ID Cards Get a Touch-Up

Biometrics technology has its place in the identification world, though it does not spell the end of ID cards

  • By John Ekers
  • Aug 03, 2006

Ten years ago, the use of biometrics for identifying people was only seen in the movies -- too advanced for the real world. Conversely, today's TV shows and movies, such as Las Vegas, The West Wing and X-Men, demonstrate just how common the technology has become, employing some form of biometrics in their plots.

The International Biometric Group estimates that biometric revenues for 2006 will be $2.1 billion, with growth estimated to be as high as $5.7 billion in 2007. This growth is visible at the government, corporate and even consumer level. Last year, a Minnesota-based grocery chain, Cub Foods, launched a payment system that allows customers to pay for their groceries using a finger scan linked to their financial accounts.

The International Biometric Group estimates that biometric revenues for 2006 will be $2.1 billion, with growth estimated to be as high as $5.7 billion in 2007. This growth is visible at the government, corporate and even consumer level.

It's clear that biometrics will continue to play a leading role in ongoing efforts to improve security credentials. But does the proliferation of biometric technology spell the end of ID cards? In other words, if you have 10 fingers, a hand or an iris to scan, do you still need to carry an ID card?

For privacy and security concerns, the answer is yes. Biometrics offer a way to enhance the security of a card-based security program, not replace it. Biometrics is an additional factor in authenticating a card holder.

Verifying a card holder's identity can be done using one, two or three independent criteria for authentication.

Authentication factors are generally recognized as:
1. Something you know, such as a password.
2. Something you have, such as an ID card.
3. Something you are, such as a fingerprint, handprint, iris scan, voice pattern or other biometric.

The more factors involved in the identification of a card holder, the more accurate the verification is. Anyone who has used an ATM understands this concept. You slide your card through (something you have), enter your PIN (something you know), and are authorized to complete your banking transactions. Adding a biometric factor to this kind of authentication adds another level of security. Biometrics can turn a weak authentication protocol into a strong one by adding a true personal identifier.

Match-On-Card Technology
So why not use a biometric with a PIN, without a card? The answer is the case for Match on Card biometrics. A Match on Card authentication program holds the biometric template on a secure smart card, rather than on a server or computer. The template is compared to a live biometric sample when the cardholder requests access or privileges. To enroll a card holder, a biometric, such as a fingerprint, is taken and stored onto the smart chip.

When a card holder needs to be verified, he presents his smart card to the access control device, then puts his fingerprint on the reader. The smart card's processor compares the two fingerprints to verify a match. Based on the match, the smart card makes the decision to deny or grant access.

Match on Card matches a live biometric sample to a biometric template on a smart card. The alternative, a one-to-many platform, means the biometric template is stored on a network, or in a database, rather than on a card. The FBI, for instance, has a one-to-many platform in their automatic fingerprint identification system. It contains 46 million computerized fingerprint records in its fast, highly secure system.

However, most civilian applications don't have the funds or expertise to set up a system on par with the FBI. When a biometric is stored on a network, it's out of the hands of the individual and is potentially available to anyone with access to the network. The recent loss of sensitive information on more than 26 million U.S. veterans and their families exposes how critical it is to retain individual control over personal data.

By matching the live biometric sample to the one stored on a smart card, additional benefits are gained:

Privacy. The biometric is locked on the card, not stored in a database or a network. Individual card holders control their biometric at all times. It is not released into a potentially non-secure environment such as a network or PC.

Security. The biometric data never leaves the card. At the point of access, the biometrics from both the card and the reader are read, but not stored. Plus, there is no identification of the card holder as the biometric comparison takes place. Access is granted by a match of two biometrics; the card holder's identity is not involved.

Speed. Generally, Match on Card is a faster alternative. When the fingerprint is stored on a central server instead of a card, the system has to look through all the different fingerprints on file to find a match. A one-to-one match saves time.

Integration. Since the match is done at the point of access, it's easier and less expensive to install a Match on Card system into an existing infrastructure. It also requires less memory usage.

Card Security
Should card security be a concern? For those afraid that walk-by hackers may be able to skim data off a card containing biometrics or other personal identifiers, this is a misconception. Even so, new technologies are available that shunt or block RFID transmissions, rendering a card completely disabled.

Other Considerations
Despite the advantages of biometrics, there are other, more practical reasons why it won't replace ID cards in the near future. In the United States, magnetic stripe and proximity cards still dominate the identification market. Until the need for security, privacy or efficiency pushes the market to full adoption of smart cards, biometrics as a means of identification will advance slowly.

In addition, an ID card generally contains the card holder's photo. This simple visual identification is important when electronic systems fail or when disaster hits. At the scene of a fire, a chemical spill or a terrorist attack, there may not be time or technology available to support an electronic identification of response workers. Visual identification -- matching a card to a face -- may be the only way to monitor whether a utility worker, telecom worker or medical professional is authorized to enter the disaster area.

Biometrics provide a clear path to significantly improving the authenticity of identity credentials. At their best, they will enhance the existing authentication factors to keep sensitive personal data protected.

Featured

  • Report: 47 Percent of Security Service Providers Are Not Yet Using AI or Automation Tools

    Trackforce, a provider of security workforce management platforms, today announced the launch of its 2025 Physical Security Operations Benchmark Report, an industry-first study that benchmarks both private security service providers and corporate security teams side by side. Based on a survey of over 300 security professionals across the globe, the report provides a comprehensive look at the state of physical security operations. Read Now

    • Guard Services

  • Identity Governance at the Crossroads of Complexity and Scale

    Modern enterprises are grappling with an increasing number of identities, both human and machine, across an ever-growing number of systems. They must also deal with increased operational demands, including faster onboarding, more scalable models, and tighter security enforcement. Navigating these ever-growing challenges with speed and accuracy requires a new approach to identity governance that is built for the future enterprise. Read Now

  • Eagle Eye Networks Launches AI Camera Gun Detection

    Eagle Eye Networks, a provider of cloud video surveillance, recently introduced Eagle Eye Gun Detection, a new layer of protection for schools and businesses that works with existing security cameras and infrastructure. Eagle Eye Networks is the first to build gun detection into its platform. Read Now

  • Report: AI is Supercharging Old-School Cybercriminal Tactics

    AI isn’t just transforming how we work. It’s reshaping how cybercriminals attack, with threat actors exploiting AI to mass produce malicious code loaders, steal browser credentials and accelerate cloud attacks, according to a new report from Elastic. Read Now

  • Pragmatism, Productivity, and the Push for Accountability in 2025-2026

    Every year, the security industry debates whether artificial intelligence is a disruption, an enabler, or a distraction. By 2025, that conversation matured, where AI became a working dimension in physical identity and access management (PIAM) programs. Observations from 2025 highlight this turning point in AI’s role in access control and define how security leaders are being distinguished based on how they apply it. Read Now

Most   Popular

New Products

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation.

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises.