ID Cards Get a Touch-Up

Biometrics technology has its place in the identification world, though it does not spell the end of ID cards

  • By John Ekers
  • Aug 03, 2006

Ten years ago, the use of biometrics for identifying people was only seen in the movies -- too advanced for the real world. Conversely, today's TV shows and movies, such as Las Vegas, The West Wing and X-Men, demonstrate just how common the technology has become, employing some form of biometrics in their plots.

The International Biometric Group estimates that biometric revenues for 2006 will be $2.1 billion, with growth estimated to be as high as $5.7 billion in 2007. This growth is visible at the government, corporate and even consumer level. Last year, a Minnesota-based grocery chain, Cub Foods, launched a payment system that allows customers to pay for their groceries using a finger scan linked to their financial accounts.

The International Biometric Group estimates that biometric revenues for 2006 will be $2.1 billion, with growth estimated to be as high as $5.7 billion in 2007. This growth is visible at the government, corporate and even consumer level.

It's clear that biometrics will continue to play a leading role in ongoing efforts to improve security credentials. But does the proliferation of biometric technology spell the end of ID cards? In other words, if you have 10 fingers, a hand or an iris to scan, do you still need to carry an ID card?

For privacy and security concerns, the answer is yes. Biometrics offer a way to enhance the security of a card-based security program, not replace it. Biometrics is an additional factor in authenticating a card holder.

Verifying a card holder's identity can be done using one, two or three independent criteria for authentication.

Authentication factors are generally recognized as:
1. Something you know, such as a password.
2. Something you have, such as an ID card.
3. Something you are, such as a fingerprint, handprint, iris scan, voice pattern or other biometric.

The more factors involved in the identification of a card holder, the more accurate the verification is. Anyone who has used an ATM understands this concept. You slide your card through (something you have), enter your PIN (something you know), and are authorized to complete your banking transactions. Adding a biometric factor to this kind of authentication adds another level of security. Biometrics can turn a weak authentication protocol into a strong one by adding a true personal identifier.

Match-On-Card Technology
So why not use a biometric with a PIN, without a card? The answer is the case for Match on Card biometrics. A Match on Card authentication program holds the biometric template on a secure smart card, rather than on a server or computer. The template is compared to a live biometric sample when the cardholder requests access or privileges. To enroll a card holder, a biometric, such as a fingerprint, is taken and stored onto the smart chip.

When a card holder needs to be verified, he presents his smart card to the access control device, then puts his fingerprint on the reader. The smart card's processor compares the two fingerprints to verify a match. Based on the match, the smart card makes the decision to deny or grant access.

Match on Card matches a live biometric sample to a biometric template on a smart card. The alternative, a one-to-many platform, means the biometric template is stored on a network, or in a database, rather than on a card. The FBI, for instance, has a one-to-many platform in their automatic fingerprint identification system. It contains 46 million computerized fingerprint records in its fast, highly secure system.

However, most civilian applications don't have the funds or expertise to set up a system on par with the FBI. When a biometric is stored on a network, it's out of the hands of the individual and is potentially available to anyone with access to the network. The recent loss of sensitive information on more than 26 million U.S. veterans and their families exposes how critical it is to retain individual control over personal data.

By matching the live biometric sample to the one stored on a smart card, additional benefits are gained:

Privacy. The biometric is locked on the card, not stored in a database or a network. Individual card holders control their biometric at all times. It is not released into a potentially non-secure environment such as a network or PC.

Security. The biometric data never leaves the card. At the point of access, the biometrics from both the card and the reader are read, but not stored. Plus, there is no identification of the card holder as the biometric comparison takes place. Access is granted by a match of two biometrics; the card holder's identity is not involved.

Speed. Generally, Match on Card is a faster alternative. When the fingerprint is stored on a central server instead of a card, the system has to look through all the different fingerprints on file to find a match. A one-to-one match saves time.

Integration. Since the match is done at the point of access, it's easier and less expensive to install a Match on Card system into an existing infrastructure. It also requires less memory usage.

Card Security
Should card security be a concern? For those afraid that walk-by hackers may be able to skim data off a card containing biometrics or other personal identifiers, this is a misconception. Even so, new technologies are available that shunt or block RFID transmissions, rendering a card completely disabled.

Other Considerations
Despite the advantages of biometrics, there are other, more practical reasons why it won't replace ID cards in the near future. In the United States, magnetic stripe and proximity cards still dominate the identification market. Until the need for security, privacy or efficiency pushes the market to full adoption of smart cards, biometrics as a means of identification will advance slowly.

In addition, an ID card generally contains the card holder's photo. This simple visual identification is important when electronic systems fail or when disaster hits. At the scene of a fire, a chemical spill or a terrorist attack, there may not be time or technology available to support an electronic identification of response workers. Visual identification -- matching a card to a face -- may be the only way to monitor whether a utility worker, telecom worker or medical professional is authorized to enter the disaster area.

Biometrics provide a clear path to significantly improving the authenticity of identity credentials. At their best, they will enhance the existing authentication factors to keep sensitive personal data protected.

Featured

  • The Yellow Brick Road

    The road to and throughout Wednesday's and Thursday's ISC West was crowded but it was amazing. Read Now

    • Industry Events
    • ISC West

  • An Inside Look From Napco at ISC West

    Get a look into the excitement at ISC West 2025 from Napco. Hear from some of their top-tech executives live from the show floor. Read Now

    • Industry Events
    • ISC West

  • Upping the Ante

    I am not a betting man in terms of cards, dice, blackjack or that wheel with the black marble racing around the circumference of a spinning wheel, but I would bet on the success of ISC West this year. Read Now

    • Industry Events
    • ISC West

  • It's Show Time

    I am one of those people that likes to see things get bigger and better. As advertised, ISC West is going to be bigger (more exhibitors) and better (more attendees). It’s show time in Las Vegas. Read Now

    • Industry Events
    • ISC West

  • SIA Releases New Report on Operational Security Technology

    The Security Industry Association (SIA) has released an impactful new resource – Operational Security Technology: Principles, Challenges and Achieving Mission-Critical Outcomes Leveraging OST. Read Now

Most   Popular

New Products

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.”

  • Hanwha QNO-7012R

    Hanwha QNO-7012R

    The Q Series cameras are equipped with an Open Platform chipset for easy and seamless integration with third-party systems and solutions, and analog video output (CVBS) support for easy camera positioning during installation. A suite of on-board intelligent video analytics covers tampering, directional/virtual line detection, defocus detection, enter/exit, and motion detection.

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation.