Biometric Analysis: Make Biometrics Tools Business Enabling

Expanding biometrics' focus from enterprise applications to personal technology


"This may occur when biometrics is viewed as part of an overall identity management system - perhaps in conjunction with smart cards - that then enables the business to make secure online payments, or implement secure electronic processes; for example, processes that need strong audit capabilities to meet business compliance regulations."

The point is, said Gary Duke, director of networking management consultancy, LAN 2 LAN, that for all the growing numbers of biometrics products becoming available, corporates want more. "They are looking for manageable end-to-end solutions, not point products."

Such offerings could potentially emerge from several areas.

Existing technologies for instance - including those that have failed to hit the mainstream thanks to sundry teething and integration issues - are forecast to enjoy a renaissance as they iron out their problems and become more sophisticated.

Bori Toth, head of biometric projects at Deloitte & Touche, said iris recognition technology was one such area. She claimed that, in terms of accuracy, speed, resistance to spoofing, and interface, its benefits are now compelling, with any scepticism coming about largely because of the technology's relative youth. Scientific concerns, she said, are also without foundation.

"As the technology is fairly new, not many know how it works. Some have concerns about the light range (near infrared - the same as in remote controls), others about potential health data contained in iris images, as iridologists believe. Neither of these have scientific credibility but they need to be addressed more so that public concerns disappear."

Other pending technologies include voice-based ID verification solutions such as those being developed by 192.com Business Services. The company's IT director, Paul Broome claimed that, despite still being at the developmental stage, voiceprint identification is the ideal biometric for applications such as online authentication - where ID verification will usually be quite different, and where heightened security is now being called for by both consumers and online traders.

There is little doubt that before these or any other areas of biometrics can ripen into genuinely fruitful mainstream opportunities, certain hurdles must be negotiated and overcome.

Fraser Thomas, chief executive of Swivel Secure, noted that price, deployment problems and "never-ending" civil liberty issues remain fundamental barriers and that "the more complex the technology, the more likely it is to encounter problems". (see box, page 27)

Cultural change is another key area, according to Robbins. "For deployments to be successful, they need to be seen by end-users as making their lives easier - for example by enabling a single point of authentication to the applications they need to do their jobs as opposed to them having to remember several door access keypad numbers, and many different IT passwords."

Here, he suggested, companies and their suppliers must think beyond individual biometrics technologies and look at processes.

"Typically, discussion and research into biometrics focuses on the technology itself - how well does it work? How fast does it match? What are the failure rates? But the technology is only part of the issue when considering a large biometric deployment. Few companies are looking at the business processes that are needed to issue biometric securely."

For instance, he said, there is little point in a biometric recognition system if the biometric has been recorded in error or fraudulently. Similarly, are appropriate processes in place to remove the biometrics of people no longer entitled to access the systems supposedly being protected? If management processes allow for erroneous or fraudulent registration then the security system is likely to fail.

In this way an inappropriately managed biometric system may be worse than no system at all.

Views and strategies as regards biometrics also differ from country to country. Jackie Groves, managing director of security specialists, Utimaco Safeware, said that European businesses are far more advanced in establishing large-scale biometric deployments than their counterparts in the UK.

"They tend to look at the security possibilities from a broader perspective. The major obstacle in the UK appears to be a restricted viewpoint."