Law enforcement authority use of facial recognition technology has

had a high profile success with the capture of long-time fugitive James Robert Jones.

The convicted killer escaped from the maximum-security military prison at Fort Leavenworth in the US nearly 40 years ago. The authorities caught up with him after using facial recognition technology to match

a driver’s licence he was issued in 1981 in his new name against his old military photograph.

This comes as Seattle Police prepare to use facial recognition software allowing officers to compare photos captured by surveillance cam-eras with a database of 350,000 facial images. The city is reported to be using a $1.6m grant from the US Department of Homeland Security to fund the programme.

US authorities capture long-time fugitive with facial recognition

ISSN 0969-4765/14 © 2014 Elsevier Ltd. All rights reserved.This journal and the individual contributions contained in it are protected under copyright by Elsevier Ltd, and the following terms and conditions apply to their use:

PhotocopyingSingle photocopies of single articles may be made for personal use as allowed by national copyright laws. Permission of the publisher and payment of a fee is required for all other photocopying, including multiple or systematic copying, copying for advertising or promotional purposes, resale, and all forms of document delivery. Special rates are available for educational institutions that wish to make photocopies for non-profit edu-cational classroom use.

NewsUS authorities capture long-time fugitive

with facial recognition 1

Nuance Forensics identifies voice evidence for use in court 1

Police combine fingerprint recognition with tests that reveal gender and drugs 1

Animetrics targets commercial sector with FaceR API 2

DHS reviews biometrics vendors 2

Google and Facebook decline privacy invite as Facebook boosts FR 2

App to use facial recognition to spot medical conditions 3

Aurora reveals LFW-topping face recognition 3

Global mobile biometrics to see 156.9% growth over five years 3

Apple forges ahead with biometrics 3

VoiceVault unveils ViGo voice biometrics for mobile 12

NIST publishes compression guidance for fingerprint images 12

ImageWare Systems and T-Systems pilot integration of products 12

FeaturesFinancial services sector puts voice

biometrics at heart of fraud battle

Steve Gold reports 5

Real world implementation of facial recognition systems

Dr Nick Whitehead of Atkins and Hugh Carr-Archer of Aurora discuss the issues. 9

Regulars

Events Calendar 3

News in Brief 4

Product News 4

Company News 4

Comment 12

Contents

biometric TECHNOLOGY

ISSN 0969-4765 April 2014 www.biometrics-today.com

TO

DA

Y

law enforcement

Nuance Forensics identifies voice evidence for use in court

Nuance Communications has released Nuance Forensics, a voice biometrics

solution that assists law enforcement officials and forensic experts with crimi-nal investigations, as well as with the prosecution and defence of suspects.

This tool uses Nuance’s voice biometrics technology to assist in confirming or refuting the identity of individuals based on audio files that are used during investigations.

Law enforcement and forensic officials no longer need to listen to hours of audio record-

ings collected during investigations. Nuance Forensics pinpoints the conversations of interest by filtering out from the audio recordings those that do not include the suspect’s voice. Forensic experts can now use voice biometric technology to analyse accurately the recorded voices entered into evidence.

The data obtained through this forensics analy-sis with voice biometrics includes comprehensive and forensic standards-based reports, such as log-likelihood ratios and ‘tippet plots’, to establish the strength of the audio evidence in court.

Police combine fingerprint recognition with tests that reveal gender and drugs

UK police are testing technology that combines recognition with

tests that reveal traces of drugs and other substances and can determine the gender of the person leaving the fingerprints and may soon be able to establish their age.

Conventionally, fingermarks found at the scene of a crime are lifted after using a powder to enhance them, and are then compared with prints on a police database to identify a suspect. Researchers at Sheffield Hallam University

(SHU) used mass spectrometry to analyse finger-prints. An image was then created of the finger-print to allow the team to establish any traces of drugs or other substances. SHU researchers also discovered that the cooking spice turmeric could be used as the powder to lift fingermarks.

The technology, known as Matrix Assisted Laser Desorption Ionisation Mass Spectrometry Imaging (MALDI-MSI), has been developed by researchers at the University’s Biomedical Research Centre (BMRC) who have been working with

Continued on page 2...

Biometric Technology Today April 2014

Editorial Office: Elsevier Ltd

The Boulevard Langford Lane

Kidlington Oxford OX5 1GB, UK

Fax: +44 (0) 1865 843973 Email: tracey.caldwell@btconnect.com Website: www.biometrics-today.com

Publisher: David Hopwood

Editor: Tracey CaldwellEmail: tracey.caldwell@btconnect.com

Production Support Manager: Lin Lucas

Email: l.lucas@elsevier.com

Subscription InformationAn annual subscription to Biometric Technology Today includes 10 issues and online access for up to 5 users.Prices: E1209 for all European countries & Iran US$1307 for all countries except Europe and Japan ¥160 700 for Japan (Prices valid until 31 December 2014)To subscribe send payment to the address above. Tel: +44 (0)1865 843687or via www.biometrics-today.com Subscriptions run for 12 months, from the date payment is received.

This newsletter and the individual contributions contained in it are protected under copyright by Elsevier Ltd, and the following terms and conditions apply to their use:

Permissions may be sought directly from Elsevier Global Rights Department, PO Box 800, Oxford OX5 1DX, UK; phone: +44 1865 843830, fax: +44 1865 853333, email: permissions@elsevier.com. You may also contact Global Rights directly through Elsevier’s home page (www.elsevier.com), selecting first ‘Support & contact’, then ‘Copyright & permission’. In the USA, users may clear permissions and make payments through the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, USA; phone: +1 978 750 8400, fax: +1 978 750 4744, and in the UK through the Copyright Licensing Agency Rapid Clearance Service (CLARCS), 90 Tottenham Court Road, London W1P 0LP, UK; phone: +44 (0)20 7631 5555; fax: +44 (0)20 7631 5500. Other countries may have a local reprographic rights agency for payments.Derivative WorksSubscribers may reproduce tables of contents or prepare lists of arti-cles including abstracts for internal circulation within their institutions. Permission of the Publisher is required for resale or distribution outside the institution. Permission of the Publisher is required for all other derivative works, including compilations and translations.Electronic Storage or Usage Permission of the Publisher is required to store or use electronically any material contained in this journal, including any article or part of an article. Except as outlined above, no part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without prior written permission of the Publisher. Address permissions requests to: Elsevier Science Global Rights Department, at the mail, fax and email addresses noted above.NoticeNo responsibility is assumed by the Publisher for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any meth-ods, products, instructions or ideas contained in the material herein. Because of rapid advan ces in the medical sciences, in particular, inde-pendent verification of diagnoses and drug dosages should be made.Although all advertising material is expected to conform to ethical (medical) standards, inclusion in this publication does not constitute a guarantee or endorsement of the quality or value of such product or of the claims made of it by its manufacturer.

12985 Digitally Produced by

Mayfield Press (Oxford) Ltd

2

NEwS

...Continued from front pageWest Yorkshire Police to trial the technology on

fingerprints left at scenes of crime. MALDI-MSI, which is a technology normally used to map dif-ferent molecules within tissue sections, produces multiple images of fingermarks which are made up of materials from the surface of the skin and from gland secretions.

The team, led by Dr Simona Francese, has been lifting marks from crimes and taking them back to the university’s laboratories to test for traces of drugs, hair and cleaning products and condom lubricants as well as other substances of forensic interest. In laboratory settings the technology may be used to determine the gender of the criminal.

West Yorkshire Police’s regional head of identification services, Neil Denison says, “This research presents an exciting opportunity to enhance fingerprint capability beyond just identification. We may soon be able to accu-rately age fingermarks and by analysing the constituent parts of the finger impression, pro-file the habits of the offender.”

Animetrics targets commercial sector with FaceR API

Animetrics, developer of advanced 3D facial recognition and iden-

tity management solutions for law enforcement and the military, has released its first API for commercial licensing, called FaceR.

FaceR makes it possible for software devel-opers to write programs based on Animetrics’ 2D to 3D technology, which is used in law enforcement agencies worldwide and within the US Department of Defense. The FaceR API represents Animetrics’ first foray into the com-mercial space.

Research company Gartner estimates that the market for API management tools alone will grow 40% this year, driven by cloud computing and smart mobile devices.

“Our goal is to extend the reach of our facial recognition capability beyond our core mar-kets, enabling partners to leverage our assets to build innovative products while at the same time making our core technology more perva-sive in the marketplace,” says Paul Schuepp, Animetrics president and CEO.

One commercial use under consideration is superimposing spectacles onto a 3D face, so prospective purchasers can virtually shop for frames. Other commercial uses include targeted marketing, authentication, security, games and mobile apps.

Future releases of FaceR will offer additional 3D facial capabilities including access to the actual 3D model. Animetrics will continue to focus on developing applications for the law enforcement and government markets and will run FaceR API software as a service (SaaS) business in parallel.

DHS reviews biometrics vendors

The US Homeland Security Department is reported to have

switched vendors for a deal to update an employee badge system with biometric verification features, such as face and iris scans.

According to Nextgov, DHS origi-nally awarded the $102.8m contract to HP Enterprise Services in September 2013, but in November the department notified the Government Accountability Office that it was re-evaluating the award after XTec, which had previously provided software for the project, argued that the agency did not reasonably evaluate proposals.

DHS awarded the new contract to XTec on 28 February.

Google and Facebook decline privacy invite as Facebook boosts FR

Google and Facebook declined to deliver facial recognition presenta-

tions at a National Telecommunications & Information Administration stake-holder meeting on the topic scheduled in March, reports Broadcasting & Cable.

facial recognition

Police trial Sheffield Hallam University fingerprint tech.

April 2014 Biometric Technology Today

EVENTS CALENDAR

3

NEwS

29 April 2014Brussels2nd Identities at the Borders seminar This event will bring together border agencies and aviation industry professionals to discuss the future of travel. The event will focus on the Future of Travel (Registered Traveller Programmes) and Automated Border Control. Over 50 delegates attended the first seminar including: Copenhagen Airports, ACI Europe, Federal Police Belgium, Belgian Federal Police, Bundespolizei (BPOL) German Federal Police, Royal Netherlands Marechaussee (KMar) - Ministry of Defence, UK Home Office - UK Border Force, Norwegian ID Centre, IATA and KLM Royal Dutch Airlines.More information: http://www.biometricsinstitute.org/events.php/444/2nd-identities-at-the-borders-seminar

12-14 May 2014Poly World Trade Centre, Guangzhou, ChinaBiometric ChinaThe exhibition will gather more than 200 brands from China, Germany, US, UK, Switzerland, South Korea, Israel, Japan and other countries and regions. More information: http://www.biometricchina.net/en/

20-22 May 2014Kuala Lumpur, MalaysiaBiometric Security Forum AsiaBiometric Security Forum Asia will take place over three days and will include high-level speakers from Malaysia, Asia-Pacific, Middle East and Europe. It will present and discuss key themes including biometric security issues and trends and solutions for the border industry. The event is holding a site visit to the lab of biometrics centre of the Kuala Lumpur International Airport and will offer a platform for business negotiations between both manufacturers and industry end users.More information: http://www.ib-consultancy.com/events/event/56-biometric-security-forum-asia-2014.html

28-29 May 2014Sydney, Australia Biometrics Institute Asia-Pacific Conference 2014Formerly known as The Biometrics Institute Australia Conference & Exhibition, the Asia Pacific Conference 2014 will be held at Dockside, Sydney. The conference will provide an insight into the latest developments and best practice examples of biometric technologies. More information: http://www.biometricsinstitute.org/events.php/461/asia-pacific-conference-2014

10-13 June 2014Istanbul, Turkey Border Management and Technologies SummitBorder management is becoming a priority in the Balkans and Middle East where governments in the region are looking to invest in securing their inter-national borders. Recent increased pressure to limit refugees and migrants entering Western Europe means governments are reacting by investing in border secu-rity. The 2014 event will provide in-depth presentations from the Balkans region, Middle East and Central Asia.More information: http://www.intelligence-sec.com/events/border-management-technologies-summit-2014

It reports that the Center for Digital Democracy had asked for the presentations, pointing to those companies’ expertise and the need for stakeholders to better understand the technology as they try to come up with vol-untary privacy guidelines to flesh out the US privacy Bill of Rights framework.

Neither Google nor Facebook were under any obligation to present or participate.

This comes as researchers revealed software that allows Facebook to enable facial recognition that is described as on a par with human recog-nition levels. Facebook noted the findings on the publications area of its website https://www.facebook.com/publications/546316888800776/. Its researchers will present the paper ‘DeepFace: Closing the Gap to Human-Level Performance in Face Verification’ at the Conference on Computer Vision and Pattern Recognition (CVPR) in June.

They point out that in face recognition systems, the conventional pipeline consists of four stages: detect, align, represent and clas-sify. They have revisited the alignment and the representation steps, employing explicit 3D face modelling in order to apply a piecewise affine transformation, and derive a face representation from a nine-layer deep neural network.

This deep network involves more than 120m parameters using several locally connected lay-ers without weight sharing, rather than the standard convolutional layers.

Researchers trained the system on the largest facial dataset to date, an identity labelled data-set of four million facial images belonging to more than 4,000 identities, where each identity has an average of over a thousand samples.

The method is reported to reach an accuracy of 97.25% on the Labeled Faces in the Wild (LFW) dataset, closely approaching human-level performance.

App to use facial recognition to spot medical conditions

An app will use facial recognition technology to spot facial changes

that may flag medical conditions.Sharon Moalem, geneticist, has developed an

app called Recognyz, reports Mobihealth News. “Many medical conditions and/or syndromes

have specific physical features, such as interpu-pillary distance and skull shape, that are used by physicians or medical allied health workers as an aid in diagnoses,” Moalem’s patent filing says. “For example, increased distance between the eyes of an individual can be an indicator of a condition called Noonan syndrome.”

Aurora reveals LFW-topping face recognition

Aurora has revealed new face rec-ognition technology, now rated as

the most accurate system on LFW, the internationally established benchmark run by the University of Massachusetts.

The algorithm is achieving a mean classifi-cation accuracy of 93.24%, placing it ahead of competitors including NEC, Vision Labs, Face.com, Oxford University, the University of Science and Technology China and Microsoft Research, reports Aurora.

The LFW benchmark includes extremely difficult cases: adverse lighting conditions; bad head angles and great variations in image quality. A representative from Aurora says, “We are not talking about a minuscule improvement to an almost perfect system; the technology is demon-strating that it can recognise a category of image that was previously beyond our capabilities.”

A summary of the results can be found on Aurora’s website (www.facerec.com/lfw.html). In addition, Aurora has launched a free early beta version of its cloud-based face recognition service. • See feature page 9.

Global mobile biometrics to see 156.9% growth over five years

The global mobile biometrics market is forecast to grow at a CAGR of

156.9% over the period 2013-18, accord-ing to TechNavio analysts. One of the key factors contributing to this market growth is the increasing use of personal devices for financial transactions.

Technavio points out that the global mobile biometrics market has been witnessing an increasing number of mergers and acquisitions. However, the availability of inexpensive non-biometrics technologies could pose a challenge to the growth of this market.

TechNavio identifies the key vendors domi-nating this space as including 3M Cogent Inc, Fujitsu, and NEC.

Apple forges ahead with biometrics

Apple is reported to be working on technology that use biometrics

Continued on page 12...

mobile

Biometric Technology Today April 2014 4

NEwS

In Nigeria, Sterling Bank has deployed finger-print biometrics-enabled point of sale (PoS) terminals to all its agent banking outlets in the country. The bank said the move would promote financial inclusion as about 30m Nigerians can’t read or write.

The National Health Insurance Authority (NHIA) of Ghana has introduced biometric registration to reduce abuse and fraud. Biometric registration was first implemented in July 2013 for a pilot scheme that registered over 100,000 subscribers.

Mihan India Limited has approached the Airports Authority of India (AAI) for the imple-mentation of biometric-based access control system at Nagpur airport, reports the Times of India. In India the Bureau of Civil Aviation Security (BCAS) has directed all airports of the country to switch to biometric-based access control systems by July 2014.

P R O D U C T N E W S

UBIN AG has facilitated an additional level of enterprise security with the introduction of the MiKey. UBIN’s MiKey links a user’s digital ID to their physical ID and prevents unau-thorised access to user accounts and access to private information by integrating a fingerprint reader, encryption, storage and smart card in a single USB stick form factor. MiKey keeps the biometrics locked inside the device. The MiKey has a wide range of applications includ-ing mobile device authentication, PC login, secure cloud access, digital signatures for email, documents and online transactions, secure data storage and encryption and facility access. The inclusion of wireless NFC (near field commu-nication) capability later in the year will expand the MiKey application beyond the desktop to tablets and mobile phones.

Suprema has launched a new version of its BioEntry W fingerprint access control terminal, which is embedded with HID Global’s iCLASS SE smart card technologies. In conjunction with the expansion of its RF technology, the enhanced BioEntry W was upgraded with HID iCLASS SE as well as enhancements for FeliCa IC cards, which are most widely used in Japan. BioEntry W blends an IP access control system with high level security provided by fingerprint biometrics. It is designed for outdoor installa-tion offering durability in harsh environments.

VoiceKey has unveiled a new version of OnePass, which offers a single tap, mobile biometric authentication solution that com-bines speaker and face recognition algorithms with an anti-spoofing feature that detects ‘live-

ness’. OnePass provides a false acceptance rate under 0.01% and a process that takes seconds. It offers touchless identification; when a user starts the verification process, the smartphone’s cam-era searches for human face in the video stream and launches the voice (passphrase) recording automatically as soon as the face is detected.

Nigerian mobile payments provider Teasy Mobile is to equip its mobile money agents with POS terminals that use biometric technol-ogy to verify a consumer and NFC to allow them to make a payment, according to NFC World. VeriFone Mobile Money, a joint venture between POS maker Verifone and Mobilis Networks that also supplies Tonga’s NFC-based Beep and Go mobile money service, will provide Teasy Mobile with its Verifone Mobile Money wallet solution and retail switch. Biometric data may be used as an additional ‘know your customer’ facility for certain transaction values.

Neurotechnology has refreshed its entire line of biometric software development kits (SDK). The latest versions include significant algorithm improvements for functionality enhancement and higher recognition accuracy. The new, higher-level API is designed to make it easier and faster to integrate any combination of fingerprint, face, iris and voice biometrics into identification projects, from basic applications like secure entry to national-scale projects such as voter registration that require high speed, high volume identification capabilities. The new API also makes it simple to switch between the local computer and the required server-side solution and enables the application to be scaled up as needed.

FST21 has announced Safel, an integrated access control controller that delivers ‘in motion identification’ access control. SafeI enables FST21’s SafeRise solution, an in motion identi-fication system that allows approved users access through a fusion of biometric recognition, voice and licence plate recognition, in a more compact version of the SafeRise server. It is also designed to support one in motion identifica-tion access point. SafeI comes in a standalone plug and play enclosure, and is the driving force behind FST21’s Digital Doorman all-in-one In Motion Identification Access Control solution. No keys, cards or codes are required.

Entertech Systems has launched BioConnect 2.5, the latest version of its application for biometric integration with access control sys-tems. BioConnect has added a number of features, including using smartphones as an authentication source. OSDP (open super-vised device protocol) support is now avail-able, with advanced template management

and flexible credential options. Entertech has also announced the availability of Suprema BioEntry Plus, a low-cost biometric reader aimed at the North American market.

C O M P A N Y N E W SIdeal Innovations (I3) has been awarded an $18m contract by the US Department of Defense’s Defense Forensic and Biometric Agency (DFBA) to provide Automated Biometric Identification System Operations Division support to the Biometric Identity Management Agency (BIMA), reports Biometric Update. Ideal will provide technical operations support, maintenance and safeguarding of the DoD ABIS.

Zetes has won a contract to supply Uganda with 4,250 biometric kits for citizen identification. The project is being delivered in conjunction with MFI, Zetes’ main local contractor and partner. The biometric kits will be used for voter registration for the presidential elections in 2016. The first kits have already been deliv-ered and the enrolment process is scheduled to launch on 15 April 2014.

A-T Solutions has been awarded a $37m order by the Naval Surface Warfare Center Dahlgren Division (NSWCDD) in support of the Naval Expeditionary Forensics and Biometrics (NEFB) programme to assist in providing forensic support to all branches of the US military. The NEFB programme provides forensic and biometric exploitation analysis sup-port to various operational agencies, and aims to provide rapid results to meet intelligence, security, stability and law enforcement needs in the areas of forensic and biometric science.

Biometric fingerprint readers from ievo are now available in the US. ievo biometric access control readers use the multispectral imaging technology of Lumidigm, part of HID Global.

Visiontek, worldwide supplier of customer premise-based telecom equipment and software solutions, has incorporated the DigitalPersona TCS1 Steelcoat sensor into handheld biomet-ric readers used in India. Field officers use handheld devices to scan fingerprints of citi-zens who want to access banking services and entitlement programmes that require assured identification. Scanned images are compared to identity data stored in one of three places: a secure central database, a smart card or in a point of sale (POS) terminal. Confirmed identities are used to grant access to food dis-tribution programmes for Indian citizens and provide microfinance products for consumers who were previously ‘unbanked’.

N E W S I N B R I E F

5April 2014 Biometric Technology Today

fEATurE

Voice biometric authentication has come a long way in a relatively short space of time, mainly as a result of significant strides in the voice to text software algorithms and codecs used by interactive voice response (IVR) systems.

These advances have allowed voice biometric software developers in particular to integrate software-driven voice analysis technology capa-ble of authenticating voice templates across the limited tonal bandwidth of GSM (2G) and 3G voice channels.

When you consider a basic GSM voice chan-nel offers a data bandwidth of just 9,600 bits per second, you begin to realise that the voice biometrics voice codecs have to be extremely advanced in order to be capable of extrapolat-ing complex voice constellations from a rela-tively limited bandwidth.

Bandwidth issuesWhile the limited GSM bandwidth issue causes technical problems, as speakers at the October 2013 Biometrics Show revealed, the over-arching process of authentication has become a complex process that involves multiple layers of security – and not just voice, fingerprint and other authentication technologies on their own.

Speakers at the conference revealed that voice biometrics analysis has made significant strides over the past decade. At the 2003 event, for example, when speakers bemoaned the noisy voice quality of digital cellular calls – remember here that GSM (2g cellular) as a standard is approaching its 23rd anniversary in the cel-lular network deployment stakes – the speakers at the October 2003 conference were treat-ing voice authentication across 2G and 3G as something of a given.

Discussing this turn of events with exhibitors at the conference revealed that the evolution of the Apple iPhone – first released just six years ago, paralleled by the equally rapid ascendance of other smartphone platforms such as Android

and Windows Phone – has pushed voice authentication developers’ skills to the limit.

According to Daniel Thornhill, a product manager with Validsoft UK, voice verification – as a biometric science – has evolved to the point where it has now become an integral fea-ture in multi-factor authentication.

“Voice verification – as a biometric science – has evolved to the point where it has now become an integral feature in multi-factor authentication”

Validsoft, he told his audience, is a security solutions provider. “Although we don’t focus on biometrics authentication, it is a core focus of our security offerings,” he explained.

If you look at voice biometrics usage in the finance industry, you can see that its widest usage is in the mobile banking and e-channels arena. Voice biometrics, he added, is more applicable to the range of authentication solutions operating at the intercept of security and telecommunications.

“We use telecoms to solicit further info on the user. Where the caller is using their mobile phone, this helps us get more information on what they are doing,” he says, adding that these developments come against the backdrop of ris-ing levels of fraud.

“We use telecoms to solicit further info on the user. Where the caller is using their mobile phone, this helps us get more information on what they are doing”

These levels of fraud are increasing at dra-matic rates in all channels of electronic finance,

including telephone banking and regular landline banking channels.

1000 fraud attempts an hourWhen totalled up, his company’s figures suggest there are around 1,000 biometric-based fraud attempts carried out every hour of the day on financial institutions through all channels around the world. “The interesting thing about the way fraudsters operate is that they typically choose the channel that they believe is the easi-est route to attack,” he says.

“They may even perform attacks on multiple channels. Let’s say they get locked out of the user’s PIN – they will then use social engineer-ing across a voice phone channel in order to gain access to that PIN,” he added.

Despite the developments in technology, it is important to understand that the authen-tication technology has to be usable in many different market areas. “If you look at banking, online banking and mobile banking, you realise that the latter is growing at a phenomenal rate. Many people are now performing their banking actions across different channels using different authentication technologies,” he says.

“At some point, an authentication of the user is required in order to verify the user is who they say claim to be,” he says, adding that any form of strong authentication needs to be carried out in a consistent way. Fraud, he says, may not need a strong authentication process, but at some point the authentication process needs to verify who the user claims themselves to be.

Multiple channels Today’s financial services users want to use and access their account(s) across multiple chan-nels. With mobile banking the security process is somewhat shortsighted and multi-factor authentication can solve a lot of the issues that ensue from this: The problem with multifac-tor authentication is that, once one channel is compromised, it makes the entire authentication

Financial services sector puts voice biometrics at heart of fraud battleSteve Gold, freelance journalist

Steve Gold looks at the technology advantages – and issues – involved with the financial services industry’s adoption of voice biometrics at the heart of its anti-fraud and customer verification systems.

Steve Gold

6Biometric Technology Today April 2014

fEATurE

process that bit more difficult, although the integrity of the authentication process does not alter that much.

“The problem we see with banking authenti-cation systems is that many of the technologies and systems have been compromised – such as RSA losing the seeds for their security authenti-cation,” he says, adding that social engineering attacks are now starting to appear as part of cybercriminal attack strategies.

In 2009, the Validsoft product manager says, out-of-band authentication – such as using SMS and voice channel verification as a means of authenticating an Internet banking ses-sion – was considered to be a relatively strong authentication system, but the problem was that the fraudsters then came up with the idea of fraudulently obtaining a new SIM.

He describes the cellular network’s security in this regard as relatively weak, but the process of SIM replacement as more about customer satisfaction than ‘poking about on the security front’. It’s important to realise, he went on to explain, that a lot of security solutions in the remote banking area are binary in nature, meaning that, if you cannot use the main chan-nel, you cannot access the system – full stop.

“A lot of security solutions in the remote banking area are binary in nature, meaning that, if you cannot use the main channel, you cannot access the system – full stop”

“This is a strong authentication process, but it is not the most convenient. If you are dealing with end users, they are not always flexible – they may not be able to authenticate themselves all the time,” he says, adding that there is a strong need for multiple elements of authenti-cation in such situations.

A strong authentication system, he told his audience, has to have a system that deals with false negatives or false positives. On top of this you also need a mechanism to cater for these issues.

Combine security factorsThornhill adds that security factors can assist in verifying the authenticity of the user in this context: “A combination of these things is what makes the authentication model work,” he says, adding that there are three main routes in this regard, the first of which is something you know – although he notes that this security methodol-ogy has been compromised by fraudsters.

Then there is the ‘something you have’ methodology – using token or card readers, while the third methodology – location – is a

relatively new concept: somewhere you are or somewhere you are not.

“This is the geo-location process – it’s very secure in adding to the security. Another fac-tor is something you trust, using cryptographic technology to build up a vector of trust around the user,” he says.

Multi-factor authentication, he added, isn’t just about adding layers it’s about using mul-tiple techniques to build up confidence in the security model. And you also need to look at the context of the financial transaction – such as the location, gender and age of the user. It is all, he explained, about managing the false negatives and false positives.

For this approach to succeed there has to be a balance between customer convenience and customer security. If you reduce fraud, he notes, you also decrease customer convenience. And tokens are not always the optimum choice, so it comes down to using these techniques in high-risk transactions.

“Technologies such as grey zone logic and contingency concepts allow voice biometrics to be used on mobile banking without exces-sive false negatives or positives. Any security solution has to take a holistic approach to authentication,” he says, adding that this means analysing the context of the transactions, for example network context and device context. This helps to answer the question whether the user’s phone for this latest session is the same unit that was seen last week.

Evolution of contextAgainst this backdrop, the context that can be extrapolated from the device is evolving. By context, he also means user context – for exam-ple gender and other issues such as the stress in a user’s voice and so on.

“Ideally there should be no single point of failure in a given authentication and security process. Multi-factor can solve this problem. If your voice biometric [authentication system] fails, then context and other forms of security can authenticate the user. They may, for exam-ple, be in a noisy environment,” he says.

“We’re seeing a 40% reduction in false positives – aka equal error rates – with voice biometrics, thanks to the use of context secu-rity processes.”

So where does this leave us with regard to replay attacks? This is where the criminal records or synthesises the user’s voice from mul-tiple recordings, and replays them to the voice biometric analysis platform.

“We can use many different techniques to analyse more than the user’s voice. For example, we can ask whether the user’s regular mobile is being used. This makes the replay attack vec-

tor a lot more complex for the fraudster,” he says, adding that, if we look at some real-world examples, we can see this is useful for the self-certification of benefit payments, which is a very powerful proposition.

“If we look at some real-world examples, we can see this is useful for the self-certification of benefit payments, which is a very powerful proposition”

Using a multi-factor model at this stage, he explains, allows us to add another layer of posi-tive security. For example, we can ring the user’s mobile phone and conduct a question and answer session, as well as use geo-location tech-nology to ensure that the user is still eligible for the benefit they are claiming.

Replay attacksThe bottom line, he says, is that replay attacks do not work in this situation. This technology, he went on to say, is also useful for authenti-cating a funds transfer: “We can ring the user. We can then ask a number of background questions such as ‘has the SIM been swapped? and ‘has the handset been compromised?’ Compromising the process is possible, of course, but the fraud mechanism is made a lot more complex for the fraudster.”

Thornhill says that Validsoft is now seeing a large transition to mobile authentication, especially by banking and other clients, simply because people carry their mobile with them at all times: “Voice authentication is a powerful proposition here. In-band multi-factor authen-tication – such as the integrity of the SIM, the integrity of the mobile device and the context of the user – is important. But it is the speech element that is the critical factor, but not always essential as we can use dynamic contin-gency processing to compensate,” he says.

“This is useful in a noisy environment. We can skew the false negative line on the chart – not a total failure, not a full confirmation. Send the user an SMS and so skew the false negative and help our voice models evolve using other forms of authentication.”

Voice biometrics now entering mass marketDaniel Janulewicz, vice president of sales with the Canadian operation of VoiceTrust GmbH, countered Thornhill’s comments and told his audience at Biometrics 2013 that as a science,

7April 2014 Biometric Technology Today

fEATurE

voice biometrics is now entering a mass- market situation.

Voice biometrics, he went on to say, is becoming more and more accepted among users. “What we have to find is the avenues of access that are the most ubiquitous. We know that voice has become almost as acceptable as signature. Fingerprints have an air of criminal-ity about it – this is not as acceptable,” he says, adding that the term ‘mass market’ refers to an undifferentiated market that may be geo-political or global.

“If we look at a major bank like Barclays or Bank of America, they are now global in nature,” he explained. Against this backdrop, he says that geo-political – national – deployments are still very useful for pension payments and other applications.

“My own belief is that the less intrusive the voice biometrics system is, the more accept-able it becomes. In the UK people are more pro-active – meaning that they will speak their authentication. In Canada, however, we see users as more passive: they understand the sys-tem is monitoring them in the background,” he says. “POTS [plain old telecoms systems] are different from mobile comms, but they both – these days – use VoIP technology.”

Janulewicz went on to say that he comes from a call centre background. “Skills-based routing – where you know who that person is – allows you to send them to the proper person in the call centre. With a voice call you have little or no prior identifying information,” he says.

‘This type of authenticated routing is widely used in the financial and healthcare industries. GPOs [Group Purchasing Organisations] can verify who the users are – this is very important in the US and Canada where healthcare data access is carefully controlled under the HIPAA rules,” he says. It’s for these reasons, he says, that financial institutions need an audit trail of confirmation.

“In the US the audit trail is a lot more rigorous, since any interaction needs to be tracked. In the case of helpdesks, we’re seeing voice authentication a lot in password resets. Password resets can cost as much as 25 dollars per user. Average users can request new pass-words every three months, so the cost can easily hit $100 a year,” he says.

“I was talking to a Staples manager recently. He told me that 80% of calls to his call centre are about password resets. By outsourcing to India we can reduce the cost to $6 a trans-action. That’s still $24 a year and does not include the time cost of the person making the request,” he says,

Against this backdrop, Janulewicz says that voice biometrics generates a clear call log and this process he explained, also allows people to review the call – a classic example in this con-

text involves retirement homes in Canada, for example: was the caller lucid? The problem here is that an orderly [nurse] can take a fingerprint even if the patient is in a catatonic state.

Lucid and soberThe voice biometric, on the other hand, he adds, can be audited as lucid and sober when the user makes a request for a given chargeable service or facility. “Fraud prevention is useful here – it’s a proof of life. The user speaks and the system verifies. This is less secure [than other security methods], but the trick is to find a workflow that is convenient for the user to want to use – and not too expensive for the company concerned.”

“Authenticated routing is widely used in the financial and healthcare industries. Organisations . . . can verify who the users are – this is very important in the US and Canada where healthcare data access is carefully controlled under the HIPPA rules”

Janulewicz says that, if you make the system too complex, then users will not use it. If the system is too expensive, on the other hand, he explained, companies will not then use it.

“But if the transaction is a large one – say worth a million dollars – then you really do need to push the security side of things,” he says, adding that voice authentication can tie into the SIP trunking allowing easy integration into the existing telecoms system. If there is no exact biometric match, then it will be rejected. This approach, he adds, spots recordings.

If the software resides on the mobile device – perhaps as an app or SD card – then it can sync up with the network as and when required with minimal interfacing with the user. “Voice biometrics is a powerful proposition in the field of healthcare insurance and pensions. With these type of claims, you need to verify family members,” he says, adding that the issue here is how to verify they are not using each other’s cards to get access. Fraud, he added, is not always hidden away and not discussed.

In Brazil, he joked, ATM security can be a problem for the banks, as many Latin Americans withdraw their cash – quite liter-ally – using plastic explosive. Because of this, Janulewicz says that the banks are prepared to accept the risk and build it into their costings. “They also actively want to stop fraud – which is why Brazilian banks will set their currency on fire inside the ATM if a physical fraud is detect-ed. They really do incinerate the money,” he says, adding that it is also important to under-stand the scale of the problem – there are only a few thousand of fraudsters in a given country – as compared to many millions of users.

“This means that, if the fraudster calls in for a fresh Visa card, the system can work out they are a fraudster. They can be invited to attend a bank branch to pick up a new card – and arrest them. Physical security is the key here,” he says.

On top of this, he went on to say, as the demographic ages, the industry is getting more pensioners wanting access to their money accounts en masse. This means we must have a biometric authentication system that plugs into an existing IT system with minimal invasive-ness, he notes.

“By piggybacking on an existing IT system, this allows existing authentication and security processes to be used. This is very useful for ID verification where elderly people are involved. It means they don’t have to wait in the queue. We then know who that person is and without causing any problems – this is very conveni-ent,” he says.

“We are also seeing a lot of risks for govern-ments – they do not have any money to waste. They cannot normally build fraud into the ser-vice cost, unlike the banks. Enrolment [in this context] is crucial. If you mistakenly enrol them, then that person is completely in the system,” he says. “If you are tight on the enrolment process of security you can ensure lower rates of fraud through the entire system,” he added.

Janulewicz went on to say that in some coun-tries it is not unusual for people to continue to claim benefits after the death of a relative. In such situations, he says, a voice biometric helps to prevent fraud, as when the person passes away, their voice biometric is not as easy to forge by the relative.

Convenience issue“Fingerprints are also not reliable. If people work manually we have found they can actually lose their fingerprints. This is not the case with voice biometrics,” he says, adding that an addi-tional issue is the fact that some claimants give up because of the convenience issue.

“In Mexico, for example, we have found that almost a million people dropped out of the

Daniel Janulewicz: the less intrusive the voice biometrics system is, the more acceptable it becomes.

8Biometric Technology Today April 2014

fEATurE

retirement claims process as they did not want to wait in line. People didn’t enrol for various reasons,” he says.

“Using photo ID security, however, we have been able to verify who they are. A secure veri-fication process operating twice a year is better than 12 insecure verifications taking place every year,” he added.

The veteran opinionAccording to Almog Aley-Raz, general manager and vice president of voice biometrics and secu-rity solutions with Nuance Communications, voice biometrics offers the financial services business access to a range of automated security options – with all the economies that this auto-mation brings with it – but the technology is not without its teething problems.

“At Nuance we developed our vector technology two years ago, which can now test all the permutations required to authenticate or verify a user in real time. Previously this couldn’t be achieved within the required real-time timeframe”

Aley-Raz, who is a veteran of the voice biometrics industry with experience dating back two decades, is perhaps best known for being CEO of voice biometrics special-ist PerSay, a company he helped spin off from Comverse Technology subsidiary Verint Systems back in 2000. Ten years later, in 2010, Nuance Communications acquired PerSay, and Aley-Raz assumed his current position with the company.

A major issue on the technology front of voice biometrics is that implementers need to tweak the trade-off between the false positives and the false negatives – a task that has been made considerably easier in recent years thanks to the advances made in the voice biometrics software analysis field.

“Core algorithms have improved signifi-cantly in the past few years. Here at Nuance we

developed our vector technology two years ago, which can now test all the permutations required to authenticate or verify a user in real time. Previously this couldn’t be achieved within the required real-time timeframe,” says Aley-Raz.

This speed increase is largely thanks to the fact that the iVector platform tests and analyses the templates as they are created, generating a vPrint analysis for each template.

This means that, when a database of tem-plates is then compared to a real-time voice-print from a caller, the software can process as many as 10,000 vPrints in a faction of second, rather than re-analysing each template individu-ally – as has been the case with voice biometric authentication technologies in the past.

This speed advantage, he explains, is espe-cially important when you are dealing with a user in a noisy environment, as the search and comparison algorithms can adapt the task at hand many times over – and all in real time.

“This process can be set to execute automati-cally or semi-automatically, meaning that the user’s template can be verified – or denied – in a relatively short space of time,” he says, add-ing that over the past decade, the main research into voice biometrics has been into what is known as text analysis where the resultant text (and allied data) is analysed in order to verify the user is who they claim to be.

“[At PerSay and Nuance] we have focused on the automated analysis side of the voice biometrics technology rather than this text analysis process. The result is that our technol-ogy can be used in a wide range of analytical situations,” he says.

Outbound calls“What this means that we can use our technology for outbound call and voice analysis technology, rather than purely inbound calling situations. This is very useful for mobile users, as you can auto-mate an outbound calling service that operates as a highly pro-active platform for adding extra lay-ers of verification and security,” he added.

Aley-Raz says that this flexibility has allowed PerSay – and Nuance – to evolve its technol-

ogy beyond its technical analysis origins and become a supplier of automated systems. The core platform is based on the Linux operating system, but it is important to understand that the rapid analysis and verification technol-ogy that PerSay developed – and is now being developed further by Nuance – has allowed the technology platform he helped to create to move beyond its voice biometrics origins.

“We are now developing the technology into an highly sophisticated anti-fraud platform that has voice biometrics at its heart,” he says, adding that in May 2013 the Barclays Wealth call centre started using this voice recognition technology to securely identify some of its cus-tomers over the phone.

The move, he explained, means that cus-tomers of Barclays’ private banking division can access their accounts without the need to answer multiple security questions.

Where previously, a ‘knowledge-based authentication’ methodology could be viewed as intrusive and cumbersome – as high-rolling customers often forgot the answers to security questions such as ‘What is the name of your favourite pet?’ and ‘Who was your best child-hood friend?’ – the voice biometrics system sits in the background to the operator call and makes client calls shorter.

“We call this technology Free Speech, and it allows an organisation to analyse the call – in the background – as an aid to fraud detection, leaving the human operators to get on with deal-ing with the client’s wishes. This is pure voice biometrics, and not voice stress analysis,” he says.

“Where previously, a ‘knowledge-based authentication’ methodology could be viewed as intrusive and cumbersome – as high-rolling customers often forgot the answers to security questions such as ‘What is the name of your favourite pet?’ and ‘Who was your best childhood friend?’ – the voice biometrics system sits in the background to the operator call and makes client calls shorter”

Barclays has claimed that the FreeSpeech plat-form can identify a person after just 20-30 sec-onds of natural conversation, with the software matching a person’s voice to a pre-recorded indi-vidual voiceprint on file and silently letting the Barclays employee at the other end of the phone

Almog Aley-Raz: Core algorithms have improved significantly in the past few years.

Voice biometrics waveform.

9April 2014 Biometric Technology Today

fEATurE

know when the customer has been verified. If the person’s voice cannot be verified in real time, then a member of the Barclays customer service team will ask traditional security questions.

Aley-Raz went on to say that this technolo-gy has also been developed to the point where data flowing across the entire voice biometrics analysis platform – or platforms – can be clus-tered to detect attack patterns for an organisa-tion as a whole.

Analysing a fraud attack on a voice biometrics system of a financial organisation is now required because fraud has become a full-time profession for the criminals concerned.

“What is now happening is that the fraud-sters are now attacking entire banking systems sequentially. We originally developed this cluster-ing analysis technology for a Big Five top US bank,” he says.

Customer satisfactionThe technology generates many more benefits than the basic anti-fraud and fraud attack detection side of affairs. In the case of Barclays Wealth, agent and customer satisfaction levels have risen significantly as a result of the intro-duction of FreeSpeech.

These customer and client satisfaction levels are in addition to the cost savings that are generated from the introduction of the FreeSpeech platform. “Many clients have been surprised by the rise in satisfaction levels, and not just the cost savings,” he says.

About the author

Steve Gold has been a business journalist and tech-nology writer for 27 years. A qualified accountant and former auditor, he has specialised in IT secu-rity, business matters, the Internet and communica-tions for most of that time. He lectures regularly on criminal psychology and cybercrime.

Nick Whitehead

However, the experience of implementing facial recognition systems over the past ten years has exposed the real-world problems that must be overcome to achieve a successful solution. There is a lot more to consider than just who ‘wins’ at the tests.

In the closing years of the twentieth cen-tury, numerous providers of facial recognition algorithms made claims about the accuracy of their technologies. In order to give some sci-entific balance and stringency to these claims, the US Government, through the National Institute of Science and Technology (NIST), arranged tests.

The first results were published in 2002 as the Face Recognition Vendor Tests (FRVT); and in 2006 further results were pub-lished through the Face Recognition Grand Challenge. These tests were an important step forward for the industry and users, and pro-vided important evidence for, and validation of, the growing accuracy of facial recognition

matching algorithms. This was an important, albeit limited, contribution to the debate about facial recognition.

In recent years the University of Massachusetts has made available a dataset called ‘labelled faces in the wild’.1 This con-sists of more challenging facial images with different lighting conditions, different head angles, occlusion and so on. In fact, it is much more aligned to conditions found on social networking sites where tagging images has become routine.

The test regime is rigorous and is more use-ful when looking at faces that are not front-fac-ing, and of non-compliant subjects. The results do not claim to test more than the matching algorithm and therefore are not designed to validate the wider usability and deployment of the tested algorithms.

However, there is a danger that the selection of biometric algorithms, for systems other than those associated with tagging, is too heavily

influenced by the performance against these independent testing regimes.

Companies and universities vie to attain the best results on the public tests and this is usually measured by comparing ROC (receiver operat-ing characteristic) curves based on false accept-ance (FAR) and false rejection rates (FRR). If the position of the equal error rate is just a fraction of a percentage point better than the competitor then a claim to be the best can be made.

“In the closing years of the twentieth century numerous providers of facial recognition algorithms made claims about the accuracy of their technologies”

The tests present a standard dataset so all pro-viders have a fair chance to compare their perfor-mance with others. Hence, engines are trained specifically to improve the results for that data-set. Highly impressive results are obtained and we are now in a position where the differences in equal error rate recorded between engines are really quite small, with limited room for further significant improvement.

Hugh Carr-Archer

Real world implementation of facial recognition systemsDr Nick Whitehead, Atkins, Hugh Carr-Archer, Aurora

Facial recognition algorithms compete with each other to get the best results in public tests such as those run by NIST, and ‘labelled faces in the wild’, a data-base of face photographs designed for studying the problem of unconstrained face recognition, hosted by the University of Massachusetts. Companies pro-claim at trade shows and conferences that they have the ‘best algorithm’ – it’s proven because they are top in the tests.

fEATurE

10Biometric Technology Today April 2014

Key performance factorsThe public test results mask a number of other significant factors when considering the deploy-ment of a real system:

Head/eye /feature location

The test dataset only includes images of human faces with two eyes in view. In addition, each image has metadata that defines the locations of the centre of the eyes. These factors need to be managed in real implementations where the imagery obtained may sometimes present imag-es with no human face present, with extreme head angle and only one or no eye visible.

The system must be able to discriminate these images before they are submitted for ‘biometric templification’ and matching assessment. Overall recognition results will be degraded if the feature location step either rejects valid images or allows invalid images to be assessed.

In the same way the identification of features is critical to the performance of the recogni-tion engine. Traditional approaches have relied heavily on eye-point location and, despite the fact that many new engines are using different features, the ability to locate these points accu-rately remains crucial to performance.

Response time

Speed of response requirements will affect the system. For example, if the system needs to per-form in near real-time then the face detection, feature location and matching algorithms have to perform their functions rapidly. The public tests don’t assess variation in performance based on time available for the matching; they are only interested in the raw capability.

Computing power

The public tests don’t provide any feedback on the computing power required to obtain the

results. It is possible that the results obtained for a particular matching engine have been obtained using a supercomputer over a number of days. This is unlikely to work in real implementations, not least because of cost considerations.

Non-standard engines

Some facial recognition engines don’t operate on natural light images. For example, a number of engines work on infra-red imagery. These algorithms fit a gap in the market where natural light images cannot be captured to a consistent level (eg at night, or in low or variable lighting conditions). The public tests don’t offer any means to assess these engines, as there are no suitable reference images to test against.

Summary

The assessment of ‘best’ algorithm will vary depending on the requirement for the system, and that variation will be formed from a com-plex set of factors. The need for a high-quality matching algorithm is a necessary factor, but by no means the only one.

Balance the factors – a case studyAll these factors had to be considered when implementing the infra-red facial recognition system used at Heathrow to provide security in Terminals 1 and 5.

These terminals host both international and domestic flights. The system implemented (Passenger Authentication Scanning System developed by Atkins with Heathrow Airport Ltd) uses biometrics to link a passenger to their boarding pass to ensure that only the author-ised person can use it to gain access to the domestic departure areas.

This implementation had to balance the factors outlined in this article focussing particularly on:• Speed:thecaptureoftheenrolmentandthe

verification of identity cannot lead to addi-tional queue time. The passenger must be able to use the system easily as they will be an infre-quent user and self-service options are needed.

• Security:thesystemmustmeetthestrin-gent standards of the UK Border Force. This must work in the varying lighting conditions that are found in the Terminal.

• Cost:thesystemmustoperateonHeathrow standard client and server machines.

The project delivered a solution that balances these competing factors. This was achieved through significant trialling and bench testing.

The trials explored the interaction with real passengers to find ways in which the usability of the various checkpoints could be enhanced. These trials were run by the domain experts at the airport but with close consultation with the technology providers (both for biometrics and system design). This marriage of deep domain knowledge of the airport process coupled with the understanding of the technical approach enabled the necessary trade-offs to be made.

The bench testing focussed substantial effort on the real world problems that can impact biometric recognition performance. In particular, quality checking had to be enhanced for spectral reflection that was found to occur from a par-ticular type of spectacles. Again trade-offs had to be made between the overall business process and the development of a technical solution that was immune to the reflection issue.

The result was that, in certain circumstances, a small proportion of passengers wearing specta-cles are asked to remove them to limit the time taken at enrolment. This pragmatic approach balanced the need for all three critical factors of speed, security and cost.

“Quality checking had to be enhanced for spectral reflection that was found to occur from a particular type of spectacles. Again, trade-offs had to be made between the overall business process and the development of a technical solution that was immune to the reflection issue”

Final testing was carried out without warn-ing, as experts attempted to spoof the system in real life. These tests demonstrated that the level of security required was delivered. Approval was obtained for use as a result and millions of pas-sengers have now been processed by the system since February 2012.

The future – engine tuning?The preceding commentary on the applicability of the public testing regime should not be taken as a recommendation for the removal of the tests. These tests are ideally suited to assess the relative merits of different engines when looking at natural light images with variation in lighting and variable pose angles. The outcome demon-strates that engine designers are getting better at general recognition tasks.

The competing factors to consider when implementing biometrics.

fEATurE

11April 2014 Biometric Technology Today

A SuBSCrIPTION INCLuDES:• Onlineaccessfor5users• Anarchiveofbackissues

www.biometrics-today.com8

The point is that many other factors must be considered in order to achieve successful imple-mentation of real-world systems – including one further factor: ‘tuning’ the solution.

Tuning

Tuning, in this context, means training a facial recognition engine against a specific type of image. A good example of this is the immigra-tion checks that need to be able to match a person to their passport. In this case the person is in a compliant situation when using the sys-tem, and will present their face to the camera in controlled lighting conditions, looking straight ahead. Hence, the facial recognition engine does not need to cope with extreme pose or indeed with poor image quality. It is safe, therefore, to tune an engine to work with this type of image.

A similar situation will arise for the develop-ment of a solution to support the Smart Security (SmartS) initiative recently announced by Airports Council International (ACI) and International Air Transport Association (IATA). SmartS seeks to target security measures in airports based on risk assessment, a component of which will require accurate identification of passengers as they pro-ceed through the security checkpoints.

In a similar fashion to the immigration require-ment, identity is likely to be established from comparison to the photograph encoded on an e-passport chip. However, in this case, the aim is to perform this entirely unsupervised by an agent or immigration official. Delivery of a successful solution to these requirements will rely on high levels of certainty, in a context where queues are

not tolerated. Balancing these factors presents a significant challenge, which will only be met using a tuned engine, combined with expert assessment of the additional system requirements.

Over-training

It is important to differentiate ‘tuning’ from ‘over-training’. In this context over-training means continued improvements made to an engine based on a fixed data set.

In our experience, the public tests illustrate a further risk from over-training matching engines for a specific test regime at the expense of real-world performance. Some of the stand-ard test sets have now been available for over a decade, and while we may trust that no cheat-ing is taking place by means of preliminary test set analysis, there is a natural evolutionary cycle of improvement driven by specific test sets. Over prolonged periods of time and succes-sive revisions, an algorithm can become highly tuned to that specific collection of images.

What is less well understood, is that the improvement witnessed can be, and often is, reversed in the real world and the tiny fraction of per cent improvement required to gain the number one position, may well mean significant reductions in accuracy in a live system.

Which engine is the best?The question of which is the best matching algorithm is only partially relevant. The question should really focus on which system best meets

the particular requirements of each deployment. The measure of suitability requires far more assessment than a quick look at the latest leader board on the public testing websites.

It is worth emphasising that an engine that has been tuned to improve performance for a specific system would appear to be signifi-cantly worse than the competitors if it were applied to the public testing regimes.

“In the real world, the ‘best’ matching engine is but one component of the final solution. Assessment of the ‘best’ has to be made once the engine has been integrated into the system”

So, in the real world, the ‘best’ matching engine is but one component of the final solution. Assessment of the ‘best’ has to be made once the engine has been integrated into the system.

Facial recognition systems remain anything but off-the-shelf solutions; and will do so for some time.

References

1. Huang, G, Ramesh, M, Berg, T and Learned-Miller, E. ‘Labeled Faces in the Wild: A Database for Studying Face Recognition in Unconstrained Environments’. University of Massachusetts, Amherst, Technical Report 07-49, October, 2007.

About the authors

Nick Whitehead has been a business manager with Atkins for 10 years and provides senior over-sight to the development of the biometric solution with Heathrow.

Hugh Carr-Archer is CEO of Aurora who specialise in the development of facial recognition solutions. Aurora has extensive knowledge of real-world deployment of facial recognition worldwide. Aurora systems have processed hundreds of millions of transactions in the construction and airports markets over the past 10 years.

Facial recognition gates at Heathrow. Credit: Heathrow.

12

NEwS/COmmENT

Biometric Technology Today April 2014

...Continued from page 3including retinal scanning and facial rec-ognition to secure communications with-in devices in the future. More imminently, it is also said to be preparing a software update to refine the reliability of its Touch ID fingerprint recognition system, according to an AppleInsider report.

Some iPhone 5S owners have reported dimin-ishing Touch ID reliability since they first scanned their fingerprints. Rescanning fingerprints seems to help, but then reliability declines again.

PatentlyApple reports that in March the US Patent & Trademark Office published a patent application from Apple titled ‘Wireless Pairing and Communication between Devices Using Biometric Data’. The patent reveals that infor-mation exchanged between devices such as an iPhone and Mac may one day use biometrics such as retinal scanning, facial recognition and more to perform a connection, such as a Bluetooth link, between the devices.

VoiceVault unveils ViGo voice biometrics for mobile

VoiceVault has announced the release of ViGo a voice biometric platform

designed for mobile. ViGo provides a ecosystem for developing and deploying voice biometrics in a mobile app.

ViGo offers phrase or digit-based voice reg-istration and is based on a rapid application development platform for Android or iOS. “Because hundreds of millions of people use their smartphones or tablets for both business and personal applications, there is very large demand for strong but simple log-on or activa-tion,” says Dan Miller, senior analyst at Opus Research. “Voice-based authentication fills that bill, and VoiceVault’s ViGo puts it right on every mobile app developer's design palette.”

Alongside the ViGo release, VoiceVault has launched a website with additional resources specifically for app developers

NIST publishes compression guidance for fingerprint

The NIST Friction Ridge Compression Study team has published

‘NIST Special Publication 500-289 Compression Guidance for 1000 ppi Friction Ridge Imagery’.

SP500-289 has been developed in partnership with the US FBI and provides guidance for the compression of 1000ppi friction ridge imagery including latent fingerprints using the JPEG 2000 compression algorithm. Additionally, SP500-289 provides guidance for downsampling of friction ridge images from 1000ppi to 500ppi, providing a pathway for interoperability with 500ppi systems. NIST Special Publication 500-289 Final is a culmination of six separate studies, which began in 2009.

ImageWare Systems and T-Systems pilot integration of products

ImageWare Systems has begun a test-ing phase with T-Systems, a

subsidiary of Deutsche Telekom, to integrate ImageWare Systems’ multimodal biometric, cloud-based identity management and credential technology into T-Systems’ products.

ImageWare Systems and T-Systems have been discussing business ideas during the past few months. T-Systems has started a pilot in its labs in Germany to integrate its products with ImageWare’s GoMobile Interactive biometrically secured user authentication solution for mobile devices; its Biometric Engine (BE), a real-time, cloud-enabled multimodal biometric data-base; and GoCloudID, a cloud-based SaaS ID management platform.

A major focus is to create solutions for cloud products and data storage for business customers.

When does techno-logical advancement become scope creep? This question seems very pertinent just now. The issue tends to raise its head where imple-

mentations of biometric technology are most sensitive and privacy considerations are acute.

In India, biometric data has been col-lected on an industrial scale by the Aadhaar programme, which provided each citizen with a unique identity number linked to the biometrics of the person. The programme is described as voluntary and indeed the Supreme Court ruled last year that the Aadhaar card was not to be used as a necessity for public services. Yet as it provides the means for citizens to access public services and finance, for many people participation in Aadhaar is inescapable.

More recently the Supreme Court has asked the government for an explanation as to why the Aadhaar card was still being considered mandatory for Indian citizens who wished to get property or marriages registered, or in signing up for a gas connection, reports The Indian Republic.

The Supreme Court has further clarified that the biometric data of the citizens that was collected under the Aadhaar system is not to be shared with anyone, following an instance when police in Goa had sought the informa-tion of those enrolled in the scheme for an unsolved case.

Separately, in Bangalore, police authorities have combined biometric clocking in with law enforcement. The Hindu reports that Bangalore

city police has ‘introduced a biometric attend-ance system that would not only ensure punc-tuality among police personnel, but also keep a fool-proof check on anti-social elements’.

Privacy sensors are set to high when it comes to collecting the biometric measure-ments of children in school. In Sydney, Australia, civil liberties bodies have raised concerns about scope creep around biometric systems in education. The Sydney Morning Herald reports that local schools scan finger-prints to record when students enter and leave school. Civil Liberties Australia chief executive officer Bill Rowlings called for schools and education authorities to put robust rules in place for how technology is used and admin-istered, and the data safeguarded to prevent school for becoming ‘mini-surveillance states’. He told The Sydney Morning Herald, “A scan on arrival just tells you who passed through the school gates on the way in. The only way to ensure a child is at school all day is to fin-gerprint the student every half hour. So pretty soon children will be scanned into every class-room, every separate facility within the school grounds. If that is done, suddenly schools will become mini-surveillance states.”

As it becomes increasingly possible to link progressively more accurate biometric data with other data – see page 1 for a news story covering an emerging technology combining fingerprint recognition with drugs and gender detection – the voices of the civil libertarians cannot be discounted and vendors, researchers and industry bodies might do well to work together on addressing scope creep.

Tracey Caldwell

COMMENT

r&d