Biometric technology has been around for more than a century, with its earliest and most common uses centered in law enforcement.

In the past decades, application of the technology has extended to the identification and authentication of individuals at border crossings, onto computer networks and into physical spaces.

The triumvirate–finger, face and iris–remain the top three modalities but there are others waiting in the wings. Some, like DNA, have been around for years but are being adapted to new identity-focused use cases. Others are fusing existing a to create new solutions while another set seem completely new.

It may be some time before the triumvirate is unseated by another modality but there are some bleeding edge biometrics on the horizon that could change the way individual’s login to computer systems or gain access to secure areas.

Active authentication

In recent years the federal government has been waging a war on passwords. Between the National Strategy for Trusted Identities in Cyberspace and the Defense Advanced Research Projects Agency’s (DARPA) Active Authentication project, the government wants stronger ways to identify individuals online, says Richard Guidorizzi, project manager for Active Authentication at DARPA.

Easy passwords are easily compromised and complicated passwords are difficult to remember and thus often written down, Guidorizzi says. Moreover, a password isn’t truly tied to the individual.

DARPA wants a solution that doesn’t just identify an individual when they’re trying to access a specific network or file. They want one that constantly identifies the individual at the keyboard, Guidorizzi explains. “We want to make the computer aware, tying the identity to the access of a system,” he says.

Initially the Active Authentication project will look at biometrics that require no additional hardware. Some examples cited by DARPA include the manner in which the user handles a mouse or crafts written language in an e-mail or document. An emphasis will be placed on validating any new biometrics with tests to ensure they would be effective in large-scale deployments.

Later the program will look at solutions that integrate any biometric using an authentication platform suitable for deployment on a standard Defense Department computer. The goal is to combine multiple modalities for continuous user identification and authentication in a way that is accurate and transparent to the normal computing experience.

The authentication platform will be developed with open API to enable future integration of additional software or hardware biometrics.

Bioimpedance offers always-on possibilities

While DARPA looks at Active Authentication ad how it can be used to secure computer systems, there are other providers creating new biometrics that would do almost constant authentication.

Researchers at Dartmouth College are working with sensor-equipped bracelets that passively take biometric readings for heath care identification.

The team is exploring how the bracelet could be used to authenticate the wearer and identify medical needs using bioimpedance as a metric. Bioimpedance measures the flow of electrical current through living tissue. This technology could simplify medical record gathering and share pertinent information in a life-threatening situation.

The device has the potential to be used in scenarios from fitness applications to smoking cessation programs.

The project is still in its early stages and there are issues to resolve before the technology is viable. One of these is dealing with the variable measures of bioimpedance and how they change over time, although using the sensor in a bracelet form utilizes an area of the body that has less instability due to its tendency to not significantly add fat or muscle.
Gait, feet and bio-soles

Another modality that requires no out of the ordinary interaction is being investigated at Carnegie Mellon University’s new Pedo-Biometrics Lab. A project to produce biometric shoe insoles able to identify a person by their gait could prove a unique way to control access to high-security areas.

The Pedo-Biometrics Lab is a partnership with Canadian company Autonomous ID and has $1.5 million in startup funding. Autonomous ID has been working on the bio-sole project since 2009, hoping to produce a relatively cheap yet accurate identification solution.

The prototype bio-soles are the same thickness as a typical shoe insole sold in a drug store. They’ve been tested on a variety of people in all shapes and sizes and have had an accuracy rate of 99%. According to lab staff, they are able to confirm identification within three steps and can adapt to changes in a person’s gait, such as injury or fatigue.

DNA: from the crime lab to access control

Anyone familiar with procedural crime dramas knows about DNA. From any number of sources it’s the DNA that conclusively links the criminal to the crime. But could DNA also be used as a biometric for identification?

It seems like science fiction, but not for much longer, says John Mears, director of biometric solutions at Lockheed Martin. “People talk about DNA as a forensic tool but now we are looking at it as a biometric,” he explains. “It really is just like a fingerprint, you’re looking at certain sections of the genome but it doesn’t tell anything about you personally–we’re calling it a DNA fingerprint.”

The eventual goal is to create a system that can capture and code DNA quickly, search a database and return results in the same way fingerprint databases function, Mears explains.

THE FBI’s DNA database, Combined DNA Index System or CODIS, takes 13 sections from the genome that carries from person to person and creates a unique identifying number. “You can tell the sex of the person but the parts of the genome you look at are only good for identification, so there is no personally identifiable information associated with it,” Mears says.

In forensic labs, the DNA testing done is commonly referred to as PCR, or polymerase chain reaction. The testing takes six different instruments that range in price from $35,000 to $250,000.

Lockheed Martin is trying to reduce that expense by creating a small plastic sensor that an individual can use to obtain a cell sample via a cheek swab, extract the DNA and gather the specific segments for the PCR test.

The sensor is then plugged into a machine about the size of a desktop server and results are returned within 90 minutes, Mears says. Only minimal training would be required to run the system, as it’s intended to be operated by police officers in local jurisdictions.

“The idea is to have it like fingerprints,” Mears says. “While you’re holding a person you can get the results back and find out if they need to be detained for another crime.”

Noses and ears at work

A bleeding edge technology with multiple potential applications is odor biometrics. An individual’s body odor is genetically determined and can be tracked, says Mears. The idea is to create a sensor that replicates a dog’s nose, which is estimated to be 100 times better than that of a human. Such a sensor could recognize subtle differences for authentication or identification purposes.

Additionally, body odor changes under stress. This could expand the modality to identify individuals and determine if a person is experiencing stress, perhaps due to lying.

Biometric sensors capable of detecting odor could be used to find harmful compounds such as explosives and other contraband. They could also be used to detect harmful bacteria or if an individual is carrying a contagion, Mears says.

There is also the possibility of combining odor and DNA. The odor biometric could locate an individual’s specific skin cells, which are left just about everywhere, and then the DNA could test those same cells, Mears says.

The human ear is another pattern unique to each individual. The ear may be as unique a pattern as the fingerprint and iris, says Bryan Ichikawa, senior manager in Enterprise Risk Services at Deloitte and Touche. The challenge is capturing an image as ears are often obscured by hair.

Capture devices would likely require infrared capabilities, similar to those used for 3D facial recognition systems.

Your voice is your passport

While not as bleeding edge as some modalities, voice may become a major player in future authentication systems. “One-to-one matching is becoming more prevalent when it comes to authentication,” says Mears. And this is an ideal application for voice.

The forensic capabilities of voice have been used to identify speakers in one-to-many environments, but one-to-one authentication is proving to be the modality’s strong suit. Financial services and other high-value transaction industries are putting it to use today, for example, when individuals call stockbrokers and are verified before initiating a trade.

Voice can be an ideal complement alongside other biometric modalities, Mears says. Multi-modal biometrics, which has long been discussed but seen few deployments, is another trend he sees on the horizon, especially when it comes to no-touch biometrics.

The combination of face and iris biometrics is one that could gain popularity, especially at border crossing and in airport security settings, Mears says. “This is good for a number of reasons, cultural issues, not wanting to transmit disease,” he adds. “It is less invasive that can be done at a distance before they get to a checkpoint.”

Additionally, it doesn’t require a user to cooperate with the system. While waiting in line the biometrics could be collected and run before they reach a checkpoint. They could even be used in covert situations, says Ichikawa.

A new wrinkle on fingerprint

The idea of identification at a distance was also behind the technology for IDair, a long-range fingerprint biometric company that spun off from Advanced Optical Systems, says Joel Burcham, president at IDair.

Originally, Burcham was looking at capturing face, fingerprints and iris all at once with a single sensor. “A lot of people were doing iris and face but fingerprint from a distance wasn’t there,” he says.

After a couple of years a system was able to capture fingerprints from more than six feet and Advanced Optical Systems decided to spin the company off forming IDair with Burcham at the helm.

The company is selling two products, AIRprint and ONEprint. The former captures all ten fingerprints from more than six feet away, Burcham says. While AIRprint has received significant interest from potential users, it has not yet found its niche. Part of the reason is that individuals would have to hold their hands in front of them with the palms up when approaching a sensor. “It’s just a step too far ahead,” he says.

The ONEprint system is a different story. The physical access control reader is beta testing with a handful of end users and one full deployment, Burcham says. Because it’s a no-touch sensor the technology is seeing a lot of interest outside the U.S. where hygiene concerns are heightened.

The scanner is different from other fingerprint scanners because the user never touches anything. Instead of placing a finger on an optical or silicon fingerprint scanner the individual places the index finger under a scanner which captures the image from a few inches away.

The device uses a proprietary algorithm but the optics are not proprietary. They are the equivalent of an iPhone 3G camera, Burcham explains.

New modalities and the changing nature of authentication

While interesting new modalities–from DNA and bioimpedance to ears, odor and voice–are moving beyond the lab and into real use, it may well be transparency that proves to be the real game changer.

Between no touch and standoff biometrics there’s the possibility that individuals may have little to no interaction when authenticating an identity in the future. And as biometrics become more commonplace in everyday life, it may be that individuals don’t even know they’re being verified as they walk into an office building or sit at their desk.