Is biometric technology ready to take over from passwords and RFID?

الإثنين، 21 كانون1/ديسمبر 2015 1526

 

In 2013 the facial recognition market was valued at $1.17 billion and it is expected to grow at a continual annual growth rate (CAGR) of 9.5% from 2014 to 2020, to hi $2.19 billion by 2019. This increased investment clearly demonstrates the security  industry’s growing confidence in biometric solutions, as do moves to replace passwords to access everything from smartphones to bank accounts with fingerprints, facial recognition and iris scanning. We’ve been finding out how key leaders in the field are seeing biometrics being used.

Gary James, Head of Sales & Customer Relations, Aurora, explained what he believes is driving investment in technology like facial recognition, saying, “After years of being the subject of far-fetched sequences in movies, where subjects are recognised in crowded streets from satellites, the key to growth has been a combination of improved technology but also the realisation that there are a range ofverification tasks (matching one to one, or one to a few) for which facial recognition is perfectly suited. As a biometric method, facial recognition is hard to beat because its hygienic (being totally non-contact), very fast and most of us remember to take our face with us wherever we go!”

Simon Gordon, Chairman of Facewatch, added, “I think that within three years we will expect our mobiles/cars/houses and even our favourite shops to recognise us, whether that is purely by face recognition or more likely by a combination of at least two measures where the data is important. We all rely on passwords and keys at the moment but this is inconvenient and insecure as can be seen by the constant ID theft and the fact that you can now apparently buy a device to unlock pretty much any modern high end car for £25!”

However, despite predicting that passwords will be replaced by biometrics, Gordon doesn’t think the existing technology we’re seeing in action on tools like smartphones is up to the job – not quite yet anyway
.
“Within the next year or so I am sure it will be though,” he said, “I for one cannot wait to get rid of my passwords, but I do think where the authorisation is for high value transactions it will be necessary to have dual verification rather than rely on one biometric measure.”

James believes that the success of these kinds of deployments depends on a combination of the robustness of the technology and the compliance of the user.

“Last year we processed over 14 million facial recognition events at Heathrow for self boarding,” he said. “The experience would seem to indicate that as long as the application is well judged, the technology is more than up to the task and will only get better.”

The biggest objection within the industry to biomet rics taking the place of our passwords is the question of what happens if your biometric data is stolen. Changing your fingerprints is slightly trickier than changing a password. Gordon is realistic about the threat this poses, but he also raises a valid point that although a fingerprint can be forged, a facial recognition algorithm cannot be utilised to recreate someone’s face.

“There will always be clever people trying to break whatever security measures are built unfortunately,” he said, “however,a facial recognition algorithm cannot be used to recreate a picture of a face so no matter how good the algorithm (and each system will be different) there is only one face. If the detection is smart enough to recognise that the face is not a picture and combines it with, say, voice recognition, I think it will be pretty hard to fool. As least your face goes with you so no one can steal it without you knowing about it! No doubt it may eventually be possible to build some kind of mask and voice generating system as in Mission Impossible, but this is beyond the scope of most criminals!”

James is inclined to agree that perhaps fooling a biometric based system isn’t as simple as some critics make it sound. He said, “Most serious biometric systems are extremely adept at knowing whether they are being asked to process data from a ‘live’ being or not. We ensure this by using highly specialised sensors rather than ordinary CCTV cameras so people cannot present photographs, masks etc to impersonate others. I’m sure manufacturers of other types of biometric readers will
have overcome this challenge too.”

Another question critics of mass use of biometrics solutions have raised is managing insider threat and protecting databases that store biometric information. Aurora has worked security for the information it stores into its systems, James explained.

“Once individuals are enrolled into a biometric system, their identity exists as a ‘template’ rather than an actual picture or image of their fingerprint for another type of system,” James said. “This can only be interpreted by the biometric system which created it, making it useless to a third party. These templates are stored on computer servers so normal data security rules should apply too - thereis nothing different about the steps we need to take to protect this type of data. If you somehow managed to steal my biometric template, you would still need my actual face to use it anywhere. This is why biometric is the way forward for access control and many other verification applications.”

Gordon agrees that the threat to stored biometrics data is not all that different to the threat to any other sort of personal information, saying “Data will always be valuable if it can be used to gain value or advantage. If you could steal the biometric data used to authorise payments and somehow reverseengineer a product that would enable you to hack into bank accounts (say) then of course there is a threat. But this is no different to the threat of breaking in and finding passwords – the biometric data is like the lock but the real live face of an individual is the key so it’s no use stealing the lock, you want the key!”

Facewatch is an online digital crime and incident reporting system, linking businesses and police as well as the CPS seamlessly. It also in terms of crime prevention acts as a secure central database that stores watch lists for groups in a Data Protection compliant manner. Gordon explained that Facewatch is being linked to facial recognition and automatic number plate recognition (ANPR) systems to enable business users to receive alerts when a match occurs. For example, when someone walks into a bar or shop who has been banned an alert will be pushed via a mobile app to the appropriate staff members. By acting as a central hub, Facewatch can enable businesses to share watch lists in a compliant manner no matter which biometric system they wish to use.

Aurora offers a product called FaceSentinel, which James told us, is the first application of Deep Learning (DL) in the security industry. DL is a form of artificial intelligence in which a computer ‘brain’ can be trained to recognise characteristics patterns by processing large amounts of data. DL has recently been applied to many tasks that are familiar to us in everyday life. In this application, DL manifests itself in increased recognition accuracy, wide ranging tolerance to the way subjects present to the sensor and overall speed.

Facial recognition in airports
Written by Bill Flind, Chief Executive, Ipsotek.

Ipsotek is a provider of advanced video analytics (VA) solutions with a number of critical security deployments in airports, augmenting its advanced VA solutions with facial recognition capability. Facial recognition has established obvious security uses within the airport market, however more recently than this has extended to operational uses. A typical example is journey time measurement, whereby facial recognition time-stamps a face (anonymously) as it joins a queue or at a pinch point and then measures the time taken for the same face to reach the queue end or the next pinch point.

Using this approach for many random faces provides very accurate journey or wait time information. However, it is not real time information. It only tells you the time it took your subject to get from A to B and does not moderate the result for something happening after your subject joined the queue. In an arrivals immigration scenario, an A380 flight of passengers could have joined the queue immediately after your subject. While he may have taken 20 minutes to reach the immigration desk, the true wait time for the A380 passengers is probably much higher and it will take some time for your journey time measurement to detect this. However, VA can make a real-time adjustment. In this case, the VA will pick up the sudden change in queue volume and adjust the estimated wait time. With several days of information and measured journey times for differing real-time volumes, the system can be calibrated to provide accurate real-time estimated wait times.

Ipsotek has deployed several airport systems that extended its VA forensic search capability to include facial recognition. These systems store all faces captured over a period of time, typically 30 to 60 days. The system can then be presented with a picture of a person’s face and search to see if that person has been in the airport in the last 30 or 60 days.

Future combinations of VA and facial recognition for airports will use facial recognition technology with Ipsotek's patented multi-camera tracker, Tag and Track (TNT). Facial recognition provides a very powerful addition to the TNT technology and the combination is in active development with alarge airport customer. Facial recognition not only improves the performance of the people tracking capability across a crowded airport, but will also automatically track people of interest in real time who are identified on a facial recognition watch list.