Smart phones have become a crucial part of our lives. We talk to each other on social media and messengers, take pictures, shop, and even use banking services on smart phones. These devices inevitably store various kinds of personal and financial information as a result.
Smart phone providers had to figure out how to hold users’ personal information and keep it easy to use. Consequently, they began using fingerprint readers to lock and unlock phones instead of passwords or patterns. A fingerprint is one of the most common methods of biometrics so far.
Today, we’ll learn what biometrics means, and what its merits and limits are compared to existing password methods.
Passwords are still the most commonly used cryptographic system for websites and financial transactions. Passwords consist of numbers, letters and/or special characters mixed with numbers. Even though passwords are easy to use since they’re simple to set and change, they do have certain limits.
In text-based cryptographic systems including password systems, the level of security can vary according to the length of the password. If passwords are short or use only a single type of text such as numbers, letters, or special characters, then the security level can be considered low since it may be easy for others to crack.
This is why many websites have mandatory lengths for passwords or request users to mix numbers, letters, and special characters. The problem is that each website has a different standard for their cryptographic system, so users have a hard time remembering multiple passwords with various lengths which are getting longer.
Because they use multiple websites and services, it’s quite difficult to manage IDs and passwords for each one. Consequently, users tend to use the same or similar passwords for multiple websites and services. This means the information from multiple websites and services can be exposed if the log-in information for one website is leaked.
A number of methods are being used to complement this risk. Security cards are used with passwords for financial services and OTP (One Time Password) for financial, gaming, and social media services, as well as phone verification methods.
Even though these methods can complement the limits of a password, they’re not considered convenient enough for many users. Developers have created cryptographic systems that are simple but highly secure at the same time, and Biometrics is one of them.
Biometrics is a method through which bio information such as fingerprints, the iris, sweat gland patterns, and blood vessels can be turned into verification data. Physical characteristics individuals have like facial features, voice, fingerprints, and eyes can’t be easily lost or stolen/copied by other people. Let’s see what kinds of biometrics are available for security systems.
① Fingerprint Recognition
Fingerprints have curves created by ridges around sweat glands at the tips of fingers, and each individual has a different curve pattern. These ridges are recognized by CCD scanners or cameras and then converted into data.
When this information is being turned into data, characteristics are saved focusing on spots where lines are cut or diverge as well as shorter lines. This data is then compared to the fingerprint given by the user next time for verification.
What’s most convenient about fingerprint recognition is that they’re at the tip of our fingers, which makes it easier to use anytime we want. Because fingerprints can be recognized by cameras and scanners, the comparison with the saved data can be more immediate and accurate. However, if your fingerprints are worn out or if something covers them, this method is not going to be very useful.
② Finger Ratio Recognition
The length ratio of fingers can be recognized through a scanner as well. Once you put your hand in front of the scanner, it will measure the length to the tip of the middle finger, and then get a ratio of the lengths of other fingers based on it. This ratio is saved as bio-data and used later for bio-verification.
Unlike fingerprint recognition, the accuracy isn’t compromised when using the finger ratio regardless of random substances hindering the recognition. Even though this method is still being studied, once it is fully developed, it can be used along with fingerprint recognition for a quicker and more accurate verification method.
③ Iris Recognition
The iris is a muscle between the pupil and the white of the eye which controls the exposure of the pupil. The general role of the iris is to control the amount of light being reflected into the eye. Each individual has different iris characteristics including color, fiber patterns, blood vessels, ligaments, and spots, so it can be used for verification systems. Iris can also be recognized by camera and the information can be saved for future verification.
One of its biggest merits is that the iris can be recognized from relatively far away. The characteristics of an iris don’t change much over time, so the info can be kept for a long time for accurate verification.
However, the camera requires a macro lens and light to accurately view one’s iris, and glasses, lenses, eyelashes, and hair may hamper the result.
④ Retina Recognition
Retina recognition can be mistaken as iris recognition, but they’re not quite the same. The iris controls the amount of light in front of the eye, and the retina is around the back of the eye where the image is focused. This method recognizes blood vessels around the retina and use this as a cipher, utilizing a lens which penetrates the eye with light to see how much is being reflected. In other words, a different amount of light is reflected according to blood vessels around the retina, and this information is used as verification data.
Like the iris, one’s retina doesn’t change much at all over time. It does however, take a long time to scan the retina where the image is focused, and the camera has to be very close to the eye. Users may find this inconvenient.
⑤ Vein Recognition
This method recognizes blood vessels on the hand focusing on the shape and dispersion of veins. Infrared light is shot onto the hand and then the reflected video shows the pattern of the veins including thickness and length and this data can be saved to verify individuals.
Vein recognition can be used indefinitely, as long as the veins are not directly hurt or changed. Substances on the skin don’t create errors either, so this method can be used in more various situations. Recently, this method which is combined with 3D technology is being studied for better security as well.
In August, LG CNS launched smart ATM which implemented finger vein verification technology from LG Hitachi. With a Smart ATM, you can not only withdraw cash without a bankbook or card, but also make new accounts, issue security cards, and reissue bankbooks.
Unlike fingerprints, finger vein verification technology uses vein pattern information within human bodies, which makes it very difficult for others to forge. In Japan, its stability has been proven and 80% of ATMs now use finger vein verification systems.
⑥ Voice Recognition
Voice recognition verifies voices through three elements of sound—amplitude, vibration, and tone color. Tone color differs according to individual vocal cords and vocal chink. This is why it can be used for biometrics.
Voice recognition is one of the easiest to use in biometrics. The voice is not affected by other random substances, and the verification process doesn’t take long either. Still, other noises or poor microphone quality may hinder the input and accurate voice verification.
⑦ Walk Verification
Walk verification is yet to be commercialized. The method is still being studied to save an individual’s walking pattern and use it for verification. Such pattern information includes stride, length of legs, and angle between the ground and spine.
Walk verification is a natural verification method which understands behavioral characteristics rather than biological characteristics. However, more research is still required, since one’s walking style can simply change over time.
The financial industry is especially interested in biometrics to improve security, because these characteristics are much harder to fake. Biometrics can become a suitable alternative to the complicated and inconvenient password systems we currently use especially in the realm of financial services.
However, the fact that physical characteristics cannot be lost can become its limit at the same time, because once the information is leaked, a user cannot verify oneself with that part of the body again. How to keep bio-information safe is a crucial question for the future of biometrics.
Written by Woonje Sung, LG CNS Student Reporter