The promise of biometric technology for computer security has been largely unfulfilled due to problems with cost and quality and a lack of standards for users to integrate it with mainstream IT.
Biometrics can be used to identify people based on such physical characteristics as their irises, thumbprint, voice and even facial texture, which act as unique identifiers.
But while the makers of biometric identification devices such as fingerprint readers were unveiling new silicon based products as little as a year ago, some vendors are now saying that the prototypes failed to live up to their promise, and according to SRI Consulting, the entire market is still worth only $250 million.
Julia Webb, Biometric Identification's marketing director, says: "The technologies haven't been robust enough."
The two primary obstacles to the widespread use of biometrics are still cost and quality, although both are diminishing. Products can range from less than $100 for a basic reading device to several thousand dollars for a fully integrated access system, but it also takes time and money to integrate them with existing offerings.
Jackie Fenn, Gartner Group's vice president of research for advanced technology, explains that an organisation with an access control system in place requires only a card for access and will only tend to use biometric technology in sensitive areas where critical projects are located.
To buy additional biometric card readers costs businesses about $100 per user.
Compaq's sub $100 Fingerprint Identification Technology scanner that it jointly developed with Identicator Technology, is one of the first low price readers aimed at the corporate market.
It consists of a small hardware module, which is about half the size of a mouse, and can be connected to Compaq's Deskpro and Armada PCs and Professional Workstations running Windows 95 or Windows NT 4.0 through a parallel port.
Fenn says: "This is not going to catch on until it is more of an embedded device and not just another add on that needs to be carried around by mobile users."
But he adds that even as the technology improves and prices start to come down, fear and uncertainty on the part of the public will persist.
The potential for inaccurate readings also makes business and IT managers doubtful about rolling out such offerings in their organisations for fear of denying access to legitimate users, while a lack of standards for integrating biometrics with mainstream PC technology is also slowing down acceptance.
Dave Harper, programme manager for the International Computer Security Association's (ICSA) commercial biometric developer consortium, explains: "Vendors have been anxious to separate the wheat from the chaff. Some products are well funded, with decent science behind them, while others are put together with old radiator hoses and a soldering iron in the back of a garage somewhere."
But other hindrances to adoption include apathy from overburdened IT executives and opposition from various political and religious groups that view biometrics as an assault on civil liberties.
One such organisation, This Week in Bible Prophecy, has a Web site dedicated to examining the increased use of biometrics and how it could contribute to the eventual loss of human identity. Other groups, however, worry about privacy issues.
Amy Wohl, editor of technology newsletter, Trendsletter, believes that in future, most biometric applications are likely to be used in conjunction with others, which may mean they move out of the limited domain of security to become an integral part of daily life.
For example, when used with voice interfaces, "especially in conjunction with face recognition, you'll be able to speak into a panel at your home and say, 'see who's at the front door,'" she says.
Although such personal identification and verification technology has been available for several years, it has traditionally been expensive. Most early adopters came from among the military, intelligence agencies and other security critical companies that sought to lock down their computer systems.
But as product volumes have increased, gadgets such as fingerprint scanners have become affordable, selling for around $120 in quantity. As a result, Gartner?s Fenn believes biometrics may be about to move more into the mainstream and is one of the emerging technologies to track for 1999.
He expects aggressive financial organisations to begin full scale roll out of iris recognition systems for ATMs by 2000, but by 2001, predicts that fingerprint recognition technology will be the remote access technique of choice for most corporations adopting biometrics.
By 2002, however, he anticipates that iris recognition systems will overtake fingerprinting as the technology of choice for installations serving many users.
"There are some interesting products out there. They are not going to turn the tide overnight, but they are going to start to make a difference," Fenn says.
He adds that the technology is most successful in organisations where use is mandatory to gain access to high security areas or for identity verification of controlled populations such as those found in correctional facilities, for example.
The technology's primary purpose is to make it easier for computer systems to identify and authenticate users and it includes fingerprint scanners, face recognition, hard geometry and voice identification.
Walter Hamilton, Saflink's director of business development, says, with biometrics: "you can assume that a person is, in fact, who he claims to be with a high degree of confidence," although he believes fingerprint scanning is the most accessible of the available systems.
But, Fenn warns, it is important to take two things into account when determining the accuracy of a biometric technique - the number of false acceptances, where an importer is erroneously approved, and the number of false rejections, where a legitimate user is denied access.
However, because thresholds can be adjusted to reduce one type of error while increasing another, a commonly reported metric is the crossover, or equal error, rate. This is where the number of false acceptances equals the number of false rejections.
And in practice, applications usually minimise false acceptances and compensate for false rejections by attempting verification several times, Fenn says.
Among the companies promoting biometric technologies are Veridicom, a spin off of Lucent Technologies, which was formed to develop commercial applications for Lucent's patented fingerprint recognition technology.
Tom Rowley, Veridicom's chief executive, says: "To displace something so ubiquitous, we needed a simple, intuitive approach. Fingerprints made perfect sense."
He adds that, although biometric approaches to security are currently used in law enforcement and defense, Veridicom plans to be the first to put biometrics into PCs and consumer devices.
Its Opentouch offering is based on a silicon chip that uses electricity captures to create a three dimensional image of what a person's finger looks like below the surface of the skin. The chip uses software algorithms to isolate unique patterns in the print, and then verifies the user's identity.
Other technologies developed over recent years by competitors such as Identix, Digital Personal and Biometric Identification, scan the finger with a special optical camera.
But according to Fenn, because many individuals have surface fingerprints that cannot be detected by optical products, Opentouch is "more likely to be accurate than its competitors' products."
IriScan, whose system points a camera at a person's eyeball for identification, on the other hand, says - not surprisingly - that fingerprint technology will never work in applications such as bank ATMs, for example.
James McHugh, IriScan's senior engineer, claims that machines such as ATMs will never use fingerprint or hand measurement technology because "there just isn't enough uniqueness in a person's hand."
He adds that fingerprint recognition is also a problem when the skin is dry or lines are faint. The company's personal imager, called PC Iris, includes a digital camera, which scans the user's iris, while the software stores the data locally or for access over a network.
But the big boys are also getting into the game. Database giant Oracle is working with Identix to enable controlled access to its databases through fingerprint verification technology, while Computer Associates has partnered with Saflink to create a fingerprint authentication front end for UniCenter TNC's single sign on option.
Vendors such as Compaq, IBM, Identicator Technology, Microsoft, Miros and Novell have also formed a consortium to try and promote biometric technology and also educate less than enthusiastic IT executives.
The group is developing a Biometrics application programming interface (BAPI) that supports existing biometric technologies and can be implemented in operating systems and applications.
The aim is to enable businesses to use biometric products with standard PC and network technology so they do not need to perform costly and time consuming integration work.
But analysts warn that before jumping on the biometric bandwagon, users need to evaluate the effectiveness of their current security systems and should weigh the value of their data and the likelihood of theft or misuse against the costs and potential hassles of installing a biometric identification system.
James Wayman, director of the US National Biometric Test Center at San Jose State University's College of Engineering, concludes: "Corporate America is just not there yet - the government is using biometrics every day, but that is the exception."
To comment on this story, email [email protected]
Ecostress instrument will provide new insights into water usage and plant health on Earth
Chinese cyber espionage group Thrip targeting satellite communications, telecoms and defence companies
Symantec warning over state-sponsored hackers targeting satellite operators' control systems
Letter to House of Commons Treasure Committee explains cause of payments glitch earlier this month
Would you want to live in a world without memes?