LECTURE

ID Card Technology

Lecture chaired by Andy Pepperdine

Martin George

15 January 2004

Martin George is a consultant in Identification technologies and their use and is based in Bath. His lecture was an introduction to what can and cannot be done with current methods to put ID cards into operation.

Cards used for identification purposes, otherwise known as ID cards, are in the news at the moment among proposals to tackle the rising tide of terrorism. They typically contain some form of biometric data, that is an encoded form of a description of a part of the holder's person or behaviour, and have generated public concern and political discussion on how they may be used and why they are needed.

We all carry some form of identification already. Most have a driving license and those currently issued contain a photograph. Credit and bank cards are also common, but contain only PINs. But one's identity is precious. Modern technology makes it relatively easy to fake an identity, because most checks rely only on information, which the holder knows or has. This could easily be obtained fraudulently or copied. Biometric data links directly to who the holder is, and so can be checked against a stored master record.

Traditionally, we have used passports to identify travellers, but they are easy and cheap to forge. Governments wish to make it harder for "undesirables" to cross borders, where there is a natural point to check them. Each year, about 90 million passengers cross the UK's borders, increasing at about 5% per year, and so any check must be efficient. 11 out of the 15 EU states currently use ID cards of one sort or another. Apart from travel, it would simplify access to services, like state benefits; and we have to keep up with developments abroad, like the US.

Some examples of biometrics are fingerprints, facial features, iris patters, voice timbre, handwritten signatures, retina patterns, hand geometry, facial thermography, keystroke dynamics, palm prints, vein patterns and DNA. The last, DNA, is unique up to identical twins, but cannot be used in a practical test as it requires sophisticated and time-consuming chemical analyses. Most of the others are subject to wide variations over time, or cannot be replicated in a test as reliably as we would wish.

Those biometrics that leave a trace (e.g. fingerprints) can be used to tie a particular individual to an event; but the principal reasons for using biometrics are that they are convenient for the user, as they require nothing to be carried. They are becoming more socially acceptable and they give a strong positive authentication for logical or physical access. They are difficult to forge and it is hard to refute a statement of where someone was when their ID was positively detected.

There are three main functions associated with the use of biometrics. The first is to enrol the data by creating the biometric identifier for the database. It can then be used for verification by matching a single record presented against the database record (i.e. Am I who I say I am?). And it can be used to identify someone by searching in the database for the matching record (i.e. Who am I?).

The enrolment or capture part involves measuring or sampling the individual using a sensing device. Typically, from 3 to 10 samples will be taken to obtain a record that is consistent for matching purposes. These will then be condensed into a data record of up to 1000 bits of data by extracting the important features. It is impossible to get back to the original form from this data. During this process, checks can be made against the database as it is built up to expose duplicates when someone attempts to enrol under more than one identity.

Fingerprints have been used as forensic evidence for many years and are reasonably well understood. Each one of us has a set of prints unique to ourselves; even an identical twin's prints differ from those of his sibling. After the 10 individual prints have been taken, they are examined to identify the type (whether they have a central whorl, etc.) and then the locations of the points where the ridges merge and terminate are noted. These locations are then reduced to a single large number for storage.

A more recent and promising biometric is the pattern of the iris of the eye. These have an immense number of possible values, although they are not so easily obtained in practice, requiring a more elaborate reading device. The patents for these devices and processing are held by the Iridian Company, whereas fingerprint analysis is not covered by the same intellectual property concerns.

Facial features are prone to modification by wigs, beards, spectacles, etc. and are not so reliable. However, it is a passive technique and can be used from CCTV footage taken in a routine way. Even if it is not very accurate, it can be used to reduce the size of the haystack containing the looked-for needle.

Signatures change over time, and can vary depending on the type of pen and surface and other factors. Voices are subject to change when sickness strikes.

Apart from governmental uses, in the US doctors are being asked to verify who they are when accessing patient records. Banks are interested in checking the identity of customers when accessing account information. There are even some embedded applications; cars may respond only to a registered owner; handguns can be fired only by registered personnel; mobile phones could check who is using it to reduce the temptation to steal them; there is even a children's diary that only the owner can open and write to.

To make these ideas work throughout society, there are standards in the industry that allow co-operation between competitors and promote the highest standards of security and confidentiality of all data bases.

The accuracy of these systems is measured in terms of the False Acceptance Rate (FAR) and False Rejection Rate (FRR). Banks, for instance, want to reduce the FRR, which they have dubbed The Insult Factor. They are willing to accept an FAR as high as one in twenty, if the FRR can be reduced to less than one in 100,000. Currently, only iris scanning can reach that very stringent criterion for the FRR, according to Iridian.

Another key parameter is how many people fail to enrol. For example, a small proportion of the population have very poor fingerprints due to disease or very heavy manual labour. Blind people may find it difficult to give accurate iris scans, and cataracts can affect the accuracy of the scan. In other cases, the failure may be due to unwillingness to give the data for political or personal reasons. In some cases, it may be a temporary problem, like a cut finger that prevents the acquisition of the data. The proposals are to ask for 3 different types of biometric data to get 2 that will work for each person.

The UK passport service is planning to enrol 50 million people between 2007 and 2012, at the rate of 32 per day at dedicated offices throughout the country. Some members of the audience were sceptical about that target for a variety of reasons. But 600,000 asylum seekers are already enrolled in a project to provide a card to provide proof of entitlement for benefits, to detect duplicate entrants, and for use by employers.

These technologies are maturing and will come into use as governments are looking for ways of reducing identity theft, an increasing area of lucrative criminal activity.

Andy Pepperdine

References

Industry associations driving standards, etc.

More information on Biometric Passports and ID Card plans

Further Reading