Faced with document fraud and identity theft, with new threats such as terrorism or cybercrime, and faced with the understandable changes in international regulations, new technological solutions are gradually being implemented. One of these technologies, biometrics, has quickly established itself as the most pertinent means of
authenticating individuals in a reliable and fast way, through the use of unique biological characteristics.
Today, many applications make use of this technology. That which in the past was reserved for sensitive applications such as the security of military sites is now developing rapidly through applications in the public domain.
What is biometrics?
Biometrics is the science of analyzing physical or behavioral characteristics specific to each individual in order to be able to authenticate their identity.
In the literal and most simple sense, biometrics means the "measurement of the human body".
There are two categories of biometric technologies: physiological measurements and behavioral measurements.
physiological measurements can be either morphological or biological. These mainly consist of fingerprints, the shape of the hand, of the finger, vein pattern, the eye (iris and retina), and the shape of the face, for morphological analyses.
For biological analyses, DNA, blood, saliva or urine may be used by medical teams and police forensics.
The most common forms of
behavioral measurements are voice recognition, signature dynamics (speed of movement of pen, accelerations, pressure exerted, inclination), keystroke dynamics, the way objects are used, gait, the sound of steps, gestures, etc.
The different techniques used are the subject of ongoing research and development, and, of course, are being constantly improved. However, the different sorts of measurements do not all have the same level of reliability. Physiological measurements are usually considered to offer the benefit of remaining more stable throughout the life of an individual. For example, they are not as subject to the effects of stress, in contrast to identification by behavioral measurement.
Biometrics allows a person to be identified and authenticated based on a set of recognizable and verifiable data, which are unique and specific to them.
Biometric identification consists of determining the identity of a person. The aim is to capture an item of biometric data from this person, for example by taking a photo of their face, by recording their voice, or by capturing an image of their fingerprint. This data is then compared to the biometric data of several other persons kept in a database. In this mode, the question being asked is a simple one: "Who are you?".
Biometric authentication, also known as verification, is the process of comparing data for the person's characteristics to that person's biometric "template" in order to determine resemblance. The reference model is first store in a database or a secure portable element like a smart card. The data stored is then compared to the person's biometric data to be authenticated. Here it is the person's identity which is being verified. In this mode, the question being asked is: "Are you indeed Mr or Mrs X?".
Biometrics: a very old story indeed
Biometrics addresses a
longstanding concern to be able to prove one's identity, irrefutably, by making use of what makes one different.
Going as far back as prehistoric times, man already had a feeling that certain characteristics such as the trace of his finger were sufficient to identify him, and he "signed" with his finger.
In the second century B.C., the Chinese emperor Ts'In She was already authenticating certain seals with a fingerprint.
In the 19th century,
Bertillon took the first steps in scientific policing. He used measurements taken of certain anatomical characteristics to identify reoffending criminals, a technique which often proved successful, though without offering any real guarantee of reliability.
This budding use of biometrics was then somewhat forgotten, only to be rediscovered by
William James Herschel, a British officer, to be used for an entirely different purpose. Having been put in charge of building roads in Bengal, he had his subcontractors sign contracts with their fingerprints. A sure way of being able to find them more easily if they defaulted…
This application already expresses the basic principle of biometrics: to identify a person based on certain unique characteristics.
Biometrics is growing fast, particularly in the field of identity documents. It is generally combined with other security technologies such as smart cards.
Biometrics as inextricably linked to the question of identity
There are three possible ways of proving one's identity:
- by means of something that you possess. Until now, this was something that was relatively easy to do, whether it was by using the key to one's vehicle, a document, a card, or a badge.
- by means of something that you know, a name, a secret or a password.
- by means of what you are, your fingerprint, your hand, your face.
The use of biometrics has a number of benefits, the leading one being the level of security and accuracy* that it guarantees. In contrast to passwords, badges, or documents, biometric data cannot be forgotten, exchanged, or stolen, and cannot be forged.
*According to calculations made by Sir Francis Galton (Darwin's cousin), the probability of finding two similar fingerprints is one in 64 billion even with identical twins (homozygotes).
It is in this sense that biometrics is inextricably linked to the question of identity.
The civil uses of biometrics today
These applications are predominantly introduced by national authorities, as the biometric enrollment and management of a population's fingerprints call for a tightly regulated legal and technical framework.
The application which has been most widely deployed to date is the electronic passport (epassport), particularly with the second generation of such documents also known as biometric passports, on which two fingerprints are stored in addition to a passport photo. Biometrics provides irrefutable evidence of the link between the document and its holder.
Another advantage of this solution is that it speeds up border crossing through the use of scanners, which use the principle of recognition by comparison of the face and/or fingerprints.
Other applications exist, chiefly national identity cards, widespread in European and Middle East countries or in Africa for ID and health insurance programs, such as in Gabon. With these biometric ID cards, fingerprints are used to confirm the identity of the bearer of the card before he or she is given access to governmental services or healthcare.
In addition, many countries have set up biometric infrastructures to control migration flows to and from their territories. Fingerprint scanners and cameras installed at border posts capture certain types of information that help identify travelers entering the country in a more precise and reliable way. In some countries, the same applies in consulates to visa applications and renewals.
Data acquisition requires reliable equipment to ensure optimum capture of photos and fingerprints, essential for precision during comparison and verification.
AFIS databases (Automated Fingerprint Identification System), often linked to a civil register database, ensure the identity and uniqueness of the citizen in relation to the rest of the population in a reliable, fast and automated way. They can combine digital fingerprints, a photo and an iris scan for greater reliability.
Cutting-edge technologies combining security and comfort
Biometrics offers a broad range of techniques and can be used in a wide variety of different domains, ranging from State security to the comfort of individuals. Biometric techniques are mainly used in the sectors of forensic identification, identity management, as well as access control and administration, both in private and public institutions. The effectiveness of this technology is closely linked to the use of data processing. Data is stored in files to enable rapid and reliable identification, which in turn guarantees both comfort and security.
The most well-known techniques include fingerprints, facial, iris, palm and DNA-based recognition. Research is currently opening the way for new types of biometrics, such as ear shape or facial thermography.
Whatever the method, what all these biometric techniques have in common is that they all collect characteristics which are:
- universal, as they can be found in all individuals
- unique, as they make it possible to differentiate one individual from another
- permanent, allowing for change over time
- recordable, as the characteristics of an individual cannot be collected without their consent
- measurable, allowing for future comparison
- and forgery-proof.
The challenge to be met: the determining factor in the choice of technique
The justice system, for example, which must take the necessary time to identify a criminal and cannot accept the slightest error, will not be worried by a long and costly process.
An everyday individual will seek to protect their own personal property and have access to it easily, at a reasonable price.
Governments and public administrations are in their case confronted with multiple issues at once: making it easier to cross borders while controlling illegal immigration, fighting terrorism, cybercrime or electoral fraud, issuing documents compliant with new international standards and regulations, guaranteeing the security of systems for the production, issuing and checking of such documents, and data interoperability within the limits of their budgets.
On this scale, only an innovative approach to global security which make use of technological solutions and process which are adapted to the challenges to be met, can enable States to effectively address the issues they face and provide them with the means of building trust.
The technical risks of biometrics: recognition
Here, we talk of "false rejections" or "false acceptances". In one case, the machine fails to recognize an item of biometric data that does however correspond to the person. In the reverse case, it assimilates two items of biometric data that are not in fact from the same person. "False rejection" or "false acceptance" are symptoms which occur with all techniques used in biometrics.
The risks of error are related to very different factors.
Take the example of a person with their biometric characteristics. We have noted that particular biometric techniques were more or less well suited to certain categories of persons. The difficulties are related to ergonomic factors of which we do not yet have a firm grasp or understanding. A certain system may work for women, but less well for men, or for young people but not for older people, for people with lighter skin, but less well for those with darker skin.
Other difficulties arise in particular with facial recognition, when the person dyes or cuts their hair, changes the line of their eyebrows or grows a beard. We can imagine cases of "false acceptance" when the photo taken modifies distinctive character traits in such a way that they match another item of biometric data stored in the database.
Other errors are also possible depending on the technologies used during the biometric enrollment phase. A verification photo taken with a low-quality model of camera can noticeably increase the risk of error. The accuracy of the identification relies entirely on the reliability of the equipment used to capture data.
In addition to being dependent on the technique used, the risk of error also varies depending on the environment and the conditions of application. The light may differ from one place to another, and the same goes for the intensity or nature of background noise. The person's position may have changed. In the laboratory, under perfect conditions, in a controlled environment and using adapted technologies, the rate of error in detection of a face varies between 5 and 10 %.
In addition, in a biometric control application, the rejection or acceptance rate are intertwined and can be tuned according to an acceptable level of risk. It is not possible to modify one without impact the other one. In the case of a nuclear plant access control application, the rate of false acceptance will be extremely reduced also impact the rate of false rejections.
The reliability of biometrics
Biometrics relies on statistical algorithms. It therefore cannot be 100 %-reliable when used alone.
For a number of years now, the use of several biometrics in combination, for example the face and the iris or the iris and fingerprints, has made it possible to reduce error rates considerably.
But this reliability depends on the acquisition tools and algorithms used being of good quality. Though this solution may appear attractive in principle, identification requires the implementation of a centralized server, with a particularly secure architecture.
Tokens and smart ID cards for greater reliability
Biometrics suffers from the fact that the matching algorithms cannot be compared to the hashes of passwords.
This means that two biometric measures cannot be compared with each other without them, at some point, being "in plaintext" in the memory of the device doing the matching. Biometric checks must therefore be carried out on a trusted device, which means the alternatives are to have a centralized and supervised server, a trusted terminal, or a personal security component.
This is why tokens and smart cards are increasingly being considered as the ideal companions for a biometric system.
Numerous national identity cards (Portugal, Ecuador, South Africa, Mongolia, Algeria, etc.) now incorporate digital security features, which are based on the "Match-on-Card" fingerprint matching algorithm. Unlike conventional biometric processes, the "Match-on-Card" algorithm allows fingerprints to be matched locally with a reference frame thanks to a microprocessor built into the biometric ID card and without having to connect to a central biometric database (1:1 matching). The biometric identifiers are checked locally and protected, as they are stored solely on the card. Moreover, it is possible to proceed with authentication even when there is no connection to the server.
Identification or authentication: the impact on data protection
Biometrics can fulfill two distinct functions, authentication and identification.
Identification answers the question "Who are you?". In this case, the person is identified as one among a group of others (1:N matching). The personal data of the person to be identified are compared with the data of other persons stored in the same database or possibly other linked databases.
Authentication answers the question: "Are you really who you say you are?". In this case, biometrics allows the identity of a person to be certified by comparing the data that they provide with pre-recorded data for the person they claim to be (1:1 matching).
These two techniques solutions call upon different techniques. Identification in general requires a
centralized database which allows the biometric data of several persons to be compared. Authentication can do without such a centralized database. The data can simply be stored on a decentralized device, such as one of our smart cards.
For the purposes of data protection, a process of authentication with a decentralized device is to be preferred. Such a process involves less risk. The decentralized is kept in the user's personal possession and their data does not have to be stored in any database. Conversely, if an identification process requiring an external database is used, the user does not have physical control over their data, with all the risks which that involves.
Two types of risks can be identified.
- The use of biometric data to other ends than those agreed by the citizen either by service providers or fraudsters. As soon as biometric data is in the possession of a third party, there is always a risk that such data may be used for purposes different to those to which the person concerned has given their consent.
There may thus be cases of unwanted end use if such data is interconnected with other files, or if it is used for types of processing other than those for which it was initially intended.
- The risk on the biometric database and data presented for biometric check. The data can be captured during their transmission to the central database and fraudulently replicated.in another transaction.
The result is a person losing control over their own data which poses major risks in terms of privacy. In practice, data protection authorities seem to give preference to solutions which feature decentralized data devices.
For Gemalto, whether it is a matter of biometrics or not, the identity of a person, provided by their country, should be under his/her control.
The legal frameworks
In application of the principle of proportionality as defined by Article 5 in the European Union, any processing of personal data must be proportional to its purposes with regard to the risk that it poses to the privacy of the persons concerned. Accordingly, whenever the intended objective can be achieved using an authentication-based system, Gemalto can propose an identification system which will pose less risk in terms of privacy and data protection. The advice that we can provide to our customers is of fundamental importance to the relationship of trust we build with them.
While there are hardly any legal provisions in the world that are specific to biometric data, despite the very specific character of such data, the French Data Protection Act of 1978, officially entitled the "Loi relative à l'informatique, aux fichiers et aux libertés " [English title:
Act on Information Technology, Data Files and Civil Liberties] sets out specific requirements for biometric data.
There are also various different texts at European and international level. Without seeking to provide an exhaustive list, it is worth mentioning the "Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data" of January 28, 1981, and the "European Directive on the protection of individuals with regard to the processing of personal data and on the free movement of such data" of October 24, 1995. These texts set out the precise obligations incumbent upon member states of the European Council and the European Union respectively. The "United Nations Resolution" of December 14, 1990, which sets out guidelines for the regulation of computerized personal data files does not have any binding force.
On April 14, 2016, the draft General Data Protection Regulation was adopted by the European Parliament. Its provisions will be directly applicable in all 28 Member States of the European Union in the spring of 2018. It will then replace the directive dating from 1995. It establishes a harmonized framework within the EU, the right to be forgotten, "clear" and "affirmative" consent, and, amongst other things, serious penalties for failure to comply with these rules.
Legal deliberations thus rely to a very large extent on provisions relating to personal data in the broad sense. But such provisions sometimes prove to be poorly adapted to biometrics.
Finally, it should be pointed out that outside the European Union the level of protection differs depending on the legislation in force. Assuming – that is – that there is any such legislation...
Putting biometrics to work for digital security, by bringing together technologies that are adapted to each individual case
Gemalto possesses its own technology, recognized worldwide, which, combined with its impartial stance on the source of biometric data, allows it to help everyone put their trust in the digital world.
An expert in strong identification with more than 44 civilian government projects that incorporate biometrics, Gemalto is able to act as an independent force in proposing and recommending the most suitable solution in each case. Faced with multiple techniques, and with a very lucid perspective on the margins of error involved, Gemalto firstly assesses the issue and challenges its customer wishes to address. For any given project, it has to be possible to switch technologies, for instance where another technology proves to be dominant, and to adapt the solution, with important parameters in areas such as price, usage, durability, security and the environment. At the end of the day, it is the recognition algorithms that customers want that are built into the software.
Gemalto attaches a great deal of importance to the assessment of risks which may not always be visible to the general public, and to the capacity of private operators to manage such risks. Similarly, the legal and social implications are also very important.
Our choice of technological partners is of course crucial. A customer must be able to carry out prior testing in its own environment and under its own conditions, to be able to check the error rate. If the error rate is too high, then obviously the chosen solution has to be abandoned, in favor of another more well-adapted solution. The governments of countries to which we offer such solutions often set up centers to run tests that are closer to reality.
Though Gemalto keeps an open mind with regard to biometric techniques, it remains no less convinced that, whatever the choice of biometric, this technology offers major benefits for guaranteeing identity.