March 11, 2010, 3:44 PM — Considering a biometric access system? Experts offer practical advice in these dos and don'ts.
DO expect resistance. All biometrics systems require user enrollment and credentialing, which are expensive and resource-intensive processes, Most says. "There is well-founded resistance to the idea of large, centralized repositories of personal information," she says. Eventual solutions to this problem may include anonymous identification, encrypted transmission of templates, and identity-centric infrastructures with distributed storage models.
In some cases, resistance comes in the form of cultural norms, says Ant Allen, an analyst at Gartner. For instance, finger scanning is not widely accepted in Japan, he says, as people reject the idea of physical contact with the sensors. Since the country's banks use biometric identification extensively for ATMs, many have turned to vein structure biometrics, whose sensors do not require contact.
Also see Biometrics: What, Where and Why for a look at the demand for biometric systems
Privacy concerns are another reason for resistance, he says. An example is retina- and iris-scanning systems, as these images can show symptoms of certain illnesses that people may want to keep private, he says.
DON'T overlook usability. System usability is another important factor. With finger-scanning systems, there is always a segment of the population that encounters difficulties with the scanners getting a correct read due to their skin type, Allen says. "It may mean providing an alternative system for this small group of users, and that might be seen as discriminatory," Allen says. He recounts a client that had to find an alternative for six users out of 2,000 to 3,000, as they could not interact successfully with the scanner. Reasons for enrollment problems include health conditions, racial characteristics, disabilities and personal idiosyncrasies, Most says.
Iris scanners seem to have fewer problems with enrollment, Allen says, but it's not always easy to get a good image. "My eyelids are quite heavy, so I physically have to hold them apart with my fingers to get an image," he says. "It works, but it's inconvenient." Face topography biometrics are also easier for enrollment, he says, but they have a lower accuracy rate.
Vein structure biometrics seem to work in a wide variety of circumstances, he says, although they may fail in extreme temperatures or environments. "A vendor tried it with coal miners, but the carbon from the coal on their fingers blocked the image," he says. On the other hand, these systems can read through medical gloves, which makes them an intriguing option for healthcare applications, he says.
At Beth Israel Deaconess Medical Center, Larry Nathanson, director of emergency medicine informatics, had to test a couple of systems to find one the ER doctors and nurses were comfortable with.
Nathanson was looking for a finger-scanning system for the tablet computers that are increasingly used in Beth Israel's ER. Because Nathanson wanted a strong password system--with a combination of numbers, symbols and uppercase characters--it was too cumbersome to enter the passwords into the tablets, which use on-screen keyboards. "By the time they got done, they could have walked back to their desk and done what they needed to do," he says. "It was a huge barrier."
He tested one finger scanning system, but because of its architecture, it offered only "mild benefits," he says. When a user swiped his finger, the system would go into "identification" mode, checking the print against the back-end database on a one-to-N basis. When finished, it would tell the client to unencrypt the user name and password and plug them into the Web application. Thereafter, it operated in "verify," or one-to-one mode, so when another ER staffer picked up the tablet and swiped his finger, it would first try to verify if this was the same user as before. Because it wasn't, it added additional steps. The catch: It could take 30 to 60 seconds to complete the log-in, which was no faster than entering a password.
He eventually found a workable system from BioKey, which is based on a thin-client architecture, with the bulk of identification happening on the server side. "With BioKey, you're just swiping your finger, and the server does the work on the biometric, eliminating the password," he says. "It's faster and more secure."
See another medical facility case study in Biometrics: Three Tips for Success
