Biometrics: The time has come?
By David Goodman, senior analyst, KuppingerCole
Most IT professionals over the last ten to fifteen years when asked about the future of authentication would either confidently assert or otherwise quietly mutter that it would be some form of biometrics but ask not to be pressed as to when or how. And with good reason: we’ve been waiting for a long time and had all sorts of trials, experiments and promises hurled at us that it was at times embarrassing. But is the tide turning and can we, for the first time, actually say that biometrics in one form or another are about to go mainstream? The answer, you’ll be pleased to know, is both yes and no.
In a few weeks the International Association for Identifications (IAI) will be celebrating its centenary with an educational conference in Sacramento. On August 4, 1915, Inspector Harry H. Caldwell of the Oakland (California) Police Department’s Bureau of Identification gathered together 22 of his fellow professionals to further the aims of the identification profession. Harry and his colleagues were interested in furthering the use of fingerprint technology primarily for the purposes of criminal identification. But no matter for what purpose, the work they and others were carrying on from the 19th century pioneers, we saw the fruits of in IBM’s Thinkpad T42 fingerprint reader over ten years ago which at the time was considered to be ground-breaking. And today, Apple’s TouchID fingerprint identity sensor incorporated into iPhone 6 might just get people use to the idea that passcodes and PINs are so 20th century and becoming redundant. On top of that ZwipeMastercard, a collaboration between Norwegian company Zwipe and MasterCard, is a debit card launched last October that was initially introduced in Norway and Poland and is planned to go global. It requires users to press a finger against a small pad on the plastic to unlock the card whereupon the card is able to visualise a range of information that exists on current cards but is buried on the chip.
So all is good, biometrics are here to stay.
Undoubtedly, yes – they’re not likely to go away after this long uphill journey. But there is a niggling concern that fingers, like irises, could get damaged, through accident or disability, or the pattern of swirls could be copied or even stolen. And then what do you do? If the uniqueness of your fingertip whorls is violated, that’s it – you won’t have the opportunity of registering a new set of prints. Unlike the vilified username and password which in most scenarios you can replace and replenish every day of the week if you so wish.
Much of our confidence in biometric technology is based upon the premise of an accurate match between samples. We assume that such matching will be undertaken to an equivalent level across applications and nodes and that the associated data are accurate. Time again this has been proven an assumption too far although, with two or three factor authentication, the risk is diminished but at the loss of the ideal of single factor authentication.
Counter intuitively perhaps, behavioural rather than biological techniques are proving statistically more reliable, at least in the lab. Keyboard swipes are probably the most familiar and have the advantage of being unobtrusive and, by continuously amassing usage data, constantly improving. It is surprising that the average smartphone has 19 sensors each of which can be configured to identify the owner. One such is the accelerometer, a sensor that measures the tilting motion and orientation of a mobile phone and is used to ensure photographs are presented in the correct way depending on the way the phone is held. But it can also recognise patterns of walking that are remarkably difficult to spoof. To date most behaviour-based techniques have not yet broken through the barrier of consumer trust and come to market. However, one example of a commercial application is NICE Systems’ Speech Analytics solution that employs voice recognition based on a variety of parameters and speech patterns to establish uniqueness that can be recognised in near real time once registered. If voice recognition gains traction and trustworthiness, it would be a godsend for every call centre, massively improving both the customer and the operator’s experience.
So raise a glass to the stalwarts at the IAI on their anniversary and privately cheer that we finally seem to be on the way to an increasingly sophisticated appreciation of how different biometric approaches could improve our lives. And I haven’t even started on DNA …
Dr. David Goodman is Senior Analyst at KuppingerCole and has written numerous articles on identity. He is also a well-established speaker and moderator at seminars and congresses. David Goodman graduated from the University of Manchester and went on to complete a D.Phil. at the Oriental Institute in Oxford. He has over twenty years IT and telco experience in senior identity-related positions across a wide range of companies and organizations on both sides of the Atlantic. For the last eleven years, he has also been chairman of EEMA, the leading European identity and cybersecurity membership association. David Goodman covers subscriber data management and big data/analytics issues for telcos and other verticals.