Face, iris gaining ground in authentication applications

The future of biometric modalities in consumer electronics (Help Net Security)

“ABI Research posits that as ASPs for iris modules drop, and the once timid face recognition is continuously honed with more sophisticated machine learning algorithms, they will both slowly start to eat away at fingerprint implementations.”

There’s a lot of good information in the linked article. Fingerprint technology is still the most ubiquitous biometric technology worldwide and it will be for some time. Biometrics will ultimately be an all-of-the-above industry where the application determines the biometric modality/modalities brought to bear.

Visa: Goodbye, passwords. Hello, biometrics.

Consumers ready to switch from passwords to biometrics, Visa finds (The Paypers)

“Consumers are ready to leave the password behind and adopt biometrics, according to the results from a survey commissioned by Visa.”

The full pdf info-graphic from Visa is available here.

The study of 1,000 U.S. adult consumers who use at least one credit card, debit card, and/or mobile pay account covers a range of topics on biometrics including:

  • Top benefits
  • Top concerns
  • Trusted entities

And more!

“Holy Bat-phone, Batman!”

NEC develops biometrics technology that uses sound to distinguish individually unique ear cavity shape (NEC)

The new technology instantaneously measures (within approximately one second) acoustic characteristics determined by the shape of the ear, which is unique for each person, using an earphone with a built-in microphone to collect earphone-generated sounds as they resonate within ear cavities. This unique method for extracting features is useful for distinguishing individuals based on acoustic characteristics and enables rapid and highly accurate recognition (greater than 99% accuracy).

 

You know better but I know him

If we go to biometric IDs, will hackers try to steal your face? (CreditCards.com)

How much damage could a data thief do with your biometrics? According to experts from three different biometric modalities, the threat of someone virtually slipping into your skin is based far more on Hollywood-fueled paranoia than how biometrics are actually secured and deployed in the real world.

An analysis of iris, vein and heartbeat biometrics follows from there.

The piece also serves as a useful counterpoint to this one at InfoWorld which has biometric authentication technology as “Doomed security technology No. 1,” where the author’s formulation,

“After all, using your face, fingerprint, DNA, or some other biometric marker seems like the perfect log-on credential — to someone who doesn’t specialize in log-on authentication.”

begs the retort: After all, using your face, fingerprint, DNA, or some other biometric marker seems like it is destined for history’s dustbin — to someone who doesn’t specialize in biometric authentication.

Then again, probably not

Brain’s reaction to certain words could replace passwords (Binghampton University)

According to Sarah Laszlo, assistant professor of psychology and linguistics at Binghamton University and co-author of “Brainprint,” brain biometrics are appealing because they are cancellable and cannot be stolen by malicious means the way a finger or retina can.

“Just 12 more globs and some wiring and you can check
your email!”

Image source: Biosemi.com

When the alternative is the terrifying prospect of a stolen retina*, I guess you can’t be too careful.

But, let’s not get ahead of ourselves. Though there is little doubt that if any behavioral biometric can be used as a reliable identifier, evidence for that uniqueness could probably be found in the brain, measured, and used for ID purposes. Even so, brain prints as ubiquitous biometrics face every obstacle we discussed in our post, The challenges confronting any new biometric modality, and then some.

The linked article doesn’t make any mention of the sensor to be used to collect brain prints, much less offer a vision for how a future identification scenario might work.

This is one of those subjects that is intensely interesting from a Ph.D. candidate’s point of view (invention) but not so much from an engineering or business perspective (innovation). Brain prints as a biometric will face significant — I dare say insurmountable — challenges in finding their way into wide use as a commercial ID management application any time soon.

The 94% accuracy is an issue, too.

*See also:

Iris ≠ Retina

Iris (left); Retina (right)

In fairness, the penultimate paragraph in the article quotes Zhanpeng Jin, who brings a more moderate perspective to the piece.

Hello, Windows. Microsoft does biometrics.

Windows 10 News: New Authentication, New Storage Savings, And Launch Timeframe (AnandTech)

Microsoft will be taking a two pronged approach to authentication. The first is the actual authentication. Windows Hello will work with several biometrics, including fingerprint scanners, facial recognition, and iris scanning, as examples. This will be used in conjunction with hardware cryptography on the device to unlock the device. Microsoft is claiming false unlocks at around one in one hundred thousand. Fingerprints are well known, but the facial recognition will not rely on just a webcam, but rather will require new hardware such as the Intel RealSense 3D Cameras to ensure that it is a real person in front of the device and not just a photo. The unlock is tied to the actual device, and none of the unlock information is ever sent off of the device. Existing fingerprint readers can be used with Windows Hello.

“Get me some biometrics, stat!”

How biometrics could improve health security (Fortune)

For the last two years, the health industry suffered the highest number of hackings of any sector. Last year, it accounted for 43% of all data breaches, according to the Identity Theft Resource Center. To help prevent these costly issues, medical companies have begun adopting an array of biometrics security systems that use data from a patient’s fingerprint, iris, veins, or face.

There really isn’t an identity management challenge that health care doesn’t have.

India: Iris to replace thumb print for pensioner verification in one district

‘Iris recognition system’ for pensions to be launched in Andhra Pradesh (Niti Central)

A biometric ‘Iris identification system’ for distribution of pension will be soon launched in Krishna district of Andhra Pradesh.

At present, the pensions are being paid by taking a thumb impression of the pensioners, Krishna District Collector A Babu said in an official release. However, sometimes the illegible thumb impressions create problems, he said.

This is perhaps the first time I’ve seen one biometric modality displace another one in an existing ID management application.

The performance expectations for iris must be substantially higher than what the existing fingerprint system is producing because it looks like there will have to be a new enrollment process for pensioners in the 100 political villages and municipal wards undertaking the change.

Voice biometrics and “the right to remain silent”

Passcode vs. Touch ID: A Legal Analysis (9TO5MAC)

With the suspect in handcuffs, the agent swipes the student’s finger across the phone to access his call history and messages. Once the FBI swipes the suspect’s finger and bypasses the biometric security, the phone asks for the student’s passcode. The FBI agent asks for his password but the student refuses to speak. How can the FBI agent access the phone? Whereas a fictional Federal Agent like Jack Bauer would simply pull out his gun, jam it in the suspect’s mouth and scream, “WHERE IS THE BOMB?”, in our example, the FBI agent would hit the proverbial brick wall.

This is where a gray area might still exist for hardware protected with voice biometrics.

I’m no criminal or constitutional lawyer, but it seems plausible that while a criminal suspect can be legally compelled to give over their fingerprint, the “right to remain silent” remains.

Commonwealth v. Baust probably isn’t the last word on all biometric modalities that could prove useful in criminal investigations.

Novel biometric modality: Brain prints

‘Brain prints’ the new biometric identifier (WhaTech)

We’ve had fingerprints for years as unique identifiers of individuals and in recent times their uniqueness has been successfully employed for access control. More recently they’ve been followed by voiceprints and iris scans as unique personal attributes that can be used for access to information systems. But brain waves?

Let’s not get ahead of ourselves. Though there is little doubt that if any behavioral biometric can be used as a reliable identifier, evidence for that uniqueness can be found in the brain and measured, brain prints as ubiquitous biometrics face every obstacle we discussed in our post, The challenges confronting any new biometric modality and then some.

The linked article doesn’t make any mention of the sensor to be used to collect brain prints, much less offer a vision for how a future identification scenario might work.

This is one of those subjects that is intensely interesting from a Ph.D.’s point of view (invention) but not so much from an engineering or business perspective (innovation). Brain prints as a biometric will face significant — I dare say insurmountable — challenges in finding its way into wide use as a commercial ID management application any time soon.

It really is a retina scanner

Image source: Fraunhofer Institute for Photonic Microsystems

I was all set to roll my eyes (hey, it’s Friday!) at another case of the iris-vs.-retina inversion when, lo and behold, we find this article actually is about retina technology.

Portable Retina Scanner Could Protect Your Identity on the Go (Live Science)

A portable retina scanner small enough to fit in a purse could one day be used to combat identity theft and strengthen personal security.

Survey says…

Fingerprint scanners most popular alternative to banking passwords (Computer Weekly)

The increasing use of mobile banking apps and the deluge of apps requiring passwords makes biometric security attractive.

The survey found that 52% of consumers would like banks to integrate fingerprint scanners into digital banking apps. This was the most popular followed by Iris scanners (33%), facial recognition (30%), electrocardiogram heartbeat monitors (29%) and voice verification (27%).

We’ve made the point before that reasonably strong passwords are even more inconvenient on mobile devices.

The Extinction of Passwords (Business 2 Community)

Currently, passwords are total chaos. In fact, most people have terrible passwords that are easy for hackers to guess. Even worse, many people use the same password for all their accounts, and they haven’t changed their password for years. So all a hacker has to do is guess the password once and they’ll have access to the user’s entire life. And while we were all advised to change our passwords after the recent Heartbleed attack, very few of us actually did.

Since we’re not really managing our passwords appropriately, it’s time to get rid of the hassle of passwords and use something with more data points and that is unique to each individual.

We’re all ears

New academic research on ear biometrics…

3D Ear Identification Based on Sparse Representation (Forensic Magazine)

Compared with classical biometric identifiers such as fingerprint and face, the ear is relatively a new member in the biometrics family and has recently received some significant attention due to its non-intrusiveness and ease of data collection. As a biometric identifier, the ear is appealing and has some desirable properties such as universality, uniqueness and permanence. The ear has a rich structure and a distinct shape which remains unchanged from 8 to 70 years of age as determined by Iannarelli in a study of 10,000 ears. The recognition using 2D ear images has a comparable discriminative power compared with the recognition using 2D face images.

If you click through to the whole study at plos.org, the authors (Lin Zhang, Zhixuan Ding, Hongyu Li & Ying Shen) have made the Matlab source code for the ear matching algorithm available. That’s really neat.

From our first post on ear biometrics in 2010…

Pros:
-Facial recognition accuracy is degraded as the pose angle diverges from a full frontal view. As pose angles get bigger, an ear will come into view. Tying an ear-recognition system to a face recognition system could make more identifications possible, especially with a non-participating subject.

Cons:
-Ears aren’t really that stable. They grow throughout life, as the quote above addresses.
-As high school wrestlers can attest, ears are easily deformed by trauma.
-Hair obscures significant portions of the ear in a significant percentage of the population.

Veins are great, but that doesn’t mean fingerprints are a “gimmick”

Vein-scanning technology may trump fingerprint scanning for payments (Sydney Morning Herald) But even if the headline is true, it doesn’t follow that

“Using our fingerprint is not a secure way to do [authentication],” Professor Susilo said. “It’s just like a gimmick.”

One of the main benefits of vein and iris scanning is that you don’t tend to leave behind iris or vein prints, he said.

As most vein scanner sensors coming out this year require no physical contact, it means there are no residual biometric patterns that could be copied, preventing fraudulent use.

Fingerprints are notoriously easy to lift from surfaces and are not secure, he said, which has been demonstrated by researchers for more than a decade.

In 2002, Japanese researchers showed that fingerprint scanners could be fooled with about $10 worth of household supplies. They also found many fingerprint systems did not detect if someone was “live and well”.

Vein scanners are, in fact “more secure” in the sense that there is no latency. You can’t leave vein prints behind. But that doesn’t mean that fingerprints are a gimmick.

To take the professor in his own terms, how much money worth of household supplies are required to access an unsecured mobile device? How much money worth of household supplies are required to access a device secured by a password? How easy is it to apply the $10 worth of household supplies to cracking the phone? The answers: None, None, Not very. It really isn’t that easy to spoof fingerprints without the participation of the person whose fingerprint is enrolled.

Vascular biometrics, on the other hand, have no latency. Nobody leaves behind vein prints. But hardware cost (too expensive) and form factor (too large) disqualify vein sensors’ use in mass market mobile devices*. Until about 6 months ago this was true even for fingerprint readers.

*In mobile devices, power consumption is also a big concern. I don’t really know if vein readers are power hogs or not. Perhaps the likely infrequency of vein sensor use compared to the screen or audio output means power requirements won’t end up being the determining factor for vein reader deployment anyway.

The Search for the Perfect Biometric Is Over. The next big thing in biometrics is your wrinkly elbow.

Elbow scan

Forget digital fingerprints, iris recognition and voice identification, the next big thing in biometrics is your wrinkly elbow. Just as a fingerprints and other body parts are unique to us as individuals and so can be used to prove who we are, so too are our elbows. Computer scientist Eric Praline of the University of Housinge, has now demonstrated how an elbow wrinkle scan could be used to identify us for a range of cutting-edge applications.

The approach is based on infra-red scanners located in chair or automobile armrests and could be used to quickly register and identify people in a moving car as they approach passport control or in airport lounges for instance or as they sit in their offices to begin their day’s work.

Praline has tested the approach and achieved accuracy of around 97 percent, this coupled with other factors such as having the correct heart rate, sitting in the right chair or tied to other biometrics such as the topography of your rear-end and earwax analysis could be used to prevent deception and fraud. Rubber fingers can be used to dupe fingerprint systems. Documents can be forged. “But most people walk around with their elbows covered most of the time so the odds of elbow spoofing are quite low,” says Praline.

When asked how this new modality might stand up against the relentless health-and-beauty industry assault on wrinkly elbows, Praline remained confident that elbows are the “killer app” biometrics have been waiting for. “While various creams, ointments and unguents exist to ameliorate the effects of aging upon the skin of the human elbow, those treatments only serve to reduce the prominence of the elbow wrinkles, not to eliminate them altogether. Sit tight. The days of ubiquitous elbow scanners are closer than many are prepared to admit.”

I wonder what the sensor looks like

Body odor passes smell test as biometric (ZD Net) — Researchers at the Polytechnic University of Madrid are exploring a new form of biometric authentication – body odor.

See also: The challenges confronting any new biometric modality

I suspect that any definable aspect of the human anatomy could be used as a biometric identifier — in instances where teeth are all that is known about an individual, they are used for high confidence identification — I’m afraid that, for the foreseeable future, the cards are stacked against any new biometric modality catching on in any big way.

The reasons for this are both scientific (research based) and economic (market based).

On the science side, a good biometric modality must be: unique, durable, and easily measurable. If any of these are missing, widespread use for ID management isn’t in the cards. If something is unique and durable but isn’t easily measurable, it can still be useful but it isn’t going to become ubiquitous in automated (or semi-automated) technology. Teeth and DNA fit this model. Teeth have been used to determine the identity of dead bodies with a high degree of certainty for a long time, but we aren’t going to be biting any sensors to get into our computers any time soon — or ever. Likewise with DNA.

There is also the challenge of proving that a modality is in fact unique, durable and easily measurable which requires a whole lot of experimental data and (especially regarding uniqueness) a healthy dose of statistical analysis.

more at the link