Professional Documents
Culture Documents
By Joseph Iseman, PhD, Andrew J. Polcha, Robert Schechter, and Brent M. Eastwood, PhD
Biometrics Watch, Spring 2007
The ability to perform secure financial transactions, control access to restricted areas, and protect
the dissemination of information are paramount concerns in the public and private sectors.
Biometrics have proven to be effective in reducing the time to verify and process identities-authentication simply with the touch of a finger.
Unfortunately, many existing global biometrics device vulnerabilities still put the world
biometric market at risk and this market is estimated to reach $3.01 billion by this year and may
grow to $7.4 billion by 2012.[1] Biometric device manufacturers and products have a common
validation process. Because this verification process is the same throughout the global device
marketthey are all plagued with the same vulnerabilities to theft. This process naturally places
a market value on the biometric.
Since the majority of global biometric integration includes finger, facial, and iris scanning, the
following process using the finger and iris is a good example. The most basic system for
validation of these natural identifiers is as follows:
Dongle/Device
Authentication (dongle/device)
Although this validation scheme is very simple, the process is inherently universal to biometric
devices and it places a natural market value on the biometric component. If a biometric such as
a users eye or fingerprint is ever stolen; how can the missing biometric be recovered? If
biometric input devices such as cameras and scanners substantiate identity; then a camera or a
scanner is required to steal an identity. Most trusted validation authorities such as government or
financial institutions leverage encryption to protect biometric images within a storage depository.
However, what can be encrypted can also be decrypted. Even the heaviest encryption applied to
a depository does not remove the value of the biometric.
Currently some device manufactures claim to guard privacy by declaring that the image of the
biometric (finger/eye) is never stored within their product line. These types of validation
schemes are expanded at the registration point with complex algorithms that reduce the biometric
component to a mathematical expression. It is a better scheme than storing the image, but it is
still a repeatable representation of that specific user. If that (number) were ever stolen, the users
identity is compromised at every access point where the manufacturer is integrated. If that
manufacturer had a sufficient market share, a theft of a biometric could pose a substantial threat
to security.
This type of public exposure to biometrics is a problem that currently can not be solved. In order
for the biometrics market to expand, the owner of any biometric should be in control of its use.
By eliminating the market value of the stand-alone biometric identifier protects identity and
preserve privacy.
Based on patent-pending technology, one company is focusing on these types of
solutions. Personal Identity Solutions is an OEM solutions company that builds products that
eliminate biometrics as primary attributes of interest for theft. This is accomplished by
developing OEM/Bio-ID (BID) management products that interweave complex, non-linear
attributes with biometric-producing recoverability and privacy. These solutions include stronger
authentication than stand-alone biometric identifiers. PISIs products target biometric input
device manufacturers by creating unique identifying attributes; Bio-IDs (BIDs) using
combination of biometric(s); and one or more unique independent attributes. BIDs maintain the
same user specificity as biometrics alone, but natural identity attributes are composites with two
or more degrees of uniqueness.
To illustrate this concept, the following UML-based sequence diagram depicts PISIs
combinational protection scheme. This example illustrates a retinal enrollment, but the same
technology is applicable to many different biometric identifiers. The Biometric labeled in the
diagram is the physical characteristic native to the user. The biometric alone has no value to the
enrollment process as well as to the validation authority. PISIs OEM products represented by a
lens (Distortion Element), creates unique attribute(s) associated with the biometric. The
enrolled identity or (BID) is the combinational image seen through the other side of the lens. It is
this combined representation that is the users identifier enrolled within the validation
authority.
[1] Biometrics Market and Industry Report 2007-2012. International Biometric Group.
Security World Magazine Online.