Monthly Archives: October 2011

Biometric security: More bottom-line benefits, less James Bond 1

Biometric security: More bottom-line benefits, less James Bond

Carl Gohringer December 03, 2003

Bond movies will always be associated with state-of-the-art technology, but few of the products he uses or encounters ever make it into the real world.

A car that turns into a submarine might be nice to have or an umbrella that transforms into a rope ladder useful on the odd occasion, but their uses in everyday life are limited.

There is one exception to the James Bond rule – biometrics – the technology that uses unique, physical geometry to identify and authenticate individuals.

According to market research group Frost & Sullivan, the biometrics market will reach a phenomenal $2.05 billion by 2006 (it was valued at just $93.4 million last year).

Concrete evidence for the growth in biometrics is starting to proliferate. The Home Office has announced that it is planning to install biometrics in 10 UK airports by the middle of next year to assist immigration control. The Nationwide Building Society is running extensive biometrics tests using iris scans in place of PINs at cash machines. Most recently, the Home Secretary announced that national ID cards – to be phased in over the next five years – will incorporate biometric data access via fingerprint recognition.

However, for most organisations, there are two understandable questions that need to be answered before biometric identification will reach the boardroom agenda:

  • “When budgets are tight, what is the business case for investing in yet more security technology?”
  • “Aren’t there fundamental drawbacks with biometric technology?”

The second issue is currently the source of most controversy in the media. For years films such as Minority Report have presented a rather superficial interpretation of biometrics. Eyes have been gouged out to gain access to computer networks and “fake” or severed fingers used to access a building.

The reality is far less dramatic. As the use of biometrics becomes more common place, people will realise that the risk is no greater than being forced to reveal a password or to hand over an access swipe card. Indeed, the risk is much less, thus representing an improvement over and above the existing solution already in place. In fact, one of the key benefits of biometrics is that even if an ‘identity’ such as an access card or password is stolen, without the correct authenticating biometric, access will be denied. The same applies to the sharing of passwords, helping businesses and organisations control who can and cannot access certain areas.

In addition to the physical risk, with biometrics comes the perceived threat of ‘Big Brother’, with concerns of data compilation and movement monitoring. While there is no escaping the fact that in the wrong hands this could be the case, in reality the threat is no greater than your bank recording the cash points you have accessed, mobile phones being used to track your whereabouts, a supermarket using loyalty cards to track your spending patterns or in fact, a security company monitoring the comings and goings of staff via CCTV.

There is no doubting that to dispel the notion of a Big Brother state an education programme is needed to highlight the benefits of biometric security (e.g. the ability to protect a person’s identity, the near elimination of passport fraud and the ability to store important data without the threat of unauthorised access). However, the greatest support will be won once biometric security is fully integrated into daily processes, whether logging on to the network at work or withdrawing cash without the threat of skimming from a cash machine.

The business case for biometrics, once explained, clearly demonstrates three primary reasons as to why a business should adopt biometrics:

  • To improve an organisation’s security by providing positive identification of individuals accessing your premises and networks
  • To save large sums of money by eliminating user provisioning and password management
  • To increase usability and convenience to staff

Robust security

What’s the point of spending a vast amount of money protecting and securing your networks if you still can’t positively identity who is accessing them? Obviously none but this is exactly what most companies are currently doing.

Standard corporate user IDs and passwords used to govern the physical and virtual access to a company and / or network tend to follow the same format. The most common being the first letter of the user’s first name and the whole of their surname for a username i.e. cgohringer for Carl Gohringer. The bottom line for a business is that IDs can generally be cracked with one or two educated guesses. So assuming there is little or no security around IDs, a company’s security depends solely on the strength of passwords.

Again, if you know a little about the people whose passwords you are trying to guess, it often does not take much to figure it out. There are plenty of available password cracking utilities easily accessible on the Internet to help you out.

The question is how big an issue are ID/password breaches? It’s difficult to be precise, but we do know that 60-70% of hacking attacks have an internal source (i.e. are conducted by people who know something about each other and for whom, ID/password theft would be relatively simple). And, to give you an idea of the financial impact, last year 39% of Fortune 500 companies suffered an electronic security breach at an average cost of $50,000.

Biometrics tackle this problem by providing a truly unique individual identifier. If access to either a building or network is controlled by a smartcard containing biometric templates, you can be sure that only the valid owner of the card will be able to access those resources. Access rights to different buildings and rooms can also be set – via the smartcard – for each individual; and with emails increasingly being used as legally binding documents, biometrics can guarantee identity by requiring the user to supply their fingerprint when digitally signing them.

Ant Allen, research director at analyst house, Gartner Group, sums up the benefits of biometric human authentication: “It is unique to the individual, not something that somebody else decides will be your password, shared secret or token. Passwords can be learnt by various means and tokens can be stolen, but biometrics cannot.”

Increased convenience, less money wasted

The ID/password combination is also inconvenient for staff and financially inefficient for companies to manage.

Just think about the number of passwords you may have to remember in a given day: the password for your office network; the number to access voicemail on your phone; the ‘unlock’ code for your PDA and so on.

Inevitably, passwords are forgotten or compromised on a daily basis, which results in the IT department being pestered for a new code. The cost of maintaining passwords is costly and with this in mind, the ROI on biometrics is commonly realised in less than a year. IT staff are then freed up to focus on other, potentially revenue-generating issues.

In place of this often forgotten, easily hacked, regularly shared password, a biometric smartcard gives employees single-sign-on access to the corporate network, which eliminates the need to remember numerous passwords and PINs and removes the cost of managing them for the IT department.

The present and future of security

The benefits of biometrics can potentially run much deeper. For example, many public sector organisations see biometrics as a useful tool for improving customer service. In a hospital environment, facial recognition can identify a patient on arrival and ensure their medical records are ready for when they arrive at reception, enabling them to be instantly directed to the appropriate ward.

However, the purpose of this piece is to examine the impact on bottom line. In this respect, the case for biometrics is extremely powerful. Not only are they an essential tool to prevent your business losing large sums of money to cyber crime, on a day-to-day basis biometrics can dramatically reduce management and administration costs.

So next time you see James Bond or Tom Cruise battling biometrics in the movies, consider their potential for saving you money and giving your business robust insurance against the financial risk of hacking.

Using Face Recognition to Monitor Queues and Passenger Flows in Airports 2

The Business Environment

It is becoming increasingly important for airlines and airport operators to monitor queue lengths and passenger flows within the airport. Airport operators have invested significant time and money on investigating technologies that can provide useful metrics.

Understanding your peak and quiet times is essential to enable sufficient and efficient staffing and resourcing. Raising of alerts when unforeseen queues arise is critical for ensuring passenger satisfaction, as well as for ensuring that all SLAs with other stakeholders, such as airlines or government agencies, are adhered to.

Thus far, a common solution has enabled the tracking of bluetooth enabled devices, such as PDAs and smartphones, which are carried by passengers. The obvious drawback is that only a relatively low percentage of passengers will carry such devices, let alone have the bluetooth on the device activated.

However, even a penetration rate of 10-15% can provide a large enough sample to give statistical significance. Even so, a solution that provides a much more comprehensive data set and accurate information is needed.

The Application of Face Recognition

Using CCTV integrated with face recognition biometrics enables a solution that timestamps when individuals are detected at known camera locations, thereby providing highly accurate information on passenger flow information, such as average and peak queue times:

  • How long on average does it take to go from Checkin to Security?
  • How does this very with time of day?
  • When are the peaks?

.. as well as providing invaluable insight on how passengers move through the airport:

  • What percentage of passengers move from security to duty free?
  • How many of these are male / female?
  • How long does the average passenger spend shopping?
  • How is this impacted by queue lengths?

Importantly, no specific passenger identifying information need be recorded, and data can be purged at regular intervals.

Airports, such as London City, are already deploying such technology.

How does it work?

As passengers enter an area of interest and are acquired by a camera, they are automatically enrolled into the system:

  • CCTV cameras enabled with biometric technology are installed at appropriate areas of interest.
  • Passengers are automatically searched against the database of enrolled individuals.
  • The passenger’s record is updated with a camera number and timestamp.
  • The data is automatically aggregated to provide real-time analysis of passenger flows and movements.
  • The database is automatically purged as required at regular intervals. (ie overnight)


Using face recognition for such an application can provide many tangible features, including:

  • Aggregated passenger flow data.
  • Average time to move between two or more points.
  • Average time staying in a specific area.
  • Real-time reporting information.
  • Reporting over specific time frames.
  • Historical data comparison.
  • Alerting mechanism (ie, queues too long)


  • Does not capture passenger personal details.
  • Passenger data is purged regularly.
  • There are no data protection issues.
  • Unobtrusive and requires no passenger interaction.
  • Does not require special devices, such as Bluetooth phones.
  • High sample set and penetration rate.

To Sum

Airports are complex environments involving multiple stakeholders, often with conflicting requirements. Their efficient operation requires real-time and reliable operational data. It was only a matter of time before operators turned to advanced technologies such as face recognition in order to provide such measurable and quantifiable date.

Clearly, the more accurate the technology, the more reliable the data on which the operator is basing critical business decisions. Independent studies by NIST clearly indicate that face recognition is now operating at a level of accuracy to enable such decision making.

The quality of the aggregated data provided by face recognition by far surpasses that of traditional application of technologies to this problem, such as bluetooth monitoring.

Biometric Trends Improving Performance

Iris Biometrics

Major improvements have been realised in the capture capability, enabling Iris capture on the move or from a distance. While this is not an improvement in the SDK matching per say, it has a significant influence on the matching and usability of the system.

Face Biometrics

There have been significant and drastic improvements in the quality and accuracy of matching performance in a very short period of time in the last few years. This has been demonstrated by recent NIST tests, as well as other independent testing. It is not anticipated this rate of improvement will level out any time soon; expect in the coming years further drastic improvements.

Fingerprint Biometrics

Accuracy is still continually improving, though not at the same drastic rate as face recognition, as this is a much older technology. However, areas where there are major improvements are in the automated processing of latent prints (both in automated ridge, minutiae identification, feature extraction, and in automated 10-print to latent matching). This has the potential to enable enhanced functionality at verification points, such as border crossings, by implementing functionality such as real-time watchlist checking against latent watchlists.

Multi-Biometric Record Level Fusion

Another area where developments are aiding in accuracy improvements is multi-biometric fusion, occurring at the record level. Rather than merging multiple candidate lists from multiple biometrics post search, fusing biometrics and biographics in-record has the potential to provide multi-biometric record-level scores. However, this has more of an impact in very large scale identification systems, as opposed to verification systems, or small scale databases, such as watchlist checking.

Biometric Matching as a Service

Supported by trends such as cloud computing, data center consolidation, shared infrastructure and virtualisation.
See here for more.


While I understand the premise of the “Occupy” demonstrations, I can’t help but feel that they would be more effective if they were also able to propose a solution instead of simply voicing discontent with capitalism.

Biometrics 2011: Panel Biometric Matching as a Software Service (SaaS)

I’m looking forward to the Biometrics2011 conference in London next week.

One of the more interesting presentations is the Biometrics and Identity Matching as a Software Service panel discussion at the end of the last day.

In my view, this is a topic that is ripe for discussion, given the current levels of indebtedness of our governments.

With the current wave of austerity sweeping the world’s nations at the moment, most programmes entailing large capital expenditure are out, unless they demonstrate significant return on investment in the same fiscal year; large government IT projects take years to re-coup investment.

Suppliers are looking at recovering this loss of business by self-financing other business models, and one that is becoming increasingly popular is selling transactional services. Basically this entails moving the up-front investment from the customer to the supplier, as well as the onus to realise the ROI over the life of the programme.

Such models are increasingly supported by trends such as cloud computing, data center consolidation, shared infrastructure and virtualisation.

In today’s economic climate, the ability to move an initial large up-front capital expenditure to a long-term annual operating expenditure spread over the life of the programme is understandably attractive to customers.

On the flip-side, these same economic conditions will make it more difficult for suppliers to structure such deals, and they will remain the preserve of the larger suppliers with pockets deep enough to weather the current economic storm.

That this business model is attractive to larger government biometric identity programmes is no surprise.

In fact, this arrangement is nothing new. The Western Identification Network (WIN) is a collaboration of eight US states, and is one of the larger criminal / law enforcement AFIS systems in existence. It is hosted, run and owned by the supplier, with the states paying for match services.

The UK’s Ident1 Criminal AFIS system is structured in a similar manner.

Interestingly, the panel members of the Biometrics 2011 panel discussion represent NEC (suppliers of the US WIN system), Northrop Grumman Corporation (suppliers of the UK Ident1 system), and the UK National Police Improvement Agency (customers for the UK Ident1 system), so they should know what they are talking about!

In the wake of the London riots, is the privacy versus security debate now all but dead?

Allevate Presenting at Biometrics 2011


Recent advances in the accuracy of face recognition are resulting in an explosion of its use, coupled with increasingly vociferous cries from privacy advocates. The benefits from the uses of this technology are clear. But does it enable even further and easier harvesting of private information about us as individuals, without our knowledge or consent? This presentation does not attempt to analyse the adherence of face recognition to the nuances of privacy legislation. Rather, it explores the emerging trends in the application of face recognition, from law enforcement and security / surveillance, through to commercial applications, to enable each of us to form our own views on where the boundary between face recognition and privacy lies.

Article: Face Recognition: Improved Benefit? Or Erosion of Privacy?