Archive for the ‘Biometrics’ Category

Passwords and passports are becoming obsolete

September 16, 2021


I have, along with citizens of over 150 countries, a biometric passport. A special camera is used to capture the biometric information at the time of passport application. Each such passport contains a chip storing standardised biometrics for facial recognition, fingerprint recognition, and iris recognition. That data is contained on the passport I carry around and show to various authorities from time to time. But all that data is also stored on the computers of the issuing authority. 

What then is the need for the passport itself?

Passing through a passport control involves some device which checks some part, or all, of my biometric information which is then matched against the information contained on the chip in the passport I am carrying. It is not checked against the original data stored when the passport was issued. Faking a passport involves matching the data on the chip to the person carrying the passport. In fact, this check only shows that the person carrying the passport matches the data on the passport. As long as the passport is genuine such a check is an identity control. But it is an indirect control. Such a check says nothing, directly, about the identity of the person carrying a passport. 

The passport itself is just a carrier of data which exists somewhere else. It’s function is only to provide a controlling authority with access to the data of the passport bearer. It will not be long before the biometrics stored by passport issuing authorities are accessible directly in the cloud for checking against the actual biometrics of a physical person. The passport itself then has no function. Technologically it is already possible to do this today. But it will need more security to prevent unauthorised access to this data and some more time before the political will to allow this exists. The real technological challenge will be to prevent the accidental or intentional corruption of the master data. Already standard, on-the-street, cameras in some Chinese cities are connected to master data bases such that the camera image (facial + motion recognition) is sufficient to match the person against the master data. 

I am who I am. I do not need a passport to tell me who I am. The personal integrity issues that are sometimes quoted against such expansion of the use of technology are spurious and misguided. 

It may not be quite in my lifetime but passports are becoming obsolete.


Passwords are already on the way out. 


Microsoft has announced users can now delete all passwords from their accounts and instead login using an authenticator app or other solution. The technology giant made passwordless accounts available for business users of its products in March. And that system is now being made available to all Microsoft or Windows users. It said “nearly 100% of our employees” were already using the new, more secure system for their corporate accounts.

If passwordless login is enabled, users re-logging in to a Microsoft account will be asked to give their fingerprint, or other secure unlock, on their mobile phone. “Only you can provide fingerprint authentication or provide the right response on your mobile at the right time,” it said.

Windows users will still be able to use quick-login features such as a Pin code, though. Some rare exceptions will still need passwords, such as Office 2010, Xbox 360 consoles, and Windows 8.1 or earlier machines. 

……….  Security vice-president Vasu Jakkal wrote: “Passwords are incredibly inconvenient to create, remember, and manage across all the accounts in our lives. “We are expected to create complex and unique passwords, remember them, and change them frequently – but nobody likes doing that.”

Can myris make passwords obsolete?

January 8, 2014

I am waiting for the day when my various devices know –  without any doubt – that it is I who am using that device. But just identifying the user of a device is not enough. User Id’s, passwords and pincodes are what I would like should become obsolete. That will be when I, myself, am my own identification, not only for my devices but also for any sites or accounts that I access through such devices. When I, myself, rather than a piece of paper, or a password can identify myself then even a passport becomes obsolete. It seems almost a tautology that  identity and identification of an individual should be inherent in the individual. But while it may seem obvious, it is easier said than done.

But there are 2 parts to every identification. First comes the unique characteristisation of an individual and second the necessity to have a fast data-base storing these characteristics of all individuals to be identified. “Identification” is not needed with people we know – for then identification consists of a memory in one brain and in the inherent characteristics exhibited by the “known” individual.

Myris is a step along this path. It is a USB enabled iris identity authenticator which could eliminate the need for Usernames or Passwords.

  • myris uses video, not still pictures, to get an image of your eyes. At 20 frames per second, it doesn’t take long to get a clear picture and verify your ID.
  • myris looks at more than 240 points on each iris and generates a unique 2048-bit digital signature. But to authenticate your ID, it needs to match up with your eyes—photos, video recordings or other fakes won’t work.
  • Every iris is different. Checking one gives a 1-in-1.5 million chance of a false ID. But myris checks both irises—reducing the odds to just one in 2.25 trillion.

False Acceptance Rate

Wall Street Journal:


VOXX Electronics and EyeLock Inc. Announce Strategic Partnership to Deliver Game Changing Iris Identity Authentication to Consumer and Enterprise Markets

VOXX Electronics Corp (VEC), a newly formed wholly-owned subsidiary of VOXX International Corp. (NASDAQ: VOXX), and EyeLock Inc., a market leader of iris-based identity authentication solutions, today announced a strategic partnership to deliver myris(TM), a USB-enabled iris identity authenticator that offers the most convenient and secure way to authenticate your digital identity.

Iris authentication has been available to corporations and enterprises for years, but no platform has been simple enough for consumers to use in everyday situations. myris changes all that with its patented iris authentication technology from Eyelock. myris works by converting an individual’s iris patterns to a code unique only to that person, then matches that code to your eyes to grant access to the devices and digital platforms.

“Fraud and identity theft cost businesses and consumers millions every year. Companies large and small have struggled to provide a level of security that protects against this,” said Tom Malone, President of VOXX Electronics Corp. “With myris, any business regardless of size can protect itself from fraud and any consumer can protect the thing that is most important, their personal information and their identity.”

myris uses EyeLock’s proven video based iris authentication technology, providing an unprecedented level of security. It’s simple to use–myris simply plugs into any USB compatible device and provides security for up to five users in mere seconds. myris is compatible with Windows 7 and 8, Mac OS and Chrome OS. Whether in the workplace, at home or on the road, users will have peace of mind knowing access to their digital worlds is secure.

When will my computer know who I am?

September 18, 2012

Passwords, Userid’s and 4-digit codes are the bane of my life and I am still waiting for the computer which knows – uniquely and reliably  – whenever I happen to be using it. I am probably very average when I find that I have twelve different passwords, five different Userid’s and eight 4-digit codes that I use regularly and which – so far – I generally manage to keep separate in my memory. As I get older I expect I shall have increasing difficulty in remembering and keeping track of these. I find that – already – I sometimes refrain from taking on new commitments, buying new on-line services, joining new groups or registering at new sites if I need to find yet another password to be remembered. The need for defining and remembering new passwords is now – in fact – limiting the extent to which I use the on-line world.

New models of computers, tablets and smart phones are released – it seems – every other day. For at least the last 10 years the possibility of personal identification of the user by the device has promised much but has not yet delivered. I look forward to each release eagerly only to be disappointed each time.  Each new device has new features. It can do more, remember more, is faster or more “intelligent” or has a larger memory but none has the capability to know – for sure –  who I am.

One of these days I will be able to switch on my device (computer, phone whatever) and it will know that it is “I” – and nobody else – who is operating the device and I will need no further passwords or pin-codes to access any connection or my account at any site through that particular device. That’s the dream.

In the meantime the search goes on but I am not sure that this aspect of “customer-friendliness” is very high up on the priority list. But it should be. I foresee a new explosion in on-line usage when a secure method of personal identification becomes available. PC manufacturers have been trying to use fingerprint recognition for some time, Intel is working on palm recognition and Apple is working on face recognition. Keystroke authentication, retina prints and other biometric or behavioural patterns have also been suggested. But before my dream is realised, the manufacturers have to hone in on a few methods which have then to be exhaustively tested before being widely accepted. New international standards will have to be agreed and  established before the banks and insurance  and credit card companies accept the identification method as being sufficiently secure.

It remains a dream – but passwords have to become obsolete sometime and I do hope it happens within the next two years.

Voice print technology led to arrests of alleged terrorists in Europe

October 8, 2010

Officials who apparently thwarted an alleged terror plot against Europe used voiceprinting technology to catch several suspects.


By the time you are 18 you have a unique voice


The British Government Communications Headquarters used voice identification technology to help uncover the plot according to a report in the Canadian Press. Several of the voices were recorded along the Pakistan-Afghanistan border.

Police in southern France on Tuesday arrested 12 suspects in sweeps against suspected Islamic militant networks, including three men linked to a network recruiting fighters for Afghanistan.

In one of the cases, nine suspected Islamic militants were detained in southeastern Marseille and its suburbs, and authorities turned up at least one automatic rifle and a pump gun, the officials said.

In Tuesday’s other roundup, two men were arrested in Marseille and another in southwestern Bordeaux on suspected ties to a Frenchman arrested in Naples, Italy, last month accused of links to an Afghan recruiting ring.

Officials in Germany were tightlipped Tuesday on details of a U.S. missile strike in Pakistan’s rugged mountain border area where Pakistani officials said eight German militants were killed.

U.S. officials believe a cell of Germans and Britons was at the heart of the Europe terror plot. Germany’s ARD public television cited unidentified sources Tuesday as saying four of the Germans killed in the missile attack were of Turkish descent.

Developers of voice biometric technology say it can be more useful than traditional fingerprint analysis in fighting terror. The private sector has already embraced the technology, with U.S. probation officers using it to monitor offenders, and Canadian call centres using it to identify customers. Israel’s largest bank, Bank Leumi, says it has been using voice biometrics for the past decade to deter fraud and boost customer safety.

U.S. and British intelligence run an international eavesdropping program that gathers huge amounts of information. So big is the overload that the National Security Agency is building a massive storage centre in Utah to handle the mountains of data.

Almog Aley-Raz, whose Israel-based company PerSay Ltd. supplies governments and businesses around the world, said that using voice biometrics could allow officials to scan a large number of phone conversations for a several suspects’ voices, greatly streamlining intelligence work.

“An entry-level server enables you to run 100 streams of audio against maybe 100 voiceprints,” he said, noting that in some cases dozens or even hundreds of servers could be run back-to-back to comb through intercepted calls. Aley-Raz accepted that the technology had its flaws — it is vulnerable to background noise and poor audio quality, for example, and can become confused when people start talking over one another.

Biometric identification inherently fallible

September 25, 2010

Cave paintings created some 30,000 years ago include hand-prints which are thought to identify the artist. Babylonian merchants included finger prints on clay tablets perhaps to identify those involved in particular transactions. In early Egypt physical descriptions were appended to the names of traders also presumably as a means of indisputable identification. Hand and foot-prints were used in China about 600 years ago to identify children and this method is still used today.

Modern biometrics started in the mid-19th century with Bertillon’s anthropometrics and his system was called Bertillonage.

Edward Henry

The use of fingerprints by police started in Asia, S. America and Europe. By the late 19th century systems for recording, storing and retrieving finger prints were being established. The first such robust system of classification was developed in Bengal, India by Azizul Haque for Edward Henry who was the Inspector General of Police. The Henry System caught on and variations are still in use today.

Development of modern day biometric systems took off in the second half of the 20th century and with the advent of computers has exploded since the 1990’s.

Face recognition

But a new report by the National Research Council warns that no single trait has been identified that is stable and distinctive across all groups.

Biometric systems — designed to automatically recognize individuals based on biological and behavioral traits such as fingerprints, palm prints, or voice or face recognition — are “inherently fallible,” says a new report by the National Research Council, and no single trait has been identified that is stable and distinctive across all groups.

“For nearly 50 years, the promise of biometrics has outpaced the application of the technology,” said Joseph N. Pato, chair of the committee that wrote the report and distinguished technologist at Hewlett-Packard’s HP Laboratories, Palo Alto, Calif. “While some biometric systems can be effective for specific tasks, they are not nearly as infallible as their depiction in popular culture might suggest. Bolstering the science is essential to gain a complete understanding of the strengths and limitations of these systems.”

Biometric systems are increasingly used to regulate access to facilities, information, and other rights or benefits, but questions persist about their effectiveness as security or surveillance mechanisms. The systems provide “probabilistic results,” meaning that confidence in results must be tempered by an understanding of the inherent uncertainty in any given system, the report says. It notes that when the likelihood of an imposter is rare, even systems with very accurate sensors and matching capabilities can have a high false-alarm rate. Biometric characteristics may vary over an individual’s lifetime due to age, stress, disease, or other factors. Technical issues regarding calibration of sensors, degradation of data, and security breaches also contribute to variability in these systems.

The study was funded by the Defense Advanced Research Projects Agency, the Central Intelligence Agency, and the U.S. Department of Homeland Security, with assistance from the National Science Foundation. The National Academy of Sciences, National Academy of Engineering, Institute of Medicine, and National Research Council make up the National Academies.

%d bloggers like this: