Biometric technologies improve, offering greater reliability

more stringent access control would be best served by combining biometric, password and other layers of security. “Considering the different options, such as facial imaging, retina scanning, fingerprint scanning and voice recognition, authentication failures are still in the 3 to 7 percent range, depending on the type of environment,” said Ting.

More sensible sensors
Vendors are working to refine the technologies. The standardization of sensing hardware, for example, has contributed significantly to growing the adoption rate of biometrics. Much of that credit goes to sensor-makers AuthenTec and Upek, said Ting. They deploy as many as 15 million sensors per year. “They are the dominant form factor manufacturers today. They lead the field based on the sheer numbers of the installed bases of their products. The gross combined revenues of both companies is US$150 million per year,” he said.

Fujitsu is one vendor currently attempting to grow popular biometrics technologies into new devices. Last year the company rolled out an early version of a palm reader device, and it is now upgrading the system’s software. “Fujitsu’s palm reader relies on the data-rich vein field pattern of the palm. It also works relatively well on the back of the hand and the upper arm,” Jerry Byrnes, manager of biometrics and strategy planning for Fujitsu, said.

Vein patterns are very complex. The more the complexity, the better the security, he said. Fujitsu’s designers took into consideration some of the more gruesome scenarios an infiltrator might consider to try and beat the system. The palm reader detects the presence of live blood, which negates the abilities of bad guys using a victim’s dismembered appendage to trick the database, Byrnes explained.

Biometric measurements have always been vulnerable to clever spoofing schemes. Fujitsu is counting on the success rates its palm scanner has had so far in falling victim to spoofing. “Other biometric measurements are not as reliable as vein patterns in the palm,” said Byrnes.

For instance, even hi-resolution photos of a palm print will not succeed in gaining access because the photo image can not reproduce the blood flow the sensor looks for, he explained.

Though tales of how criminals may try to fool biometrics devices are legion, many of them draw only guffaws from those who know how the technology actually works. For example, Gummy Bears will not work with optical readers anymore, said Imprivata’s Ting.

Other tricks may have worked on older biometrics technologies. With previous generations of biometrics, a smudged fingerprint taken from something like a cell phone may have been enough to pass muster on certain systems. Also, chopped-off hands and fingers did happen, but now most devices can sense an electro-magnetic pulse. Even hi-res pictures of faces or fingerprints no longer fool scanners, according to Contos.

Biometrics is not yet perfect, but it is improving. “When it comes to picking any lock, you can always pick the tumblers if enough of them are loose. Temperature readings can be fooled. You can always find a substitute for the body part being scanned. But overall, the technology’s accuracy is getting better,” said Ting. “There are much easier ways such as social engineering to get into someone’s computer accounts.”

Next-generation devices
As biometric reliability improves, some vendors may make the leap from using the technology to secure computers to using it to lock down the structures that house them. For instance, Fujitsu is working on a biometric device that controls physical access to doors. The company has it in prototype but not yet ready for production; it is currently working on reducing production cost. “What was James Bond 15 years ago is biometric reality today,” Byrnes quipped. “We will see more, not less, of biometric ID management. Biometrics has been a hot topic and will continue to be,” he concluded.