Touch and go
Biometric technologies are nothing new to moviegoers who watched James Bondundergo a retinal scan before entering a high-security facility. But inreal life, where they have a reputation for being expensive and unreliable,biometric devices have been relegated to niche applications.
That's likely to change and soon.
As the emphasis on network and systems security grows, people are turningtheir attention to biometrics for controlling access to buildings or computernetworks (known as physical and logical access, respectively).
According to the International Biometric Industry Association, the biometricsindustry has grown from 6,400 devices shipped in 1995 to an expected 400,000units this year, worth $168 million. By the end of the decade, IBIA predictsthat the manufacturing market alone will be worth at least $3.5 billion.
Adding vendor and consultant services, analysts say the total biometricsmarket could be worth $2 billion to $3 billion by 2005.
"The technology has matured in its usefulness, as far as reliabilityand robustness are concerned, and that, by itself, is prompting an increasein sales," said Richard Norton, executive director of IBIA. "But over thepast few years, there's been a vast expansion in the number of networksand, therefore, in the need to protect them. That will bring a very quickchange in the biometrics market."
Although some agencies are still struggling with technical challenges,the government has had a major influence on the development of biometrics.The Defense Department has had wide-ranging initiatives in place since theearly 1990s to investigate the potential use of biometrics. The TreasuryDepartment is looking into how biometrics will figure in the Financial ManagementService's ongoing program to help federal agencies better handle cash-managementactivities (see Case Study, Page S14).
One of the better-known applications of biometrics is in the Immigrationand Naturalization Service's Passenger Accelerated Service System (INSPASS).Hand geometry is used to identify foreigners who visit the United Statesat least three times a year, enabling them to bypass the personal interviewwith an INS official when entering the country.
At the state and local levels, biometrics is used to combat fraud inentitlement programs, which the General Accounting Office says is a $10billion-a-year problem.
In July 1991, Los Angeles County installed the first Automated FingerprintImage Reporting and Match System, which compares digital fingerprint imagesof new benefit applicants against a database of prior claimants. The systemsaved the county about $5.4 million in the first six months of operation,officials said, and it was expanded statewide over the next several years.Other states, including Texas and Connecticut, have followed California'slead.
Fingerprint-scanning technology is also being used to reduce the numberof duplicate or faked driver's licenses and identification cards.
A fledgling use of the technology is as a replacement for typed passwordswhen granting access to government networks. That's because password-basedsecurity has been undone by a decidedly low-tech product: the sticky note.
Outside analysts who audit government security practices often recommendthat network users change their passwords more frequently, but that createsits own problems, as the city of Glendale, Calif., found out.
"The [auditors'] requirement was that we go from changing passwordsevery year to 8-bit alphanumeric passwords that change every 60 to 90 days,"said Scott Harmon, Glendale's information services administrator. "But ourtypical user just isn't that sophisticated. They are more used to havingpasswords such as "spot' that they never change."
Frequently changed passwords take a toll on agency help-desk workers,who spend a lot of time and effort helping employees who have forgottentheir passwords. And who hasn't passed the occasional workstation wherea sticky note with the user's password was stuck to the monitor? That'swhy Glendale recently chose a fingerprint-scanning system that will eventuallyreplace password access for all of its 2,100 government employees.
"There's nothing more frustrating for our users than having to dealwith passwords," Harmon said.
Glendale may be at the forefront of a trend. Beverly Dickerson, accountmanager with Spectrum Systems Inc., which develops network management andprotection solutions, said her company has been working with governmentagencies for the past 15 years, "but it's only really been in the past yearthat we've gotten involved with biometric network access issues. But weare getting a lot more interest now, as are the biometric companies we workwith, so it's obviously an area that's ready to take off," she said.
Not all technologies are equal in this burgeoning market. For example,devices that scan a person's iris or retina are considered the strongestat verifying identity, but they lack the utility of fingerprint scannersand voice-recognition technology.
"From the reports we've seen from chief technology officers and others,utility definitely seems to be skewed toward fingerprint," said Jim Kawashima,director of strategic partnerships for SecuGen Corp., a manufacturer ofbiometric systems. "They think it's less intrusive than iris or retinalscan, and it's easier to use and less cumbersome than palm. There's alsoan idiomatic understanding among potential users that the fingerprint isa unique identifier. Other technologies don't have that same intuitive impact."
Declining costs are also boosting interest in biometrics. A few yearsago, a fingerprint scanner cost around $500; today, you can pick one upfor $70 or less. Scanner technology is also being incorporated into PC keyboardsand notebook computers, making it less cumbersome to use. And as more PCscome equipped with microphones and digital cameras as standard features,PC technology is on the verge of being "biometric-ready."
It's still not at the stage where users can do most of the biometricsintegration themselves, at least not in the more sophisticated network securityenvironments, but commercial help is available. BioNetrix Systems Corp., for example, one of the leading vendors of "personalauthentication systems," has developed an open-platform solution that canbe applied to policy-driven security schemes and managed from a centralconsole. And it helps, said Missie Sergeant, director of corporate communicationsfor BioNetrix, that people are "generally much more educated about biometricsthan they were even a year ago."
Biometrics is in its infancy, conceded IBIA's Norton, but the industryis quickly moving through the "early-adopter" stage. The next 12 to 18 monthswill see the growth of a sizable market, he predicted.
And some are looking beyond that. Research into integrating biometricand wireless technologies is already under way. In the not-too-distant future,simply touching the screen of a cellular phone or handheld device will verifyyour identity and grant you secure access to a network via a wireless link.
Robinson is a freelance journalist based in Portland, Ore. He can be reachedat [email protected]