The Promise of Biometrics

By Anoop Verma

Press your eyeball into the retina scanner, or just brush past a proximity sensor,  the modern   biometric security systems are all about using the unique in your personality to make it easy for you to access certain secure areas

When we want to do anything online, we identify ourselves through user IDs and passwords. These identifying tools are not only difficult to manage, their security is also a cause of concern. IDs and passwords can be forgotten or stolen; devices can be hacked or tampered with. Many of us find ourselves juggling around with up to 100 passwords, far too many for the human mind to remember. Some take the path of least resistance and write their passwords on pieces of paper, which they store in their desks or even stick to their computer screens. We have reached a stage where we need alternatives to passwords.

“Biometrics is a complex technology but when supported by new services and improved processes, this technology can lead to profound improvements. All governments are realizing this, including the Government of India,” says Adarsh Parekh, Partner, Lead – Identity and Border Management, Accenture.

Recently the leading technology company,IBM, presented its forecast for 2012 in a blog, which carried this interesting quote, “Biometric data – facial definitions, retinal scans and  voice files – will be composited through software to build your DNA unique online password.”  The technology that can be used to identify oneself without using passwords and IDs is already  there. “Fingerprint reader, Face recognition, Iris scanning, Voice recognition, Palm  Scanners and Retina Scanners have been deployed according to the sensitivity and security needs of the respective organisations,” says Govind Rammurthy,CEO & MD, eScan. In times to  come you might not even need to use your debit card for withdrawing money from ATM. You will only have to look into the camera at the ATM booth and speak your name.

Scanning for an unique match

Unlike password or PIN, biometric traits are more difficult to forge, copy, share, misplace or  guess. While safeguarding the safety and integrity of the user’s information, biometric systems also enable the authorities to determine if a person has been issued multiple official  documents, like ration cards, voter ID cards, driving licence or even passport. This is the  reason why biometric systems have been gaining in popularity during the last few years. Facial scan technology in laptops, notebooks and in high end smartphones has become fairly common these days.

Adarsh Parekh

Partner, Lead – Identity and Border Management, Accenture

“Biometrics is a
complex technology but when supported by new services and improved processes, this technology can lead to profound improvements. All governments are realizing this”

With the price of sensors and microprocessors falling considerably, biometric systems are becoming more pervasive. Finger scanners are being used in many offices to determine if an individual can be allowed to enter a building. Iris recognition technology is already being used  in many high security installations to properly identify employees and visitors. In some  advanced countries there is now the talk of equipping security forces with hand-held devices  that can instantly scan through millions of digital files in a matter of seconds, and help in identifying suspects even at remote checkpoints.

Govind Rammurthy
CEO & MD, eScan

“Fingerprint reader, Face
recognition, Iris scanning, Voice recognition, Palm Scanners and Retina Scanners have been deployed according to the security needs”

Biometric security system depends on the application and required level of security.  Fingerprint is widely accepted by corporate, banks, manufacturing units and many more industries because of its cost and associated security features. However, for high-end security in areas like R&D, nuclear stations or government bodies other biometric solutions like retina,  palm vein are being utilised,” says Jatin Desai, Product Engineer-Security Products, Matrix Comsec Pvt. Ltd.

The current form of Iris Recognition technology that is being used is slower, as it requires the users to stand close to the camera. But now a more invasive kind of “iris recognition technology” is round the corner. Perhaps it will be as perfect as what we have seen in movies  like “Minority Report” and “Mission Impossible.

The new technology will work by photographing the iris, which is the membrane controlling  the quantum of light that reaches the retina, from a distance and converting the image into a  code that computers can read. The code then gets compared to one that is already stored in the database.

As the device can capture an image of an iris from farther away, it can process larger number  of people in much shorter span of time. Perhaps this will lead to a situation where  your Iris can become your passport, your credit card and much else. Irises are unique, much  like fingerprints. Even both irises in the same person are different. Fingerprints take lot of  time in matching through a database of millions, whereas irises, which use more data points  for biometric identification, are faster to process.

Biometric systems for everyone

Biometrics can be used for creating ATMs and other machines that can cater to the needs of all  sections of society. Many illiterate people are unable to use ATM machines, as they cannot  read the keyboards to key in the PIN numbers. They can’t interact with the digital interface.  But it is not at all necessary that an ATM machine should have a digital interface or a  keyboard. In fact, newer advances in biometrics make it possible for us to have machines that  can facilitate interactions Biometrics can be used for creating ATMs and other machines that   can cater to the needs of all sections of society. Many illiterate people are unable to use ATM machines, as they cannot read the keyboards to key in the PIN numbers. They can’t interact with the digital interface. But it is not at all necessary that an ATM machine should have a digital interface or a keyboard. In fact, newer advances in biometrics make it possible for us to have machines that can facilitate interactions through fingerprints, iris scan and voice based communications.

There is talk of using ATM machines in India’s rural areas, where a user can conduct a  transaction by simply pressing his or her thumb on the senor, pushing appropriate, colour-coded button for desired denominations and walking away with cash and a receipt. “The latest commercially viable biometric solution is the ‘car seat’ developed by the scientists of ‘Advanced Institute of Industrial Technology’ which can identify a person who is sitting on  it. The success rate is 98 percent. Now we are hearing that some researchers are conducting research on the dog’s heightened olfactory ability,” says Govind Rammurthy, CEO & MD, eScan.

Social sector schemes in India are also planning to use biometric devices for ensuring proper  identification of those who are entitled to their payments. The government of India’s MNREGA  initiative for creating jobs in the rural areas has made use of ICT devices and biometric databases in some pilot projects. At times such projects have been plagued with the  problem of ghost workers and of the local leaderships appropriating the job cards. But with the  use of biometric and GPS enabled ICT devices on work sites, it will become possible to conduct biometric attendance of the workers.

Empowerment in rural areas

Adarsh Parekh, Partner, Lead – Identity and Border Management, Accenture, says, “With advances in biometrics technology and improvements in IT infrastructure, there is a growing  acceptance of biometric recognition technologies in our daily lives and this acceptance will  grow with time. In the coming years, Accenture believes businesses and governments alike  will introduce biometric technologies into many of their operations to enable secure access to services, drive efficiencies, and increase public safety and security.”

The UIDAI initiative of the government is using biometric systems for providing unique digital identity to India’s billions of people, including the poor and underprivileged  communities. As the poor in this country often lack the documents to prove that they are entitled to government schemes, they are forced to pay bribe for obtaining benefits. The foolproof biometric systems like retina scan, face scan and fingerprinting that are being used  for creation of unique UID Cards will make it possible for many more Indians to gain easy  access to all kinds of benefits. The UID could eventually turn into the world’s largest biometric database.

“Nowhere have so many enrolments been done in so short a time,” R S Sharma, director general, UIDAI. Best thing is that the entire exercise of providing UID cards to citizens is being  done a most cost effective way. “We have partnered with certain private entities, and this has  even helped reduce the cost of the project. The global cost of de-duplication is pegged at Rs 20  per biometric identity, but we have been able to bring down that cost to Rs 2.75,” adds UIDAI  director general, R S Sharma. Around 12 crore UID cards have already been generated. R S  Sharma says, “We had the target of completing enrolment of 60 percent of the population by  2014 and we are scaling up well to meet the same.”

Jatin Desai
Product Engineer-Security Products,
Matrix Comsec Pvt. Ltd.

“In addition to common electronics/computer and hardware failures, common biometric    issues include poorquality biometric samples, evasion or noncorporation, dirty sensor”

New systems of biometric security are constantly being developed. IBM and other companies  are currently engaged in creating a system that identifies individuals by the unique  movement patterns of their eyes. L S Subramanian, of NYSE says, “10 years from today, you  will be identified based on your odour or similar biological excretion from your body rather  than any contact. Usage of facial recognition will increase with better scanning devices and  better back-end algorithms for facial recognition.

Can biometrics fail?

Is it possible for biometric security systems to fail? Occasionally we hear about biometric systems failing to recognise finger prints, and even retina scans.

Biometric systems mainly work by comparing the scans of iris or retina, measurements of hand geometry, fingerprints, or any other measurement of the physical person against  previously registered measurements. Such failures can be avoided or minimised by proper  choice of technology. The hardware and the software have to be up to date. There has to be a  proper implementation strategy to ensure that the biometric technology that is most  appropriate for the organisation is used.

“In addition to common electronics/computer and hardware failures, common biometric issues include poor-quality biometric samples, evasion or non-corporation, dirty sensor,  network failure, user unawareness and extreme weather conditions,” Jatin Desai, Product  Engineer-Security Products, Matrix Comsec Pvt. Ltd.

Securing the Biometric Data in UIDAI

R S Sharma,

Director General & Mission Director, Unique Identification Authority of India (UIDAI), spoke to eGov  on the various aspects of biometrics being used in UIDAI  initiative

How has the experience been like in providing unique identity to millions of Indians in the country?

Millions of Indians are deprived of entitlements for want of an identity. The overwhelming  response for enrolments all over the country bears testimony to the fact that this is a much  awaited initiative. It is important to note that within Aadhaar system, one person can get  only one identity in his/her lifetime due to the use of biometric in establishing identity,  eliminating the issues of fakes and duplicates as seen in other document based identity system.

How quick are the biometric
systems being used? Is there any scope for making the system of creating UID cards even more efficient?

The system currently has the capability of processing 10 lakh enrolments a day with  enrolment database (gallery) of over 15 crore. It has scaled (grown) as expected. The  additional computing power required to handle increasing number of enrolments will not grow at an abnormally high (non-linear) rate; it is well within the design and expectations of  the UIDAI. UIDAI will certainly make every effort to make the systems more efficient.

However, it may be noted that the current rates of one million deduplications a day are the  highest anywhere in the world.

Are biometrics more secure than

Both passwords and biometric are two different aspects of identification. While the password is  external to the individual (what you know) biometrics are intrinsic (who you are) to the  individual concerned. While passwords can be shared, guessed, and stolen, biometrics is  unique to the individual. While one person can have one or more passwords, biometrics provide “uniqueness” which is critical to Aadhaar system to meet its objectives. Notice that  passwords and one time passwords (OT P) can be used in conjunction with biometrics (multi- factor) to further strengthen resident authentication. UIDAI offers both biometrics and OT P  as part of its authentication offering.

There have been instances where
biometric security systems have been targeted by  hackers. So how does the UID system ensure that the biometric security that is in place is itself secured?

It is very important that all personal data collected for the purpose of UIDAI, be provided significant protection. UIDAI has ensured that the resident data is handled with the utmost  care within its own and partner domains and follows some of the major principles of data  privacy/protection. The UIDAI restricts itself to the collection of the minimal amount of (PI)  personal information, as recommended by the DDSVP (Demographics Data Standards and Verification Processes) Committee, just necessary for identification purposes. Every  enrolment data packet is “always” stored in PKI encrypted, tamper proof files and are never  decrypted or modified during transit. Enrolment data is “never” decrypted until it is reached  within UIDAI’s data centre’s secure production zone. We have physical security outside and within data centres with access controls including biometric access control, physical caging,  and 24×7 monitoring using cameras. Data is “partitioned” across multiple security “zones”,  meaning “no” single database has all the resident data in completeness. UIDAI has issued  guidelines to its partners, agencies (Registrars, Enrolment Agencies), and others involved to ensure that resident data is kept secure, and confidential.

Is it possible for someone’s
biometric identity to get stolen?

In view of the security systems in place, there is no possibility of biometric identity getting stolen.

Is it possible for us to have
biometric security system in which we don’t have to touch something or even look deeply into a camera?

There are several types of biometric security systems like face recognition, voice recognition, fingerprint, iris, handprint, retina, DNA etc. Apart from the extent of intrusiveness, the  choice of technology depends on implementability and adaptability for authentication. UIDAI  has chosen fingerprints and iris based on the expert committee recommendation and also has  consulted best experts from around the world to implement this project.