UK: Bringing Security into Focus. How can Biometric Technologies Work for You?

Biometric traits such as faces and voices have been used to distinguish individuals since ancient times. In our security-conscious times, automated technologies using such characteristics are becoming increasingly powerful as well as popular in both the public and private sectors.

Biometric technologies can be used to secure and facilitate physical or logical access:

• Physical access scenarios include the protection of borders, buildings or sensitive areas within buildings such as special laboratories and vaults.

• In securing logical access, the aim is to protect sensitive data, benefits, rights and resources such as financial assets, national welfare programs and other confidential databases.

In both scenarios, biometric traits can be used to identify or authenticate individuals:

• In identification mode, acquired data associated with the person to be identified must be compared against all biometric templates stored in a database. Essentially, this operation checks whether or not the person has previously been registered, and if so, what identity is associated with them.

• In authentication mode, the person claims an identity first, which needs to be verified by a single comparison of the measured biometric to a previously enrolled template corresponding to the asserted identity. Essentially, this operation checks whether the person is who they say they are.

Identification is the most convenient and practical use of biometric systems. However, it also poses the most demanding requirements on the biometric trait in use, systems architecture and performance as it calls for real-time searches of a central biometric database.

Have you ever thought about where your application scenario fits in? Is the main focus on security or user convenience? Do you need to establish and protect a central database or do your requirements allow the storage of biometric templates on individual devices such as smartcards? How many people will use your system?

Biometric technologies offer enhanced security, greater user convenience and reduced operating costs when compared to traditional methods such as using passwords or access keys and cards. However, can these advantages be realised in a timely manner given the scale and scope of your ongoing or intended operations?

Fingerprinting and DNA analysis are widely used in forensics to identify criminals. Are these technologies equally suited for non-forensic purposes as well?

And what about the use of iris patterns, facial features, hand geometry and voice patterns? What are the core strengths and weaknesses of these technologies? Which are the application scenarios they are most suited for? Most importantly, which biometric trait is most suitable to fulfil your expectations?

Having chosen a biometric identifier, user concerns must be considered while performance requirements and legal regulations must be met on time and within budget. Which solution providers will meet your needs best, considering all relevant factors?

System operators need to be trained, compliance with constantly changing laws and regulations must be ensured and best practices need to be adopted.

Given the sensitivity of information processed and stored, there is a special need for risk mitigating controls, carefully planned and managed audit trails as well as regular system assessments. These requirements can be best met if they are considered and provided for from the earliest project phases.

Do your integration plans address all material risks?

We at Deloitte respect the individuality of your business and understand that there is no ‘one size fits all’ biometric solution. Our specialists can provide support through independent advice during any phase of your biometric project life cycle. The services we offer include:

• Business case analysis and evaluation of project requirements.

• Comprehensive analysis of available technologies and solutions considering all relevant requirements.

• Independent technical advice on product selection.

• Design and implementation of risk mitigating controls, including system and manual controls.

• Review of documentation to ensure it is adequate to support your new processes.

• Workshops on all biometrics-related issues, specifically tailored to your needs and expectations.

• Presentation of business case studies of successful and failed biometric projects.

• Training of biometric systems operators and administrators, to maximise both security and user convenience while minimising operating costs.

• Regular, targeted assessment of systems design and operating effectiveness.

• Review of risk mitigating controls and management structure.

• Maintaining compliance with laws and regulations, including support for design and implementation of eventual system changes.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.