Biometrics - data security made convenient

Bruce Gorton recently spoke to Greg Sarrail, Vice President, Solutions Business Development, at Lumidigm, about biometrics, and the advantages the hold with regards to security.

With security there is always a balancing act between security, and usability, with the general rule of thumb being the more secure you are the less convenient things become.

This is why so many people use "password" as their computer passwords - it is easy to remember, even if it does do away with a lot of the point to having passwords in the first place.

Security has thus always tried to find a solution which combines both - ease of access with a high degree of security.

Biometrics is a growing field that may hold the answer to this problem for a lot of applications. Greg Sarrail, Vice President, Solutions Business Development, at Lumidigm explains how.

Q: Can you explain what biometrics are?

Biometrics is the process of measuring unique features of human characteristics to assure the identity of an individual. For example, fingerprint sensors capture and measure unique features of a fingerprint to create a mathematical representation of the fingerprint data called a template that can be matched at a later time to verify and authenticate the individual. Biometric systems consist of a biometric sensor, data extraction and matching software, a database to store encrypted templates, and a set of policies around enrolment and authentication.

Q: What advantages does it hold over more traditional forms of access control?

The advantage with fingerprint biometrics is that there is no need to remember a username or password, or carry a token for access. Your access is always with you, because it IS you.

Fingerprint biometrics is the most ubiquitous form of biometrics for physical and logical access control including access to desktops and network resources. Reliable biometrics provides a complete non-disputable record of access — an important point when considering the use of fingerprint authentication in financial services and healthcare.

Q: I have noticed with laptops that use finger prints for access control, that they generally also have passwords that achieve the same thing. Do you foresee this falling away as the technology improves?

The best IT security policies offer a variety of authentication methods for individuals as there is no one single golden bullet that offers a high level of security and convenience and will work for everyone in all use models.  In our experience, when a reliable biometric sensor is offered it is used over other methods as people don’t need to remember a password that must be changed on a regular basis and they always have their finger.

Commercial fingerprint systems increase usability as they are designed to prevent fraudulent attempts to spoof a valid user, and the good sensors provide a high performing sensor that enables a good clean capture of fingerprint data in real world conditions, may the finger be wet, dry or dirty, with all types of individuals regardless of age, ethnicity or social class.

Fingerprint templates cannot be transferred, socially engineered or guessed, unlike a password and is one of many technologies that will be used to replace the password over time.

Q: Recent research into using brain and heart patterns has shown that they could be used as a more secure alternative to things like fingerprints, though it still suffers from lower accuracy and poor reproducibility over time – do you expect to see much in the way of development in that direction?

There have been several advancements in alternate biometric technologies and I expect the market to grow as the performance improves. Biometric sensor technology improves each year and delivers interoperable information that is secure, simple, and intuitive to use. Fingerprint biometrics will continue to experience the largest growth rate over the next few years in biometrics.

Q: With regards to health applications – could this technology provide an early warning system for health threats? The Kinect 2 for example is supposed to be able to detect heartbeats – could something similar be used to pick up issues like arrhythmia at the bank?

Fingerprint biometrics is purely focused on verifying a user’s identity.

Q: Do you think South Africa could launch something similar to India’s Aadhar ID programme to combat things like identity fraud?

The Department of Home Affairs is currently embarking on a SmartID project with similar goals to India’s Aadhar ID programme to provide a means to validate the identity of any individual over 16 years old. With a SmartID, an individual can open a checking account, purchase a mobile phone, receive public benefits for which they are eligible, and make a vote.

The first step in any identity project is to make sure that the data in the system is reliable and that the information used to validate an individual is reliable. This is where Lumidigm’s technology outperforms the competition and reinforces the state’s message that this is an all-inclusive program that does not discriminate between age, race, gender or profession.

Q: With recent revelations around the US government spying programmes and their intrusive nature, do you foresee much in the way of privacy concerns for users?

Each individual has their own opinion on what they consider to be “private” information. However, many people are misinformed as to how fingerprint information is captured and used. Fingerprint biometrics uses a mathematical representation of fingerprint data called a template, for matching, not a fingerprint image. Even if template encryption were to be compromised, the information could not be used to recreate a fingerprint image.

My drivers’ license visually shows my birth date, home address and other personal information. Every time I am required to hand it to someone to verify my identity that information is at risk. Verifying my identity with a fingerprint enhances my privacy!

Q: Similarly, and much more likely, is there a risk of targeted marketing based on biometric data becoming a concern?

Fingerprint biometrics does not segment or discriminate between individuals but rather is a enabler that allows people with a convenient means to validate their identity without the need to carry additional proof once they’ve enrolled.

Lumidigm fingerprint sensors are used in: Benin to identify a mother and child for vaccination tracking; Brazil to replace a PIN at an ATM to reduce fraud and provide a convenient means to transact at an ATM; Argentina to establish proof of life and the identity of an individual for pension programs; South African mines for time and attendance and banks to establish an account. From border control to amusement parks and in-between, fingerprint biometrics enable convenience access.