modality

knee, modality

Not the bee’s knees

Biometrics Using Internal Body Parts: Knobbly Knees in Competition With Fingerprints (Science Daily)

Forget digital fingerprints, iris recognition and voice identification, the next big thing in biometrics could be your knobbly knees. Just as a fingerprints and other body parts are unique to us as individuals and so can be used to prove who we are, so too are our kneecaps. Computer scientist Lior Shamir of Lawrence Technological University in Southfield, Michigan, has now demonstrated how a knee scan could be used to single us out.

Every once in a while a version of the above paragraph finds itself in the news…

Forget digital fingerprints, iris recognition and voice identification, the next big thing in biometrics could be your ______________.

Heartbeat?
Rear-end?
Ear?
Bone structure or electric conductivity?
Footsteps?
Kneecap?

I suspect that any definable aspect of the human anatomy could be used as a biometric identifier. In instances where teeth are all that is known about an individual, they are used for high confidence identification.

A good biometric modality must be: unique, durable, and easily measurable. If any of these are missing, widespread use for ID management isn’t in the cards. If something is unique and durable but isn’t easily measurable, it can still be useful but it isn’t going to become ubiquitous in automated (or semi-automated) technology. Teeth and DNA fit this model. Teeth have been used to determine the identity of dead bodies with a high degree of certainty for a long time, but we aren’t going to be biting any sensors to get into our computers any time soon — or ever. Likewise with DNA.

There is also the challenge of proving that a modality is in fact unique, durable and easily measurable which requires a whole lot of experimental data and (especially regarding uniqueness) a healthy dose of statistical analysis. I’m no statistician, and from what I understand, the statistical rules for proving biometric uniqueness aren’t fully developed yet anyway, so let’s just leave things in layman’s terms and say that if you’re wanting to invent a new biometric modality and someone asks you how big a data set of samples of the relevant body part you need, your best answer is “how many can you get me?” 

In order to ascertain uniqueness you need samples from as many different people as you can get. For durability you need biometric samples for the same person taken over a period of time and multiplied by a lot of people. 

Ease of measure is more experiential and will be discovered during the experimentation process. The scientists charged with collecting the samples from real people will quickly get a feel for the likelihood that people would adapt to a given ID protocol.

For two common biometric modalities, face and fingerprint, huge data repositories have existed since well before there was any such thing as a biometric algorithm. Jails (among others) had been collecting this information for a hundred years and the nature of the jail business means you’ll get several samples from the same subject often enough to test durability, too, over their criminal life. For face, other records such as school year books exist and were readily available to researchers who sought to test the uniqueness and durability of the human face.

Iris, voice, and the vascular biometrics of the hand (palm, finger) have apparently joined face and fingerprint biometrics in achieving wide-scale commercial viability despite the lack of historic data repositories. They either occupy prime real estate on the head and the end of the arm (Iris, vein), or they are the only biometric that can be used over a ubiquitous infrastructure that simply isn’t going anywhere (voice/phone).  

In order to displace finger/hand and face/eye biometrics in wide scale deployments, novel biometric modalities will have to out-compete them on two levels: in the lab and in the market meaning they will have to offer out-sized advantages in order to justify the R&D outlay required to “catch up”. This is highly unlikely to happen with any novel modality.

In order to thrive as high value-added tools in highly specialized deployments, however, a novel modality just needs to help solve a high value problem (teeth, DNA).

Any biometric modality can be useful, especially if it’s the only one available. But that’s not likely ever to be the case for many of these novel modalities, knees included.

modality, privacy, technology

A survey of biometric modalities and their social impact

Biometrics Looks To Solve Identity Crisis (Electronic Design)

You see them in blockbuster movies and high-tech TV shows—biometric systems that rely on fingerprints, facial recognition, and other physical and behavioral data to provide identification. But these technologies have moved past the sci-fi genre, and even beyond the high-security arena. They’re hitting the mainstream now. In fact, you may even be using some of them already.

This is just the introductory paragraph. The whole article is worth reading.

bank, banking, face, facebook, mobile, modality, multifactor, technology, voice

Hardware & ID Security: PC vs Mobile

Mobile banking to hit 1 billion users by 2017

Fortunately for the consumer, mobile devices often contain technologies such as GPS that track the user’s location, front-facing cameras that can be used for face-recognition, and other biometric tools such as voice recognition technology and in some cases fingerprint technology. In December, Ben Knieff, head of fraud at financial crime and technology specialist NICE Actimize told Banking Technology that mobile banking could eventually become safer than online banking.

“While consumers didn’t like biometrics ten or even five years ago, rising usage of the technology on sites like Facebook has made it more acceptable,” he said. “Consumer sentiment is changing, and I believe there could actually be an opportunity to use some of these technologies to make mobile banking even safer than internet banking is today.”

The whole article is worth reading but two points in the second paragraph quoted above are especially thought-provoking.

That’s the first time I’ve seen the Facebook face recognition issue turned on its head like that. Stories of outrage at the Facebook facial recognition app are easy to find. Whether this has more to do with Facebook’s User Agreement policies or biometric technology is a subject for another day, but is it possible that as suggested above, by putting people into contact with the technology the Facebook face rec kerfuffle has made biometrics more acceptable to the networked public?

Another fascinating item in the second paragraph is the notion that mobile banking can be inherently safer than online banking conducted through desktop or laptop computers. We discussed some of the reasons for this in Mobile Devices and Biometric Modalities, but the reasons why authentication via mobile devices may be more rigorous than that using other hardware go beyond biometrics. Mobile devices are quite simply capable of covering all of the factors listed below. In a multifactor authentication model, the more factors that can be determined simultaneously, the higher the confidence in the authentication transaction.
Here they are.

Something you have (tokens: key, prox card, mobile phone, etc.)
Something you know (passwords, PINS, codes, high school mascot, etc.)
Something you are (biometrics: eye, voice, face, fingerprint)
Where you are (location: IP address, cellular signal, GPS, in the bank branch)
When you are (time)

Mobile hardware supports all the factors above and, in the factors with bold face, mobile platform security exceeds the security attributes of PC hardware. Mobiles make better tokens because they aren’t often shared, they have blue tooth, near filed communication (NFC), wi-fi capabilities for external signaling and, of course, they’re mobile. They support passwords (OK, maybe not quite as conveniently as PC’s). Two biometric sensors, the camera and microphone, come stock on all mobiles. They know where you are at all times.

The what time it is question is a draw in the current discussion. Both technologies in question (mobile vs. PC) are equally ignored here because the question of time is answered on the server side; i.e. you can’t avoid late fees by setting the clock back on your PC when you make last month’s payment online. Payees have their own clocks. I just included it because it’s a real factor and there are ID/security applications where an individual is treated differently at different times of the day. Time also comes up in combination with location. Credit cards run fifteen minutes apart in gas stations separated by 1,000 miles raise suspicion.

That’s the theory anyway. In theory, mobile hardware can facilitate higher confidence ID authentication. In practice the security vulnerabilities of the PC world are better understood. There are several household names offering services that maintain PC hardware as a virus/trojan/worm free environment. Uptake of similar technologies has yet to take off with mobile hardware. That will change, though, if more people use mobile hardware to handle their finances.

fingerprint, ID, India, iris, modality, UID

India: UID going multi-modal

Iris scan to add layer to Aadhaar authentication (Business Standard)

Iris

One of the biggest purported flaws of the Unique Identification Authority of India (UIDAI)’s Aadhaar programme was the risk of deterioration of beneficiaries’ fingerprint quality, especially given the country’s large farm worker population, among the main target groups.

But, almost in sync with the government’s plan of rolling out the ambitious direct benefits transfer (DBT) scheme nationwide, starting with 20 districts from January 1, the UIDAI is finishing work on introducing iris-based authentication in the first quarter of 2013, said a senior UIDAI official.

mobile, modality, tokens

Mobile biometrics

Mobile Biometrics: The Next Phase of Enterprise Authentication? (Network Computing)

Smartphones and tablets have the potential to become powerful platforms for enterprise authentication. By combining biometric capabilities such as a fingerprint reader or voice recognition software with mobile devices that users carry with them all the time, enterprises may be able to roll out two-factor authentication as part of an identity and access management (IAM) infrastructure.

See also: Mobile Devices and Biometric Modalities

eye, hardware, mobile, modality, smartphone, vascular

Eye biometrics with a mobile phone camera

Mobile technology is crying out for better user authentication. Fingerprints would seem like a good match, but there’s a hardware chicken-and-egg problem: no fingerprint sensor hardware means no apps and no apps means no manufacturer has decided (long-term) to drive up the cost of their handset to provide a feature few may use.

That means biometric app developers interested in verification using mobile devices have concentrated on modalities that can use the sensors that are already ubiquitous in mobile hardware.

A phone without a microphone isn’t a phone anymore so the developers of voice biometrics are in pretty good shape. And though a camera isn’t a strictly necessary feature on a mobile device, they all seem to have them. That invites facial recognition, and eye-based biometrics developers into the mobile world.

All three (face, eye, voice) face challenges.

Scan Eyes to unlock spartphones (PSFK)
If I’m reading this article correctly, or more accurately making the correct inference from the picture that accompanies it*, EyeVerify seems to be side-stepping the challenges associated with iris biometrics and camera resolution by switching to an analysis of sclera vasculation — the veins on the white part — for mobile verification.

That’s pretty cool.

See also:
Mobile Devices and Biometric Modalities

* According to the EyeVerify site, that was the correct inference.

Health Care, ID management, iris, modality

What is the best biometric?

I often get asked what is the best biometric modality.

The article below is a good example of why the answer is always, “That depends; what are you trying to accomplish?”

Eye of the Beholder: How Iris Biometrics Could Help Solve Hospital Patient ID Problems (Becker’s Hospital Review)

One of the other major benefits, according to Mr. Powe, is the hands-off approach — literally. Patients do not have to touch any equipment with an iris scan, which helps hospitals in their infection control efforts.

“Since you don’t have to touch it, it’s an infection control measure,” Mr. Powe says. “A lot of people don’t come to the hospital because they are healthy. With palm scanning, you put your hand down, then sanitize it and clean it to keep someone from passing infections. But that’s not the case here. You just sit in a chair, line your eyes up with a camera, take the picture and you’re done.”

mobile, modality, sensor

Mobile fingerprint biometrics: Show me the sensor

Meet the Australian biometrics company working with Apple on ID technology (Smart Company Australia)

The head of an Australian biometrics company which scored a key contract with Apple says the future of mobile technology will be closely linked with fingerprint scanning and other ID tech, especially as phones and payment systems become entwined.

See yesterday’s post. Here’s a snippet.

Perhaps the greatest hurdle to mobile biometrics has been a mobile hardware chicken-and-egg problem.

So far, speculation about Apple’s future plans notwithstanding, and the short-lived Motorola Atrix, mobile handset manufacturers haven’t been willing to drive up handset costs by adding biometric sensor hardware to a device when there aren’t any applications that use it. Application developers won’t develop applications that can’t be deployed.

Barring a reversal where handset manufacturers add hardware to the devices, the only way out for biometric application developers is to use hardware that is already standard issue on mobile platforms. Besides using the touch-screen for some sort of behavioral biometric application, that means using the phone’s microphone for voice and camera for face, and now, perhaps, palm-based biometrics.

A lot of very smart people are talking like mobile device + fingerprint + NFC + payments is going to happen. Fingerprint sensors have to start showing up on mobile devices first, though.

hardware, mobile, modality, palm

Mobile Handset Camera for Palm ID?

KDDI palm authentication app (Ubergizmo)

Well, KDDI might be on to something here with their palm authentication app which runs on smartphones, which is an alternative to facial recognition software and most probably more secure than a fingerprint reader. What makes it even better is this – since it comes with a flash built in, you need not worry about using it in the dark, which is a different case for the face unlock.

Most palm biometrics (for ID management as opposed to forensic applications) use the vascular network of the hand.

This is the first time I’ve seen a palm biometric that uses a photo of a hand as the input.

Though the claims advanced in this very short article aren’t completely coherent (i.e. why can you use the flash for taking a picture of a hand but not a face?), the approach is interesting, especially within the context of mobile ID. Perhaps the greatest hurdle to mobile biometrics has been a mobile hardware chicken-and-egg problem.

So far, speculation about Apple’s future plans notwithstanding, and the short-lived Motorola Atrix, mobile handset manufacturers haven’t been willing to drive up handset costs by adding biometric sensor hardware to a device when there aren’t any applications that use it. Application developers won’t develop applications that can’t be deployed.

Barring a reversal where handset manufacturers add hardware to the devices, the only way out for biometric application developers is to use hardware that is already standard issue on mobile platforms. Besides using the touch-screen for some sort of behavioral biometric application, that means using the phone’s microphone for voice and camera for face, and now, perhaps, palm-based biometrics.

I don’t have an opinion about the viability of palm pattern recognition using cell phone cameras either from the algorithm side or the sensor side, but it is definitely interesting that people are trying to stretch mobile cameras into new applications.

UPDATE:
When I mentioned “using the touch-screen for some sort of behavioral biometric application,” this is what I meant: Your finger swipe could become your password.

To log into the new iPad app she made, computer science student Napa Sae-Bae held her hand open, touched her fingertips to the tablet’s surface, then drew her fingers together until they met in the center. Her app analyzed the way she performed the gesture — the speed of her swipe, the angles between each fingertip — to decide whether to let her in.

UPDATE II: A more detailed article on the palm camera app is out today from phones review, video by engadget.

Seeing the app in action, it’s very impressive.

ID, India, iris, modality, multimodal, UID

India: UID begins to incorporate iris, improves fingerprint results

UIDAI’s Iris Authentication proof of concept study successful (UIDAI Press Release – pdf)

The UIDAI has successfully conducted the proof of concept Iris authentication study in Mysore district of Karnataka. The study brought out the high accuracy levels (above 99.2%) achieved by iris authentication. A combination of iris and fingerprint authentication can further the goals of universal inclusion and pave the way for successful applications based on Aadhaar authentication.

The study was conducted in semi urban setting in Nanjangudtaluk in Mysore district of Karnataka between May 27th and July 30th 2012. 215,342 iris authentication transactions from 5833 residents were studied. 8 models of iris cameras through 6 different OEMs participated in this study.

This study has also brought out the specific improvement areas that biometric ecosystem needs to work upon to further improve the accuracy and coverage percentage. The detailed findings are documented in a report which is being published on UIDAI’s website. This will be followed by a workshop with the device vendors to guide them on the specific actions to be taken by them to improve algorithms and devices. UIDAI will then take up further field studies. These studies would also lead to formulation of iris device specifications for certification and deployment purposes.

It may also be noted that as a result of feedback to the biometric ecosystem, the performance of fingerprint authentication improved substantially from the time UIDAI conducted its first fingerprint authentication PoC to the last PoC. Same is expected in iris authentication domain too, which points that iris authentication has a scope of providing accuracy levels above 99.5%.

ear, modality

Because it’s been a while since we mentioned ears as a biometric modality…

Progress In Unconstrained Ear Recognition (Science 2.0)

The Southampton team have developed a new technique using scale-invariant feature transform and homographies calculated from SIFT point matches. It can cope not only with fuzzy and degraded images, but also with ears that are up to 18% occluded.

A healthy degree of skepticism is in order regarding the short and medium term prospects for the adoption of more exotic biometric modalities: ear, gait, gluteus maximus, etc. In order to make it into commercial applications (as opposed to forensic applications) either ear biometrics are going to have to accomplish an ID task more accurately and more cheaply than the more established modalities (face, finger, etc. which have a head start) or they’re going to have to facilitate identifications that the others can’t.

Maybe ear biometric verification on a mobile phone’s front-facing camera can work.

ATM, banking, iris, modality, retina, vascular

Pro Tip to Journalists: Keep Your Eye on Iris v. Retina

What is it about journalists and the human retina? I’d estimate that at least 95% of the time a journalist uses the term “retina” in association with biometric identity management modalities, they actually mean “iris”. Does anybody know why this is?

After decades, ATMs still play key role in banking (Eagle Tribune – North Andover, MA)

He said tests are being conducted in Brazil on using biometric identification — scanning retinas or fingerprints — for ATMs. In Europe, he said, there are ATMs where customers can apply and be approved for a loan during their ATM sessions. “So the technology is there to do that,” Kerstein said.

You will never see a retina scanner in an ATM. As far as ATM deployments go retina is too expensive, and it takes too much time for people to get used to using it properly. Then there’s the fact that if vascular biometrics are the answer, the hand/finger is cheaper and easier and if eye biometrics are the answer, iris is cheaper and easier. For ATM’s the vascular/eye combo is overkill.

Iris (left) vs. Retina (right)

The iris (left), which gives people “eye color,” controls how much light enters the eyeball. The retina (right) is the structure laying along the inside, back surface of the eyeball that translates light into nervous impulses for the optic nerve to send to the brain.

In a camera analogy, the iris would be, well, the iris, since cameras have them, too. The retina would be the film, or in an even better digital analogy, the charge-coupled device (CCD) that translates light into ones and zeros for computer chips.

Both iris and retina are used as biometric modalities in identity management applications.

Iris biometrics match the iris’s unique surface features (similar to fingerprints). Retina biometrics use eye’s vascular network for matching.

Retinas have been in use as a biometric identifiers for far longer than iris (1984 vs 1995), but using the iris is far more common today. This is because using the iris makes for cheaper and easier identifications.

For more on the subject, I recommend this (If you’re a journalist, I can’t recommend it enough!). It was written in 2006. Both technologies will have improved since then, but iris technologies have improved faster.

FBI, modality, tattoo

FBI wants Tattoos for Meaning not ID

FBI asks local police for tattoo databases (Bend Bulletin – OR)

The FBI wants your tattoos — more specifically, the meanings behind their inky black lines and colorful shapes — and it’s asking local law enforcement agencies for help.

This has more to do with investigating organized crime associations than ID, but applying what can be learned from local law enforcement organizations will involve technologies closely related to biometrics.

See:
Biometrics, object recognition and search

Carnegie Mellon, database, face, finger, fingerprint, iris, modality, WVU

The Challenge of Establishing a Biometric Modality

Future Eye Scanners Must Combat Aging Eyes (Live Science)

The iris — the colored part of the eye that eye-scanners analyze — changes as people age, making the scanners more likely to wrongly lock out people with every passing year, according to a new study.

The finding goes against the established, yet never-proven notion that eye scanners can accurately identify people throughout their lives, said Kevin Bowyer, a computer scientist at the University of Notre Dame who performed the study.

Read the whole thing. It’s an article that gets at an interesting aspect of the algorithm end of the biometric ID management problem. It also has input from two of the speakers at the recent TechConnectWV event: Marios Savvides (Carnegie Mellon) and Bojan Cukic (W. Va. Univ.).

A good biometric modality must be: unique, durable, and easily measurable. If any of these are missing, widespread use for ID management isn’t in the cards. If something is unique and durable but isn’t easily measurable, it can still be useful but it isn’t going to become ubiquitous in automated (or semi-automated) technology. Teeth and DNA fit this model. Teeth have been used to determine the identity of dead bodies with a high degree of certainty for a long time, but we aren’t going to be biting any sensors to get into our computers any time soon — or ever. Likewise with DNA.

There is also the challenge of proving that a modality is in fact unique, durable and easily measurable which requires a whole lot of experimental data, and especially regarding uniqueness, a healthy dose of statistical analysis. I’m no statistician, and from what I understand, the statistical rules for proving biometric uniqueness aren’t fully developed yet anyway, so let’s just leave things in layman’s terms and say that if you’re wanting to invent a new biometric modality and someone asks you how big a data set of samples of the relevant body part you need, your best answer is “how much can you get me?”

In order to ascertain uniqueness you need samples from as many different people as you can get. For durability you biometric samples for the same person taken over a period of time and multiplied by a lot of people. 


Ease of measure is more experiential and will be discovered during the experimentation process. The scientists charged with collecting the samples from real people will quickly get a feel for the likelihood that people would adapt to a given ID protocol.

For two of the “big three” biometric modalities, face and fingerprint, huge data repositories have existed since well before there was any such thing as a biometric algorithm. Jails (among others) had been collecting this information for a hundred years and the nature of the jail business means you’ll get several samples from the same subject often enough to test durability, too, over their criminal life. These data could be selected such that they were as good as they could be to assess both uniqueness and durability. For face, other records such as school year books exist and were readily available to researchers who sought to measure uniqueness and durability.

Which brings us to iris.

Where do you look to find a database of several million high-resolution images of human irises collected by professionals who took good notes? Well there’s your problem.

The solution is to go about building such a data set yourself and several organizations have been doing just that. One can make considerable progress on in the question of uniqueness with a big push, collecting more data quickly. Assessing durability, however, takes time no matter how much money and effort can be applied. Some processes can be sped up with more resources; some can’t (nine women can’t make a baby in a month) and the real bummer with determining biometric durability is that you can’t really know in advance how much time it’s going to take to prove it to a satisfactory degree. 

So it’s not a surprise that the uniqueness of the human iris was determined before its durability, and it may come about that the iris is, like the face, “durable enough.” We are all too aware that the face changes, but certain aspects of it don’t change so much that facial recognition is pointless. The same may be true of the iris. It, too, may be durable enough.

It may also turn out to be the case that irises change in a predictable way and that those changes can be accounted for on the software side, so all this isn’t to say that iris isn’t among, or won’t solidify its position among the “big three”; it’s just had a harder road to get there.

AFIS, CJIS, DNA, face, FBI, finger, fingerprint, government, iris, Kirkpatrick, law enforcement, modality, palm, privacy, tweetchat

Biometrics & the FBI’s Criminal Justice Information Services (CJIS)

Here’s a Storify transcript of this morning’s Tweet Chat about biometrics (#biometricchat).

I offer many thanks to John at M2SYS for asking me to fill in for him and Mike Kirkpatrick for taking time out of his busy schedule to lend his experience to our understanding of the FBI’s use of biometrics for law enforcement and civilian purposes.

Background for the conversation is here.

July, 19 2012 Biometric Chat with Mike Kirkpatrick : Assistant Director in Charge of the Bureau’s Criminal Justice Information Services (CJIS) Division from April 2001 – August 2004.

Powered by Storify

  1. SecurLinx
    Good morning and welcome to this month’s chat on#biometric technology! #biometricchat
  2. SecurLinx
    I’m honored to be filling in for John @m2sys as this month’s host. Thanks for asking me, John!#biometricchat
  3. m2sys
    Good morning to you and thanks for taking over this month’s chat – we really are appreciative of your guest hosting skills! #biometricchat
  4. SecurLinx
    @m2sys The pleasure is mine. AND Thank you, and welcome to Mike @MDKConsulting, for joining us.#biometricchat
  5. SecurLinx
    Today, we will be discussing #biometrics in Law Enforcement (esp. FBI). Our guest is Michael Kirkpatrick. @MDKConsulting #biometricchat
  6. MDKConsulting
    Thanks for the invite! I’m looking forward to this morning’s chat #biometricchat
  7. SecurLinx
    @MDKConsulting Mike finished his FBI career as Asst. Dir. in charge of the FBI’s CJIS center (Apr. 2001 – Aug. 2004) #biometricchat
  8. SecurLinx
    Those dates should give you some idea of the challenges at the FBI’s CJIS. #biometricchat
  9. m2sys
    @SecurLinx Quite a tumultuous time at the FBI’s CJIS…anxious to hear some of Mike’s feedback and insight. #biometricchat
  10. SecurLinx
    Feel free to chip in with your own answers – answer each question (Q1, Q2, Q3, etc.) with A1, A2, A3, etc.#biometricchat
  11. SecurLinx
    Also feel free to submit your own questions during chat or ask other questions of the group. #biometricchat
  12. SecurLinx
    Q1: What was the biggest challenge CJIS faced in the transition from a paper fingerprint system to a fully fledged IAFIS? #biometricchat
  13. MDKConsulting
    A1:There were several challenges. Building the world’s largest #AFIS; IdM had never been done on that scale before… #biometricchat
  14. Note: IdM = Identity Management
  15. MDKConsulting
    A1…Getting the budget to build it ($640M); there were no #fingerprint electronic transmission standards so they had to be.. #biometricchat
  16. MDKConsulting
    A1:…developed (EFTS); Most #fingerprints were still being captured on paper so had to be converted to digital images:… #biometricchat
  17. MDKConsulting
    A1:…Major #FBI workforce retraining; IAFIS didn’t always work as advertised in the early days so alot of downtime #biometricchat
  18. m2sys
    Q1: Were lawmakers at the time reluctant to fund this or was it generally accepted that this was natural maturation? #biometricchat
  19. MDKConsulting
    m2sys A1: Overall, congress was very supportive but this was a high profile project, the only one of its peer projects… #biometricchat
  20. MDKConsulting
    m2sys A1:…(e.g., FAA & IRS modernizations) to succeed. It turned out to be a high risk/high reward project #biometricchat
  21. SecurLinx
    Q2: CJIS is a key part of US ID infrastructure. What is the breakdown between Law Enforcement vs civilian/licensing queries? #biometricchat
  22. SecurLinx
    FBI CJIS is used for firearm background checks, child care workers, financial services employment and more…#biometricchat
  24. BiometricUpdate
    Often wondered about this breakdown myself, actually#biometricchat #biometricchat
  25. MDKConsulting
    A2: #FBI has 2 #fingerprint streams-criminal and civil (licensing & employment checks). Currently ~55% are criminal… #biometricchat
  26. MDKConsulting
    A2:…and 45% are civil. The original IAFIS was designed to process 60K prints/day. #FBI Next Generation Identification… #biometricchat
  27. MDKConsulting
    A2: …(NGI) now easily processes more than 185K/day. Quite a leap forward! #biometricchat
  29. MDKConsulting
    Firearm pre-sale checks (NICS) are name-based, not fingerprint-based. #biometricchat
  30. SecurLinx
    @mdkconsulting Good catch re firearms… done thru the FBI but no fingerprints involved. #biometricchat
  31. SecurLinx
    Q3: What is the next biometric modality CJIS would like to incorporate into IAFIS? #biometricchat
  32. MDKConsulting
    A3: In order of priority, palm prints, face, and iris capabilities will be added to NGI. #biometricchat
  33. BiometricUpdate
    We just wrote about the B12 MORIS system being adopted by FBI. How much time can apps like this save?bit.ly/LYXvug #biometricchat
  34. SecurLinx
    Let’s go quickly to Q4 and then deal with Q3 & Q4 together… #BiometricChat
  35. SecurLinx
    Q4: Then, if the Big Three of #biometrics are Face, Finger/palm print & Iris – Where does DNA fit in?#BiometricChat
  36. MDKConsulting
    A4: There’s an ongoing multi-agency effort on rapid#DNA, which will put a “quick” DNA capability at the …#biometricchat
  37. SecurLinx
    @mdkconsulting Love the quotes around quick. Definitely quick compared to earlier DNA analysis!#BiometricChat
  38. MDKConsulting
    A4:…booking stations. We should see this in the market within the next couple of years. It’ll help solve alot of cases. #biometricchat
  39. MDKConsulting
    A4: #DNA in many ways is the ultimate #biometric but still has many privacy issues associated with it as well as the past… #biometricchat
  40. MDKConsulting
    A4:…relative slowness in getting results. It can prove someone innocent as easily as proving someone guilty, which is… #biometricchat
  41. MDKConsulting
    A4:…good as all in criminal justice should be searching for the truth. #biometricchat
  42. SecurLinx
    @MDKConsulting Excellent point. Biometrics can be evidence of either innocence and guilt. #biometricchat
  43. m2sys
    @MDKConsulting Q4: So DNA quick checks will be at booking stations to circumvent lab analysis in as little as a few years? #biometricchat
  44. MDKConsulting
    @m2sys A4: These are envisioned as a “quick” check as an investigative lead rather than a full-on forensic lab exam #biometricchat
  45. m2sys
    @MDKConsulting Thank you, truly amazing advances in science for DNA processing! #biometricchat
  46. MDKConsulting
    Currently, #FBI is processing criminal fingerprints in just a few minutes. Rapid DNA is envisioned to be more like an hour. #biometricchat
  47. SecurLinx
    Q3/4b: Which (palm, face, iris, DNA) advancement in CJIS capabilities is furthest along? #BiometricChat
  49. SecurLinx
    Last question Q5: What are some near future capabilities related to #biometrics that the FBI would really like to add? #biometricchat
  50. MDKConsulting
    A5: #FBI & law enforcement are looking for smaller, faster, cheaper mobile #biometric collection devices; capability for … #biometricchat
  51. MDKConsulting
    A5:…collection at a distance for fingerprints and iris; implementation of a national palm print capability (a high % of … #biometricchat
  52. MDKConsulting
    A5:…crime scene latents are palm prints); and greater accuracy in facial recognition technology for large databases. #biometricchat
  53. BiometricUpdate
    @MDKConsulting is palm a priority for any particular reason, or is it just an indication of technological advancement? #biometricchat
  54. MDKConsulting
    @biometricupdate: Palm print capability will help to solve many crimes which are unsolved without it. Countries, such … #biometricchat
  55. MDKConsulting
    @biometricupdate: …as Australia, which have implemented palms have reported significant increases in latent matches. #biometricchat
  56. SecurLinx
    That’s all folks. Our sincere thanks to @MDKConcultingMike Kirkpartick for taking the time to talk with us: FBI#biometricchat
  57. SecurLinx
    We kept him a little late but hopefully @MDKConsulting(and you) enjoyed our conversation as much as I did.#BiometricChat
  58. MDKConsulting
    Thanks! I’ve appreciated the opportunity to chat about one of my passions! #biometricchat
  60. m2sys
    @MDKConsulting Thank you for sharing your knowledge with us, it was extremely informative!#biometricchat
  61. SecurLinx
    Thanks @MDKConsulting! Thanks @m2sys for lending me the #BiometricChat hashtag! & to@BiometricUpdate for the questions!
chat, CJIS, FBI, fingerprint, modality, tweetchat

Today 11 AM EDT: Twitter Biometric Chat with Mike Kirkpatrick – Biometrics at FBI’s CJIS

UPDATE: 
Questions added in bold section below.

When: July 19, 2012 — 11:00 am EDT; 8:00 am PDT; 16:00 pm BST; 17:00 pm CEST; 23:00 pm SGT; 0:00 JST

Where: tweetchat.com (hashtag #biometricchat

What: Tweet chat on Biometrics and Law Enforcement with Michael D. Kirkpatrick (@MDKConsulting)

Questions:

Q1: What was the biggest challenge CJIS faced in the transition from a paper fingerprint system to a fully fledged IAFIS?
Q2: CJIS is a key part of US ID infrastructure. What is the breakdown between Law Enforcement vs civilian/licensing queries?
Q3: What is the next biometric modality CJIS would like to incorporate into IAFIS?
Q4: If the Big Three of biometrics are Face, Fingerprint & Iris – Where does DNA fit in?
Q5: What are some capabilities related to biometrics that the FBI would really like to add?

When John at M2SYS asked me to guest host the July #BiometricChat, I immediately thought of Michael Kirkpatrick. I’m happy to announce that he’s agreed to join us. I offer my sincere thanks to both of them for the opportunity.

Michael Kirkpatrick

Michael D. Kirkpatrick, as the FBI’s Assistant Director in Charge of the Bureau’s Criminal Justice Information Services (CJIS) Division from January 2001 – August 2004, led the Division through profound IT changes especially relating to the application of biometric technologies to the challenges of law enforcement.

Back in the day (i.e. before 1999), fingerprint analysis for law enforcement purposes was a much different ball game. Everything was accomplished with paper, ink, and highly-trained, dedicated  fingerprint analysts. That made law enforcement biometrics pretty much the only biometrics game in town because there weren’t really any commercial applications for that type of set-up. Sure, some professions required criminal background checks, but the fingerprinting part was mostly there to make it easier to catch people in the event they committed crimes at some later date.

Presently, the FBI maintains the world’s largest collection of biometric data and facilitates information sharing between law enforcement organizations and a range of both public and private entities. The CJIS center handles more than 61 million ten-print submissions a year. Average response time for an electronic criminal fingerprint submission is about 27 minutes, Electronic civil submissions are processed within 72 minutes.

The successful transition from a paper system to an Integrated Automated Fingerprint Identification System (IAFIS), presented a range of technical, organizational and managerial challenges such as: What to do with all the paper records; What technical standards to apply to digitization; Determining what confidence level constitutes a match; How to receive input remotely and transmit results;  How to store the information securely; What policies to put in place; Determining whether current international agreements were adequate or forging new ones necessary. The list goes on and on.

Without the hard work sorting out these kinds of questions done by those at CJIS, biometric ID management applications, beginning with fingerprint biometrics, simply would not have nearly the impact in the public and private sectors that they do today. Michael D. Kirkpatrick was one of the many people who helped make it all possible.

Over the course of his career, Michael has done far too many interesting things in law enforcement and biometrics than can be listed here. Thankfully, he has posted a brief overview of some of his experiences at his site, here. He tweets at @MDKConsulting

We hope that you will spread the word among your colleagues and friends and join us Thursday, July 19 at 11am EDT.

hack, iris, modality

Iris Biometrics: Come on Down!

It’s not a real biometric modality until someone hacks it (yes, I’m talking to you foot, ear and butt). So cheer up, iris. You’re in good company.

Black Hat: Hacking iris recognition systems (Bank Info Security) UPDATE: Link was wrong before, fixed now.

The article is short on detail about how and how successfully iris systems have been hacked but more information will certainly follow Black Hat’s presentation on July 25 summarized as follows:

FROM THE IRISCODE TO THE IRIS: A NEW VULNERABILITY OF IRIS RECOGNITION SYSTEMS

A binary iriscode is a very compact representation of an iris image, and, for a long time, it has been assumed that it did not contain enough information to allow the reconstruction of the original iris. The present work proposes a novel probabilistic approach to reconstruct iris images from binary templates and analyzes to what extent the reconstructed samples are similar to the original ones (that is, those from which the templates were extracted). The performance of the reconstruction technique is assessed by estimating the success chances of an attack carried out with the synthetic iris patterns against a commercial iris recognition system. The experimental results show that the reconstructed images are very realistic and that, even though a human expert would not be easily deceived by them, there is a high chance that they can break into an iris recognition system.

Stay tuned.

Carnegie Mellon, foot, modality

Carnegie Mellon University Sets Up New Foot Biometrics Lab

Carnegie Mellon University’s Biometrics Center Selected To House New Pedo-Biometrics Research and Identity Automation Lab (Press Release)

Identity science takes a giant leap forward with a new discipline in biometrics. Carnegie Mellon University researchers at the new $1.5 million per year Pedo-Biometrics Research and Identity Automation Lab are teaming up with Autonomous ID, an Ottawa, Canada, company currently relocating operations to the U.S., to test insole sensory system prototypes for a variety of identification uses, from security to detecting the onset of such diseases as diabetes and Parkinson’s.

The CMU Pedo-Biometrics Lab, headed by Electrical and Computer Engineering Professor Marios Savvides, will provide the roadmap for scientific analysis and algorithm research and development for the new pedo-biometrics discipline, which uses a specially designed insole to monitor foot movement.

Arkansas, education, face, fraud, Mississippi, modality, schools, Tennessee, US, voice

US: Biometrics (Voice) to be Applied in the Wake of Teacher Certification Scam

Details of teacher certification scam uncovered (WMC-TV 5 Memphis, TN)

Ewing confirms one of his workers spotted odd behavior that triggered a 45-count indictment against Clarence Mumford and the de-certification of more than 50 teachers in Arkansas, Mississippi and Tennessee.

“The people who serve as our test center supervisors, monitors, and room proctors are our first defense against such things,” Ewing explained.

According to court documents, Mumford hired four co-conspirators to assume the identities of teachers and aspiring teachers who could not pass the PRAXIS teacher certification test.

A PRAXIS worker noticed one person taking the same test several times in one day.

But technology may be the reason it went undetected 15 years.

Investigators say Mumford manufactured fake drivers licenses with his test takers photos and the aspiring teachers’ information.

Ewing says the vast majority of teachers who take the tests are honest, but changes are in store, including biometric voice scanning.

How voice enrollments and matching will work isn’t spelled out. I would have thought that since ID photos were the problem, facial recognition might have helped. I mean, you have one guy with one face who took, and passed, the test like fifty times!

Action News 5 – Memphis, Tennessee

AFIS, chat, CJIS, FBI, ID management, interoperability, Kirkpatrick, law enforcement, management, modality, standards, technology, tweetchat

Michael D. Kirkpatrick FBI Assistant Director in Charge of Criminal Justice Information Services (Ret.) to Discuss Biometrics & Law Enforcement at July #BiometricChat

When: July 19, 2012 — 11:00 am EDT; 8:00 am PDT; 16:00 pm BST; 17:00 pm CEST; 23:00 pm SGT; 0:00 JST

Where: tweetchat.com (hashtag #biometricchat

What: Tweet chat on Biometrics and Law Enforcement with Michael D. Kirkpatrick (@MDKConsulting)

Topics: The past, present and future of biometric ID management applications in law enforcement, interoperability, modalities.

To send questions for the #BiometricChat:
Email: SecurLinx blog
Twitter: @SecurLinx, hashtag #biometricchat

When John at M2SYS asked me to guest host the July #BiometricChat, I immediately thought of Michael Kirkpatrick. I’m happy to announce that he’s agreed to join us. I offer my sincere thanks to both of them for the opportunity.

Michael Kirkpatrick

Michael D. Kirkpatrick, as the FBI’s Assistant Director in Charge of the Bureau’s Criminal Justice Information Services (CJIS) Division from January 2001 – August 2004, led the Division through profound IT changes especially relating to the application of biometric technologies to the challenges of law enforcement.

Back in the day (i.e. before 1999), fingerprint analysis for law enforcement purposes was a much different ball game. Everything was accomplished with paper, ink, and highly-trained, dedicated  fingerprint analysts. That made law enforcement biometrics pretty much the only biometrics game in town because there weren’t really any commercial applications for that type of set-up. Sure, some professions required criminal background checks, but the fingerprinting part was mostly there to make it easier to catch people in the event they committed crimes at some later date.

Presently, the FBI maintains the world’s largest collection of biometric data and facilitates information sharing between law enforcement organizations and a range of both public and private entities. The CJIS center handles more than 61 million ten-print submissions a year. Average response time for an electronic criminal fingerprint submission is about 27 minutes, Electronic civil submissions are processed within 72 minutes.

The successful transition from a paper system to an Integrated Automated Fingerprint Identification System (IAFIS), presented a range of technical, organizational and managerial challenges such as: What to do with all the paper records; What technical standards to apply to digitization; Determining what confidence level constitutes a match; How to receive input remotely and transmit results;  How to store the information securely; What policies to put in place; Determining whether current international agreements were adequate or forging new ones necessary. The list goes on and on.

Without the hard work sorting out these kinds of questions done by those at CJIS, biometric ID management applications, beginning with fingerprint biometrics, simply would not have nearly the impact in the public and private sectors that they do today. Michael D. Kirkpatrick was one of the many people who helped make it all possible.

Over the course of his career, Michael has done far too many interesting things in law enforcement and biometrics than can be listed here. Thankfully, he has posted a brief overview of some of his experiences at his site, here. He tweets at @MDKConsulting

We hope that you will spread the word among your colleagues and friends and join us Thursday, July 19 at 11am EDT.

Please send questions via:
Email: SecurLinx blog
Twitter: @SecurLinx, hashtag #biometricchat

We’ll publish the chat questions in an update to this post early next week.