One thing I like about technology, is the way it makes life easier. Even though new technology often make your life miserable for a while, until you get the hang of it. I’ve been working with biometrics for around 6 years now, and evolution is really fast! For instance, when I began with all this back in 2000, a fingerprint reader (parallell or serial interface) was big, bulky and didn’t work too good. The price was also somewhat shocking, around 400-500 USD for a simple reader. Today you can buy Microsofts Fingerprint reader at Wal-Mart for around 35 bucks. Now that’s evolution. I think biometrics are going to replace, or at least coincide with many other identification tokens. A photo ID will – I think – always be the preferred form of identification for most people. But now biometrics are taking the step INTO the photo IDs. A smartcard photo ID can store your fingerprint template without much hassle. Services like PAYBYTOUCH let you shop without even carrying your wallet! Your phone number and fingerprint is enough!

The biggest hurdle with fingerprint technology – as I see it – is to find a 100% secure and fast way of identifying people with their fingerprints. Today it’s fairly easy to make a verification system, where you just input a userid and then your fingerprint to verify that you are you. But it would be way easier just to put the fingerprint on a reader and have that system say that you are you. With 100% certainty. For high security systems, we’re far off yet. But for system where security isn’t of outmost importance, identification has come a long way. CERBERUS, for instance, is a time and assistance management solution that relies 100% on the fingerprint of the user. So far, we’ve had no trouble whatsoever with that. You see, when you make fingerprint recognition systems, there are two parameters you always must keep track of: The FRR rate and FAR rate.

FRR = False Rejectance Rate. This tells you the rate of how many times a system rejects you, even though you have registered your fingerprint.
FAR = False Acceptance Rate. This tells you the rate of how many times the system accepts you, even though you haven’t registered your fingerprint.

Obviously, in both cases you seek to have as low a rate as possible. The FRR rate isn’t as critical, because if the system rejects you, you just put your finger on the reader again and eventually it will recognize the fingerprint. The FAR, on the other hand, is critical indeed. Imagine you are going to pay something with your fingerprint and the system believes you are somebody else. As long as the FAR rate on identification systems isn’t 0.00%, they won’t be used for critical applications. Today, CERBERUS has a FRR of far less than 1%, and a FAR of around 0.001%. Still, if you want to make payment systems with fingerprint identification as basis, that 0.001% is still too much.

We’ve thought of using an identification system involving 2 fingers stored for each user in a database. Using the first fingerprint, the system searches for the fingerprint it “thinks” is the right one (FAR, remember?). The second fingerprint would just confirm the system’s theory. If the 2nd fingerprint matches the stored 2nd fingerprint, you’ve got yourself a quick’n'dirty semi-identification system.