Biometric Identification Solutions
The European market, with its unique diversity, interdependence, heritage and values create special trends and opportunities for the development of identification technologies and services to maximize the benefit for the citizens and to protect society from any possible adverse side effects. After 9/11 and the terrorist attacks in Europe, every indication in the marketplace points to the fact that stronger security is needed.
Identification technology can be divided into biometrics, token-based identification systems and knowledge-based systems. This article will focus on biometric identification where technology relies on human characteristics to verify the identity of an individual. Face features, fingerprints, hand impressions, iris recognition or DNA are the kind of physiological features that can be used in biometrics. Biometric characteristics represent a part of a person’s individuality and are intimately linked to their selves. Biometric is a complex technology and, supported by new services and improved processes, can realize profound business change.
Biometrics technology has become one of the central aspects of national and international security and immigration policies in Europe. The technology has become a priority area for funding in the EU the last few years. EU has also been a major player in promoting biometric applications. Border control procedures provided the first rationale for the introduction of biometric identification systems and biometric databases in Europe. Now biometrics are gaining prominence as a more reliable way of identifying individuals in the retail and private industry as well.
In reference to identification technology, this section will focus on fingerprints, finger veins or veins in the palm, face-recognition, eye-scanner, voice-recognition, NFC, ID-cards and technology that combines biometric and other identification possibilities. European networks working with identification trends and new databases will also be discussed. Case studies will be used to show how the technology is treated in practice.
The Different Trends
Fingerprints have been present in identification technology for decades, and have always been the most widely used type of biometrics recognition. In the last years, this practice has decreased, especially since other biometric technologies like palm vein and hand geometry are becoming more feasible and prevalent. Some might say it has played out their role in the public, but they are becoming more popular in private retailing and services. This is because the technology is becoming mature and cheaper and is then more accessible for retailers and other private companies.
Trends that are evolving within fingerprints include fingerprints saved on bankcards or phones. IDEX, a Norwegian biometric security company, has had great success in 2012 making fingerprint sensors on a cover of Android or Apple based phones. The fingerprints can be used to log on to social media, e-mail and other applications with sensitive information just by the swipe of your fingertips without the use of username/password. They have also made an agreement with Embedex in the US, where they will be producing access cards for student dorms. The fingerprint is saved on the card and the individual using the access card must have the same fingerprint that is saved in the card to activate it. The fingerprint is not saved in a database, but on the card, which makes people feel safer.
Fingerprints are also being increasingly used for authorization in the retail industry. The Norwegian grocery store ‘’Bunnpris’’ has since April 2012 used fingerprints to authorize people over 18 years of age to buy alcoholic beverages and tobacco. Customers of legal age can register on the normal registrar and then later swipe their finger on the self-serve check-outs to receive authorization. The Data Inspectorate in Norway first declined the application, but Bunnpris appealed the verdict, and the solution was later accepted. The reason for the acceptance what that Bunnpris did not identify anyone with the technology, they simply authorized it. The firm that owns Bunnpris also owns other groceries stores in Norway and they are planning to spread the procedure to the larger chains. The Data Inspectorate in Norway did receive multiple criticisms for they are cutting all the biometric identification solutions over one comb.
In the Spring of 2012 there was also a second verdict the Data Inspectorate in Norway had to change. They had to allow the use of fingerprint to get in to the gym chain Fitness 24 Seven. Here the fingerprint is connected to the card, not to a database. It was also a case of authorization, not identification. One of Norway’s first experts on biometric identification argued that that data inspectorate in Norway lies under a strong pressure of a messy set of rules that was never meant to fit all types of biometrics. Technology grows faster than regulations.
Scandinavia Airlines (SAS) are shutting down their fingerprint recognition. They were using fingerprint to connect passenger to luggage. There were regulations that the same person that delivered the bag boarded the flight. The procedure was voluntarily for passengers, they could still use normal ID instead. SAS did not register the entire fingerprint, just 8 points on the fingerprint and after the flight took off, the points were deleted. They are cancelling the procedure because of new EU regulations that does not have rules for identification like that now. SAS are now approaching Near Field Communication (NFC) a newer technology that can be used for identification.
In much of Europe, the METRO group, uses single fingerprint database for payment. The technology was introduced in 1988, and in 2011 you could pay without card in more than 650 stores in Germany, Poland, Romania, Turkey and Russia. The customer can also choose if they would like to be part of the VINGADO database which can be used by any store in Europe. They promise that biometric data is not mixed with personal consumer data and guarantees very high security. This might mean that German legislation might be a bit more lenient, and is farther along.
Finger-vein/veins in the entire hand
This technology is widely used in Europe for logical access control. The person puts it hand on top of a scanner and the scanner will map the veins in the finger/hand. Internal biometric is an increasing trend, the veins need to be alive, and they make certain that live blood vessels are present. This technology can stop many fraud attempts. The European bank companies are getting inspired by how vein recognition technology is helping combat the increasing incidence of financial fraud and forgery in Japan. Several of the banks have replaced PIN with palm and finger vein recognition.
BPS Bank (Poland, 2010) have already introduced bio-metrical ATM in Warsaw where the ATM scan your finger tip veins which are compared to the data saved in the database or in the bank card. They use it as an alternative to a PIN-code.
The Home office in UK has sent out a tender in March 2012 for a £12.8m facial recognition system to help determine an applicant’s entitlement and eligibility for a British passport. In June they have made a selection of possible suppliers. They will both implement a facial recognition system engine and system to interact with the facial recognition system engine. The use of biometrics for residence permits has recently been expanded. ‘’While IPS (identity and passport service) is pressing on with biometrics in certain areas, there is still confusion around the use of facial biometrics in others, especially around the future shape of e-borders.’’
UK has also used face-recognition at Stansted airport in a trial project started in 2009, where they have six automated border clearance gates. This enables European e-passport holders to cross the border in self-service mode by using the picture saved in the passport. From September 2011, passenger going through terminals one and five at Heathrow will have their faces scanned from September before they board their planes. Travelers will be enrolled into a facial recognition system and the biometrics linked with the boarding pass on entry into the common user lounges at the terminals. Passengers will then be verified against their previous enrollment before boarding their flight. This will help people that buy an international ticket swapping to domestic with other people to stay in the country. Heathrow also plans to implement face recognition checks (e-gates) for non-EU residents when they enter the country, which was supposed to be ready for the Olympics summer 2012, but the implementations have been delayed. They use the biometric chip such as in Stansted. This will take some of the pressure of the ordinary EU-counter to use the biometric chip.
The use of face recognition is increasing because of three trends; camera technology has better resolution, more versatility that comes from easier processing removes the confines of the security control room and dramatic improvements in computer vision algorithms increase accuracy and performance. These trends have put the EU in a position to make an option considering the legal framework and provide appropriate recommendations applicable to facial recognition technology when used in the context of online and mobile services.
The use of eye-scanning in Europe is declining. In February 2012 UK Border Agency’s hi-tech eye-scanner program is in danger of being scrapped, with two airports ditching the service and registration now closed. IRIS was a good technology at the time it was implemented, but it takes too much time having problems with lining up their eyes with the camera and does not have the same efficiency as they thought.
Voice-recognition has operated in the shadow of physiological biometrics, but has demonstrated great promise in the last few years. Multiple banks in Europe are now testing voice biometrics for banking verification.
NFC (Near Field Communication) allows small amounts of data to be transferred wirelessly over a relatively short distance or by physical touch. The technology is an evolution of RFID (Radio-Frequency Identification).A person can, for example, tap their phone or a sticker with a NFC-antenna against something, and this triggers some response. The NFC Forum promotes the potential for NFC-enabled devices to act as electronic identity documents and keycards.The Scandinavian airline, SAS, are not going to wait for NFC to be part of every phone, but they send out stickers to all gold members that they can use for identification. The stickers hold small radio senders, and they can be attached everywhere the person wants to. This is an identification technology which has just started to grow, and can have very high impact when it comes to using the phone as an electronic-wallet or identification.
There is a trend with using biometric identification technology in new ID-cards. When it comes to the Nordic countries, it is special with Special with Norway, the only country in Europe that uses bankcards as ID. They are currently working with an end to the bankcards and focus on making national ID-cards instead. The bankcards are easier to fake and misuse, the bank does not want to be responsible for the security that really is not their job. The new ID-cards are going to have as much security as the biometrics passports. The implementation was supposed to happen in 2013, but is not going to happen before 2015.
In the rest of Europe most countries have identity cards meeting a European standard that can be used by European citizens as a travel document in place of passport. The trend is evolving towards more sophisticated cards and some countries are looking towards the Estonia ID cards. They can use their card to vote online, transfer money and access all the information the state has on them. The card can also be used as a bus ticket, library card and at the pharmacy. Nothing is saved on the ID itself, but it gives the user access to a database if they type in the correct code while using the card. Many people also have a special ID chip on their phone so they can pay people by text. They feel that they are keeping tab on the state, not the other way around. The mindset is different; they are past the big brother state. They can see who visited their data and challenge any suspicious data.
Combination of biometrics and other identification technology
Another identification technology trend is an increased focus on the use of biometrics together with other identification technology. Multi-factor authorization is ‘something you know’ (a PIN, password or answer to a challenging question), plus ‘something you have’ (a physical token or a mobile phone) plus ‘something you are’ (biometric identification). As for example smart phones morph into electronic wallets, demand for strong authorization that voice biometrics can provide will only accelerate. Two-token authorization providers like RSA’s secure ID have been hacked, so there is a need for a better system combining all of them. The bankcards with fingerprint-sensor are an example of this trend where they combine a bankcard, PIN and fingerprint. There is also a trend to integrate multiple types of biometric into one single unit for more accurate authentication.
Visa Information System
There is also a trend in Europe to collect more biometric traits. In the new VIS (Visa Information System) they collect fingerprints and pictures from all the people that apply for visa to the Schengen countries from 11.october 2011. Visa application from non-EU passport holders is then processed faster and more securely thanks to the use of biometrics. It also aid in reductions in illegal entry to the EU and in identity theft, then improving and modernizing the common EUs Visa application process. VIS will contain all visa applications so there will impossible to go visa shopping. This new system will allow for a quick and effective exchange of data on short-stay visas among Schengen countries. The database will also make checks at borders easier. Fingerprints will be deleted after 5 years.
The BEST (Biometrics European Stakeholders Network) are viewing the current situation as ‘’We are now on the verge of a new epochal transition that is characterized by the fact that the human species is becoming again nomadic towards a global information society that is characterized by increasing connectivity and both real and virtual mobility, the identification and authentication of individuals of paramount importance. In this scenario, personal identification schemes based on the infrastructure of the national state are less and less tenable’’. They are augmenting for a sharing of biometric over national borders.
The BEST networks deliverable D7.3 presents an overview of the ethical, social and policy implications of biometrics. They present the term ‘’second generation biometrics’’. ‘’The contemporary era of biometrics is bringing along significant changes, that have led many to speak of a “second generation biometrics”. These emerging biometrics are usually based on the analysis of body dynamics or physiological traits, captured in real time and at a distance, not necessarily requiring that the cooperation of the individual being enrolled.’’ BEST network will work with promoting the development of new policy implementation schemes through working groups and workshops. ‘’The first large scale implementations of biometric Identity Management Systems already revealed four basic challenges requiring an EU-wide stakeholder approach:
- State-of-the-art technologies are not mature enough to provide sufficient performance, accuracy, scalability, system reliability and usability
- Insufficient commonly agreed quality assessment highlights the need for further testing, evaluation, and certification
- New security problems have arisen including protection against ID theft, counter-spoofing
Conclusion: what is happening in the future?
Accenture expect that the importance of identity will drive biometrics adoption in two very different directions: high-security uses in government and business, and convenience-driven uses for average individuals. Mobility, health and e-commerce all require strong forms of authentication in the face of increasing security threats. Biometrics solutions are also becoming more affordable, and organizations will then have more options for acquiring and implementing biometrics at different investment levels. Automation and identification tools and processes can improve public safety and security, but also simplify and enhance the experiences of citizens.
The general views of biometrics in Europe are also changing. 81 % of the people say that they are willing to identify them self with biometrics. The last year’s biometrics have started to get more safe and reliable than other technology. It is more important to look to the innovations then to hang up in the thought of big brother sees you. Associations like The European Association for Biometrics (EAB), founded late 2011, wants to drive biometrics R&D while protecting privacy. They work towards this goal by bringing together industry, regulators and user groups as an independent contact point for interested parties.
‘’Those who would give up essential liberty to purchase a little temporary safety, deserve neither liberty nor safety” Benjamin Franklin. PACT (Public perception of security and privacy: Assessing knowledge, Collecting evidence, Translating research into action) use the quote as their vision. The project believes that security, privacy and fundamental rights are not necessarily in tension, but that they may all be pursued together. It was recently launched at the European Parliament on June 20th, 2012.
Some voices also speak against these trends, what view biometrics as an interference with privacy. And besides its interference with privacy and intimacy, the use of biometrics in surveillance and control directly affect the individuals’ freedom of movement and may be even their feeling of ‘being free’.
BEST have identified some ‘’Emerging trends in technology development
- Soft Biometrics, behavioral and physiological biometrics;
- Multimodal systems;
- Sensors for data capture on the move / at a distance;
- Intention Detection technologies;
- Anti-spoofing techniques, aliveness detection methodologies;
- Privacy preserving biometrics modalities: Biometric Encryption, PET (Privacy Enhancing Technologies) and PbD in biometrics.’’
As the public security market matures, the industrial implications are that providers offering types of biometric technology deployed for public security and law enforcement uses may turn to the commercial services as new markets. Due to ever increasing quantity of social security and welfare disbursement fraud, credit card transactions, cellular phone calls, ATM withdrawals, and visa applications, a number of organizations are evaluating the use of biometrics to enhance security, reduce fraud and improve customer satisfaction. The ability of biometrics to establish identity with a high degree of authenticity represents an opportunity not to be missed.’’
Using biometric technology to recognize citizens and customers, coupled with streamlined processes and effective organizational design, will not only deliver strong identify management capabilities but also lead to better business outcomes and, ultimately, high performance. The application of biometrics in daily activities are expected to deeply transform our life: examples include the services offered in e-commerce, e-banking, registered travelers schemes, smart environments and ambient intelligence.
‘’The existing legal framework for biometrics is in essence an ‘enabling legal environment’ regulating the use of biometrics but in fact lacking normative content .For that reason, more specific rules are needed which prohibit use where there are disproportionate power balances. Such legislative initiatives have to be sufficiently precise. Regulation which provides for the use of biometrics ‘for security purposes only’ is superfluous.’’ Technology changes are more effective when complemented by organizational and behavioral change.