The Magic Touch

Biometrics offers the best solution for identifying people at border crossings

THE fluctuating state of global migration, combined with international terrorism threats, make ID verification increasingly important at border crossings. According to Customs and Border Protection, in 2005, the United States had an average of 1.2 million visitors per day at the 314 land, air and seaports last year. Approximately 3,000 entries were denied. Since 2002, more than 6 million people have been expelled while attempting to enter the United States illegally (7 percent of them had criminal records). However, in August, the Department of Homeland Security reported that there were still around 10.5 million unauthorized immigrants living in the United States in January 2005. Around 72 percent of the unauthorized immigrants living in the United States were from North and Central America (Canada, Mexico, Bermuda and the Caribbean). And Mexico accounted for nearly 6 million people.

One of the reasons for these high figures is that traditional IDs can easily be counterfeited or falsified, and conventional ID verification technology is no longer sufficient to detect such falsifications.

Consequently, the Secure Border Initiative is designed to reduce illegal immigration and strengthen security and controls along U.S. borders and in international airports. For instance, the number of border patrols agents has increased significantly, and investments in modern technology is being expanded.

On the ID side, HSPD-12 establishes a "government-wide standard for secure and reliable forms of identification issued by the federal government to its employees and contractors." The directive also promulgates a federal standard for secure and reliable forms of identification. It explicitly says that identification should be strongly resistant to identity fraud, tampering, counterfeiting and terrorist exploitation and should be rapidly authenticated electronically. In addition, the policy states that the directive will be implemented in accordance with the Privacy Act and other statutes protecting the rights of Americans.

This directive is a key driver for governments and ID applications everywhere in the world. Both the deployment of FIPS 201-compliant ID applications within federal agencies and the e-passport project are expected to lead to the implementation of reliable, secure and interoperable solutions to authenticate individuals.

Integration of Biometric Requirements
Already, within the frame of the U.S. government's Personal Identity Verification (PIV) card program, security templates will include a fingerprint identifier and embedded personal information. Smart card IDs will also be used for the Transportation Worker Identification Credential (TWIC) program that aims to issue approximately 10 million IDs to transportation workers over the next two to three years. In May 2003, the International Civil Aviation Organization, recommended that biometrics be used in e-passports and other machine-readable travel documents. In Europe, the Visa Information System (VIS) is a border control project that will use biometrics to enhance security and facilitate traveling within the EU. England also will begin issuing biometric passports with facial recognition in 2006 and fingerprint technology by 2009. Hong Kong, Malaysia and Thailand also are early adopters of ID card programs.

Currently, smart cards are the most secure medium for personal and confidential data. Due to embedded computing power and advanced security features, smart cards are widely used in corporate, military and governmental security applications. Since the Sept. 11, 2001, terrorist attacks, government agencies and airport authorities, in particular, have been looking for ways to strengthen security, stepping up their investigations of biometrics technology. Biometrics, in combination with smart cards, can be used to quickly verify the identity of an individual entering the country. Large government and private organizations have identified biometric technologies as key in raising the level of ID authentication accuracy and plan to invest substantial amounts into biometric security solutions for future security needs.

Integration Benefits of Biometrics
Biometric identification solutions have several distinct advantages over other authentication technologies, such as passwords, in reliably recognizing individuals. Human characteristics, such as fingerprints, facial and iris patterns, are uniquely identifiable traits that cannot be lost or stolen. Traits are unique in the same way the individual is unique.

Due to the increasing reliability of biometrics, the technology is now being used in many more applications. Today, solution prices are more affordable and biometrics system manufacturers have established technical standards to leverage the technology's requirements and uses.

Fingerprint recognition is the most widely used biometric recognition method because it is highly accurate, relatively non-intrusive, uses an existing reference database and is affordable. Fingerprint identification is based on optical, capacitive, thermal, ultrasound or pressure/tactile sensors. Optical sensors have several advantages, including ease of use, durability, lower cost per surface area, as well as high detection accuracy. Conventional optical technology is based on external optics and is the oldest and most widely proven technology, but so far, has been too bulky and costly for smart card integration. Currently, there are nearly 40 companies worldwide developing and/or manufacturing fingerprint sensors. Most companies are using silicon sensors and a capacitive detection process.

Smart cards are already used in financial and other fingerprint identification-compliant applications, offering high security for the storage and processing of sensitive data. High-security smart cards provide state-of-the-art digital signature technologies for secure e-business transactions and reliable ID solutions. But even the strongest security mechanisms are protected by PINs or passwords that are subject to being compromised or forgotten. Combining high-security smart cards with biometrics eliminates the weakest point -- PINs and passwords. By linking the user directly to the identification process through their unique physiological and/or behavioral traits, it is possible to determine that the authorized user is indeed present -- not just someone who happens to know a combination of numbers or letters.

Many biometric and smart card manufacturers are developing biometric smart card solutions. Smart card-based biometric authentication solutions are subdivided into three technical categories: template-on-card, match-on-card and biometric system-on-card.

Template-on-card. Template-on-card solutions allow only the storage of biometric templates on the smart card. Acquisition, feature extraction and matching are conducted in an external device -- such as a PC with biometric sensor and software. Today, almost all smart cards have sufficient memory capacity for the storage of biometric templates, and many biometric vendors offer template-on-card solutions.

The storage of biometric templates on a smart card offers much more security and privacy than the storage on PC's, servers or centralized databases. But, compared to the other biometric smart card solutions, template-on-card solutions have the lowest security level. The technology requires the biometric template leave the smart card's secure memory and be transferred into a more vulnerable environment such as a PC. Template-on-card solutions always need external biometric devices with additional biometric software, so the cost for the complete identification infrastructure is substantial.

Match-on-card. Match-on-card solutions offer the second-highest level of security and convenience. A state-of-the-art smart card has enough processing power and memory for the storage of biometric templates and the matching of fingerprints. The processing-intensive acquisition and feature extraction are conducted in an external device?a smart card reader with integrated biometric sensor, microprocessor and memory. Therefore, match-on-card solutions always require external biometric devices with additional biometric software, which includes an investment in identification infrastructure. However, match-on-card solutions are more secure, since the biometric template does not need to leave the smart card.

There are currently only a few smart card and biometrics companies -- Giesecke & Devrient, Precise Biometrics AB, Activcard and Oberthur Cards -- that offer match-on-card solutions.

Biometric system-on-card. The biometric system-on-card concept offers the highest level of security, privacy and convenience. In a system-on-card solution, the smart card contains a complete biometric verification system with biometric sensor, secure biometric controller and memory. The acquisition, feature extraction, match and storage of the biometric template are conducted directly on the smart card. Therefore, system-on-card solutions need neither external biometric devices or readers, nor additional biometric software. These cards are designed to use existing smart card infrastructure.

Due to technological restrictions specific to smart cards (memory size, computing power, power consumption, mechanical dimensions, bending resistance), only fingerprint and voice recognition technologies can actually be integrated into ISO/IEC 7816-compatible smart cards. Face and iris recognition technologies require more computing power and memory than what is currently possible with smart card processors. Furthermore, paper-thin and flexible optics for smart cards are not yet widely commercially available, though the field of printed electronics and organic semiconductor-based devices holds great promise for alternatives to conventional silicon-based technologies.

An ISO/IEC 7816-compatible system-on-card solution is based on fingerprint biometrics, requires a thin and unbreakable life-scan fingerprint sensor and a highly integrated biometric controller with sufficient non-volatile memory for biometric template storage.

There are at least three limiting factors as to why no commercially available fingerprint sensor can be integrated into ISO/IEC 7816-compatible smart cards -- a thickness of more than 0.8 millimeters, insufficient bending resistance and cost.

Silicon sensors have technical potential for integration into smart cards, if new thinning technologies are applied, but price will still be an issue.

Biometric Smart Card ID Requirements
There are a number of important requirements for biometric verification systems embedded on a smart card. The first is high recognition accuracy and high reliability. The smart card must fulfill the highest security requirements. The system must be evaluated and certified according to worldwide accepted security standards like Common Criteria EAL4+, ITSEC E4 hoch, FIPS 140, ZKA, Visa and EMV. The card must also offer a high degree of protection against identity theft. The fingerprint verification system must provide advanced fraud detection capabilities to prevent identity theft through fake fingers.

In addition, it's a requirement to offer strong protection of biometric data against forgery and misuse. The fingerprint verification system must provide strong protection techniques for personal and biometric data to meet the requirements of data protection laws and consumer organizations. Once the integrity of biometric data is compromised, it can never be regained. Unlike a password, biometric data cannot be changed. In this, the system must provide low false-acceptance and rejection rates, and acceptance of a wide range of finger types, from very dry fingers to very wet fingers.

And in being ISO/IEC 7816-compliant, the system must meet the strong demands of low production prices while at the same time being compatible and interoperable with existing readers, applications, production equipment and processes.

Outlook and Opportunities
Some technologies, like 2-D barcodes or a dot matrix, will likely be used in some ID applications. But in such cases, the achieved security level is far below what is required to secure borders against illegal immigration or terrorist attacks. In addition, the use of RFID in national ID programs will enable border agents to collect ID data more quickly but, if used alone, cannot improve the ID verification accuracy level. RFID chips embedded in a visa or in an ID card can only help track the document, but not the actual and legal owner of the document. Similarly, PINs used in smart cards are only useful to authenticate the smart card itself, not the owner of the smart card.

Biometrics creates the required link between any individual crossing a border, that person's ID and the threat assessment. This is key in securing ID authentication and ensuring that an individual is who he or she claims to be at a border checkpoint or during a border patrol check.

Currently, template-on-card solutions are, and will be, the most widely used solutions for national biometric IDs in the short term. Some biometric ID solutions that are based on two different biometric traits or a combination of fingerprint data and a PIN code have already been successfully evaluated in major ID programs like TWIC. Alternately, several match-on-card solutions also are being seriously investigated for security and privacy advantages. These solutions can be considered for some near-term applications like PIV.

What was not possible with conventional silicon fingerprint sensors now seems feasible thanks to recent developments in the field of thin-and-flexible printed sensors, which can be integrated into smart cards. Multimodal biometric sensors that can detect surface fingerprints, blood parameters and underlying tissue structures are being developed through printed electronics manufacturing techniques. The multimodal capacity increases the identity verification accuracy and protects against the possibility of fraud through the use of fake fingers. A combination of multimodal smart card-embedded biometric systems and RFID can be a secure and efficient way to authenticate ID at U.S. borders, as well as sea or airports anywhere in the world.

Emerging technologies widen the possibilities of incorporating biometrics into smart card solutions that are currently in use and paves the way for a secure and reliable ID authentication system for use at border crossings that meet both the security and privacy requirements listed in HSPD-12.

This article originally appeared in the December 2006 issue of Security Products, pgs. 72-74.

Featured

  • Gaining a Competitive Edge

    Ask most companies about their future technology plans and the answers will most likely include AI. Then ask how they plan to deploy it, and that is where the responses may start to vary. Every company has unique surveillance requirements that are based on market focus, scale, scope, risk tolerance, geographic area and, of course, budget. Those factors all play a role in deciding how to configure a surveillance system, and how to effectively implement technologies like AI. Read Now

  • 6 Ways Security Awareness Training Empowers Human Risk Management

    Organizations are realizing that their greatest vulnerability often comes from within – their own people. Human error remains a significant factor in cybersecurity breaches, making it imperative for organizations to address human risk effectively. As a result, security awareness training (SAT) has emerged as a cornerstone in this endeavor because it offers a multifaceted approach to managing human risk. Read Now

  • The Stage is Set

    The security industry spans the entire globe, with manufacturers, developers and suppliers on every continent (well, almost—sorry, Antarctica). That means when regulations pop up in one area, they often have a ripple effect that impacts the entire supply chain. Recent data privacy regulations like GDPR in Europe and CPRA in California made waves when they first went into effect, forcing businesses to change the way they approach data collection and storage to continue operating in those markets. Even highly specific regulations like the U.S.’s National Defense Authorization Act (NDAA) can have international reverberations – and this growing volume of legislation has continued to affect global supply chains in a variety of different ways. Read Now

  • Access Control Technology

    As we move swiftly toward the end of 2024, the security industry is looking at the trends in play, what might be on the horizon, and how they will impact business opportunities and projections. Read Now

Featured Cybersecurity

Webinars

New Products

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities 3

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation. 3