Advertisement

The Password Is Biometrics

Share via
TIMES STAFF WRITER

Biometrics, the study of tiny but distinct differences in physical traits such as voice and fingerprints, has long been used for identification by law enforcement and government agencies.

But with the plummeting price of materials and the development of new measurement strategies, it has begun to move into the electronic mainstream of personal computers and corporate networks.

A group of companies with products inexpensive enough to be deployed in the hundreds or thousands has emerged to address the problem of translating the uniqueness of human beings into digital form.

Advertisement

In just the last year, dozens of low-cost biometric systems have appeared on the market, mostly aimed at replacing the password systems used to protect large computer networks. Biometric systems provide a level of security that surpasses that of passwords, which have generally become so short, obvious and repetitive that most can easily be broken.

The biggest boost for the nascent industry came in July when Compaq Computer Corp. of Houston announced a partnership with San Bruno, Calif.-based Identicator Technology Inc. to provide a $99 fingerprint identification system for business computers.

The biometric field encompasses an array of methods, including facial scans, voice prints, fingerprints, iris scans, retinal scans, keystroke dynamics, hand prints and handwriting analysis. Researchers have even experimented with such exotic methods as sniffing body odor.

Advertisement

“In the past year, there has been serious interest in biometrics,” said Erik Bowman, an analyst with CardTech/SecurTech, a producer of conferences on biometrics. “Its prospects are great if companies like Compaq, Dell and Gateway begin to sign on.”

The idea of biometrics dates back centuries to the use of fingerprints. The first scientific observations about fingerprints are attributed to Marcello Malpighi, a professor at the University of Bologna in Italy, who used the recently discovered microscope in 1686 to note the distinctive finger swirls. It was nearly 200 years later before scientists realized the uniqueness of fingerprints and their potential as identifying marks.

The development of the computer, with its speed and refinement, marked the beginning of modern biometrics, offering a level of measurement and comparison unattainable before.

Advertisement

The cost of biometric equipment has largely kept it a product for high-security applications in government and business. But Marc Usem, a technology consultant specializing in biometric systems, said the substantial price drop in tiny video cameras and other hardware has made the systems affordable for regular network security and even home use.

“Getting down to the $100 range is important in gaining the mass market, and we’ve only gotten there this year,” Usem said. “There’s no magic number, but from a corporate perspective, $100 per workstation for real security is probably worth it.”

The general process of measuring human difference is the same for most biometric systems, involving marking distinct differences and quantifying them in digital form.

For example, IriScan Inc., a Marlton, N.J., company, has based its biometric products on the research of two ophthalmologists who proposed in the mid-1980s that patterns of light and dark in each human iris were unique.

Using a small electronic video camera, a high-resolution image is taken of the iris. By comparing the contrast between each pixel in the image, the scanner marks out the boundaries of the iris, located between the black of the pupil and the white of the sclera. The image of the iris is divided into eight concentric zones. The variations in shades are recorded and encrypted. A picture of the iris can be taken from as far away as three feet, making the device relatively unobtrusive.

The entire process of imaging an iris and confirming an identity takes about two or three seconds, according to the company. The device is more expensive than some systems being offered for network use, starting at $1,400.

Advertisement

Fingerprints are even easier to convert to digital form because they are essentially binary images to begin with--just black and white.

Digital Persona Inc., a Redwood City, Calif.-based biometric company formed in 1996, has been offering a fingerprint recognition system for PCs since April.

The $99 device uses a small image scanner that takes an electronic picture of a finger. The device then searches for the unique combination of ends and splits in print ridges.

The device, called U.are.U, was specifically designed to relieve password overload in the home by giving users one-touch access to everything from their Internet account to encrypted files.

With biometrics, the identification process can be nearly transparent, or, as is the case with the face recognition system developed by Visionics Corp. of Jersey City, N.J., completely transparent to the person being identified.

The Visionics system measures dozens of tiny points of curvature in the face. With the right camera, an acceptable image can be taken from hundreds of feet away.

Advertisement

Visionics offers a low-cost system, about $60, for signing on to a computer network, but its ability to identify from a distance is perhaps its strongest application.

The Visionics system is being used in Britain by law enforcement to monitor one high-crime neighborhood with 140 cameras that can continuously compare street photos with a computer log of 2,000 criminals in under a second.

Most of the other biometric devices carry their own form of inconvenience, such as requiring users to position their eyes in just the right spot for an iris scan or say their mother’s name five times to gain access through a voice recognition system.

As is true with most advances in technology, each step forward brings its own set of new problems.

Biometrics is based on measuring subtle distinctions that are often difficult to quantify and as a result, are a bit touchy to use. While physiological traits, such as handprints and facial geometry, lend themselves well to digitization, behavioral traits can be maddeningly variable.

Voice prints and signature recognition can be thrown off by simple changes, like a cold or sprained wrist.

Advertisement

Net Nanny Software International Inc. has been developing a biometric system, called the Biopassword, that measures the slight differences in typing speed and cadence--a technology originally developed by the Stanford Research Institute.

Net Nanny’s system, which will be available early next year, is one of the cheapest (less than $50) and least obtrusive biometric systems, but because it is measuring keyboard rhythm in milliseconds, it can be thrown off by such trivial factors as a sore finger or sitting differently when typing.

The systems are also vulnerable to being fooled because of digital computers’ difficulty in grasping some of the messy realities of analog life.

For example, the IriScan and some other biometric devices can be duped now with a high-resolution photograph stuck in front of the scanner. Digital Persona’s fingerprint system also can be thrown off with a carefully constructed artificial finger, or a freshly severed real one.

These types of abuses can be countered by a host of measures employed in high-end systems, such as using heat, hemoglobin or electrical conductivity sensors. But they raise the specter of a costly and ultimately futile arms race in pursuit of absolute security.

Bringing biometrics into the mainstream depends on striking a balance between security and convenience.

Advertisement

Many biometric companies have begun searching for alliances so they can create hybrid systems of biometrics, smart cards, passwords or other methods that would offer high security with only a slight increase in inconvenience.

Usem said the hybrid systems open the possibility of a whole range of new uses for biometrics as a piece of the budding electronic commerce universe. He said the e-commerce applications favor biometric systems that are inexpensive and require no exotic hardware, such as Veritel Corp.’s $50 Voicecrypt voice-recognition system and Net Nanny’s Biopassword.

Usem said combining widely available technologies could provide sufficient security and help overcome the suspicion and discomfort of buyers with computerized identities.

“In the near future, it makes a lot of sense,” Usem said. “It will take people a long time to get used to this, but I think the problems are surmountable.”

*

Ashley Dunn can be reached via e-mail at [email protected]

(BEGIN TEXT OF INFOBOX / INFOGRAPHIC)

Getting Personal

Going beyond simple and fallible passwords, an increasing number of companies are relying on biometric devices that measure human attributes to verify people’s identities and allow them access to computer networks.

Advertisement

SAY IT AGAIN

Voice recognition is one of the least expensive biometric methods because all it requires is a standard microphone, commonly included with personal computers. The device captures a voice sample, represented at right, and compares it with a previously recorded sample.

STOP, LOOK AND SIGN ON

Iris scanning is one of the most expensive systems, but it provides a high level of security. The device relies on the unique pattern of light and dark shades in a human iris. When held to the eye, it partitions an image of the iris into concentric circles and analyzes the patterns in each segment.

GET IN TOUCH

A fingerprint scanner from Digital Persona connects to a personal computer through a universal serial bus. The device looks at the ends and splits in fingerprint ridges to determine each user’s unique pattern.

PICTURE THIS

Facial scanners can identify people from as far away as several hundred feet as long as the camera is capable of capturing an acceptable image. The system is now being tested in a high-crime area in Britain with 140 cameras deployed to match street photos with images of known criminals. The device targets the area of the eyes and nose for taking comparative measurements.

Advertisement