Mark Lockie

Mark Lockie

This month’s issue of BTT is packed with initiatives designed to push biometrics to the limit, whether from a matching algorithm performance perspective or from a usability point of view. 

Whilst biometric technology has come a long way in a short space of time, there is still plenty of room for improvement – and these improvements will be necessary if the industry wants to be taken seriously in major industries, such as banking and mass transportation, where customers are ‘king’. 

Vein, finger and iris recognition are all reported to be pushing the boundaries. For example, Fujitsu Laboratories is employing new technology to capture images of the palm veins without blurring when the palm is in motion. Using this new feature, Fujitsu says it may be possible to authenticate an individual’s identity with the same ease as, for example, gliding non-contact smart cards over a train-station turnstile gate. 

Elsewhere, NIST’s latest tests show that automated latent fingerprint identification is performing beyond expectations, and the researchers say they want to go even further and look at lower quality latent images and understand the extent of the technology’s limitations. 

Another set of academic researchers in the USA have looked, in detail, at iris recognition, assessing factors which are normally ignored by most commercial systems, such as ageing effects, and the impact of pupil dilation. The results could lead to much more usable technology without compromising on accuracy. 

Biometric technology is currently good enough for many applications, but continuous improvement is paramount to take this industry to the mainstream. 

Mark Lockie – Editor

I have a confession to make. I am one of the countless hordes of people who have been irresistibly drawn to the beauty of Apple’s products; their sheer simplicity, stability and versatility.

Alongside an obligatory iPod, I possess an iPhone 3G, and while it may not be the best phone on the market for business purposes (certainly not as good as my old Blackberry), I can’t help but marvel at its design every time I use it – and this more than compensates for its relatively few flaws.

This is why I felt a tinge of excitement this month when I read that Apple could be about to introduce biometrics to its product range.

As we all know, getting unaccustomed users to successfully operate a biometric device can be a devilishly difficult problem – and many systems have failed on that count alone over the years.

However, with its design pedigree, if Apple puts its creative mind to it, I just wonder whether we could see biometric ergonomics and ‘coolness’ taken to a new level.

The idea – as is being promoted in its recent patent – that the biometric device may be completely hidden from view underneath the glass screen is compelling. The concept that the user could be authenticated when using the traditional touch slider is also clever. On Apple’s Mac product range, it cunningly considers putting sensors into certain keyboard keys themselves…

Fingerprint isn’t the only biometric considered, either – voice, face, iris, vein and retina all get consideration. And, here again the company’s ergonomics team have been at work. As an example, a biometric sensor may also double up to detect movements of the user’s eyes, so providing an alternative source of authentication, i.e. a predetermined eye movement.

Of course there is no guarantee that any of these possible design innovations will ever see the light of day. But for me, if they did… I don’t think I could resist.

Mark Lockie – Editor

Despite this newsletter’s relatively negative item on iris recognition in last month’s issue – see our news story on the United Arab Emirates, where it had tested an iris at a distance product and found it did not perform at all well in the field – we remain hopeful that the latest market entrants to this particular niche will find greater success.

This month we can read that AOptix Technologies in the US has announced the commercial product release of InSight, its own version of an iris recognition system which operates at a distance (two meter stand-off).

To anyone on the biometric exhibition circuit it may feel like this product has been around for ages – probably because the vendor has been demonstrating the technology at trade shows for at least two to three years. Until now, however, the company has been demonstrating an engineering prototype. The new InSight product is now properly ‘productized’ and ready for commercial deployment. It establishes a capture volume of about 0.75 cubic meters that is 1 meter deep and 1 meter tall at mid-plane allowing for a range of heights including coverage of wheelchair users. The system is also housed in a single, compact enclosure that contains all optics, electronics and interfacing hardware. As well as this, it is configured as a network appliance for easier integration into end-user identification and authentication systems, including physical access control, for which it offers an optional Wiegand and RS-485 interface.

I think, more importantly, the performance of the device could well exceed expectations, from an image quality standpoint. Certainly, upon trying out the prototype, the image quality of iris images captured (at ease, I might add) was outstanding, which of course is the crucial foundation upon which to build any biometric system.

This will be a major factor at our other iris deployment announcement this month. Schiphol Airport has announced that it (like the UAE – although using technology from a different vendor) will be testing Iris on the Move (IOM) technology. This system is to be provided by Sarnoff Corporation – and for fast throughput environments, such as border control, it could prove to be ideal.

Research and development is a vital cog in any industry, but especially so in the biometric industry, where the technology had been propelled into the spotlight following the 9/11 attacks – possibly a few years before it was ready. 

Industry consolidation, relatively poor industry sales and a difficult economic climate have put widespread R&D work in jeopardy – albeit with some major exceptions: NIST’s efforts spring to mind. 

That is why this month’s issue of Btt has a good dose of positive news in this regard. First up we have news that the US’s secretive government research body IARPA (Intelligence Advanced Research Projects Activity) is seeking ideas for the most promising non-contact biometrics for use in its BEST (Biometrics Exploitation Science and Technology) program. It is not looking for technology developments which will incrementally improve contactless biometrics, but technologies that will exceed performance by a factor of three on what is commercially available today. 

Elsewhere – and a bit further into the speculative region of biometrics – we can see that European researchers have been studying the use of sensors to identify individuals through their unique brain patterns and heart rhythms. The study also looked at gait. 

In common to both research efforts was the goal of ‘unobtrusiveness’, which on the one hand means the ability to gather data without a person’s knowledge (useful for intelligence agencies, one would suspect) and on the other hand the ability to collect a biometric with full knowledge of the user, but in a way that doesn’t unduly require user effort. 

Into the real world, and these ideals can be seen being researched and implemented by countries such as the United Arab Emirates. This month we report that it has tested iris-at-a-distance technology – sadly to no avail. And now it is preparing to test iris on the move technology – the ultimate in user friendly iris system design. 

Research will hopefully continue to push the boundaries, as, for the most part, we are not yet there as an industry. 

Mark Lockie, Editor

First of all may we wish all readers a Happy New Year! Thank you for your support over the past12 months and we look forward to providing you with more biometric news, features and comment throughout 2009. 

When wishing people a happy new year many people also include the word ‘prosperous’ – however in today’s economic climate that could be seen as a little insensitive or at least over-optimistic. But…would that be the case in the biometrics industry? Perhaps not...I have just read a 2008 annual review on the biometrics industry (produced by findbiometrics.com) and one thing that struck me was the sheer level of optimism displayed by most of the companies who had submitted their responses. 

Reading the review one would get the impression that the biometrics industry is set for a bumper year in 2009. Certainly the downturn in the economy didn’t seem to worry most suppliers who commented. 

Perhaps the global downturn won’t delay purchasing decisions on security projects involving biometrics. Perhaps the sheer convenience and streamlining potential of biometrics will sway corporations to use the technology. Perhaps… 

Being a cynical journalist, such high levels of optimism set alarm bells ringing – so I do hope that the commentaries were based on good, healthy marketing ‘spin’ rather than the real consensus out there today. 

There is no doubt that there are exciting projects being awarded and many more on the drawing board. As always a robust business case or a compelling answer to a critical security need will open even the most difficult of doors. Consumer-based biometrics could also provide the impetus for 2009. Who would have thought we would see an issue of Btt where Microsoft, Apple and Samsung use biometrics as a major selling point in their respective software and hardware. 

I don’t believe 2009 will be a bumper year to look back upon, but with some nerve and skill it could turn out to be a platform for greater things to come. 

Mark Lockie, editor

Sometimes I find myself browsing the NO2ID (a group set up in the UK to oppose the introduction of the proposed national ID card scheme) website (www.no2id.net), and in particular the site’s discussion forums. Whilst I shake my head at much of the uninformed comment – especially on the biometrics front – there are some sharp and informed commentators in their midst. 

One of the most recent bones of contention on the site is the UK Home Office’s intention to use commercial outlets, such as supermarkets or Post Offices, to perform enrolment of biometrics. As readers of Btt know, enrolment is possibly the single most important aspect of any biometric system – get this wrong and there is little hope that a system will operate effectively. 

All this casts my mind back to one of the most damaging yet useful reports produced around the ID card scheme. This was the UK Passport Service’s (now IPS) Biometrics Enrolment Trial, where just over 10,000 participants took part – including a significant quantity of disabled people. 

The enrolment figures were quite encouraging in terms of success rates approaching 100% for fingerprint and face – although the rate of success for disabled people and the elderly was somewhat lower. 

However, the subsequent verification rates against these newly enrolled records was shockingly bad – around 80% for fingerprint. Although IPS is continually stressing that this was a trial designed to test customer perceptions and experience, the results are still seized upon by anti-ID card campaigners. Want to apply for a mortgage? Good luck, because 20% of you will fail to match against yourself on the database… That is assuming your data hasn’t been hijacked or misrepresented during the enrolment process, they say. And why is IPS committing the UK taxpayer to spending billions of pounds when it hasn’t even conducted a trial to see if the technology will work – which it clearly didn’t in the enrolment trial. 

Do they have a point? An Identity and Passport Service spokesperson believes not. When asked the questions by Btt here are the responses we got: ‘No inference to the performance reliability of biometric matching technology can be taken from the results of the trial.’ 

System security? The IPS spokesperson said: ‘Any third party involved in enrolment would be accredited and audited to ensure they meet and continue to meet robust and strictly administered security and biometric enrolment standards. We remain confident the systems used will meet the required accuracy levels. System design standards will ensure that no data is stored locally and that all data is transmitted directly to IPS using a secure communications link. In addition all locations and personnel will be subject to strict security standards set by IPS.’ 

And IPS assures Btt that a full technology trial will be carried out as part of the process to appoint a supplier of biometric systems to support the National Identity Scheme (NIS). 

There are still many other issues with this commercial arrangement, not to mention the price it will cost people to have their biometrics/other details taken by the commercial sector (£30 and more), and the fact (according to IPS’s own recent survey) that most people don’t appear to want their biometrics taken in a commercial setting, but would be happier to do this at a police station or indeed at IPS offices. Despite assurances, I still feel this issue is a can of worms waiting to escape. I hope I am proved wrong. 

Mark Lockie, editor

As the biometrics industry moves into 2008 it is clear that, on the whole, large-scale identity-centred projects are dominating the scene. These days we would be incorrect to call most of these projects “biometric projects”, although they may use the technology as a critical part of their architecture. In many of today's large-scale identity projects, biometrics are merely a small element within a system – systems whose objectives far exceed the delivery capabilities of the biometric industry.

Technology selection, technical design, assessing business process change, working with legacy systems across multiple organisations, implementing new systems architecture, designing robust and secure databases, implementing the latest security policies, ensuring staff are trained etc. These are just some of the specialisms associated with large systems integrators, and of course it is many of these skills which are necessary for most large-scale government-based identity contracts.

Looking at this month's issue of BTT we can see in our survey that the UK's e-Borders programme has awarded a £650 million contract to the Trusted Border consortium. Within this consortium were a host of large companies such as Raytheon (Prime), Accenture, Detica, Serco, QinetiQ, Steria, Cap Gemini, as well as biometric firm Daon. The losing bidders were BT emblem, a team comprising BT, Lockheed Martin, LogicaCMG, Hewlett Packard, ARINC and Anite.

Our lead story this month shows that Anite and LogicaCMG are separately in the running (along with Motorola) for another potentially large project with the DVLA.

As an interesting aside, we note that Lockheed Martin is steadily building up its biometric offering. This month there is a cooperation announcement with facial recognition technology provider Cognitec, which follows hot on the heels of another co-operation agreement (announced in last month's BTT) which saw the integrator team up with iris recognition company IriTech. A major systems integrator, Lockheed Martin seems to be focusing its efforts on integrating a range of biometrics technologies, allowing potential customers to incorporate multiple biometrics techniques – including fingerprint, facial and iris scanning – into their operations. This looks to be a very sensible move.

Mark Lockie, Editor

This month's issue of BTT is full of news looking at the roll out of secure documents such as electronic passports and national ID cards, notably the UK's ambitious national ID card project, which will use multiple finger and face biometrics.

It is certainly a landmark that Germany has begun rolling out the far more complex Extended Access Control (EAC) fingerprint-based ePassport, and the country is trailblazing with its project, especially bearing in mind that this second generation product does not officially have to be launched until 28 June 2009, according to EC regulations.

Germany is certainly not the first country to put fingerprints within its passport, but it is the first to deploy an EAC-standard product, which replaces the far simpler Basic Access Control (BAC) ePassport, which was susceptible to scare stories, such as cloning and the like. (I am assured that cloning is not possible on an EAC passport, where the encrption key is not effectively printed inside the owner's passport.)

The UK and other EU countries will eventually use the same EAC specification – and interestingly, so could other countries outside of the EU, such as South Korea.

Electronic passports and future national identity card projects are inevitably entwined. At the highly successful Biometrics 2007 event in London recently, delegates saw how countries such as Sweden are looking at enrolling biometrics for multiple projects, including ePassports for citizens and resident aliens, visas, residence permits etc. Using the same equipment to capture biometrics for multiple projects clearly makes a lot of sense.

In the UK, the latest costings report demonstrates just how entwined the ePassport and national ID card project have become. Nearly £3 billion of the total ten-year costs support both passports and ID cards; £1.5 billion is specifically for passports and £1 billion is specifically for ID cards. Some critics say that the UK does not legally need to produce EAC passports, and is only going down this route to artificially reduce the apparent costs of introducing ID cards – by offloading some of the costs onto the ePassport side of the equation.

While it may be true that some costs are now shared between the projects, it would be absurd to suggest this is the reason for taking this route. As well as being far more secure, the UK would be somewhat foolish to risk its secure document reputation by falling behind its European neighbours.

Mark Lockie, Editor

This newsletter was unavoidably drawn into the fray to report on this month's lead story (Daugman, NIST and the saga of the brown paper bag). When NIST wrote a paper (based on the FRVT and ICE 2006 tests) saying that face recognition was now able to compete with iris recognition in accuracy terms, it undoubtedly raised a few eyebrows. This paper was followed with another, this time by NIST's Elaine Newton, which appears to say that the perceived accuracy of iris recognition is unfounded scientifically. (No wonder some sponsors of the NIST trials have described, rightly or wrongly, the decks being stacked against iris.)

In order to prove that iris recognition is widely perceived as accurate, Newton's paper extracts a quote from this newsletter (one that I made in 2005) and other evidence from other much more eminent sources. It is certainly true that in 2005 I perceived iris recognition to be the most accurate mainstream biometric, and, for the record, still do.

Newton's paper, I believe (although she strongly denies), misleads the casual reader. To lead her paper with a quote that “the conventional wisdom in the industry is that iris recognition is highly accurate” suggests that she is about to show that iris recognition is not necessarily as accurate as imagined. Instead the paper does nothing to disprove this conventional wisdom, and seems to ignore other evidence from around the world that shows iris is indeed a powerful technology.

To take one example, and perhaps this is the example which gave iris recognition such a good reputation in the first place. The UK's highly respected NPL did a test in 2000/2001 which tested various biometrics. It produced a famous ROC curve graph which showed iris to be in a class of its own (ie no curve at all for iris as there were no recorded false matches).

NPL's scientific test was different in many ways to ICE and to the other two tests Newton examined. However, it is still a valid test and one that showed iris to be in an accuracy class of its own. Then there is the body of evidence from the field that shows iris to be frighteningly accurate – although, as Newton told me, that is of little interest scientifically.

Perhaps I am being harsh, but it seems to me that making such eyebrow-raising claims is more about trying to get a paper noticed than about sensible scientific comment. This is a shame, because apart from the accuracy diversion, it is actually a very good paper.

Mark Lockie, Editor