My View
 

 

Let us know your opinion! You could use our Message form

 

1. Why use Biometrics?

Biometrics is expensive, complicated and prone to produce errors. Biometrics is not any more secure than other methods of checking persons. This kind of arguments we hear still too often.

What is the source of these negative judgements on biometric security systems?

We have started 15 years ago to use this technology, and indeed: there were very few systems which were good for practical use and presented an adequate reliability of the results without using too much time. Coupled to high purchasing costs these were reasons, that users made negative experiences with several brands and therefore judged the entire Biometry as not useful. However we have shown during this period of time that – given correct user introduction and good enrolments of the biometric properties – this was a very useful technology for automatic person identification.

Let us take the employee’s entry of a medium sized company with say 600 employees. You now would like to replace the concierge, charged with checking the persons at their entry, since you were aware that with 600 employees personal identification by a concierge was insecure. The memory of a guard usually is able to memorise and reliably identify some 100 persons which appear every day.

From the point of view of security even the presentation of badges was not optimal. They could without portrait be given to non authorised persons without any problem. Even the addition of a portrait on the openly shown badge could not be certain enough: No guard would stand as near to a person (in particular to a women) to be able to reliably compare photo and face of the person.

The introduction of machine-readable badges improved the situation somewhat, since you could achieve with a mantrap that no invalid or unauthorised badges were getting access. But who was the person presenting the badge? You could not detect unauthorized presenters of cards because of passing the card to other persons, with or without purpose.

By using (additional) passwords or personal identification numbers (PIN's) one tried to augment reliability of identification even further. But this was again not protecting the passing on to unauthorised, in particular when passwords (as this is still the case with PCs) were given to the secretary or noted on easy accessible items.

Only biometrics, i.e. the automatic recognition of physiological properties of a body has finally helped. Bo doubt it is possible even to copy biometric properties – but the path to success was small, costly and took time. Finally a higher level of security was reached.
 

© René Brüderlin, 23.9.2007



2. Today’s Properties of Biometric Security Equipment

Today you can ask the following properties from a biometric access control system:

  • With a correct identification opening of a door within max. 2 seconds
     
  • Insensitive against careless use (e.g. with fingers being placed wrongly or otherwise careless, dirty fingers)
     
  • Not weather sensitive (outdoor use)
     
  • Low maintenance, no parts wearing out and asking for replacement
     
  • Simple procedures for the users
     
  • Quick enrolment of new users – without neglecting security
     
  • Price comparable to other types of access control equipment (e.g. card readers)
     
  • Simple management (e.g. time limits for access rights, deletion of access rights)
     
  • etc.

Not all units and systems available today fulfil these conditions – but there are systems of good and very good quality, with the necessary built-in application flexibility, and proven in practice.

We are your guarantee for the selection of such systems which have created satisfaction with thousands of users in the past.
 

© René Brüderlin, 29 Oct. 2007



3. Privacy Problems with Biometric Security Technology?

We often see publications on violating privacy when using biometric security devices, especially in Access Control Applications based on fingerprints. Some privacy officials have even stopped such systems to be installed.

We think this is an exaggerated form of use of the idea of privacy. Privacy means in fact protection of personal data – e.g. protection of buildings from unauthorised access. This can be achieved using biometric devices.

The argument that a stored fingerprint could be misused (e.g. given to the police for further investigations) is not valid for modern fingerprint security installations. These installations do not memorise fingerprint images, but only fingerprint templates. Those templates cannot be used to reconstruct the complete fingerprint image (despite of other opinions presented through the Internet). A misuse is therefore only possible inside of a similar (or the same) installation – provided one can access the systems memory. Of course it is necessary to provide for difficult access to those systems.

Some people see the template as private property of the user which should be protected anyhow. We use for a very long time already photographs and data on colour of hair and eyes, size and weight of a person in e.g. passports, without somebody raising objections with regards to privacy.

Memorising such data in data bases is for a long time a standardised and accepted procedure.

More complicated is the case of connected data bases on order to find combined data of a person. But this is due to the character of data bases in general and has not been aggravated by the introduction of biometry. Biometry is nothing but an automatic and very precise means of checking the identity of a person.

We therefore think that complaints with respect to privacy are not justified.
 

© René Brüderlin, 23.9.2007



4. Insecure Biometric Security?

We often discover publications which mention violation possibilities of biometric identification processes. You can even find complete instructions on how to fraud these systems, e.g. in the Internet.

As a principle every security structure can be broken up provided know how, means and enough time is available. This is true for all security devices, including biometry. And this signifies that the environment of a security structure has to be carefully checked for intrusion possibilities.

The advantage of biometry lies in the fact of using properties of the body which cannot be transferred to somebody else like a badge or a password.

More arguments:

  • Manufacturing the copy of a biometric property usually asks for a passive or active co-operation of an already enrolled user. This is obviously very much simpler in the case of face recognition or iris recognition with photography if no additional measures are taken. However with the fingerprint a three-dimensional structure of the copy is required.
     
  • Even face recognition nowadays uses three-dimensional templates and are therefore difficult to copy.
     
  • The so called live recognition can make the copying of a biometric property even more difficult – despite of the fact that those precautions are not 100% proof, but ask for a major investment of time, knowledge and material.
     
  • Another possibility is the introduction of one of my own templates into the existing PC structure ore network. This asks for means to create with the official Algorithm a template, and an electronic access to the memory of the installation (man-in-the-middle).
     
  • All other intrusion methods are conventional, i.e. not specialities of biometry (as the mechanical breaking of a door), which could be detected by conventional means (like noise, destruction of cases etc.).

One should also check the probability that an intruder is able and willing to surmount all these obstacles. ‘Nothing is impossible’, but how probably is it in a particular case, that an intruder overcomes all these obstacles and has adequate knowledge?

It is a common error to argue that the mere copy of a fingerprint is sufficient to fraud a fingerprint biometric system. Professional installations usually have a bundle of hurdles included with biometry, in order to recognize copies or prevent other intrusion methods.

Let us summarise: Despite of the above mentioned disadvantages, biometric identification is up to today the most secure of all systems based on identification of persons.
 

© René Brüderlin, 23.9.2007