Although biometrics is the most secure form of identification, the corporate world in Asia has been slow to adopt it to protect critical information in data centers and to more efficiently restrict access to enterprise IT systems.
This is despite the increasing availability of biometrics security systems including fingerprint, voice pattern recognition, 3D face recognition, vein pattern analysis, and even ear print pattern identification.
“Ears are known as the fingerprints of the face, and ear print patterns are quite unique,” said Dave Chadwick, senior solutions advisor, identity and biometrics, for Unisys. “There is even vein pattern analysis, which uses infrared light to highlight the veins on the back of the hand — or the back of one finger – which are also nearly as unique as fingerprints.”
Unisys is a worldwide information technology consulting services and solutions company which is also one of the world’s top 20 RFID vendors.
Chadwick is also a member of the Biometrics Institute Technical Committee, and was speaking in Singapore, after the Govware Conference (October 6 — 7) which had the theme ‘Positive Security: Empowering Business Models of the Future’ and was presented by Singapore’s Ministry of Home Affairs (MHA).
Responsible and ethical
The Biometrics Institute — ww.biometricsinstitute.org – has developed voluntary standards for the use of the technology, including regular audits and enforcing information privacy practices. It promotes the technology’s responsible and ethical use. The adoption of international standards has helped to advance e-ID protection globally.
Chadwick said that in the past five years there has been ‘a huge magnitude in improvement’ in biometrics technology, but the corporate world was generally still struggling with the cost-benefit analysis.
He said that biometrics systems would be perfect to protect data centres, to restrict access to critical information technology facilities, and to tightly control system administrator identities and their sensitive activities. Some commercial industries were also using biometrics for customer verification.
Current infrastructure configurations such as service oriented architecture and open source software enabled biometrics technologies and readers to be safely connected to systems without interfering with IT operability.
“Traditional security systems like usernames and passwords are now only the first line, the first factor, of defense. The average person today has about 28 passwords and too many users keep passwords on sticky labels stuck to computer monitors, or write their PIN numbers on their bank cards.
“These traditional systems rely on something you have, not who you are, but biometrics systems anchor your identity and are part of who you are. You can lose your ID card, or have it stolen, but no one can steal your fingerprints, your iris, your hands or your ears.”
Three factor authentication
Chadwick, a former policeman and forensic photographer, said banks — particularly those in Asia – had now introduced two factor authentication, with log-ins and digital tokens, but biometrics provided ‘three factor authentication’.
Some financial institutions now even used voice pattern recognition to definitely identify clients wanting to withdraw large sums.
Chadwick commended Singapore, Hong Kong and other developed Asian countries, for their advanced adoption of biometrics systems, particularly in enhancing citizen security and border control through e-passports. He said that these implementations represented only the first wave of biometrics development with the future possibly offering such breakthroughs as blood analysis by light, without requiring the skin to be penetrated. He highlighted an expensive motorcycle distributor in Australia, that installed a biometrics fingerprint identification system to restrict access to a lift, which provided entry to a store of hundreds of valuable machines.
“If a motorcycle dealer can use sophisticated biometrics technology to protect expensive machines, it’s hard to understand why larger corporations have not yet implemented this most secure form of identification to protect such things as mission critical data and systems.”