Biometrics: Beyond facial recognition

The world of biometrics is one of the most interesting and rapidly advancing fields of technology right now. New advancements in smart cameras and deep learning mean that the technology isn’t limited to just facial recognition and fingerprinting anymore. Even these older technologies are getting reboots made by some of the smartest minds in industrial science.

Seamless biometrics is the next tech buzzword on the horizon; I can feel it. The way this concept works is twofold: The first way you’ll hear about it being implemented is through passive liveness checks. Biometrics cameras, the cameras on our phones or computers and maybe cameras in our workplaces or vehicles, will occasionally check in on us to make sure that we are still the person we are claiming to be. Let’s say your phone is stolen while your banking app is open. This method of biometrics would passively stop the thief from transferring all of the funds from your account.

The second way you’ll see this implemented is with behavioral biometrics installed in CCTV cameras. Perhaps you’re sitting in your car at an intersection in a strange city at night and a man walks quickly up to your car in what would be a blind spot from how you’re facing. External biometrics cameras mounted at different points on the car could determine that the man isn’t walking like a standard pedestrian, is coming from an odd angle, and is approaching your door in a way that people wouldn’t normally do. Then your vehicle could make the decision to lock itself on your behalf and automatically tint the windows.

For smartphones, what we will most likely see is more deployment of iris recognition. Irises beat fingerprints, but the hardware to scan an iris used to be extraordinarily expensive. Now that it’s becoming cost-effective enough to use iris scanners on a daily basis, expect to see this technology deployed extensively in places like airports and secure facilities.

AI Trained to ‘See’

In the immediate future, expect to see a touchless upgrade to the fingerprint scanners you have to use when passing through international customs. The EU border control recently asked for touchless fingerprint scanning to offer a more hygienic (and presumably faster) alternative to having to smudge your fingers on a public glass surface for a few seconds. It’s conceivable that the devices will either be powered by ultrasound or by a high-definition camera and that new algorithms are in the works to train the artificial intelligence (AI) to “see” the database of flat fingerprints in 3D. Right now, fingerprints are stored as scans that show a distorted image of the finger because it’s pressed up against the glass. These new algorithms will be developed to figure out how those prints look rounded on the end of a fingertip

Current advancements in identification allow you to analyze the gait and behavior of a person in a specific environment. It’s not very accurate right now, but this kind of verification could soon replace corporate keycards in office buildings. CCTV cameras will be trained to watch people as they walk through a building and simultaneously read their faces, and the algorithm will be taught to know how you walk and what your face looks like. It will then pair those two datasets to form a match, and that will be the key that opens the turnstile that lets you into your building. This two-factor biometric verification is more accurate than just trying to use facial recognition on live “wild” images caught on CCTV.

Cameras, in general, are getting smarter and they can be programmed to complete thousands of computations that can be fed into the AI to speed up the process and make it more accurate. This embedded AI is getting more traction, with specialized hardware being developed specifically for the purpose.

If the cameras see someone walking through a crowd in a suspicious manner (holding something under their coat), the algorithm can flag that individual and bring their presence to the attention of security personnel and law enforcement. In Europe, there are laws protecting your personal data, so you can’t be identified unless you give consent. This means CCTV cameras, as described above, will have to create anonymized images that don’t take photos of people’s faces but instead seek to describe their behavior. Say, for instance, the camera sees two people move quickly together, go into a glass window, and then one runs away. If the AI is properly trained, it can flag the incident and alert a police officer to a potential mugging or fight.

It really depends on the quality of the data you have. In public spaces, biometrics can be used to judge the situation and prevent bad things from happening, but it would usually be anonymized. You can’t identify the individual from the footage. Someone has to go to the site and physically see what’s happening. 

Less Intrusive, More Secure Security

Apart from physical behavior, there’s online behavior that can be measured and recorded. You also generate what might be called “metabiometric behavior.” These are the personal behavioral patterns that define how someone uses their device. The way a user types on the keyboard of their smartphone, for instance, or the posture they take when they read an article – these are two basic examples of the kind of biometrics that can be used to outline characteristics of your physical properties but not in a way that necessarily describes your physical attributes.

How this might come into play could look like the following: If someone is paying with a card in Medellin, and two seconds later they are paying in China, the card will be flagged for fraud. This isn’t a new concept. However, when you’re logging in to your phone to online banking, and you’re using your app the way you normally use it (tying with one finger and geotagged to places you normally visit), the app might continue to work fine after you answer a simple security question. But if the app notices your phone is in a strange place and the way the person using it is very foreign (typing with two thumbs), it will alert the system that something unusual might be happening, and that might trigger your phone to lock itself.

It is also conceivable that this type of data could be paired with people’s smartwatches and web browsing history. Let’s say you’re on a news site reading an article about immigration. The watch records your heart rate spike, and the keyboard registers that you’re typing very fast and hard when leaving a comment. An unethical company might push ads based on that type of content to your phone. This isn’t something we would hope for, but it’s worth noting that someone is probably developing this sort of technology as you read this article, and (hopefully) your heart rate remains at a normal resting rhythm.

Digital Wallets

Less ominous, the EU has recently proposed a trusted digital wallet that will be used to store digital identity for all European citizens, residents and businesses of the European Union. Commissioner for Internal Market Thierry Breton says of the new proposal, “The European Digital Identity wallets offer a new possibility for them to store and use data for all sorts of services, from checking in at the airport to renting a car. It is about giving a choice to consumers, a European choice.”

Weighing in on the new proposal, Steve Havas, CEO of self-sovereign identity company Evernym, explains how biometrics could increase the security of these kinds of new identity protection services. “Digital wallets give individuals the ability to prove information about themselves with the tap of a button,” Havas says. “Such a wallet can hold multiple ‘credentials,’ from documents like passports and driver’s licenses to event tickets or receipts, that the individual can hold, control and choose what and to whom they want to share. Biometrics provide an important layer of security and trust. Securing our wallets with a biometric ensures that the user of those credentials is the same individual that they were originally issued to. Even if an individual’s phone was stolen, no one will be able to use their credentials.”

Havas adds that as data is increasingly becoming a liability, we’ve seen time and time again just how damaging a breach can be to both a company’s bottom line and its reputation. With verifiable credentials and digital wallets backed by biometrics, the impact of a potential breach greatly decreases as the data is inherently decentralized. The “attack surface” for a potential hacker goes from one centralized database with millions of records to millions of separate devices, each held by a different individual and secured with their biometric. “Biometrics will completely change the economics of hacking,” Havas adds.

Promising Future

When talking about biometrics for public spaces, we basically refer to anonymized data gathering in compliance with laws like GDPR and CCPA, not Minority Report. I expect a scenario where biometrics are used to make smart decisions that will largely allow crowds to cross the street in places like New York’s Times Square or the Las Vegas Strip. Cameras will count the crowd growth from nothing to 67.5 people (or whatever) based on an algorithm measuring traffic flow and will then flip the light to accommodate both drivers and pedestrians. Shopping malls, festival promoters, sporting arenas and concert venues will be able to analyze crowd flow, crowd size and crowd demographics. Anonymized cameras can still be used to assess people’s gender and age without identifying them, and this can be used to tailor the environment to accommodate more groups of people and become more inclusive. If your venue doesn’t attract a specific group of people – whether it’s parents with strollers or the elderly – you can spot the problem and make adjustments to be more welcoming.

The future looks promising for biometric tech. Almost any piece of technology you can think of has the potential to incorporate biometric features. Once reserved for purely high-tech facilities and secure locations, biometrics is set to become as ubiquitous as cameras in phones.