Mobile biometrics: past, present, and future
This is a guest post by Scott Richardson, Managing Director of Cardzgroup Ltd.
Biometrics aren’t necessarily the first thing the average person thinks of when they think of the word “security”. And when it comes to protecting ourselves through passwords, most people will set a pet’s name as a password and add a 123 at the end, and for the average Joe, that’s all that’s perceived as being necessary.
While the lucky ones will be able to get away with a lackluster approach to protecting their personal information, in today’s world security is becoming more and more important and manufacturers and marketers the world over are recognizing this. This is especially true in the mobile realm, where every new ‘generation’ of phones seems to boast a new set of security features.
Only a few years ago, a pin or password was accepted as sufficient. Then came the 9 dots on which the user could draw a pattern, then came photos that let the user draw a ‘blind’ pattern, then voice recognition, and now facial recognition technology is showing serious improvements.
We are also seeing more and more phones equipped with fingerprint scanners. The very first ones that were shipped out didn’t work all that well and were more of a fun gimmick than a useable feature, but in spite of ongoing security concerns including those previously covered by Biometric Update, phone-enabled fingerprint scanners now work quite well. Nowadays, the phone will take several scans of the fingerprint in question and even store several fingerprints at once, so that several people can unlock it or the phone owner can unlock with different fingers.
Despite it not being a ‘major’ feature in a phone, these biometric sensors are amazingly accurate, rarely giving false results. Most often the scanner will be placed in the middle or home button, or occasionally, on the back of the phone. The technology behind this has been reduced to such a size that it doesn’t affect the phone’s total weight and is actually controlled entirely through the phone’s software.
There are also apps that claim that they scan fingerprints via a reader in the phone’s screen. However, these apps are fake and should be used only for entertainment purposes, which is usually stated in the app’s fine print. Nevertheless, fingerprint scanners on mobile devices have a future, as do other biometric scans.
While facial recognition can still make mistakes and yield false positives and false negatives, fingerprint scanning is a simpler technology that is less prone to error. In fact, it is so reliable that many companies now make use of fingerprint scanning and a login attempt limiter to let companies access sensitive information.
Biometric security measures are, of course, not limited to mobile phones. Laptops and similar devices like tablets have been secured in the very same way for almost as long as phones have. Speech recognition as well as facial recognition work well on laptops as they have better and better cameras installed along with software that is typically more robust than what you’d find in a mobile device.
Companies who aren’t quite happy with ‘just’ biometrics, or which are waiting for improvements in biometric technology, can use so-called smart cards in the interim. In order to access a smart card-protected device, a user will need to insert their card into a card reader that is connected to the device, and will often be prompted to key in a pin code as well.
This technology is also used by some banks. They’ll give their users a debit or credit card reader. Once it is connected via Bluetooth, the card is inserted and the pin entered. Then, the users can make payments or view information on their banking details. The concept is fairly simple, the card reader checks the inserted card and code and then sends the go-ahead (or not) signal to the device. The same is possible with laptops, and as far as non-mobile devices go, doors, and elevators, as well as anywhere else key-cards and smart cards are in use.
We are all familiar with the concept of these smart cards, however despite their popularity they inspire very different opinions in their users. Some swear by them and see them as an essential part of any security setup, whereas others feel that the physical cards are clunky and the risk of them getting lost isn’t worth the security benefits and poses a potential risk.
Despite their flaws, smartcards remain in wide use in many industries and virtually all offices use them in some capacity. As happens with hardware, smart cards have shrunk in size, and while the traditional credit card shaped form factor remains in use, there are now a number of smaller variants like keyfobs that can be put on a keychain to lower the risk of losing them.
Smart cards are typically solid colour and don’t have any name or address on them. This is so that in case the card gets lost and someone else finds it, they don’t know what building or office the card accesses. That way, while they can’t return it, they also can’t access areas they aren’t supposed to.
There is another area where smart cards and biometrics intersect: health care. In several European countries (including France and Austria), insurance cards are given to the insured, either by private insurers or by the state. These cards, which are shaped like ordinary credit cards, will have a chip (much like a credit card) that allows doctors to access patient records when scanned. In some cases it also comes with saved fingerprints or a saved photo for identification purposes, and in order to prevent fraud.
This method is much more convenient for patients as they can simply carry the card in their wallet rather than having to specifically bring identification documents to a doctor (which just isn’t possible in an emergency). This just proves that smart cards can do more than unlock doors. In the United Kingdom, a sports booking company is even developing a pay as you go smartcard for football pitches-the users swipe the card on their way in, swipe again when they leave and get charged for the amount of time they spent there. This technology is still in development, however.
DISCLAIMER: BiometricUpdate.com blogs are submitted content. The views expressed in this blog are that of the author, and don’t necessarily reflect the views of BiometricUpdate.com.