Face recognition
Within enterprise IT systems, the most common use of biometrics is to verify that an individual is who they claim to be. In contrast, law enforcement agencies use biometric systems to identify suspects from fingerprints, or perhaps to search for a particular face in a crowd.
Face recognition is currently used to spot known hooligans at football matches. However, the process is difficult, time-consuming and prone to error. Once the suspect's image has been captured, it is necessary to compare it with many stored images. Depending on how the search criteria have been set, this could result in hundreds or even thousands of possible matches, which then need to be filtered according to other factors. Identification ultimately depends on refining the possible matches until a reasonable number is reached  a process inherently filled with compromise.
Face-recognition specialist Neurodynamics says that its system is fast, accurate and allows for facial changes. But the statement itself identifies one of the biggest problems with biometrics  unlike passwords, biometrics are inherently vague. Faces can change with age, or through the appearance of blemishes and beards. Similarly, fingerprint identification can be complicated by the presence of grease, dirt or earlier prints on the scanning device.
In practice a biometric scan, sometimes called a live template, will rarely match the stored template exactly, and so a balance needs to be set between the level or false acceptances and the level of false rejections. A high level of false acceptance increases the risk of a security breach, while a high level of false rejections will increase support costs and annoy users.
The balance will vary depending on the application. Palm prints, like faces, change gradually over time. However, palm-print recognition is non-intrusive and relatively easy to perform. The US immigration service finds it acceptable to use hand scanning to allow rapid entry for frequent travellers at some airports.
By contrast, retinal scans are intrusive and will tend to meet substantial user resistance. Iris scanning is much less intrusive and generally gives very high rates of accuracy  iris patterns are thought to remain constant throughout life and are unique to each individual.
Many other biometric measures exist, ranging from voice recognition to written-signature verification. Signing by hand is a very familiar authenticating action, and where the process involves measuring speed, hesitations and pressures  rather than simply matching the visible pattern of the signature  results can be very good. Each type of biometric authentication system is well suited to particular applications.
Now that the cost of biometric hardware is falling, manufacturers of PCs and peripheral devices are increasingly integrating biometric scanners into mice, laptops and other hardware. For example, Acer and NEC both make laptops with built-in finger scanners.
Encryption technologies are vital to protect biometric information from fraudulent use. The most attractive products and systems for corporates are therefore likely to be those that combine biometric identification with encryption to protect biometric data.
