1. The purpose of any scheme should be restricted to that of enabling citizens to assert their identity with ease and confidence. The scheme should set targets for the quality of assurance achieved at enrolment and verification, which should generally exceed those achieved elsewhere, and it should regularly report its performance against those targets.


2. The scheme’s governance should be designed to inspire the highest level of trust among citizens. It should be operated independently of Government (say, accountable directly to Parliament) and in principle its processes and security arrangements should be subject to the approval of the Information Commissioner, who should have the power periodically to review delivery.


3. As a matter of principle, the amount of data stored should be minimised. Full biometric images (other than photographs) should not be kept. Only non-unique digital representations of biometric images should be stored. Additional data accessed during enrolment and records of verification enquiries should not be retained. All data and systems should be protected by “state of the art” encryption technology.


4. Citizens should “own” their entry on any register in the sense that it should not be possible, other than for the purposes of national security, for any such data (to include digital representations of biometrics) to leave the register without their informed consent. Verification of identity should be performed without the release of data.


5. Enrolment processes should be different for individuals with different circumstances, and change over time so as to minimise costs and give citizens the simplest and most hassle-free experience consistent with the achievement of the published assurance targets.


6. In order to respond to consumer demand and achieve early realisation of economic and social benefits, the scheme should be capable of being rolled out at pace.


7. Citizens who lose cards or whose identity is compromised should be able to rely on their cards being replaced or their identity being repaired quickly and efficiently and in accordance with published service standards.


8. Technically the scheme’s systems should be closely aligned to those of the banks (both initially and in the future) so as to utilise their investment, de-risk the scheme’s development, and assist convergence to common standards across the ID assurance systems and processes deployed internationally by banks and other national ID card schemes.


9. To engage consumers’ hearts and minds on the scale required, enrolment and any tokens should be provided free of charge.


10. The market should play a role in delivering a universal ID assurance scheme. This will improve the ease with which consumers can use the scheme and minimise costs.

This deal comes hot on the heels of another co-operation agreement (announced in last month's BTT) which saw the integrator team up with iris recognition company IriTech.

In May 2007, Lockheed opened its Biometric Experimentation and Advanced Concepts (BEACON) facility in White Hall to serve as a collaborative centre to develop integrated biometrics solutions. Through this agreement the company, which reported sales of US$39.6 billion in 2006, hopes to further advance its capabilities and offerings in biometrics solutions.

According to Bob Eastman, Lockheed Martin Vice President, Information Systems, “Biometrics is an increasingly important technology area for our customers in intelligence, defense, law enforcement and homeland security. This cooperation agreement will improve our ability to offer our customers a complete and fully-integrated portfolio of biometrics technologies. We're also committed to helping small, innovative businesses such as Cognitec continue to advance the state-of-the-art in biometrics technology in an open and collaborative marketplace.”

Cognitec Systems is the developer of FaceVACS. The facial recognition technology has been in development since 1995 and has been tested and proven in a number of independent evaluations, including the Face Recognition Vendor Tests in 2002 and 2006.

Alfredo Herrera, Cognitec Systems CEO, noted: “We are excited about this cooperation with Lockheed Martin, which reinforces our commitment to provide leading-edge facial recognition technology to our customers. We look forward to working with Lockheed Martin to integrate and deploy our technology in a variety of important biometrics projects.”

Contact: Matt Kramer at Lockheed Martin, Tel: +1 703 293 4333; Email: matthew.s.kramer@lmco.com

A new identity – are you ready for biometrics?

Travel documentation is probably the largest civilian use of biometrics. Yet although biometric data is already used in border control – notably on entry to the USA – it remains a relatively nascent technology. Most European countries are still at a relatively early stage of deployment.

An early pace setter is Norway. In anticipation of the need to capture biometrics for all forms of identity documents, the country’s Ministry of Foreign Affairs (UD) and the National Police Computing and Material Service (PDMT) recently launched a ‘multi-mode’ biometric enrolment system. Approximately 18 000 passport applications and 130 000 visa applications were made at Norway’s embassies in 2006 and a 20% annual increase is expected in visa applications. The total number of passport applications made in Norway itself during 2006 was around 550000, the vast majority of which are applied for at police stations. The country is also planning for national ID cards to be issued at the same locations as passports and visas.

Integrated system
The logical aim was to create an integrated system for multiple public agencies that could be deployed both in passport offices at police stations throughout the country and at overseas embassies to enrol biometric data (2D facial images, fingerprints and signature) quickly, efficiently, and accurately. Needed by June 2009 to satisfy Schengen requirements on storing fingerprint data in e-passports, Norway is one of the first countries in Europe to start production of travel documents (passports and visa) using biometric data via integrated national systems. To meet these challenges, the Biometric Enrolment (Bio-Enrol) Kiosk from Motorola was selected following a thorough evaluation of prototypes. It takes the form of a compact rugged kiosk comprising a control computer, colour display, fingerprint scanner, camera and digital signature pad. There are currently three national administration systems interfacing with the Bio-Enrol solution, to support two different workflows:

• standard passport – 2D facial image, two fingerprints (left & right index fingers) and applicant signature
• standard visa – 2D facial image, 10 fingerprints

Meeting the standards
The complete solution meets International Civilian Aviation Organisation (ICAO) standards for machine-readable travel documents and data interchange, as well as International Standards Organisation (ISO) specifications for the storage, secure encryption and interoperability of biometric information. Some additional key factors had to be considered for Norway’s foreign embassies:

• ease of installation with a minimum of effort from the local ICT staff
• the kiosk’s design had to ensure operational security and functionality
• the applicant screens had to be self explanatory (i.e. no text) to overcome the problem of having to cope with too many languages

Two-to-three hundred Bio-Enrol Kiosks are to be deployed in time for the 2009 deadline. Of the 21 Motorola Bio Enrol solutions installed so far, 11 are located in Norway and the remaining 10 are at Norwegian embassies in Cairo, Kiev, London, Nairobi, and Stockholm. There will also be a number of portable systems for use in locations with a low volume of applications. As part of this initial deployment, applicants’ fingerprints are being captured. However they are not currently stored as this would require a change to the country’s legislation.

BIODEV II
The Bio-Enrol software solution has also been delivered in line with the total Identity Management solution to the five EU Member States (Austria, Luxembourg, Portugal, Spain and the UK) to support the BIODEV II project, which is a pilot to help trial European Visa policy which will integrate the use of biometrics by 2009. The project is partially funded through the Argo Programme of the European Commission and managed by CIVIPOL, France. In BIODEV II, the complete visa workflow is piloted and includes:

• capture of biometrics (2D face, 10 fingerprints) of the visa applicant in a consular post
• forward the captured data to be stored and searched (1:N) in a central AFIS
• verify the biometrics of the visa carrier at the border

The UK recently went live based on the complete biometric visa application process in Sierra Leone, with participants arriving at Gatwick North Terminal. Luxembourg is capturing biometrics from visa applicants at its embassy in London, and verifying the biometrics at Luxembourg Airport. Meanwhile, Austria is trialling the project from Albania in conjunction with Vienna Airport, and Spain is collecting biometrics of visa applicants in Tetuan (Morocco) with Madrid Airport. And Portugal has started with Dakar (Senegal) linked to Lisbon Airport.

Line of defence
Fingerprint visas are fast becoming the first line of defence against illegal immigration. By establishing people’s identities beyond any doubt before they enter a country, multiple applications and identity fraud can be stamped out. Biometric technology is transforming the way countries protect their borders. The BIODEV trial project is creating a triple ring of security: identifying individuals before they travel to the UK through a biometric visa, then checking it at the border, and finally, from 2008, rolling out ID cards for foreign nationals in the UK.Government officials will use the data from BIODEV II to help:

• develop the technology approach for the visa process
• determine standard operating procedures for integrating biometrics into the visa process
• evaluate policies/legislation necessary to make biometrics an official part of the visa system

A biometric visa system helps ensure the validity of visas, and the identity of those who carry them. Improved identity assurance around visas is anticipated to help streamline the cost of processing visa applications, primarily by reducing fraudulent applications.

This feature was provided by Gillian Ormiston, senior solutions consultant, Biometric Identity Management and Security Solutions, Motorola.

Link
Web: www.motorola.eu/biometrics

Daugman, NIST and the saga of the brown paper bag

There was clearly something afoot when one of the world's most esteemed biometric scientists brought out and then threatened to put a paper bag on his head in front of hundreds of government and industry participants at a recent show in the USA.

John Daugman, professor at Cambridge University and the inventor of iris recognition – as well as chief scientist for iris recognition at L-1 Identity Solutions – resorted to such graphic measures when expressing his frustration at what he describes as “mischievous” reporting by researchers in the highly-respected US government organisation, NIST.

Daugman's frustration is aimed, in particular, at two recent reports published by NIST, namely FRVT 2006 and ICE 2006 Large Scale Results and Meta-Analysis of Third Party Evaluations of Iris Recognition.

In the first of these reports, which was published in March 2007, NIST reveals the results of its latest face and iris trials and amid many interesting conclusions it also reports that the performance of iris recognition, still face recognition and 3D face recognition are comparable, given the various constraints of the tests.

In the second paper, which was published in August 2007, the author, Elaine Newton, questions the reputation of iris recognition as being “highly accurate” due to the lack of independent testing. She analyses the results of three major tests of iris recognition, namely NIST's ICE 2006, the Independent Testing of Iris Recognition Technology (ITIRT) study conducted by the International Biometric Group (IBG) and the Iris RecognItion Study 2006 (IRIS06) conducted by Authenti-Corp.

Similar to the first NIST paper, Newton compared the three studies at a False Match Rate of 0.001 and reported the False Non Match Rate (FNMR) for the best performers in each test to range from 0.0122 to 0.0175.

Daugman's arguments
Daugman's conference presentation was given at the recent Biometric Consortium event in Baltimore. In his presentation he quoted one ‘unnamed’ US Government sponsor of the NIST 2006 FRVT and ICE tests, as having said that: “The deck was stacked against iris.”

Most controversial to Daugman is that the NIST report focuses on a part of the ROC curve which does not, in his view, display the true power of the technology – namely its ability to operate on very large databases in identification mode.

According to Daugman: “Recent NIST reports dispute the iris reputation for accuracy by selecting a point on the ROC curve where FMR = 0.001. Since hi-resolution face recognition based on skin texture can also reach this, NIST concludes they are ‘comparable’.”

Daugman continues: “The slope of log ROC curves for these algorithms is about 2:10 000 (the FnMR only doubles while FMR is reduced by a factor of 10 000 when the HD threshold changes from about 0.37 to about 0.32). So, while citing a FnMR of about 1%−2%, testers could equally well cite a FMR of: 1 in a million, or 1 in 100 000, or 1 in 10 000, or 1 in 1000.”

In other words, according to Daugman: “FnMR is hardly a function of FMR over this range. FnMR is mainly determined by the number of rubbish images included; not the threshold used.”

In his presentation Daugman showed a selection of the worst quality images used in NIST's tests (although not the exact images, as these have been kept confidential by NIST). Although these poor quality images are not representative of the entire ICE dataset, some were impossible to match, such as those where printed patterned contact lenses were used.

According to Daugman, comparing facial and iris recognition fairly would mean that the testers should have used some facial images where the candidate had placed a paper bag over their head.

In direct response to Daugman, Dr Jonathon Phillips, the ICE programme manager at NIST, said that iris image quality is a crucial part of testing. He points out that bad biometric samples happen and that technology evaluations must not ignore bad samples, although scenario evaluations may filter for quality. Interestingly, Phillips also challenged the notion that iris ROC curves are indeed “virtually flat”.

In Newton's paper which did not compare different biometric modalities, but only the results of three iris trials, she defends her decision to use the FMR of 1 in a 1000. This is because of the low number of samples in each of the three studies (ranging from 240 subjects in ICE to 1224 subjects in ITIRT). Going much beyond 1 in a thousand, could be statistically irresponsible Newton told Btt. That said Newton does provide a table in her paper (Table V) that compares the results of the various trials at a FMR of one in ten thousand. At this point the False Non Match Rate (FNMR) for the best performers in each test falls from (0.0122 to 0.0175) to (0.0141 to 0.02).