For biometrics, more is better

As federal agencies step up their use of biometrics, they're likely to adopt solutions that rely on two or more biometric technologies to verify identities and protect computers, networks and facilities.At the recent CardTech-SecurTech Conference in Washington, experts and government officials touted the capabilities of maturing biometrics technologies, and said a security strategy that relies on multiple technologies will require extensive systems integration.That agencies are discussing when -- not if -- they will adopt biometrics is a milestone for the nascent industry, which identifies people by biological traits, such as fingerprints, faces or irises. The market for biometric solutions is expected to reach $4.6 billion in 2008, up from $1.2 billion this year, according to International Biometric Group LLC, a New York consulting group.Last December, an analyst told Washington Technology that adoption of biometrics was being held up because vendors and IT groups couldn't decide which technology would become the standard for securing buildings and computer networks. "People are trying to figure out which biometrics technology is VHS and which is Betamax," said Thom Rubel, an analyst for Meta Group in Stamford, Conn.Now it appears that agencies requiring a high level of security may deploy the biometric equivalents of VHS and Betamax together, even if it's too early to determine which is which."Biometrics have begun shaking loose over the last seven or eight months," said George Cayey, business manager for Fairfax, Va.-based Anteon International Corp. "People have put a lot of hard thought into biometric technology, and as a result you're starting to see it improve."Charles McQueary, undersecretary of science and technology for the Homeland Security Department, said the agency is exploring use of multiple biometrics to improve its ability to identify people. DHS has installed technology at 115 airports and 14 seaports to capture digital fingerprints and photos as part of the U.S. Visitor and Immigration Status Indication Technology program."We're also testing iris scanning technology as an adjunct or alternative," McQueary said. "In the future, the State Department will issue machine-readable passports that incorporate [biometric] technology."The Defense Manpower Data Center, which oversees the Defense Department's Common Access Card program, is designing the second version of its smart-card framework with biometrics in mind."The new framework will accommodate multiple templates, including fingerprints and iris scans," said Lynne Prince, deputy of the center's Access and Authentication Technology Division.CHALLENGES AND CHANCESExperts note that the momentum behind biometrics does not mean the technology's principal stumbling block -- how well it works -- has been resolved. There is general agreement that fingerprint recognition has evolved into the most reliable biometric technology, but companies and users still evaluate all solutions in terms of verification and false acceptance rates, or whether the technology successfully identifies someone.[IMGCAP(2)]Jonathan Phillips, program manager at the Defense Advanced Research Projects Agency, led a 2002 study of facial recognition technology for the National Institute of Standards and Technology. Under good conditions, Phillips said, facial recognition, which can be used to cross-check people against a large database of photographs, makes a positive ID better than 90 percent of the time. That figure falls as the number of photos in a database grows or if a photo is taken under less optimal conditions, such as outdoors or when a subject isn't looking directly at the camera.For example, when photos are taken outdoors and compared to photos taken indoors, the identification rate plummets to 50 percent and below, according to the study."Women in general, especially young women, are harder to identify," Phillips said. "Identifying faces outdoors is the great frontier." The imperfection of biometric technologies is one factor behind the push toward multiple-biometric identification. Not only can a pair of biometrics heighten security by forcing a system to authenticate someone more than once, but also one biometric can provide a safety net should another fail to identify a person.Bernard Bailey, chief executive officer of Billerica, Mass.-based Viisage Technology Inc., said regardless of the state of technology, it makes perfect sense to deploy multiple biometrics in an overall security solution. So-called "N-factor biometrics is simply more accurate," he said.Bailey compared multiple-biometric identification to the process of finding someone on the floor of a convention center. The seeker might know a person's name and approximate age, providing the foundation for a search. A photo would help, but it might be old, and the seeker would need to look people in the face to make a positive ID. "If you've heard my voice before, you have an even better chance [of picking me out]," Bailey said.As agencies adopt multiple biometric technologies, integrators will be responsible for making them work together, said Bill Dennehy, vice president of worldwide sales for AuthenTec Inc., Melbourne, Fla. AuthenTec makes fingerprint readers that go into cell phones and security tokens."Part of that challenge will be to pull it all together in a cost-effective method," Dennehy said.To that end, integrators have to become familiar with a variety of biometric technologies rather than focusing on one or two. In addition, they need to understand the interoperability standards that biometric products are starting to adhere to, such as BioAPI and the Common Biometric Exchange File Format. Information on international biometrics standards can be found at NIST's Information Technology Laboratory Web site (www.itl.nist.gov).Bailey said Viisage, which is working on 3D face recognition technology for the Defense Department and supplies equipment for the Common Access Card program, looks to partner with technology companies and integrators to build complete biometric solutions for government. The company is working with Unisys Corp. of Blue Bell, Pa., on the 3D face recognition project.Biometrics can't be effective without the right back-end systems, Bailey said. Unless a government agency is committed to adopting the business logic required to integrate databases and processes, they shouldn't deploy biometrics. "Biometrics is not a lights-out technology. Its value is as a tool in a larger solution," he said.Although agencies are showing more interest in biometrics, including multifactor biometrics, many may not have the money for large-scale deployments.The Defense and Homeland Security departments, with their sizable budgets, will continue to push the envelope on biometrics adoption, but civilian agencies have been slow to catch on, said Michael Brooks, director of the Center for Smart Card Solutions at the General Services Administration."Civilian agencies were somewhat reluctant to use biometrics, but they've become interested in it where they need a higher level of security," Brooks said. "Where funding was available before the war, budgets are now tight."Brooks said GSA's smart-card center, where the agency demonstrates smart-card and biometric solutions, has seen a drop-off in government IT offices seeking information, but not for a lack of interest in the technology."Agencies are continuing to do small pilots," Brooks said. "They're finding ways to get it started so they can build on it when the money is there." *Staff Writer Brad Grimes can be reached at bgrimes@postnewsweektech.com.