the Zwipe Team
Senior Manager, Marketing & Communications, Zwipe
Raul Sanchez-Reillo, full-time Professor at University Carlos III of Madrid (UC3M) in Spain, explains the several technological drivers for change in biometric recognition as well as highlights trends in the world of biometrics
Biometrics has evolved in several ways: from few researchers working in the field, to get the focus of international community after 9/11. Also, improvements such as computing power, neural networks, deep learning, etc. have allowed boosting algorithm performance and portability. Capture devices have also improved a lot, considering new acquisition technologies, where the best example can be found in fingerprints.
Another notable change has been the creation of independent evaluation entities (either as certified laboratories or as public competitions), clarifying the real performance of this technology, in contrast to the performance metrics claimed by manufacturers.
I believe there is no single solution for biometrics, i.e., there is not one single biometric modality that can be considered best and the only one to be used. Scenarios, cost, security, user acceptance, etc. are parameters that can place a lower-performance modality to the best preferable option. One fine example is voice biometrics, which experiences huge challenges in real scenarios, but being the best option in over-the-phone scenarios.
Also, depending on the capture device used, the performance of a biometric modality may differ greatly. Deciding one or another is typically decided according to either cost or even sensor size (e.g., a fingerprint sensor for an Automatic Border Control system, is not even comparable with the one used for being integrated into a smartphone).
An important factor is to analyze the risk involved in the operation, and then consider whether the modality is suitable or not, or if it must be complemented with any other modality, authentication factor, or PAD mechanisms.
"There is a significant focus on PAD"
"I rather prefer BSoC than smartphone solutions"
"There is not one single biometric modality that can be considered best"
Every single aspect is important, and sometimes the focus should not be placed on technology, but on system implementation or policies involved. For example, it is very important to let the user feel comfortable with the system and teaching them in using the system correctly. Therefore, a suitable enrolment policy is perhaps even more important than the technology used.
Considering sensors and algorithms, in many modalities, algorithms have reached a high-performance level at lab conditions. But they must face important challenges in real conditions. This is where sensors might come to help. A sensor that can acquire a high-quality sample in all (or most) situations is a must. Also, a sensor/device design that allows a proper interaction of the user with the system, will improve the performance in real conditions.
These days, there is a significant focus on PAD, but in my opinion, there is a lack of taking the problem at a more holistic level. For example, most of the work on PAD base their input on a static samples (e.g., a still image), trying to detect artifacts in the sample that may show that it is an attack. A more interesting approach is to consider not only the result of the sample presentation, but also the whole process of the user presenting the sample, i.e., gathering dynamic information, analyzing if it is a proper human interaction.
For some modalities/algorithms, there is also the need to work into the verification in open sets, i.e., without having to enroll the whole population in a centralized database, training then a model to achieve high performance.
It is a must, with low-cost sensors such as the ones in smartphones (so easy to attack them). As said above, algorithm solutions, based on still images, is not a good solution. Using dynamic information may achieve universality in PAD. If it is possible to add new sensors, then acquiring additional ones at the presentation act, is extremely valuable.
Another approach is to complement fingerprint with "an internal biometric modality", such as ECG, not allowing the fingerprint verification until a certain threshold has been passed in the ECG verification.
If payments are involved, risk of attacks increases. Therefore, unless PAD is present, and you can avoid that a chopped finger can be used for authentication, I really do not like the idea. Being a bit more optimistic, I rather prefer BSoC than smartphone solutions. Having said so, if you consider the number of people paying nowadays with the phone, with the only authentication mechanism of unlocking your phone, and being such unlocking mechanism a fingerprint presentation with no PAD mechanism implemented (i.e., being so easy and cheap to attack it), then the current scenario is frightening. But we're living with it!
At least, by paying with card, you do not allow third parties (such as Google or Apple), to track your shopping. Unlocking a phone is much easier than a PIN presentation, but it is also much easier to be seen and copied by others. If you lose your smartphone, you lose most of your credentials, and all your life is exposed, including your financial mechanisms. But you will notice much sooner if you lose your phone than if you lose your card!
To know more about biometrics, click here or get in touch with us
PAD: Presentation Attack Detection
BSoC: Biometric System-on-Card