iris biometrics tests on the Mexico and US border.
Hoyos portal Another company at the forefront of biometrics software development is Hoyos Corporation, formerly known as Global Rainmakers, which late last year developed its HBOX system that it claims has low levels of scan failures. The Philadelphia Port Authority in the US uses the system, which was also deployed in August 2010 on a city-wide basis in Leon, a city of a million people in Mexico. According to the Puerto Rico-based company, HBOX is a multi-modal biometric portal that requires its users to walk through an entryway and quickly look up at the capture device in order to be identified. Jeff Carter, the firm’s chief development officer, says that the HBOX combines iris and facial recognition modalities to deliver a higher level of security.
“The system ensures that anyone taking money out of an ATM, paying for items in a store, or simply catching a bus will have their eyes scanned by hi-tech sensors” In the Leon city-wide deployment, Carter says that the system ensures that anyone taking money out of an ATM, paying for items in a store, or simply catching a bus will have their eyes scanned by hi-tech sensors. In the Leon programme, criminals are automatically being enrolled, with their irises scanned as they are convicted, whilst lawabiding citizens are also being encouraged to enrol as well. Another high profile deployment in the Spanish-speaking world is Hoyos’ installation at Madrid airport, where the airport uses the technology to increase security at the check-in
Biometric Technology Today
9
FEATURE and boarding stages. Hoyos worked with Herta Security on a pilot programme to run at Barajas Airport in Madrid. According to Carter, the Spanish pilot programme builds on Hoyos’ iris biometrics tests on the Mexico and US border with the Mexican immigration officials, which has been capable of scanning up 50 people a minute. Hoyos has also taken the wraps off the EyeSwipe-Nano, which it claims is the first
iris-based biometrics system that is priced to compete with generic card reader systems used at border crossings. According to the company, EyeSwipe-Nano is approximately one quarter of the size of its existing EyeSwipe-Mini and has the same footprint as a dollar bill. The unit, says Carter, can capture the irises of people from a distance and handle up to 20 people a minute in motion.
About the author Steve Gold has been a business journalist and technology writer for 26 years. A qualified accountant and former auditor, he has specialised in IT security, business matters, the Internet and communications for most of that time. He is technical editor of Infosecurity and lectures regularly on criminal psychology and cybercrime.
Securing access to healthcare David Ting, Imprivata
David Ting
Information technology has taken centre stage in the global healthcare market, as the introduction of Electronic Medical Records (EMR) has demanded new levels of IT security. An increased focus on access management and re-authentication has been driven by the requirement to protect these new volumes of sensitive digitised data. Seamless integration of security processes into the user workflow is widely perceived as being of upmost importance, particularly as user adoption is critical to the success of any security protocol. For those who prefer a simpler form factor than devices such as smartcards or tokens, which can be easily lost, forgotten or even shared, biometric technology has been identified as a key enabler for strong, efficient and secure working practices.
Dramatic shift Traditionally, biometric technology has been perceived as state-of-the-art; however, over the past eight to nine years, Gartner claims that there has been a dramatic shift in both the availability and ubiquity of the devices as well as the broad adoption of fingerprint biometrics in environments where simplicity of use and the need for strong authentication are essential1. By obviating the need for the user to carry devices such as smartcards or password tokens, biometric technology has become widely adopted in fast-paced environments where quick access to critical data is essential. Healthcare and law enforcement are two key examples. The fact that the devices are today far more reliable and readily available has also had an impact on the use of biometrics for remote access and browser based systems. Ten years ago, the price and the quality of the scanned biometric image were the main issues but today biometric solutions have become com10
Biometric Technology Today
moditised and as such, factors which differentiate a ‘good’ system from an inadequate system now include additional considerations such as how privacy is safeguarded, simplicity of deployment, troubleshooting problematic use cases and how the device is matched to the workflow of the organisation or individual user. For example, as the number of commercial use cases for biometrics has increased and identity theft has become a real concern, the privacy and protection of biometric identity has become increasingly important. As a result, the way in which biometric images are stored has become a central focus. Potential biometric users are far more aware and concerned today with how their biometric identities are secured and protected from misuse. Unlike compromised logon or credit information, there is no way to reissue a new biometric identity for a user.
System design safeguards System design principles have been developed to help to safeguard biometric identity, ensuring privacy through encryption and also by translating biometric images to templates. Double blind systems that ensure names and identities are not bound with biometric data have also become a fundamental expectation of biometric technologies.
“As the number of commercial use cases for biometrics has increased and identity theft has become a real concern, the privacy and protection of biometric identity has become increasingly important” The quality of biometric solutions has of course developed alongside the many privacy and security improvements. For example, live finger detection and sensitivity across different levels of humidity has drastically improved. Scanners can also now work alongside different kinds of surgical glove, a factor that has vastly changed and affected utilisation of biometric devices within the healthcare sector where clinicians can now use biometric readers to authenticate with minimal disruption to their workflow. In addition to providing a fast and unobtrusive means of authentication, the unique nature of biometric technology also helps businesses to address security regulations, which are themselves becoming increasingly strict. As new regulations are introduced relating to user access at a transactional level, biometric authentication is likely to become increasingly popular. Gartner claims that this rising interest in biometric solutions is due to the ability to balance high levels of accountability with ease of use2.
E-prescriptions This trend has already been seen in the healthcare sector in the US state of Ohio where a
February 2011