SubscribeWith an ever increasing awareness of security and identity theft, it is imperative to have an identity management process that can identify specific individuals uniquely and accurately. Biometric verification is now a key element of authentication.
Security and Biometrics
A biometric is something unique to an individual linked to their biologically related characteristics - something that is part of them. This can be used to identify or verify an individual. There are many biometrics in use today, with the most popular being:
- Fingerprints
- Iris scans
- Retina scans
- Voice prints
- Facial features
- Hand Geometry
- Signatures
KeCrypt Signature Authentication
A signature is part of everyday life and is commonly used as the main method of authentication in the existing legal and financial framework and is also readily acceptable to users. To electronically identify an individual via their signature, KeCrypt has a patented biometric signature technique that analyses a signature by invariant dynamics, rather than by comparison with a recorded set of spatial relationships.This means the analysis is done dynamically through the way the signature is written (speed and pressure, for example) and not by comparison with a recorded image.
This has the following advantages over other techniques:
- No signature template data is held, hence the process cannot be reversed and a signature cannot be replicated.
- Language independence.
- Highly scalable, and with low demands on a host computer system, as templates do not have to be encrypted and managed.
This means that identity information can be stored on a smart card with no fear that the signature could be recreated and large computer infrastructures are not needed to implement the KeCrypt solution.
Signature Trial
To assess the viability of the KeCrypt signature verification in a working environment, a trial was carried out in the pharmacy departments of a number of London hospitals. Within a pharmacy and prescribing environment a signature is used to authorise a wide range of activities.The trial showed that the KeCrypt biometric signature has a high level of user acceptance plus a high level of accuracy - and most importantly, all attempts at forgery were rejected.
To understand the success of the trial, the results can be compared with the results of work done on fingerprints, iris recognition and facial recognition carried out by the Government in 2004/5 as a precursor for the UK National Identity Card project.
The four areas of comparison are:
Failure to register – this is where a user is unable to register their biometric on the system. This figure should be low to ensure maximum applicability across all populations.
False Negative – This is where the system rejects a genuine user when a check is carried out. Again this needs to be low to ensure user satisfaction.
False Positive – This is where the system incorrectly accepts an invalid input. This should be as low as possible for high security.
Forgery Rejection – This is where a forger or criminal tries to impersonate or steal someone’s identity. This should ideally be zero to ensure reliable security.
Trial Results
The results of the KeCrypt trial in comparison with the biometrics tested for possible use with the National Identity Card project are shown in the table below.
Biometric | Failure to register | False Negatives | False Positives | Forgeries |
Iris Scan | 12.3% | 2.2% | 0.0% | Not Available |
KeCrypt Signature | 0.9% | 19.3% | 0.0032% | 0 |
Fingerprint | 0.7% | 18.7% | 0.0016% | Not Available |
Facial Scan | 0.2% | 30.8% | Not Available | Not Available |
The Iris Scan offers the highest accuracy but failures to register make it unusable with certain ethnic and age groups, with the failures occurring mainly in the black or over 59 age groups.
The Facial Scan has too high level of false negatives to be a useful verification technology.
Fingerprints are the most commonly used biometric today and provide a sufficiently robust verification result, but it is not clear they have a wide user acceptance.
Tsutomu Matsumoto, a Japanese cryptographer, along with his students at the Yokohama National University, published a paper in January 2002 showing that they could reliably fool 11 commercially available fingerprint readers.
The readers had both optical and capacitive sensors, and some also had "live finger detection" features. Despite this, the readers were fooled 80% of the time with artificial fingers made out of gelatine.These are sometimes referred to as “Gummy Fingers”.
Journalists at the European computer magazine C’T provided further evidence of the vulnerability of fingerprint biometrics when they tested nine readers. The team were able to fool them all with a variety of methods.
In summary, the trial results show that KeCrypt verification of signatures delivers a similar level of performance to fingerprints and is readily accepted by users. Unlike a fingerprint, however, a KeCrypt Signature cannot be transferred or forged.
Clearly the KeCrypt signature biometric has considerable advantages over the fingerprint:
- The signature is the most natural method of authentication and authorisation.
- A signature demonstrates intention to authorise. Fingerprints can be taken from a latent and replicated / forged.
- The KeCrypt signature biometric works entirely on the dynamics of the way that the signature is written, making it virtually impossible to forge.
- The KeCrypt signature biometric means that template images do not have to be encrypted and managed, making personal biometric data secure from compromise.
- Threats and stress increasingly reduce the likelihood of biometric verification and are thus self-defeating.
KeCrypt Systems
KeCrypt Signature is based on software originally developed by Marconi and subsequently by KeCrypt Systems Ltd.
KeCrypt Systems Ltd is now the UK’s leading software security company focusing on Identity Management using proven, patented biometric signature technology. KeCrypt Signature has already achieved considerable commercial success and is increasingly being adopted by application developers as their preferred security component.
If you would like more information, please contact KeCrypt Systems Ltd on 01438 791026 or sales@kecrypt.com.
For more on KeCrypt’s history, development technology and Partnerships, please visit our website at www.kecrypt.com.