What’s Next: Peering into the Future of Biometrics & Security Convergence
I was recently asked to comment on the future of biometrics so I wanted to share my thoughts here after distilling them down into four buckets.
What's Next in Adoption: Increase Driven by Usability, Durability and Speed in Mobile Devices
In the world of biometrics, we are witnessing widespread adoption of fingerprint biometrics because it has the longest history in terms of sensor development, image processing and large population statistics. Mobile devices are starting to benefit from evolution rather than revolutionary changes as biometric devices become more usable (to fingerprint and environmental conditions), durable and faster. This coupled with the reduction in footprint, power consumption and cost have driven rapid adoption for mobile and desktop users as evidenced by the number of users today who are buying them as a low-cost enhancement for their notebooks.
What's Next in the Tech: Improved Imaging Performance; Thermal Signatures of Veins and Facial Prints
I expect to see even better speed and imaging performance from future readers. In addition, newer technologies such as infrared (IR) imagers able to detect thermal signatures of either finger veins, palm or hand veins as well as facial prints. These technologies are starting to appear but their price points are higher than fingerprint sensors are so they are still early in their adoption cycle. Whether these will become as mainstream as fingerprint biometrics is still unknown but these technologies look promising. For a variety of reasons, we still have not seen widespread request for voice or facial recognition even though microphones and digital cameras are becoming standard equipment on notebooks. Variability of the operating environment and how they affect the recognition rates certainly play a large role in this.
What's Next in the Enterprise: Centrally-Managed Biometrics Data in a Distributed Environment
Most of the biometrics technology as provided by notebook vendors are device-centric meaning the reference biometric data - be it fingerprint, facial or finger/hand veins - are stored on the specific notebook used for enrollment rather than in a central server as one would expect for enterprise use. This restricts the user to only authenticating back to the same device - not a very useful model if the user wants to gain network access from a different computer in the office or if the notebook needs to be replaced. Imprivata has long held the opinion that reference biometric data needs to be stored and managed centrally to offer the maximum flexibility and security for the end users. For instance, the OneSign server securely stores the reference fingerprint biometric for all users in an encrypted database that offers rapid fingerprint identification within a distributed environment. This model has proven to be operationally and demonstrably correct within healthcare, government, financial services and utility applications. Next-gen enterprise biometric solutions will evolve towards being able to work both with centralized, distributed as well as mobile (e.g. on smartcards or contactless smartcards). Another aspect for enterprise-based solutions is interoperability across different devices so a user can authenticate using different sensor technologies from different platforms without having to multiple enroll with different systems. This need will become more significant as first generation scanners get replaced by newer ones. Failure to recognize this need to future proof the biometric system will result in having to re-enroll users to work with newer technologies. This is one of the key design goals for the OneSign biometric system.
What's Next in Consolidation: Workflows; Physical and Logical Systems; and Biometric Support
As biometrics become more adopted we are starting to see more requests for consolidation of the workflow used for enrolling and authenticating users. For instance, many interested in convergence of physical and logical access systems want 'one stop enrollment' of employees so the biometrics taken at the time they are issued a facility access badge get used also for granting logical access to computers or applications. Consolidation of biometric authentication/identification services across multiple applications is another change we are seeing as government regulations call for transactional verification within applications. Rather than each application providing their own biometric capabilities, they are looking to external providers to support biometric verification for all applications. Imprivata's ProveID API to access OneSign biometric authentication, for example, is being used by multiple healthcare and financial applications to offload the responsibility for all the workflow, credential storage and device management necessary to support biometrics. We expect this trend to continue as more applications are required to comply with having biometric support. This is a win/win for both customers and application providers; the end user doesn't want multiple proprietary devices for individual applications or the need to individually learn to use and enroll with different systems and the application provider doesn't want to have to wrestle with the complexities of different authentication technologies.