Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Editor's Blog and Industry Comments

Oysters and biometric enlightenment

29 April, 2008
After a day of network intrusion, tokens, anti-virus software and web-filtering at InfoSecurity Europe, it was a welcome break on the evening of day two to discuss iris biometrics with a security expert from Logica.
Not sure whether I was up to enduring sales patter in exchange for champagne and oysters after a long day at the InfoSecurity Europe exhibition, I nonetheless accepted the Logica invitation to the pub round the corner from the Olympia exhibition centre largely because I hadn't eaten all day.

I didn't expect to meet an eloquent and fascinating biometrics expert in the dark basement dining room of a typical London pub and so I was delighted when I was introduced to Peter de Rooij, a Senior Security Consultant from Logica, with whom I discussed the future and philosophy of biometric identity management.

Logica were responsible for the implementation of the Privium system at Amsterdam's Schiphol airport, a pioneering iris recognition system used for border control and available to frequent users of the airport in exchange for incentives such as privilege parking and fast track airport service.

Privium combines smart cards with biometrics, the card containing a biometric template of the holder's iris pattern. Iris scanners at the airport confirm that the user is the same as the card holder. The base data is held only on the card chip and not held in any central database or retained by the scanners, thus affording a certain level of identity protection.

I suggested to Peter that maybe it wouldn't matter if the biometric template was available in databases since this is an encoding of the biometric feature rather than a recognisable representation of it. In this case, the person's identity couldn't be regenerated simply from this encoded number. He disagreed with my suggestion and although conceding that identity theft would be more difficult, it is still possible â€" a case of the hurdles having been raised, but the game remaining the same. He went on to explain that since the data quality is much higher and the level of integration is wider, identity information actually becomes more valuable. He strongly believes that there's no place for data complacency with biometrics and data loss prevention is as important as ever.

Schiphol and Heathrow have both adopted iris recognition rather than face or fingerprint because this is the most accurate and non-intrusive form of recognition. The technology is established, reliable and less likely to be compromised or subject to such additional checking algorithms such as conductivity checks for fingerprints to prevent the use of latex prints.

Finally, on the subject of public acceptance, Peter recommends taking Kim Cameron's "Seven laws of identity" into account, one of which relates to user control and consent. Without widespread acceptance of the technology deployed, the system would be unworkable.

For more on this topic from Logica, visit the security section on their web site.

Bookmark and Share