ID Cards Get a Touch-Up

Biometrics technology has its place in the identification world, though it does not spell the end of ID cards

Ten years ago, the use of biometrics for identifying people was only seen in the movies -- too advanced for the real world. Conversely, today's TV shows and movies, such as Las Vegas, The West Wing and X-Men, demonstrate just how common the technology has become, employing some form of biometrics in their plots.

The International Biometric Group estimates that biometric revenues for 2006 will be $2.1 billion, with growth estimated to be as high as $5.7 billion in 2007. This growth is visible at the government, corporate and even consumer level. Last year, a Minnesota-based grocery chain, Cub Foods, launched a payment system that allows customers to pay for their groceries using a finger scan linked to their financial accounts.

The International Biometric Group estimates that biometric revenues for 2006 will be $2.1 billion, with growth estimated to be as high as $5.7 billion in 2007. This growth is visible at the government, corporate and even consumer level.

It's clear that biometrics will continue to play a leading role in ongoing efforts to improve security credentials. But does the proliferation of biometric technology spell the end of ID cards? In other words, if you have 10 fingers, a hand or an iris to scan, do you still need to carry an ID card?

For privacy and security concerns, the answer is yes. Biometrics offer a way to enhance the security of a card-based security program, not replace it. Biometrics is an additional factor in authenticating a card holder.

Verifying a card holder's identity can be done using one, two or three independent criteria for authentication.

Authentication factors are generally recognized as:
1. Something you know, such as a password.
2. Something you have, such as an ID card.
3. Something you are, such as a fingerprint, handprint, iris scan, voice pattern or other biometric.

The more factors involved in the identification of a card holder, the more accurate the verification is. Anyone who has used an ATM understands this concept. You slide your card through (something you have), enter your PIN (something you know), and are authorized to complete your banking transactions. Adding a biometric factor to this kind of authentication adds another level of security. Biometrics can turn a weak authentication protocol into a strong one by adding a true personal identifier.

Match-On-Card Technology
So why not use a biometric with a PIN, without a card? The answer is the case for Match on Card biometrics. A Match on Card authentication program holds the biometric template on a secure smart card, rather than on a server or computer. The template is compared to a live biometric sample when the cardholder requests access or privileges. To enroll a card holder, a biometric, such as a fingerprint, is taken and stored onto the smart chip.

When a card holder needs to be verified, he presents his smart card to the access control device, then puts his fingerprint on the reader. The smart card's processor compares the two fingerprints to verify a match. Based on the match, the smart card makes the decision to deny or grant access.

Match on Card matches a live biometric sample to a biometric template on a smart card. The alternative, a one-to-many platform, means the biometric template is stored on a network, or in a database, rather than on a card. The FBI, for instance, has a one-to-many platform in their automatic fingerprint identification system. It contains 46 million computerized fingerprint records in its fast, highly secure system.

However, most civilian applications don't have the funds or expertise to set up a system on par with the FBI. When a biometric is stored on a network, it's out of the hands of the individual and is potentially available to anyone with access to the network. The recent loss of sensitive information on more than 26 million U.S. veterans and their families exposes how critical it is to retain individual control over personal data.

By matching the live biometric sample to the one stored on a smart card, additional benefits are gained:

Privacy. The biometric is locked on the card, not stored in a database or a network. Individual card holders control their biometric at all times. It is not released into a potentially non-secure environment such as a network or PC.

Security. The biometric data never leaves the card. At the point of access, the biometrics from both the card and the reader are read, but not stored. Plus, there is no identification of the card holder as the biometric comparison takes place. Access is granted by a match of two biometrics; the card holder's identity is not involved.

Speed. Generally, Match on Card is a faster alternative. When the fingerprint is stored on a central server instead of a card, the system has to look through all the different fingerprints on file to find a match. A one-to-one match saves time.

Integration. Since the match is done at the point of access, it's easier and less expensive to install a Match on Card system into an existing infrastructure. It also requires less memory usage.

Card Security
Should card security be a concern? For those afraid that walk-by hackers may be able to skim data off a card containing biometrics or other personal identifiers, this is a misconception. Even so, new technologies are available that shunt or block RFID transmissions, rendering a card completely disabled.

Other Considerations
Despite the advantages of biometrics, there are other, more practical reasons why it won't replace ID cards in the near future. In the United States, magnetic stripe and proximity cards still dominate the identification market. Until the need for security, privacy or efficiency pushes the market to full adoption of smart cards, biometrics as a means of identification will advance slowly.

In addition, an ID card generally contains the card holder's photo. This simple visual identification is important when electronic systems fail or when disaster hits. At the scene of a fire, a chemical spill or a terrorist attack, there may not be time or technology available to support an electronic identification of response workers. Visual identification -- matching a card to a face -- may be the only way to monitor whether a utility worker, telecom worker or medical professional is authorized to enter the disaster area.

Biometrics provide a clear path to significantly improving the authenticity of identity credentials. At their best, they will enhance the existing authentication factors to keep sensitive personal data protected.

Featured

  • Secure Your Home During the Holidays

    The most wonderful time of the year can easily transform into a nightmare. Being vigilant, while still enjoying the holiday season, is possible. The holiday season is the perfect time to start implementing security measures to protect one’s home and ensure security while out and about. Read Now

  • Five Cybersecurity Trends Predictions for 2024

    According to Cybersixgill, threat research experts, AI’s evolution will continually improve both organizations’ cyber defense efforts and cybercriminal activities. At the same time, increasingly complex regulatory requirements, continued consolidation of cybersecurity tools, a widening attack surface, and heightened global geopolitical issues will all play a significant role in driving the direction of cybersecurity. Read Now

  • AI on the Edge

    Discussions about the merits (or misgivings) around AI (artificial intelligence) are everywhere. In fact, you’d be hard-pressed to find an article or product literature without mention of it in our industry. If you’re not using AI by now in some capacity, congratulations may be in order since most people are using it in some form daily even without realizing it. Read Now

  • NSA Report Focuses on How to Protect Against Evolving Phishing Attacks

    The National Security Agency (NSA) and U.S. partners have released a new report describing the latest techniques in phishing attacks and the defenses organizations can deploy against them. Read Now

Featured Cybersecurity

New Products

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction. 3

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings. 3

  • ComNet CNGE6FX2TX4PoE

    The ComNet cost-efficient CNGE6FX2TX4PoE is a six-port switch that offers four Gbps TX ports that support the IEEE802.3at standard and provide up to 30 watts of PoE to PDs. It also has a dedicated FX/TX combination port as well as a single FX SFP to act as an additional port or an uplink port, giving the user additional options in managing network traffic. The CNGE6FX2TX4PoE is designed for use in unconditioned environments and typically used in perimeter surveillance. 3