The Future for Facial Biometrics: Mainstream by 2006?

SecurityInfoWatch.com recently met with Jonathan Forrester, director of marketing for AWT Inc., a systems integrator and biometrics product designer in Atlanta, Ga., to get an inside scoop on the company's facial biometrics system.

His company, AWT, has had some notable success in using facial biometrics for access control and identity confirmation, notably in Cobb County, Ga., where the local prison is using the company's technology for prisoner identity assurance during enrollment and release. SIW interviewed Forrester about the status of today's markets for facial biometrics, what to expect in terms of coming technology, and how issues of privacy play into acceptance of the technology.

Q: Walking the aisles at ASIS we saw a lot more facial recognition technology than in the past. Is this technology ready to step into the limelight? If you had to guess, what year would you put down on when facial biometrics will be considered "mainstream" in the world of security?

A: Facial biometrics will be considered "mainstream" when users understand the differences between 2D and 3D technologies and see the 3D applications starting to take hold in the marketplace over the older 2D systems. The more successful implementations of facial biometrics that the security personnel see in real-world applications, the more it will be accepted in the marketplace. If I had to guess as to what year, I would say "mainstream" will occur by 2006.

Q: How long do you think we have before the American public is ready to comfortably accept CCTV in public areas?

A: The American public is already getting used to having CCTV in their daily lives -- from your visit to the local convenience store, at any ATM, at the supermarket, at the local Wal-Mart and in metropolitan areas at various intersections. The number of CCTV cameras is estimated to double every 18 months in the U.S. alone, so people are getting more used to having their picture taken every day. For the most part, these systems are rarely being monitored or recorded, providing only a minor deterrent against incidents. However, there are some people out there that will never be comfortable with them.

Q: What has been occurring in terms of facial biometrics in recent years? What has been changing in terms of technology and where this technology is being implemented?

A: Facial biometrics have had a number of highly publicized application failures in recent years, notably at Ybor City and Boston Logan Airport. From those few failures, facial biometrics has received a black eye from which we in the facial biometrics business are still recovering from. In terms of technology changes, artificial neural networks are being utilized in order to store more data in a smaller amount of space. In conjunction with faster computers, it is making facial biometrics a viable second layer of authentication for physical access control.

Q: Corporate security directors have to balance budgets with risk and return on security investments, so as a group, security directors have not been overly willing to jump at new technology immediately when it's announced. That said, there is a great number of facilities that could use this type of technology because of special needs. What do you think the top markets are for high-end facial recognition?

A: The top markets for facial recognition include: access control for employees, financial applications to prevent identity theft, healthcare, hospitality industry and the insurance industry for fraud prevention. Most of these organizations will stay with the status quo until they have an incident which involves loss of life or property - they will then be forced to upgrade their security in order to prevent another occurrence.

The main questions for implementing a biometric security system are: Is it practical (i.e., can it deal with large numbers of personnel in a timely manner and achieve security goals)? Is it efficient (i.e., Can it verify someone quickly without a large amount of time in training, and is the system flexible enough to meet your needs?)? And is it cost-efficient (i.e., Can it be implemented quickly and inexpensively and what is the ROI over a period of 2-5 years?)?

Q: Where has facial biometrics implementation already seen its greatest successes?

A: Mainly in physical access control implementations and law enforcement. The problem of "token passing" between individuals just points out the need for a higher level of authentication and facial biometrics is regarded by most users to be the least intrusive of all of the biometrics. Several of our installations have been in operation for over a year with a zero percent false acceptance rate. In law enforcement, not everyone has fingerprints on file, and sometimes all they have to go on is a face. The ability to search for a criminal by their face alone will ensure that criminals will not be released by using false identities and/or making bail before law enforcement officers find out who they really are.

Q: Some of us aren't the technical engineers we wish we were - can you briefly summarize the different types of facial recognition technology and briefly (and in laymen's terms) explain how they work?

A: There are two main camps in the facial biometric arena - 2D and 3D.

2D systems generally utilize Eigenfaces to recognize faces. This technology was invented in 1987 by a couple of engineers at MIT and is considered to be the first facial working facial recognition technology. This method takes a large number of points (example: from the tip of your nose to the left edge of your mouth, from the tip of the nose to the outside of the right eye, etc.) and compares commonalities and differences between groups of individual facial images. The Eigenfaces method has difficulty when presented with different light levels and pose positions. In addition, the face must be presented to the system as a frontal view in order for the system to work. The 2D systems can usually be fooled by a digital photograph or digital video.

The 3D systems are generally based on a neural network. These systems are much more advanced in being able to process information at a much higher speed, with greater accuracy than 2D systems. In addition, these systems have the ability to learn, which makes the issues of aging, poses, glasses and facial hair a relatively insignificant objection. Since the neural network learns from experience it does a better job of differentiating in varying light conditions and greatly improves accuracy over 2D technology. 3D systems can tell identical twins apart and cannot be fooled by digital photographs or digital video.

Q: Biometrics keeps gaining momentum, but token-based access control systems are here to stay. How do these systems (facial biometrics and card-type access systems and IT network access control) work together in an ideal world?

A: In an ideal world, an organization already has an access control solution using proximity cards. The addition of facial biometrics merely adds a second level of authentication to ensure that the token holder is the registered owner of the token and not someone else trying to use it. Typical card access systems will keep a record of who comes and goes. However, it only lists the name of the person who is registered to the token. With the addition of facial biometrics, you not only have a record of who comes and goes, but a real time image of the person requesting access as well. In addition, card access systems will let anyone in as long as the card is valid, and some systems even have a digital photo of the registered owner. However, this requires a visual inspection of the photo against the person utilizing the card. Facial biometrics not only removes this manual inspection process, but it doesn't sleep, doesn't take breaks and can't be distracted.

Q: What about the issue of privacy in using facial biometrics?

A: In today's society we are constantly subjected to monitoring. Wherever you turn, your image is being taken and stored somewhere. Digital cameras in cell phones can take a digital picture or video of you -- virtually anywhere and by anyone. In addition to cell phones, credit cards, ATMs and even your computer will leave a "shadow trail" of where you have been, when you were there, what you're looking at, what you have been buying and whom you've been calling. Privacy must be considered with any type of personal identification database. Who has access to the database and how the information will ultimately be used must be addressed by individual security policies. Facial biometrics is merely a tool -- the "human factor" in the misuse of this information should be the privacy concern -- not the tool itself.

Jonathan Forrester invites readers who are interested in continuing a discussion about facial biometrics to email him at jonathan@awtechno.com.

Loading