By Anoop Verma
Press your eyeball into the retina scanner, or just brush past a proximity sensor, the modern biometric security systems are all about using the unique in your personality to make it easy for you to access certain secure areas
When we want to do anything online, we identify ourselves through user IDs and passwords. These identifying tools are not only difficult to manage, their security is also a cause of concern. IDs and passwords can be forgotten or stolen; devices can be hacked or tampered with. Many of us find ourselves juggling around with up to 100 passwords, far too many for the human mind to remember. Some take the path of least resistance and write their passwords on pieces of paper, which they store in their desks or even stick to their computer screens. We have reached a stage where we need alternatives to passwords.
“Biometrics is a complex technology but when supported by new services and improved processes, this technology can lead to profound improvements. All governments are realizing this, including the Government of India,” says Adarsh Parekh, Partner, Lead – Identity and Border Management, Accenture.
Recently the leading technology company,IBM, presented its forecast for 2012 in a blog, which carried this interesting quote, “Biometric data – facial definitions, retinal scans and voice files – will be composited through software to build your DNA unique online password.” The technology that can be used to identify oneself without using passwords and IDs is already there. “Fingerprint reader, Face recognition, Iris scanning, Voice recognition, Palm Scanners and Retina Scanners have been deployed according to the sensitivity and security needs of the respective organisations,” says Govind Rammurthy,CEO & MD, eScan. In times to come you might not even need to use your debit card for withdrawing money from ATM. You will only have to look into the camera at the ATM booth and speak your name.
Scanning for an unique match
Unlike password or PIN, biometric traits are more difficult to forge, copy, share, misplace or guess. While safeguarding the safety and integrity of the user’s information, biometric systems also enable the authorities to determine if a person has been issued multiple official documents, like ration cards, voter ID cards, driving licence or even passport. This is the reason why biometric systems have been gaining in popularity during the last few years. Facial scan technology in laptops, notebooks and in high end smartphones has become fairly common these days.
Partner, Lead – Identity and Border Management, Accenture
“Biometrics is a complex technology but when supported by new services and improved processes, this technology can lead to profound improvements. All governments are realizing this”
With the price of sensors and microprocessors falling considerably, biometric systems are becoming more pervasive. Finger scanners are being used in many offices to determine if an individual can be allowed to enter a building. Iris recognition technology is already being used in many high security installations to properly identify employees and visitors. In some advanced countries there is now the talk of equipping security forces with hand-held devices that can instantly scan through millions of digital files in a matter of seconds, and help in identifying suspects even at remote checkpoints.
CEO & MD, eScan
“Fingerprint reader, Face recognition, Iris scanning, Voice recognition, Palm Scanners and Retina Scanners have been deployed according to the security needs”
“Biometric security system depends on the application and required level of security. Fingerprint is widely accepted by corporate, banks, manufacturing units and many more industries because of its cost and associated security features. However, for high-end security in areas like R&D, nuclear stations or government bodies other biometric solutions like retina, palm vein are being utilised,” says Jatin Desai, Product Engineer-Security Products, Matrix Comsec Pvt. Ltd.
The current form of Iris Recognition technology that is being used is slower, as it requires the users to stand close to the camera. But now a more invasive kind of “iris recognition technology” is round the corner. Perhaps it will be as perfect as what we have seen in movies like “Minority Report” and “Mission Impossible.”
The new technology will work by photographing the iris, which is the membrane controlling the quantum of light that reaches the retina, from a distance and converting the image into a code that computers can read. The code then gets compared to one that is already stored in the database.
As the device can capture an image of an iris from farther away, it can process larger number of people in much shorter span of time. Perhaps this will lead to a situation where your Iris can become your passport, your credit card and much else. Irises are unique, much like fingerprints. Even both irises in the same person are different. Fingerprints take lot of time in matching through a database of millions, whereas irises, which use more data points for biometric identification, are faster to process.
Biometric systems for everyone
Biometrics can be used for creating ATMs and other machines that can cater to the needs of all sections of society. Many illiterate people are unable to use ATM machines, as they cannot read the keyboards to key in the PIN numbers. They can’t interact with the digital interface. But it is not at all necessary that an ATM machine should have a digital interface or a keyboard. In fact, newer advances in biometrics make it possible for us to have machines that can facilitate interactions Biometrics can be used for creating ATMs and other machines that can cater to the needs of all sections of society. Many illiterate people are unable to use ATM machines, as they cannot read the keyboards to key in the PIN numbers. They can’t interact with the digital interface. But it is not at all necessary that an ATM machine should have a digital interface or a keyboard. In fact, newer advances in biometrics make it possible for us to have machines that can facilitate interactions through fingerprints, iris scan and voice based communications.
There is talk of using ATM machines in India’s rural areas, where a user can conduct a transaction by simply pressing his or her thumb on the senor, pushing appropriate, colour-coded button for desired denominations and walking away with cash and a receipt. “The latest commercially viable biometric solution is the ‘car seat’ developed by the scientists of ‘Advanced Institute of Industrial Technology’ which can identify a person who is sitting on it. The success rate is 98 percent. Now we are hearing that some researchers are conducting research on the dog’s heightened olfactory ability,” says Govind Rammurthy, CEO & MD, eScan.
Social sector schemes in India are also planning to use biometric devices for ensuring proper identification of those who are entitled to their payments. The government of India’s MNREGA initiative for creating jobs in the rural areas has made use of ICT devices and biometric databases in some pilot projects. At times such projects have been plagued with the problem of ghost workers and of the local leaderships appropriating the job cards. But with the use of biometric and GPS enabled ICT devices on work sites, it will become possible to conduct biometric attendance of the workers.
Empowerment in rural areas
Adarsh Parekh, Partner, Lead – Identity and Border Management, Accenture, says, “With advances in biometrics technology and improvements in IT infrastructure, there is a growing acceptance of biometric recognition technologies in our daily lives and this acceptance will grow with time. In the coming years, Accenture believes businesses and governments alike will introduce biometric technologies into many of their operations to enable secure access to services, drive efficiencies, and increase public safety and security.”
The UIDAI initiative of the government is using biometric systems for providing unique digital identity to India’s billions of people, including the poor and underprivileged communities. As the poor in this country often lack the documents to prove that they are entitled to government schemes, they are forced to pay bribe for obtaining benefits. The foolproof biometric systems like retina scan, face scan and fingerprinting that are being used for creation of unique UID Cards will make it possible for many more Indians to gain easy access to all kinds of benefits. The UID could eventually turn into the world’s largest biometric database.
“Nowhere have so many enrolments been done in so short a time,” R S Sharma, director general, UIDAI. Best thing is that the entire exercise of providing UID cards to citizens is being done a most cost effective way. “We have partnered with certain private entities, and this has even helped reduce the cost of the project. The global cost of de-duplication is pegged at Rs 20 per biometric identity, but we have been able to bring down that cost to Rs 2.75,” adds UIDAI director general, R S Sharma. Around 12 crore UID cards have already been generated. R S Sharma says, “We had the target of completing enrolment of 60 percent of the population by 2014 and we are scaling up well to meet the same.”
Product Engineer-Security Products, Matrix Comsec Pvt. Ltd.
“In addition to common electronics/computer and hardware failures, common biometric issues include poorquality biometric samples, evasion or noncorporation, dirty sensor”
New systems of biometric security are constantly being developed. IBM and other companies are currently engaged in creating a system that identifies individuals by the unique movement patterns of their eyes. L S Subramanian, of NYSE says, “10 years from today, you will be identified based on your odour or similar biological excretion from your body rather than any contact. Usage of facial recognition will increase with better scanning devices and better back-end algorithms for facial recognition.”
Can biometrics fail?
Is it possible for biometric security systems to fail? Occasionally we hear about biometric systems failing to recognise finger prints, and even retina scans.
Biometric systems mainly work by comparing the scans of iris or retina, measurements of hand geometry, fingerprints, or any other measurement of the physical person against previously registered measurements. Such failures can be avoided or minimised by proper choice of technology. The hardware and the software have to be up to date. There has to be a proper implementation strategy to ensure that the biometric technology that is most appropriate for the organisation is used.
“In addition to common electronics/computer and hardware failures, common biometric issues include poor-quality biometric samples, evasion or non-corporation, dirty sensor, network failure, user unawareness and extreme weather conditions,” Jatin Desai, Product Engineer-Security Products, Matrix Comsec Pvt. Ltd.
Securing the Biometric Data in UIDAI
R S Sharma,
Director General & Mission Director, Unique Identification Authority of India (UIDAI), spoke to eGov on the various aspects of biometrics being used in UIDAI initiative
How has the experience been like in providing unique identity to millions of Indians in the country?
Millions of Indians are deprived of entitlements for want of an identity. The overwhelming response for enrolments all over the country bears testimony to the fact that this is a much awaited initiative. It is important to note that within Aadhaar system, one person can get only one identity in his/her lifetime due to the use of biometric in establishing identity, eliminating the issues of fakes and duplicates as seen in other document based identity system.
How quick are the biometric systems being used? Is there any scope for making the system of creating UID cards even more efficient?
The system currently has the capability of processing 10 lakh enrolments a day with enrolment database (gallery) of over 15 crore. It has scaled (grown) as expected. The additional computing power required to handle increasing number of enrolments will not grow at an abnormally high (non-linear) rate; it is well within the design and expectations of the UIDAI. UIDAI will certainly make every effort to make the systems more efficient.
However, it may be noted that the current rates of one million deduplications a day are the highest anywhere in the world.
Are biometrics more secure than passwords?
Both passwords and biometric are two different aspects of identification. While the password is external to the individual (what you know) biometrics are intrinsic (who you are) to the individual concerned. While passwords can be shared, guessed, and stolen, biometrics is unique to the individual. While one person can have one or more passwords, biometrics provide “uniqueness” which is critical to Aadhaar system to meet its objectives. Notice that passwords and one time passwords (OT P) can be used in conjunction with biometrics (multi- factor) to further strengthen resident authentication. UIDAI offers both biometrics and OT P as part of its authentication offering.
There have been instances where biometric security systems have been targeted by hackers. So how does the UID system ensure that the biometric security that is in place is itself secured?
It is very important that all personal data collected for the purpose of UIDAI, be provided significant protection. UIDAI has ensured that the resident data is handled with the utmost care within its own and partner domains and follows some of the major principles of data privacy/protection. The UIDAI restricts itself to the collection of the minimal amount of (PI) personal information, as recommended by the DDSVP (Demographics Data Standards and Verification Processes) Committee, just necessary for identification purposes. Every enrolment data packet is “always” stored in PKI encrypted, tamper proof files and are never decrypted or modified during transit. Enrolment data is “never” decrypted until it is reached within UIDAI’s data centre’s secure production zone. We have physical security outside and within data centres with access controls including biometric access control, physical caging, and 24×7 monitoring using cameras. Data is “partitioned” across multiple security “zones”, meaning “no” single database has all the resident data in completeness. UIDAI has issued guidelines to its partners, agencies (Registrars, Enrolment Agencies), and others involved to ensure that resident data is kept secure, and confidential.
Is it possible for someone’s biometric identity to get stolen?
In view of the security systems in place, there is no possibility of biometric identity getting stolen.
Is it possible for us to have biometric security system in which we don’t have to touch something or even look deeply into a camera?
There are several types of biometric security systems like face recognition, voice recognition, fingerprint, iris, handprint, retina, DNA etc. Apart from the extent of intrusiveness, the choice of technology depends on implementability and adaptability for authentication. UIDAI has chosen fingerprints and iris based on the expert committee recommendation and also has consulted best experts from around the world to implement this project.