Security and Access Control using Biometrics

Mike Portsmouth

International Association for Biometrics

December 1st 2005

• The iAfB is the largest representative biometrics body in the world!

• Current membership is now 90+ and rising

• Membership spans industry, academia and government

• Our services to members:

– Trade Missions

– Seminars/workshops

– Co-operation with other Associations ie: EBF, IBIA

– Promotion of best practices, etc…

Introducing iAfB

iAfB ActivitiesiAfB members are directly involved in:

• Standards formulation

• ISO/IEC SC/37

• BSI IST/44

• Test and evaluation

• Biometrics Working Group

• Major government Identification projects

• UKPS/IND/IDENT1/PITO

• Research and development

• UK Centre of Excellence in ID Technologies

Biometric Definition

The automated identification, or verification

of human identity through repeatable

measurements of physiological and

behavioural characteristics

Identification:A search of existing (enrolled) subjects:

• Do I know you?

Verification:A ‘one to one’ comparison:

• Are you who you say you are?

Behavioural

• Signature

• Gait

• Speaker Verification

Biometric Types:Physiological

• Fingerprint

• Face (2D/3D/5D)

• Iris

• Vein Pattern

• Hand/Finger Geometry

Some facts:•There is no one ‘killer’ Biometric

• Biometrics are nearly always part of a larger system

• The ‘something you are’ is very personal to the individual

• It is ‘solutions’ and not ‘technologies’ that should be promoted

• There is no substitute for good project management

Origin of Errors False Accept Rate

(FAR)

The bad guy gets in!

False Non-Match Rate

(FNMR)

The good guy is locked out!

Failure to EnrolThe Biometric cannot be captured, or captured well enough for the system to be able to use it.

Why?

There are many reasons, the majority related to the physiological (or other) characteristics of the user ‘set’.

Further ‘Soft’ Issues • User Perception - Intrusiveness?

• Concerns - Loss of privacy/Big Brother?

• Clientele Considerations - Gender/age/disability

• Difficulties - Characteristics of user population

• Ease of Use - Can (will) they use it?

World Drivers

Present Market Spur

On October 26, 2001 The law Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (the “USA Patriot Act”) was enacted.

On May 14, 2002, the President signed into law H.R. 3525, the "Enhanced Border Security and Visa Entry Reform Act of 2002."

By Oct 2006 the UK must have introduced biometric enabled travel documents.

Effect on the UK

National Institute of Standards and Technology given lead to evaluate biometric technologies.

International Civil Aviation Organisation laid down standard for travel documents (9303).

Government is providing the growth environment, but industry will be lead by popular demand.

Biometrics will become ‘ordinary’ for most users.

Contactless (RFID) smart chips are superseding original contact technology.

This combination may even become the next ‘must have’ technology.

Market Direction

GovernmentGovernment ID applications are already using advanced contactless (RFID) smart-chips and biometrics

e-Passports

National ID

Drivers Licence

US CAC and TWIC access id cards

e-Passports

ICAO 9303 requires a digitised facial image of the document holder to be securely attached to the travel document and suggests the use of a Radio Frequency Identification Device (ISO 14443 A/B) as the carrier. Governments MAY optionally also embed fingerprint and/or iris images.

Applications•US DOD Common Access Card

- updating to multipurpose RFID/biometric ID card for data and access control

-Biometric options include fingerprint, iris, hand geometry, facial recognition and voice recognition.

- Unmanned buildings, doors, gates uses biometric validation between reader and card.

•US TWIC Transport Workers ID Card

- Utilises smartchip and biometric technologies

- Designed to improve security by standardizing credentials across all modes of transportation. The government ultimately will do background checks and other authentication of 12 million to 15 million airport, rail and port workers, and truckers who require unescorted access to secure areas.

Applications

Secure Establishments

Security establishments ie: Nuclear, Prisons, Petrochemical, Military, Airports, Telecomms are seeking improved security to prevent unauthorised entry or even potential terrorist activity.In access control and T&A environments, the use of a swipe, PIN or proximity card does not prove the identity of the cardholder, Biometrics do.

Applications

• UK Govt Dept – fingerprint + 3D face recognition for access control within buildings

• HM Prisons - hand geometry for staff access

- fingerprint for visitor control

• UK Detention Centre – fingerprint for visitor and inmate control

Applications

Ghana Telecom has completed the first stage installation of TSSI's Verid+ iClass Fingerprint Readers. The Verid+ iClass units are being used to protect telephone exchanges, equipment rooms and repeater stations - to ensure that unauthorised access is prevented. Initial installations are in the capital Accra, but a nationwide roll-out is planned. .

Biometric Benefits

• Protection and safety for the property

• Control of facilities and assets

• Improved employee accountability

• Reduced costs

• Increased profitability

Questions

www.iafb.org.uk