For years, it was the fodder of science fiction. Fantastic books, films and television shows introduced the possibility of one day using fingerprints or voice patterns to access confidential information, yet it always seemed a long way off.
The science of identity authentication by measuring and analyzing human body characteristics is no longer confined to fantasy. For better or worse, biometrics is arriving in measured doses, with many companies making efforts to bring biometrics into the mainstream through an array of new products.
Alastair Williams, an analyst with enterprise security enabler Axent Technologies, Inc. said biometrics might be everywhere in the blink of an eye, so to speak.
"We'll see biometrics that provide access to a digital certificate, or to a smart card that contains financial information or access to a building," he said.
A year ago, his company chose not to implement biometrics because the price was too high and the security improvements were too few. Today, it is reconsidering.
"Over the last year, the costs of these thumbprint readers are dropping dramatically," Williams said. "Many users already carry smart cards or tokens. It's more about what can we do to increase security without the user having to lug around a briefcase" full of hardware.
Williams said the previously high costs associated with biometrics have confined the technology primarily to the banking industry and well-financed
For your eyes only
Biometrics firm EyeTicket Corp. is working with the Charlotte/Douglas International Airport in North Carolina to take iris recognition to new heights.
For the past six months, the airport and U.S. Airways, Inc. have been using the McLean, Va. company's EyePass iris recognition portal to verify its employees' identities before they are allowed to enter the airport's secure areas.
The portal is a tall, enclosed glass cylinder. Inside, a camera is positioned to photograph the iris of anyone standing inside. The floor of the portal works as a scale to verify a person's approximate weight.
After an individual steps into the portal, it closes and the scale verifies only one person is inside. Then an ordinary digital camera takes a snapshot of the iris and compares it with unique, pre-recorded data about the colored portion of the eye. After a few seconds, if the data matches what is on file for that person, the door on the opposite side of the portal opens and the individual is allowed to pass through.
Evan Smith, vice president of technology for EyeTicket, said many confuse the non-invasive iris recognition process with archaic retinal scanning technology of years past.
"It shined a light in the back of your eye. Basically it's like a medical exam, and the topography of that nerve head is examined," said Smith. "Retinal scanning is not a suitable technology for the public."
Smith said the EyePass portal has been successful to date because the iris recognition process is fast and comfortable and the scale prevents anyone from "piggybacking" through the portal with the person being identified.
In fact, Smith said airport security officials have been very impressed with the product because, despite their best efforts, they have not been able to trick it into letting them through unless they were properly identified.
EyeTicket's portals are currently being installed in the Frankfurt Airport in Germany. In addition to airports, the company is also marketing its products for use in sports and entertainment venues.
Biometrics in general has become so intriguing in security circles that everyone wants to get in on the act, including Net Nanny Software Intl.
In the past five years, the Bellevue, Wash. company's consumer software has become the gold standard in home Internet security, but last month at COMDEX Fall 2000 they introduced biometric client-server software for the enterprise called BioPassword LogOn for Windows NT.
When a user logs on to a Windows network, BioPassword measures the unique typing style and timing one uses when typing in a user name and password. That data is compared with algorithms based on a user's pre-established typing patterns, transparently confirming or rejecting the user's identity.
Biometric security paired with a hardware-free interface is a combination that Mitch Tarr, vice president of strategic alliances for Net Nanny, sees as the key to success in the enterprise market.
"The emerging technologies like smart cards, tokens and PKI ... they're finding that difficult to implement," said Tarr. "And other biometric technologies, where they have to implement hardware across the network, are also difficult to implement."
Even though his company holds a considerable stake in the acceptance of biometric software, Tarr said hardware also has its place.
"I think there's a need for both. Right now, with the hardware you get the highest [security] level that biometrics can provide. The technology is evolving rapidly, and the price points get better every year," he said.
Net Nanny's BioPassword sells in service packs of 100 to 4,000 with prices ranging between $20 and $90 per seat.
Eyes wide shut
While the idea of being a password instead of remembering a password is intriguing to some; others find it disconcerting.
"In the few times I've heard people talk about, it I get the strange idea it's not good," said Jerry Bauck, president of Cooper-Bauck Corp., a small 3D audio company based in Tempe, Ariz.
"Fingerprint patterns, we leave them everywhere. Surely they can be transplanted to some sort of fake finger and transplanted to the reading device," he said.
Bauck said if biometrics becomes popular over the next few years, it might not be farfetched for criminals to steal fingers and eyeballs instead of credit cards and passwords.
He said he would not implement biometric security in his company because he would not only worry about his own safety, but also about the database his information was kept in.
"The system is no more secure than the database. If that data is compromised, the cat is out of the bag, and you can't change your fingerprint," Bauck said.
Scott McDonald, an activist against government-sanctioned biometrics, said this technology might give birth to a new form of discrimination.
"There's going to be an element of control passed over to government that will prevent people from making certain choices," said McDonald. He believes biometrics may give governments power to decide what is morally right or wrong for everyone.
McDonald said biometrics has a role in society, but where and how it is used should be determined very carefully. He said individuals should always be given the option to choose whether or not to use biometrics.
"Banking is a private industry, but it's heavily government regulated. When biometrics becomes an integrated component in banking services, and I believe that's where we're headed, then I have a problem with it being used in that capacity," McDonald said.
While opinions differ on the ethical and moral implications of biometrics, there is little dispute the technology is coming into its own, according to the vendors.
"Biometrics is, I think, not just ready for prime time, it is prime time," said EyeTicket's Smith. "Here's a security system that is has been running successfully in an airport for over six months and it's providing an incredibly high level of security."
"Everybody thinks it's still Star Trek," said Philippe Baarnaert, general manager of Fasttel Systems, a security solutions provider in Anzegem, Belgium.
Baarnaert said his company believes in the future of biometrics, but many people have yet to discover it is not just science fiction.
"The customers who come to speak with us are always very high security people, like the banking sector, the secret police or the people responsible for computer rooms," he said, rather than the average business.
"We spoke to a number of our large customers. Most of them were planning to move to some kind of PKI biometric solution, but they hadn't made a firm decision as to which," said Williams.
Fasttel offers facial recognition systems for between $3,500 and $50,000.
FOR MORE INFORMATION: