Thursday, December 5, 2013

New Canadian biometrics requirement for certain visa types begins next Wednesday

Canada introduces new biometric visa requirements (Dhaka Tribune)
When a traveller arrives in Canada at a port of entry, a Canadian border services officer will use all available sources of information to confirm that person’s identity.

This new requirement will not only help protect the safety and security of Canadians while helping facilitate legitimate travel, it will also protect prospective visitors by making it more difficult for others to forge, steal or use an applicant’s identity to gain access to Canada, it said.

Innovations in Biometrics for Consumer Electronics

Frost & Sullivan: Integration of Biometrics in Consumer Electronics a Fast-Emerging Trend (Yahoo)
[...]fingerprint recognition will remain the leading biometric technology used in consumer electronics due to its convenience, cost-efficiency and quick ROI. Iris recognition and multimodal biometrics will rapidly grow in the next three years due to their accuracy, although the high cost and large size of iris recognition systems may hinder widespread uptake. Voice and face recognition technologies likewise should find higher usage depending on the security requirement of the application.
More good insight at the link.

Droid users must wait for fingerprint unlock option

Will Samsung’s Galaxy S5 Come with TouchID Rival for Easy Log-In? (GottaBeMobile)
Samsung is reportedly chasing Apple’s iPhone 5s’ TouchID biometric authentication sensor with its own version, which is said to debut in 2014.

Thursday, November 21, 2013

Patrick Grother, NIST iris project leader among 15 innovative US government employees

Patrick Grother is a pioneer in making iris scans--not long ago, the stuff of science fiction--a viable biometric usable on smart card credentials today (FierceGovernmentIT)

This is what a legacy system looks like

Moral turpitude, severe violations of the religious freedom of others, intent to become a prostitute, not if you want a USA visa, you don't.

Why are US visa questions so weird? (Financial Times - Registration Required to read the linked article)
The reason US visa forms seem such an odd accretion of questions is that is what they are. They have been added to over the decades to confront whatever danger the US was dealing with at the time.
Are the visa forms an effective way of keeping undesirables out of the US? “If we’re interested in keeping people who mean to do us harm out, it’s not very effective,” Mr Chishti says. Biometric screening, databases and finger printing are far more useful, he says.

Mobile device manufacturers begin taking security more seriously

A little over two years ago, when Motorola yanked the fingerprint sensor from its Atrix line, we noted that there is a tension between the market signals from the "make 'em cheaper" vs the "make 'em more secure" crowd.

It appears that the rise of mobile commerce since then is forcing manufacturers to give more weight to security now than they did then.

Security continues to be a major issue for mobile commerce (Mobile Commerce Press)
Mobile identity is becoming more important to businesses, especially as more consumers around the world begin to rely on smartphones, tablets, and other devices in their daily lives. Market research firm ResearchMOZ has released a new report concerning the growing importance of mobile identity and how businesses are beginning to invest more heavily in biometrics and other such technologies. The report cites the growth of mobile interactions and mobile commerce as the influence behind higher investments in mobile identity.
...and there's this.

ARM is developing a 128-bit mobile chip for use in Samsung hardware (tech2)
If 64-bits just aren't enough for you, the ARM official has also revealed that it is aiming for 128-bit mobile chips that will be developed over the next couple of years. As ridiculous as it may sound, demand for the chip will supposedly be driven by the drastic performance upgrades needed for biometric sensors and face recognition.
128 seems a bit big. Facial recognition recognition systems in government applications with very large databases work well on 32- and 64-bit systems. Those who may disagree will likely base their disagreement on factors other than number of bits of data the chip can handle at one time.

Nevertheless, it's good to see hardware manufacturers providing more options to security-conscious mobile device user.

Tuesday, November 12, 2013

Report: Biometrics market to more than triple in size over next 6 years

Global biometrics market $5.2 billion in 2013, is expected to reach $16.7 billion by 2019 (Market Research Reports)
A rise in government projects has been seen as terrorists become an increasing threat. This has been accompanied by increasing data security concerns. There is a need for advanced security devices. Security systems implementations drive the market for biometric systems. Biometric data protection is being used to replace photographs, passwords and PIN codes.

Monday, November 11, 2013

So this is what Microsoft has been up to...

SILICON REPUBLIC:  Xbox One dashboard video highlights biometric abilities of new console (with video)  "The Kinect camera comes with biometric capabilities that recognise the voice of each individual in the household, as well as their body shape because it reads their skeletal frame."

The linked article comes at the technology on display from an Xbox One angle but I think it's bigger than that. Is Microsoft just highlighting it's vision for the Windows 8 world? Is it signalling that the future of Microsoft is going to be more bound up with hardware like the Xbox, Surface and Kinect? Biometrics in the OS? Taking it's huge market share and moving to a business model that looks more like Apple's?

More questions than answers, I know. But if you have 12 minutes, give it a watch and see if the same isn't true for you.

To touch on the biometrics a bit, it looks like the capability billed as voice recognition is indeed true voice recognition and speech recognition rather than speech recognition alone. A post dealing with the distinction is here. Each of the two people in the video tell the system to "show my stuff" and the software shows different sets of "stuff" even though prompted in identical terms by the different users.

I'm not exactly sure what the presenters mean when they mention that the system distinguishes among individuals by skeletal structure, but in the Skype demonstration the technology does seem to recognize a dog as something worth paying attention.

Tuesday, November 5, 2013

Tesco adopting demographic detection marketing technology

FAST COMPANY - British supermarket chain Tesco is installing a face-scanning technology in all of its 450 gas stations. The technology uses cameras to identify the age and sex of store customers to target ads at customers who are waiting in line to pay.

Governor of Bayelsa, Nigeria to State employees: No biometrics; no paycheck.

Workers not captured by biometric will forfeit salaries –Dickson (National Mirror)
Bayelsa State Governor, Seriake Dickson, yesterday warned that civil and public servants not captured in the ongoing verification and biometric exercise would forfeit their salaries from January next year.

“On schedule, within budget and within scope.”

Next Generation Identification: A closer look at the FBI’s billion-dollar biometric program (Biometric Update)
Representing a $1.2 billion investment by the U.S. federal government, the FBI’s massive Next Generation Identification (NGI) program is a ten-year lifecycle project that hinges on biometric identification technologies and has seen privacy advocates butt heads with law enforcement since its inception.

Split into six “increments,” Lockheed Martin was awarded a contract in 2008 to design, build and implement the program on behalf of the FBI, which ultimately aims to enhance the abilities of the agency’s aging IAFIS from the mid-nineties.
More at the link.

Wednesday, October 30, 2013

Malaysia and biometric ID for foreigners

Biometric identity cards for foreigners studying in Malaysia? (The Star)
"Several countries, namely Saudi Arab, Yemen and several Middle East countries have indicated interest in adopting such a card for their students students here," he added.

Based on ministry's records, there were some 80,000 international students in the country last year. The aim is to attract 200,000 foreign students by 2020.

In a related issue, Ahmad Zahid said that a pilot project is currently underway to implement the biometric identity card for the 2.116mil foreign workers in the country by the end of next year.

Mobile biometrics market forecast by Goode Intelligence

Mobile biometrics to generate over £5bn revenue by 2018 (ITProPortal)

Market forecast for commercial biometrics applications

FrostSullivan: Global Commercial Biometrics Market to Grow Considerably as Awareness Increases (MENAFN)
Increasing awareness of biometrics across industries will spur the global commercial biometrics market. While historically the adoption of biometrics has been concentrated in the government sector, recent years have witnessed considerable demand for applications such as ATMs, retail points of sale, and finance. Iris and face recognition algorithms have undergone substantial advancements and are gaining prominence, while fingerprint technologies remain the most popular.

New analysis from Frost & Sullivan, Analysis of the Global Commercial Biometrics Market, finds that the market earned revenues of 1.48 billion in 2012 and estimates this to reach 6.15 billion in 2019. In addition to fingerprint, facial and iris biometrics, the study covers hand geometry, voice, and signature technologies.

Tuesday, October 22, 2013

Recent M&A a sign of biometrics' importance to electronics industry

Recent Synaptics (SYNA) Biometrics Acquisition Boosts Sector (Investor Ideas)
Alan Goode, Managing Director of said of the acquisition - "The acquisition of Validity Sensors, by Synaptics., is another sign of how important biometrics is becoming to consumer technologies. I believe this is a good match between Synaptics, who has a strong track record of developing touch-based consumer solutions, and one of the remaining independent mobile biometric sensor manufacturers. This is about giving consumer electronics products better, more convenient, security and opens up fingerprint-based biometrics to other consumer devices. We expect that additional biometric modalities, including voice, facial, eye and behavioral will be quickly integrated into other electronic devices and cloud-based services.”

Friday, October 18, 2013

Mobile iris rumors

Eye scan unlocker for Galaxy S5: how does it work? (AndroidPIT) 
Samsung looks to be the first smartphone manufacturer to feature an eye scanner with which to unlock your smartphone.

Face and the future

Identify online daters, better tools for law enforcement, face as currency, and more.

The future of facial recognition: 7 fascinating facts (TED Blog)

Thursday, October 17, 2013

For the technically inclined

Apple Reveals More Details of Touch ID for iPhone, iPad & beyond (Patently Apple)
Generally, capacitive fingerprint sensors may be used to determine an image of a fingerprint through measuring capacitance through each capacitive sensing element of a capacitive sensor. Thus, fingerprint ridges provide a higher capacitance in an underlying capacitive sensing element than do fingerprint valleys.

Capacitive fingerprint sensors come in at least two varieties, namely active and passive. Active capacitive sensors are often used in electronic devices to provide biometric security and identification of users.
A long discussion, based on Apple patent filings, of what Apple's future fingerprint technology may look like follows.

Fingerprints in European passports legal – EU court

The European Union's highest court rejected on Thursday a German man's challenge to the inclusion of his fingerprints in his passport, saying such data helped to prevent identity fraud and curb illegal immigration. (GMA News)

Monday, October 14, 2013

More mobile fingerprint tech is on the way

The FIDO Alliance suggests six Android mobiles over the next six months (Mobile Commerce Neds)

HTC just announced that the Android-powered One Max includes a fingerprint scanner (BBC)

...and Samsung, too. (Smart Company)

Fingerprint M&A is so hot right now

Apple's integration of a fingerprint sensor in its iPhone has put other handset makers under pressure to follow suit.

But news that Samsung had bought Swedish company Fingerprint Cards &8212; promptly denied by both companies &8212; seems to have been a hoax, possibly perpetrated as part of a securities fraud scheme. See: The curious case of Samsung's 'purchase' of biometrics company Fingerprint Cards, at NDTV Gadgets.

Meanwhile, Capacitive touch specialist Synaptics has agreed to buy biometric authentication firm Validity for $255 million (IT PRO)

Friday, October 4, 2013

Let's change the language of biometrics (Human Recognition Systems blog)
"The consumer market will not suit the current market leaders in the biometrics industry of today as they are geared towards direct sales to a limited number of large customers. The consumer market will demand innovation in small packages, readily integrated with existing technology and in a totally hassle-free format. It will require collaboration, an understanding of current technology convergence trends and most of all, a foolhardy bravery to go where no other company has gone before."

We couldn't agree more.

FIDO looking to bring Touch ID to Android in 6 months (IntoMobile) — All is proceeding as we have foreseen.

NIGERIA: Lagos Begins Biometric Verification Of Pensioners (PM News)

Biometric plan to track entry, exit of foreign visitors won’t be ready until 2015 (Newspaper Tree - El Paso, Texas)

M2SYS BLOG: Why Apple’s use of Fingerprint Biometrics is Boon to Industry, not the Modality

Thursday, October 3, 2013

Fashion to thwart Facebook face recognition?

Creepy T-shirts designed to baffle Facebook facial-recognition software (Naked Security)
Image source: REALFACE web site
The garments - dubbed the "REALFACE Glamoflage" T-shirts - were designed by Simone C. Niquille as part of her* master’s thesis in graphic design at the Sandberg Institute in Amsterdam.

The shirts are custom-printed and sell for around $65.

The prints feature distorted faces of celebrity impersonators - Barack Obama, Michael Jackson and others - with the aim of creating an easy way to befuddle Facebook's pattern recognition algorithms...

I'm always fascinated by the responses of artists and designers to facial recognition technology.

CV Dazzle is my favorite because it is visually interesting; it really works as fashion and as an effective face rec counter-measure; and the approach stands a chance of keeping up as facial recognition technology continues to improve in surveillance applications.

REALFACE has simplicity and a more mainstream fashion statement going for it. In some percentage of attempts, it probably attracts the attention of the face-finding algorithms that are a part of automated facial recognition programs.

Full disclosure: I've never had a Facebook account so I'm making some assumptions about how it works.

Rather than a frontal attack on the face algorithm itself, it may be that best way to cause Facebook's face recognition trouble is by undermining the quality of the data it relies upon. Facebook relies upon users telling the software who is who, then applying facial recognition to prompt users to tag new photos. Users who wish to thwart Facebook's facial recognition might recognize that "garbage in; garbage out," depending on your point of view, is either a bug or a feature.

For other posts on biometrics and art click here.

Friday, September 27, 2013

US: Government sues energy company over biometric time clocks

U.S. sues company over miner's religious objection to handscan (Reuters)
The Equal Opportunity Employment Commission filed a lawsuit against Consul Energy Inc, stating that Beverly Butcher Jr. had worked at the company's coal mine in Mannington, West Virginia, for more than 35 years, until he was required to use a biometric hand scanner to track his hours.

Consul, with headquarters in Western Pennsylvania, was accused of discriminating against Butcher, who repeatedly told mining officials that using the scanner violated his Evangelical Christian beliefs, given his view of the relationship between hand-scanning technology and the mark of the beast in the New Testament's Book of Revelation, the lawsuit said.

Thursday, September 26, 2013

More iTouch hack push-back

Why I Hacked Apple’s TouchID, And Still Think It Is Awesome. (Lookout)
Despite being hacked, TouchID is an exciting step forwards for smartphone security and I stand by our earlier blog on fingerprint security. Hacking TouchID gave me respect for its design and some ideas about how we can make it strong moving forward. I hope that Apple will keep in touch with the security industry as TouchID faces its inevitable growing pains. There is plenty of room for improvement, and an exciting road ahead of us if we do this right.
Read the whole thing. It's good.

Our post on the CCC hack are here.

Touch ID was hacked, but no one cares (ITWeb)

Wednesday, September 25, 2013

According to a new market report published by Transparency Market Research  the global healthcare biometrics market was valued at USD 1.2 billion in 2012 and is expected to grow at a CAGR of 25.9% from 2013 to 2019, to reach an estimated value of USD 5.8 billion in 2019. (Press Release)

Headline writer gets it backwards

Today I came across what might be a perfect example of a biometrics headline/article non sequitur.

The article linked below, is pretty bullish on biometrics from both the convenience and security angles. In addition to favorable quotes from a user and an industry executive, an Electronic Privacy Information Center (EPIC) staff member is quoted speaking of biometric technologies in favorable terms. As long-time readers may recall, that hasn't always been the case.

Given all that, it's hard to comprehend why the headline writer went with:

New technology causes new privacy, security concerns (WJXT - Jacksonville, FL)

I'd quibble that that the headline writer has it backwards. On the article's own terms a better headline would be, Privacy, security concerns fuel new technology, but reading the article might have given me an unfair advantage.

Tuesday, September 24, 2013

United States: Entry-exit system back in the news

Biometric ID viable at U.S. entry points: report (Washington Times)
Federal law has long called for all visitors to the U.S. to submit to biometric identification both coming and going, but the government has never lived up to that promise — and senators in their immigration bill this year even announced a retreat, weakening the law, saying the requirement is too expensive.

But a report released Tuesday by the Center for Immigration Studies says biometric identification can be implemented easily and at a fraction of the cost estimated by government officials.
See also: Who's in my country? That's a tough one.

Monday, September 23, 2013

More context for fake fingers

Here’s what you need to know about the Apple TouchID “hack” (GigaOM)
So for most people this won’t be a problem. And indeed, if you’re the type who forgoes passcodes because they slow you down, it’s better to use TouchID than to use no security at all. Also, it’s not like we’re talking about someone hacking into the phone’s secure A7 chip.

But do remember that, compared with passcodes, the inclusion of biometric access can in certain circumstances make it just that little bit easier for someone to get into your phone. And if that phone carries secrets that others really want to steal, you may want to bear this new risk in mind.

Chaos Computer Club's re-run of the old rubber finger trick

Apple's stated purpose for installing a fingerprint reader on its new iPhone is to give people who aren't currently protecting their mobile hardware at all a more convenient way than passwords to do so.

Great, right? The number of mobile devices left unprotected will go down, sparing some non-trivial number of individuals the heartache of having their devices accessed in a way they didn't authorize. Hooray Apple!

Not so fast!
The Chaos Computer Club thinks that's a really "stupid" way to look at things. They think that because it was so "easy" for them to create a rubber finger (likely with the full participation of the user) in a matter of (at least) hours, that only a moron would use the technology.

 Chaos Computer Club breaks Apple TouchID.
The biometrics hacking team of the Chaos Computer Club (CCC) has successfully bypassed the biometric security of Apple's TouchID using easy everyday means. A fingerprint of the phone user, photographed from a glass surface, was enough to create a fake finger that could unlock an iPhone 5s secured with TouchID. This demonstrates – again – that fingerprint biometrics is unsuitable as access control method and should be avoided.
"We hope that this finally puts to rest the illusions people have about fingerprint biometrics. It is plain stupid to use something that you can't change and that you leave everywhere every day as a security token", said Frank Rieger, spokesperson of the CCC. "The public should no longer be fooled by the biometrics industry with false security claims. Biometrics is fundamentally a technology designed for oppression and control, not for securing everyday device access." Fingerprint biometrics in passports has been introduced in many countries despite the fact that by this global roll-out no security gain can be shown. [ed. bold emphasis added]
While both of the parts above in bold type are false, they are false in different ways. The first part, "using easy everyday means" is only a fib. The process described is "easy and everyday" kind of like manufacturing dentures is easy and everyday. Sure, it happens every day, but it isn't like making brownies.

The second bolded part is indistinguishable from the ranting of a conspiracy theorist.

There's something vaguely embarrassing about people who claim to know a lot about technology, but who display no understanding of its use or appreciation for its context. When they also presume to tell everyone else what to do, it begs a response.

The CCC shows either a total ignorance of the purposes of security technologies or a belief that the world is a one-size-fits-all security market. Either way, they come off as contemptuous of ordinary people who might want a more convenient way to increase their own security and the people working to give it to them.

It's one thing to point out how new technologies are fallible. All technologies are and it is important that consumers understand how that is the case. It's another thing to try to scare people away from adopting security techniques that will leave them safer than they are now and are convenient to use.

Apple's implicit point is that when it comes to protecting access to the device, fingerprint access is better compared to doing nothing, which is the option many people currently choose. It's not a question of perfect security, it's a question of security that is convenient enough that it actually gets adopted.

Other posts where the question "...compared to what?" arises:
The old Gummi Bear trick
Visa to drop signatures on credit card purchases by 2013
Unisys Poll: 63% of credit card users would prefer fingerprint
German gov downplays biometric ID card hack

Marco Tabini at Macworld seems to agree. Apple's Touch ID may not be bulletproof, but it's still useful.

Vote for the former

Sense and Nonsense About Biometrics (Techpinions)
"Apple’s Touch ID fingerprint scanner seems to have fueled an important but ill-informed and ultimately nonsensical debate about biometrics and privacy."

Thursday, September 12, 2013

Apple announcement also reinvigorates critics of biometric technologies

Column: Why fingerprints, other biometrics don't work (USA Today)

The Apple announcement has pushed interest in biometrics to new heights and we couldn't be happier. It has also given renewed attention to those who are sceptical, or even hostile to the technology. I won't go so far as to point fingers (rubber, gummi, or otherwise) at the sources for the articles out there because they usually bring up valid points and treat the subjects in which they are interested in a holistic manner. That sometimes gets lost in journalistic translation.

Other times the breakdown happens between reporters and headline writers (see: iPhone 5S: Thieves may mutilate owners in bid to gain access to fingerprint-reading handsets, expert warns).

Concerns about biometric revocability, secrecy, and how accuracy changes with database size are valid. Unsurprisingly people interested in biometrics have been dealing with these issues for as long as biometric technologies have existed. The existence of those challenges, however, does not justify the assertion that "biometrics don't work." Subjected to the same standards, no security measure works. ID cards don't work. Passwords don't work. House keys don't work. Police departments don't work. Security guards don't work.

ID and security isn't about perfect. It's about return on investment, or cost-benefit analysis if you prefer. We've covered the subject from various angles over the last few years. The piece linked below is as good a place to start as any for interested readers.

Please see:
Biometrics & ID infrastructure: Perfect is the enemy of  good

There's no going back

Insight: Trigger Finger - Apple fires biometrics into the mainstream (Reuters)
By adding a fingerprint scanner to its newest mobile phone, Apple Inc is offering a tantalizing glimpse of a future where your favorite gadget might become a biometric pass to the workplace, mobile commerce or real-world shopping and events.
Read the whole thing. I think this piece gets things about right.

It's easy to overestimate and underestimate the importance of what Apple has just done. The fingerprint functionality itself is pretty shallow. The fingerprint sensor allows users to unlock the phone and buy stuff from Apple. That is all. But that also reflects that, of course, Apple wants to get things right "in captivity" before releasing the fingerprint sensor "into the wild." And further, I think that means that fingerprint sensors on mobile devices are here to stay. Samsung, Microsoft/Nokia, etc. will follow suit.

Wednesday, September 11, 2013

Japan, U.S. law enforcement to share fingerprint databases online (Japan Today)
Japan and the United States have agreed to provide mutual access to online fingerprint databases to aid criminal investigations.

According to the arrangement, each nation will have instant access to fingerprint data for the purpose of investigating individuals suspected of involvement in terrorism or other serious crimes such as murder, Japanese officials said.

It's Official: New iPhone really does have a fingerprint reader

Well, the rumors were true. Apple has included a fingerprint sensor in its newest iPhones. It's hard to escape the conclusion that his is a big deal for mobile biometrics even though the biometric capability in the iPhone is limited to unlocking the device. Still, that's not nothing and I expect that eventually, app developers will be given access to the reader. 

Even if they aren't, Apple's addition of fingerprint a sensor probably foreshadows their inclusion by all sorts of handset manufacturers. Motorola already has a history there; Samsung certainly won't be left behind as mobile ID surges forward; Microsoft/Nokia + Windows 8 will almost certainly join the fray; moreover, we'd expect all of those companies to have a more laissez faire attitude than Apple toward turning future fingerprint hardware over to third party developers.*

*The preceding paragraph was revised on 24 Sept. 2013 it originally read, "Even if they don't, Apple's addition of fingerprint a sensor probably foreshadows their inclusion by all sorts of handset manufacturers. Motorola already has a history there and Samsung certainly won't be left behind as mobile ID surges forward. "

Monday, September 9, 2013

Future payments

Biometrics a tipping point for future of payments (Finextra)
Smart folks like Jack Dorsey of Twitter have been talking about and removing friction for the best part of 10-15 years. It's not a new concept, but in many ways the technology is finally catching up in order for us to make things happen under the bonnet (OK - no more car analogies).

The accepted norm for payment authentication has been some sort of user name and password or PIN. It's a great place to start to develop future propositions. But this doesn't make mobile or devices any more secure. No real advantage. And having a contactless card or device that can be used with a bump, tap, pass or wave; doesn’t set minds at ease.

Device manufacturers and electronics manufacturers have an awful lot of skin in the game to set this new standard, alongside the players that manage the market infrastructure. There are a number of developments underway in Biometric security. Things like Facial Recognition, Fingerprint, Ear scanning and Heart Rhythm. Capability that could make payment security into a “subconsciously competent” factor. And of course, this technology could quickly extend into daily life (transport networks, biometric security “keys” to name but two) and come in many forms.
Right now we have to try to identify ourselves to IT networks, including payment networks. That probably won't always be the case.
TECH WORLD: Cambridge students look to create fingerprint scanner for rural healthcare — Great app, but it seems more like a software & integration project. Hardware isn't the reason you don't see more projects like this. The culprits are interoperability and stove-piping, for starters.

Friday, September 6, 2013

See this, skip that: Denver

Biometric airport pre-clearance service makes travel writer's list of things to do in Denver (ABC News)

Here are some others set to the music of the late, great Warren Zevon...


Thursday, September 5, 2013

More research shows the public is receptive to biometric technologies

Biometric payment methods set to rise in popularity as consumers steer away from mobile devices (ITProPortal)
Recent research from WorldPay revealed that paying for goods and services through fingerprint, palm and iris scanners is the most popular future technology choice for security-conscious shoppers, far outweighing the popularity of emerging mobile technology options like smartphone and SMS payments, and online wallets.
See also:
Unisys Poll: 63% of credit card users would prefer fingerprint (October 14, 2010)
Unisys Security Index Survey Finds High Levels of Support for Biometric Solutions (May 10, 2012)
Australia: More on survey of attitudes toward banking biometrics (October 4, 2012)

Wednesday, September 4, 2013

Security or Privacy? Yes, please.

Security vs. privacy (Homeland Security Newswire)
Those who ask you to choose security or privacy and those who vote on security or privacy are making false choices. That’s like asking air or water? You need both to live.

Maslow placed safety (of which security is a subset) as second only to food, water, sex, and sleep. As humans we crave safety. As individuals and societies, before we answer the question “security or privacy,” we first have to ask “security from whom or what?” and “privacy from whom and for whom?”

What will it take for iris ID to catch on?

Readying Iris Recognition for Prime Time (Bank INfo Security)
Federal researchers have reconfirmed the reliability of the iris as an authentication factor. But we're at least three years away from using iris scanning as an advanced method of user authentication for IT systems.

What's holding back iris recognition as an authentication tool to access information on IT systems? Several experts I spoke with this week narrowed the reasons to three: size, cost and culture.
Stay tuned on all three. Size and cost are coming down. Culture is less predictable. Could ROI be a useful proxy? The article gets to this question eventually. Read the whole thing.

Thursday, August 29, 2013

Market forecast: Multi-Factor authentication

Via MARKETS AND MARKETS: The global multi-factor authentication (MFA) market which includes different types of authentication and applications is expected to reach $5.45 billion by 2017 at an estimated CAGR of 17.3% from 2012 to 2017. Two-factor authentication is most widely used MFA model in the world with smartcard with PIN and one time password (OTP) are the most popular technique. Biometric based MFA models are growing at a fast rate. North America and Europe covers most of the market, whereas APAC has the fastest growing region.

Tuesday, August 27, 2013

CLEAR expands to two Houston airports

Expedited traveler services at George Bush Intercontinental Airport (IAH) and William P. Hobby Airport (HOU) in late 2013 (The Tribune - Humble, Texas) 

CLEAR is a biometric pre-clearance service.

Industry Analysis: Global Government Biometrics Market

Global trends in the biometrics market in the government sector (Report Linker)
CEO’s Perspective: 
- Fingerprint continues to be the biggest market. However, face and iris recognition is gaining prominence.
- National ID offers extensive opportunities in emerging economies.
- Handheld readers are expected to gain prominence in certain applications.
- Market is expected to become consolidated over the forecast period.
- Opportunities for middleware/software vendors are expected over long term.
It's good to see middleware getting some attention.

New military multi-modal biometric hardware

New Biometrics Device Helps Marines Determine Friend or Foe (Forensic Magazine)
The BESD system is an ultra lightweight, ruggedized, handheld portable device that collects and stores biometrics information. It compares and matches fingerprints, iris images and facial photos against an internal biometric database to identify individuals encountered on the battlefield. It is an enabler in the areas of detainee management and questioning, base access, counterintelligence screening, border control and law enforcement.
Interesting approach, having the database on the device. On the plus side, storing the data locally takes connectivity issues out of the equation. There are, however costs. To stay current, the device has to be synched with a central data repository from time to time. There are limits to the amount of data that can be stored on a handheld device. Also, since the data is on the device, there needs to be really good data security in the device itself.

Brazil and India are leading the way to biometric forms of identity verification

SINGULARITY HUB The Brazilian bank Bradesco recently began using a palm vein biometric system called Palm of Your Hand to provide secure log-in on its ATM machines. Clients who choose to use traditional personal identification numbers can continue to do so, but those who go with the new system can forego PINs while simultaneously satisfying the national social security program’s requirement of “proof of life” in order to collect benefits.

In India, the national government is rolling out the largest biometric identification database to date, requiring all of its billion-plus citizens to register in hopes of reducing benefits fraud.

Wednesday, August 21, 2013

Building out the UID

UIDAI launches Aadhaar-enabled electronic know your customer service (Times of India)
Under the e-KYC process, one can authorise the UIDAI to release the KYC data to a service provider. The consent can be provided either in person (through biometric authentication) or online. The UIDAI will provide the details like name, address, date of birth, mobile number and email address to the service provider electronically.
The promise of UID is in the apps. It's nice to see them starting to trickle through.

Face-in-a-crowd systems have improved, but aren't quite ready

Facial scanning system for crowds shows improvement in tests by Homeland Security (ABA Journal)
The scanning system is known as Biometric Optical Surveillance System, or BOSS. It uses a computer to build a “3-D signature” from photos taken at different angles, then compares the results with a watch-list database. A computer professor and an official with the company developing BOSS said advances in computer processing will eventually result in speedier and more reliable matches. Currently, the system’s accuracy is only 60 percent to 70 percent at longer distances. And it takes 30 seconds to process the images.

Tuesday, August 20, 2013

South Africa shows the way on transfer payments

MasterCard issues 10m debit cards for SA social grants (Gadget)
This milestone marks the conclusion of the re-registration phase of the project, with social grant beneficiaries having received their new Debit MasterCard cards with biometric functionality, issued by Grindrod Bank, in association with SASSA and Net1 UEPS Technologies (Net1).

Since March 2012, just under 22 million social grant beneficiaries have re-registered onto the new system introduced by SASSA to minimise fraudulent grant applications and collections and reduce grant administration costs by distributing all grant payments electronically.

The case for mobile fingerprint hardware

Why would Apple add a fingerprint sensor to the iPhone? (Macworld)
Much of the theorizing has revolved around the possibility that Apple will add a fingerprint scanner to the iPhone, either incorporating it directly in the Home button, or, as indicated in a patent granted to the company in 2012, situating it in a dedicated area of the handset’s front screen. Such technology is far from science fiction—and it could actually provide real, tangible benefits to iOS device owners.

Monday, August 19, 2013

Following Mayor Bloomberg’s remark that public housing should incorporate fingerprinting technology and rumors of Apple implementing this technology for the new iPhones, two experts discussed the state of biometric security and where we are headed with it. (PIX 11)

There's a good video at the link. I removed the video from this post because of the annoying auto-play feature which comes with the embed code. The video at the link above does not autoplay.

UPDATE: An interesting take on the political part of the story that echoes our Technology-and-Policy theme... Bloomberg is Right and Wrong About Fingerprinting Public Housing Residents (Frontpage Mag)
6 ways the relationship humans have with technology is changing (memeburn)

But do sophisticated biometric devices really offer a higher level of protection than traditional security methods?

Though biometrics are becoming commonplace, the debate rages over whether they're effective (IT Security) but... "If one acknowledges and accommodates their limitations, biometric devices can serve as high-quality protection tools for a wide array of systems, applications and services."

There's also a short-and-sweet discussion of the "big three" modalities at the link.

Friday, August 16, 2013

Policy must precede technology

Some Ugandans may miss identity cards (New Vision)
In Mengo and Kisenyi suburbs, many non-indigenous Ugandans yesterday expressed disappointment when officials at the distribution centres demanded proof showing that they were registered Ugandans.

This group included Salim Uhuru, the NRM chairman of Kampala district and councillor of Kisenyi, who has since described the development as discrimination.

“When I reached the distribution table, I was told that I was not supposed to get the identity card. My name and photograph were in the register, but were marked ‘non-citizen’. I also noticed that this was the same case with every other person who was light skinned. This smells of discrimination of fellow countrymen on grounds of their skin colour,” he said.
The title of this post is a variation on the theme that technology is no substitute for managerial skill and wise policies (see here for similar thoughts). It looks like Uganda has some work to do in its ID management infrastructure as it seems that in important parts of the bureaucracy, no one is quite sure what a Ugandan is.

See also:
Poor ID Management Infrastructure Prevents Uganda Little League Baseball Team from World Series Participation

It's obvious that Uganda has more than a fair helping of ID management challenges. The good news is that it has never been easier to overcome technical challenges. The bad news is that technology can't force a consensus on who should get an ID.

Thursday, August 15, 2013

A tipping point for DHS?

A tipping point for biometrics? (FCW)
In May, DHS issued a request for proposals to add facial, fingerprint and iris recognition capabilities to its ID system as part of a $102 million upgrade. The agency is seeking a new contractor to take over the ID management project currently overseen by XTec and establish a new biometric-based card system that complies with Homeland Security Presidential Directive 12 (HSPD-12). The contractor would replace 161,924 personal identity verification (PIV) cards by the end of 2013 and another 116,172 in 2014, DHS officials said.

According to the agency, the winning contractor would also install enrollment and issuance stations at as many as 300 DHS locations to manage at least 300,000 PIV cards. Those locations could include sites outside the United States.

Accenture Federal Services, Booz Allen Hamilton, Deloitte, General Dynamics Information Technology, Northrop Grumman, Science Applications International Corp. and Unisys have all expressed interest in the project.

Tuesday, August 13, 2013

Results from French fingerprint payment pilot are in...

Natural Security Succeeds With French Fingerprint Payments Pilot (
What they discovered about biometric payments - a technology many have previously failed to establish - turned out to be even more promising than they expected.

The pilot took place in Villeneuve-d'Ascq and Angouleme in the north of France. The fingerprint technology had high adoption rates, attracted over 900 customers and facilitated over 5,000 payment transactions. Interestingly, more women participated in the trial (53 percent), and the most prominent segment with the highest participation rates were coupled partners and homeowners.

"Feedback was very good. Ninety-four percent of participants were ready to use this payment, Pierre said. "The average transaction amount was €58.60, which is 15 percent higher than the value of average card payments in France."
Read the whole thing.

Frost & Sullivan on Mobile payments and biometrics

Biometrics Can Revolutionise Mobile Payment Security, says Frost & Sullivan (Press Release via KIII TV)
With the explosion in smartphones usage, the number of payments done via mobile devices has significantly increased over recent years. As eCommerce becomes mCommerce, the industry has to focus on payment security. During a 'card not present' process, a personal account number (PAN), expiration date, and card validation code (CVC) are not enough to completely secure a transaction. Biometrics that provide high levels of security and an intuitive customer experience might be the solution for secure mobile payments.

"Protecting the mobile device itself is a first step, necessary to secure mobile payments. Although a personal identification number (PIN) can do the job, in 2011 more than 60 percent of smartphone users were not using a PIN to protect their mobile access," noted Frost & Sullivan Global Program Director, ICT in Financial Services, Jean-Noel Georges.

Monday, August 12, 2013

An Emirati view of national ID

UAE ID programme model for the world, security experts say (The National)
The Emirates Identity programme was established by virtue of a federal decree in 2004.

The national ID card has the cardholder's name, nationality, gender and date of birth on it. The card also bears a unique 15-digit identification number, which is used for identity verification by the Government and private entities. Inside the card is an electronic chip that contains personal and biometric data about the cardholder.
The UAE is advanced in its application of biometrics to national ID. The article sheds some light on why that is the case.

Thursday, August 8, 2013

Paypal goes for bricks-and-mortar payments

PayPal tests mobile payments using your face for verification (CNET)
When purchasing an item, the customer's name and photo pop up on the store's payment system. An employee clicks on the photo to initiate the payment. The customer then gets a notice and receipt for the transaction on their phone.
Paypal looks to be trying to process payments in bricks-and-mortar retail establishments with a clever method of substituting a credit card with a mobile phone and a signature with a photo.

The Paypal system uses a human-based facial recognition scheme that humans are actually quite good at administering: one-to-one matching. If Paypal finds it desirable, an algorithm-based face matching feature could be added fairly simply by installing a small web cam and a software application.

Wednesday, August 7, 2013

If you build it...

Pantech reveals fingerprint-scanning smartphone (MSN - Malaysia)
The biometric reader is built into the phone's rear panel, as is a small touchpad for unlocking the device. An interesting idea in theory but how it will work in practice is anyone's guess.

Mobile application developers need to know that the hardware they rely upon will be there. It's looking more and more likely that, following a false start in 2011, there will be a fingerprint capability in the Android environment. Hopefully it's here to stay this time.

Mobile Handset Review: Motorola Atrix 4G (The One with a Fingerprint Reader) - Monday, October 31, 2011

Disappointment followed two days later...

Motorola Atrix 2 Has No Fingerprint Reader - Wednesday, November 2, 2011

Bigger, Faster, Cheaper

As databases get bigger, they take longer to search. For a while, and in many applications, nobody really cares. Does it really matter if a criminal database fingerprint search takes one second or 1.5 seconds? A city of 1.5 million people may arrest 40 people on a busy day. In cases like this, the limiting factor to how many times a process can be repeated isn't in the technology.

But if the world is headed the way many expect, biometric searches of large databases will be moving from applications where fractions of a second don't matter much, as in the case above, to something that looks a lot more like what banks or large web sites do: handle thousands of transactions per hour among thousands of users with both the quantity of transactions and users fluctuating wildly over the course of a day, and generally increasing over time. Now, how the search happens starts to matter a lot and technique starts to affect cost.

In the biometrics world, sensor and algorithm innovation get a lot of attention. Database architecture and search techniques don't. This press release from BIO-key is a refreshing change highlighting one technique programmers can use to cope with ever-larger biometric databases.

Accelerated Biometric Indexing Search: New Fingerprint Matcher Design Yields Higher Accuracy at Higher Speeds per Dollar Invested (Press Release via
"Using Commercial-Off-The-Shelf (COTS) products, BIO-key is expanding the way a biometric search can be performed which dramatically improves speed over conventional approaches. This revolution comes from the use of a highly parallel search architecture, allowing our solutions to perform faster and look deeper while improving speed and accuracy," stated Renat Zhdanov, PhD, Vice President, Chief Scientist, BIO-key International.

Initial tests of the new accelerated architecture show speed results of several millions matches per second, on a typical PC. This provides biometric search acceleration of several orders of magnitude on that PC alone. "These performance gains mean the required hardware and support costs for larger systems, or those heavily used in the Cloud from mobile devices or other sources, can now be greatly reduced, providing for thousands of times more throughput per dollar spent," stated Mira LaCous, Senior VP of Technology and Development, BIO-key International.

Tuesday, August 6, 2013

US: Biometrics visitor exit tracking

Long-planned visa exit system inches forward (FCW)
The Department of Homeland Security will soon put the finishing touches on a plan for a biometric identification system intended to help track visa overstays.

Jim Crumpacker, director of DHS' Departmental GAO-IG Liaison Office, told the Government Accountability Office that Customs and Border Protection's Office of Field Operations and DHS' Science and Technology Directorate will come up with goals aimed at creating and implementing a biometric air exit identification system for use at U.S. airports by Jan. 31, 2014.

Monday, August 5, 2013

CAPTCHA getting stretched

Evidently I'm not the only person who has found it more and more difficult to suss out what letters the CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) wants me to type.

Bid to kill CAPTCHA security test gains momentum (Canberra Times)
The official web standards body, the World Wide Web Consortium, said there are many CAPTCHA alternatives, including simple maths questions, trivia, the use of sound files and even biometric technology such as fingerprints and retinal scanning. Microsoft have launched a substitute called Asirra (Animal Species Image Recognition for Restricting Access), that asks users to identify photos of cats and dogs instead of letters.

Super detailed face scanning in 3D

At least a couple of similar efforts are underway and it isn't hard to see why. There are a lot of applications, including facial recognition) for this kind of technology.

More here at

Friday, August 2, 2013

Normal blogging resumes Monday

A very busy week this week at SecurLinx has pulled me away from the blog. I should be back to sharing all the exciting news from the biometrics world with you again on Monday.

Tuesday, July 30, 2013

A discussion of facial recognition and advertising

Consumers Have No Constitutional Protection From Facial Recognition (Internet Evolution)
Over the past decade, marketers have increasingly relied on facial recognition technology (FRT) to create personalized advertisements. FRT depends on complex algorithms to identify a person by measuring the size, angle, and distance between a person's facial features. FRT then uses this information to search a database of similar features and matches the image to a stored reference photo. Within seconds of capturing an image, FRT can detect and identify a single person in a crowded public area.
Unlike earlier discussions of the use of facial recognition technology used to ascertain demographic characteristics rather than a unique identity, this article discusses true facial recognition in advertising.

Other posts containing longer comments on demographics vs. identity with respect to facial recognition:
Burgeoning Facial Recognition: How come no pitchforks?
FTC Freestylin' on Face Recognition

Friday, July 26, 2013

Thumbs up for biometric attendance in govt offices (The Hindu)
Cutting across party lines, members of Puducherry Assembly on Thursday demanded the introduction of biometric attendance system in all government offices to avoid late arrival of employees.
TSA 'PreCheck' expansion expected to enroll 88,000 in six months (Los Angeles Times)
Starting later this year, the TSA will allow all travelers who pay a $85 fee and submit background information, including fingerprints, to qualify for the program for five years.

In a report filed this week, the TSA estimated that 88,111 travelers would apply for the program in the first six months, with an additional 383,131 fliers applying in the following year.

The vetting process will take two to three weeks, the TSA said.

US: Iris and government ID

Who Are You? NIST Biometric Publication Provides Two New Ways to Tell Quickly (NIST)
A PIV card is a government-issued smart card used by federal employees and contractors to access government facilities and computer networks. The PIV card carries a photo, fingerprint information, personal identification number (PIN) and a cryptographic credential–random computer-generated data that are recognized only by the PIV card–all of which serve to bind the card to the card holder.

To assist agencies seeking stronger security and greater operational flexibility, NIST [ed. National Institute of Standards & Technology] made several modifications to the previous version of Biometric Data Specification for Personal Identity Verification. Major additions include:

On-card comparison of fingerprints for improved privacy. The specifications describe how to place one or two compact fingerprint templates and a recognition algorithm on the card. When the user wants to sign a document digitally or open a secure file, for example, she can place her finger on a reader attached to the keyboard to verify her identity. Currently, employees have to type in a PIN for matching, which is subject to error and misuse.

Iris recognition capability for increased security. Standardized compact images of one or both irises (the images are no more than 3 kilobytes each) can be loaded on the PIV card for compact on-card storage and fast reading times. The document provides performance specifications for iris biometrics to assure high accuracy and provides specifications for iris cameras to guide implementers on camera selection. These standards-based elements support interoperability within and across agencies using iris recognition technology.

iris images
Raw iris image (left) and bit-saving, processed image (right).
Source: NIST

Agencies may choose to add iris images as an alternate biometric over fingerprints, because, for some users, fingerprint collection can be difficult. At times, the fingerprints are too dry to yield a good image, and lotions, wounds or illness also can make for poor images. Agencies now have the option of using two biometric sources to avoid such circumstances.

Several recent NIST research projects have led to improved technologies for identity management that are included in the updated specification.
The full publication is available from NIST here.

See also: Iris ID tech is ready, but agencies might not be at Deep Dive Intel.

Scolding university professors on fingerprint time and attnedance

Stories bemoaning the adoption of biometric time-and-attendance systems are a dime a dozen. This piece from Calcutta, India takes the opposite stance in a humorous way.

Look who doesn’t want to get caught bunking (The Telegraph - India)
The attendance system was introduced at the varsity some five months ago and has since burdened teachers with regular classes, a habit hitherto unseen at most colleges in the capital.

“Biometric attendance is insulting. Do professors have to punch their fingers on a machine to prove they work? Does not the varsity believe in our honesty?” said Babban Choubey, the president of Federation of University Teachers’ Associations of Jharkhand.

Wednesday, July 24, 2013

It really is a race

Apple and Samsung struggle with hurdles in fingerprint race (Biometric Update)

...yet (continued)

Google Glass Will Not Be Offering Facial Recognition (States Chronicle)

This is an appropriate time to repost what we had to say the last time Google felt compelled to disavow facial recognition technology in relation to Glass.

June 3, 2013

If it's a camera, it can be used for facial recognition

Google outlaws facial recognition apps on Glass for now (CSO)
Google announced late Friday that it will outlaw facial recognition and other biometric identification apps on Glass, its networked eyewear still in prototype phase that's expected to be commercially released later this year.

“As Google has said for several years, we won’t add facial recognition features to our products without having strong privacy protections in place,” Google’s Project Glass team said in on its Google Plus page.

Google may have publicly said this, however until now its developer policy did not explicitly rule out apps that can do facial recognition.
If it's a camera, it can be used for facial recognition. Facial recognition is really just a specific type of image analysis. It doesn't matter where the image comes from. It could be a 19th Century daguerreotype or a picture taken from space. The software doesn't care. Presumably running the open source Android operating system, as a head-mounted sensor array with a camera, there is little or nothing preventing application developers from passing images collected via the headset through facial recognition applications not developed by Google.

Google's announcement should be taken to mean that Google isn't going to integrate facial recognition into Google Glass. Facial recognition apps won't be on the Google Play store. And, at least for now, they won't be facilitating face rec. in other Google services such as YouTube, search, Gmail, and Google+. [end repost]

In a twitter exchange, John at M2SYS nails exactly why every Google Glass face rec denial sounds so silly: The device screams for facial recognition applications and everybody knows it.

Terrible with names? Suffer from prosopagnosia? Wonder where you've seen that person before? There's an app for that.

July tweet chat: Steria and their recent survey of European opinions on biometrics

July 25, 2013 11:00 am EDT, 8:00 am PDT, 16:00 pm BST, 17:00 pm (CEST), 23:00 pm (SGT), 0:00 (JST)

Where: (or Twitter hashtag #biometricchat)

John at M2SYS

Steria Group (Twitter: @Steria) will be discussing the results of a recent European survey on biometric technology they conducted which revealed that although many support the use of biometrics for criminal identification and for use in passports and identity cards, less than half of those surveyed were amenable to using the technology to replace personal identification numbers (PINs) in banking.

  • Results of recent European biometric public acceptance survey
  • Convenience vs. security
  • USA vs. European view of how biometrics impacts privacy and civil liberties
  • “Passive” biometrics
  • How vendors can advance public education of biometrics
  • Viability of new biometric modalities
UPDATE and bump:
John has posted the questions for tomorrow's discussion:
  1. How do you explain the dichotomy between public acceptance of biometrics for identity cards or passports and the use of biometrics to replace personal identification numbers (PINs)?
  2. While we see “civil liberties” and “privacy” as one of the obstacles to wider use of biometrics in the US, is that the same thing you are seeing in your European survey?
  3. One of the dynamics that appears to be evident is that while people want to guard their biometric data, if they can get to the head of the line (e.g. Clear Me airport security program) they are willing to give up their biometrics.  Can you comment on how convenience and faster transactions might impact the more pervasive use of biometrics?
  4. Some country’s public sector organizations that have collected biometrics for a specific purpose are making them available for use by the private sector to prevent fraud, assure a person’s identity, etc.  Do you believe this is a trend we will see more of?
  5. How will “passive” biometrics like facial recognition, voice recognition and iris at a distance be accepted since it doesn’t require any specific actions by a person for it to be used?
  6. What strategies can biometric vendors deploy to help advance the public’s understanding of biometric identification that may help it to be more acceptable as a replacement for personal identification (PIN) numbers?
  7. What new or forthcoming biometric modalities (e.g. – heartbeat, thermal imaging, gait, DNA, etc.) do you predict has the best chance to become sustainable in the industry? Are there any specific modalities that you feel the public accepts more readily than others?

What is the BiometricChat:
Janet Fouts, at her blog, describes the format:
Twitter chats, sometimes known as a Twitter party or a tweet chat, happen when a group of people all tweet about the same topic using a specific tag (#) called a hashtag that allows it to be followed on Twitter. The chats are at a specific time and often repeat weekly or bi-weekly or are only at announced times.
There's more really good information at the link for those who might be wondering what this whole tweet chat thing is all about.

This one, the #biometricchat, is a discussion about a different topic of interest in the biometrics landscape each month. It's like an interview you can participate in.

More at the M2SYS blog.

Earlier topics have included:
Mobile biometrics
Workforce management
Biometrics in the cloud
Law enforcement
Privacy again
Biometrics for global development
Large-scale deployments
The global biometrics industry
Biometrics markets

Modalities such as iris and voice have also come in for individual attention.

I always enjoy these. Many thanks to John at M2SYS for putting these together.

Proof that no border control system will ever be perfect

Canadian man who swam to Detroit after 8 beers sorry for all the fuss (MSN)

Tuesday, July 23, 2013

Lessons Learnt From UID Data Loss (
Flashback: Tuesday, April 23, 2013 - That's not good: 300,000 UID enrollments lost in hard drive crash

TSA set to expand pre-check, biometrics (FCW)

Ohio Woman ordered to spend next 5 Christmases in jail for driver's license scam (Columbus Dispatch)

NFL teams might start checking draft prospects’ tattoos after Aaron Hernandez mess (Yahoo)

Immigration Department audits reveal large-scale fraud of visa system by Indian students and workers (ABC)"That was a porous, very bad system"

Could Thermal Imaging Soon Replace Fingerprint and Iris Scans? (M2SYS blog) — Short answer: No, at least not any time soon. A biometric modality depending on the vasculation of the face is, however, an interesting idea because unlike most novel biometric modalities, face biometrics and vascular biometrics are fairly well understood. The further into the future you look and the higher the value of the identification transaction, the better the technology looks.

Monday, July 22, 2013

The sensor-screen: Two giant leaps

Two things struck me about the news that Christian Holz and Patrick Baudisch of the Hasso Plattner Institute in Potsdam, Germany have developed a type of digital display that can sense fingerprints. World-first: Biometric screen recognises fingerprints (Techworld)

The first is the engineering of the screen itself:
The key that allows Fiberio to display an image and sense fingerprints at the same time is its screen material: a fibre optic plate,” said Holz.

The fibre optic plate is comprised entirely of millions of 3mm-long optical fibres bundled together vertically.

Each fibre emits rays of visible light from an image projector placed below the glass. At the same time, infrared light from a source adjacent to the projector bounces off the fingerprints and back down to an infrared camera below.
That sounds like each pixel is controlled with its own fiber and, theoretically at least, should allow for two-way communication of all sorts of information through the screen. At that point the screen might eventually become the camera, too.

Then there's the approach to authentication the screen technology facilitates.
Security is one of the main issues around deploying public computers and the researchers addressed this by implementing an additional security layer, which authenticates users every time they try and do something to verify if the respective user has the authority to perform the task they are trying to complete.
The other really big idea this screen-sensor allows is authentication on a per-input-event level, or constant ID verification. Because the screen can "see," it could always "know," to some degree, who is using it. With that, the whole log-in/log-out regime could get an overdue overhaul.

Friday, July 19, 2013

Mississippi: Fingerprint verification for subsidized services, finally

Mississippi implements finger scan system for daycare (The Commercial Appeal - Memphis, TN)
Under the system being implemented by the state Department of Human Services, parents must use a finger scanner to sign their children in and out. Proponents say it will save money and cause parents to visit preschools more often, but opponents argue the system is intrusive and creates technical headaches.

About 18,000 children will be affected by the move.
You have to read between the lines, but this is at least partly a ghost-busting mission within government-subsidized child care.

We first commented on this deployment in September of last year in Biometric deployment winners and losers. Follow the links for great examples of arguments made in opposition to tightening up ID management.

More here.

Not only does a fingerprint biometric raise the burden of proof that subsidized services are actually being provided, it makes it harder for unauthorized individuals to remove a child from a child care facility.

Thursday, July 18, 2013

Citizens want strong driver licenses

MorphTrust commissioned Zogby to survey 1,000 U.S. adults.

Survey: Majority in favor of facial recognition (SecureID News)
Overall, when it comes to better driver licenses, 83% support making sure the documents are secure to protect against terror attacks, underage drinking and identity theft. In addition, 83% are in favor of biometric background checks for transportation and warehouse workers who handle hazardous materials.

Wednesday, July 17, 2013

Malaysia: Biometrics may replace inky finger

No more indelible ink? (Astro Awani)
The government is prepared to consider the suggestion for the scrapping of the indelible ink and changing to the biometric system for the general election.

Interesting usability research out of the University of Washington

Read the whole thing; it's good. My little quibbles after the quote are meant to reinforce the general point of the research which is "if people won't use it, it won't work (and vice versa)." The importance of research is the attempt to identify and quantify, and therefore perhaps predict, how much people will endure before they throw their hands up in the air and quit on the technology.

Technology to Replace Passwords Fails User Tests (PsychCentral)
University of Washington engineers are trying to figure out why fingerprint- and eye- and face-recognition authentication technology have not gone mainstream. They found in a recent study that the user’s experience could be key to creating a system that doesn’t rely on passwords.

“How humans interact with biometric devices is critically important for their future success,” said lead researcher Cecilia Aragon, Ph.D., a UW associate professor of human-centered design and engineering.

“This is the beginning of looking at biometric authentication as a socio-technical system, where not only does it require that it be efficient and accurate, but also something that people trust, accept and don’t get frustrated with.”
So true, but hardly new. Security is, and always has been, a socio-technical system. We've all seen a waste basket used to keep a self-locking door propped open. If the security measure is disproportionate to the cost of a security breach, people will reject the system. Thoughtful security planners have always known this and it's why one of our mantras around here is "biometrics is about people."

Passwords are also likely to be around for a long, long time, but if biometrics could displace passwords in certain cases and allow for simpler passwords in other cases, that's a big advance. Where simple passwords (PIN's) are sufficient today, biometrics should be able to displace them altogether. Where increasingly complex passwords are required today, applying biometrics should allow for simpler passwords such as 4-digit PIN's.

That's nothing to sneeze at.

Startup: Facial recognition for payments

Is Facial Recognition For Payments Our Future? (Arctic Startup) — Helsinki based Uniqul grasps the challenges of trying to replace tokens with a biometric for point of sale use, and they have a clever approach. It's a big job, though.

A glossary of biometric terms

A handy reference: glossary of biometric terms available at

Tuesday, July 16, 2013

Dueling headlines

Soon, your voice will be the only password you'll ever need (Business Insider - July 16, 2013) 

Soon, your body will be the only password you need (DVICE - June 26, 2013)

I couldn't help it..

Expect to see a whole lot more of this...

Chicago police go high-tech with facial recognition software (Chicago Sun-Times)
Story Image
Pierre Martin
Police had a photo captured on a CTA surveillance camera on Jan. 28 of a suspected mugger, looking to the side, after he had just allegedly stolen a cellphone from a man at gunpoint on a Pink Line train.

Police also had an ocean of photos for comparison — 4.5 million criminal booking shots.

They ran the program.

And Pierre Martin ranked No. 1 on a list no one wants to top.
We at SecurLinx deploy help police deploy these capabilities. The article is correct to note that officer training is a hugely important factor in successfully adding this capability to law enforcement efforts.

...and this.

New technology allows retailers to spot a celebrity approaching (The Telegraph - UK)
...[A] purpose-built facial-recognition system has been designed to ensure no hapless shop assistant accidentally snubs their best customer again, the Sunday Times reported.

The VIP-identification technology, created by NEC IT Solutions, is already being tested in about a dozen top stores and exclusive hotels in Britain, America and the Far East.

Industries face different incentives for biometric adoption

Why Do I Get Fingerprinted at 24-Hour Fitness but Not the Bank? (Go Banking Rates)
When discussing the advancements in fraud prevention, executive vice president of the Federal Reserve Bank of Atlanta expressed that the United States is “falling behind the rest of the world in fraud protection, and I’m afraid American consumers are getting the short end of the stick.”
US banks lag behind banks worldwide and American fitness centers when it comes to tightening up ID.

Biometrics and firearm safety

Hardly Anyone Is Buying 'Smart Guns' ( — Biometric safes, however, seem to sell quite well.

Monday, July 15, 2013

Good news for iris biometrics

Notice: Link goes to a 22 MB pdf...

IREX VI - Temporal Stability of Iris Recognition Accuracy (United States National Institute of Standards and Technology - NIST)
Using two large operational datasets, we find no evidence of a widespread iris ageing effect. Specifically, the population statistics (mean and variance) are constant over periods of up to nine years. This is consistent with the ability to enroll most individuals and see no degradation in overall recognition accuracy. Furthermore, we compute an ageing rate for how quickly recognition degrades with changes in the iris anatomy; this estimate suggests that iris recognition of average individuals will remain viable over decades.
There's a whole lot o tehcnical detail on the full report.

The executive summary continues on to say...
However, given the large population sizes, we identify a small percentage of individuals whose recognition scores do degrade consistent with disease or an ageing effect. These results are confined to adult populations. Additionally, we show that the template ageing reported in the Notre Dame studies is largely due to systematic dilation change over the collection period. Pupil dilation varies under environmental and several biological influences, with variations occuring on timescales ranging from below one second up to several decades. Our data suggests that the natural constriction of pupil size over decades does not necessitate re-enrollment of a well enrolled iris.