Fingerprint biometrics have been around for at least 25 years or more. The current mass adoption was long in the making. Much longer than any respected analyst firm had predicted. The Forresters and Gartners of this world underestimated the public scepsis and privacy concerns at first.
In the '90's there were a lot of initiatives to promote and implement fingerprint biometrics* but not often these projects ended earlier than expected because of above mentioned reasons.
The public opinion on biometrics in general and fingerprint biometrics in particular changed this millennium because of a variety of reasons; the tragic 9/11 event being the trigger to fuel the global security market, followed by the increased online personal-data collection which leads, per definition, to increased internet criminality.
Biometric fingerprint technology was, in the last decade of the previous century, thought to play an important role in the early days of the e-commerce. Companies like SAFLink, Lennard & Hauspie, Iridian Visionics, Authentec and others as pioneers paved the way and shaped the market as it is today.
The majority of those companies are not around anymore, they went bankrupt or were acquired at some stage.
With the consumeration of IT and biometrics being embedded in smartphones, the payment industry drives the biometric adaption in the e-commerce space with neat apps.
The market as it is today is divided into 3 segments;
The enterprise market stores biometric templates typically in central directories like AD or eDir and they are controlled by the user and administrators, whereas templates in the consumer market are stored locally on the device and are fully controlled by the user.
Slowly but surely these markets converge. We're moving to a world where your mobile phone is your digital you and fully trusted by Governments across the globe.
Back to fingerprint biometrics. the market for fingerprint biometrics matured the last decade. After a lot of consolidation in the market, the prices dropped to an acceptable level and they will drop even further.
What technology vendors learned is to embed fingerprint technology in such a way that it's easy to enroll for the user and automatically is being adopted in the various apps (thank Steve Jobs for the app-store)
The downside of fingerprint biometrics is that every fingerprint reader can be spoofed.
The essence of fingerprint technology is of course your fingerprint. Something you leave behind everywhere you go. In other words, it's easy to obtain your fingerprint without you even knowing.
Fingerprint readers are build to recognize you and some have anti-spoofing systems build-in. Sometimes very rudimentary and sometimes very sophisticated. If you pay more you get more quality in general. However, even the most sophisticated systems are not fully spoofing proof.
The more applications, the more (business)value, is protected by fingerprint biometrics, more advanced attacks on the system will happen and force users and corporations to implement other (biometric) technologies besides fingerprint biometrics.
Let's take a look at the most likely biometric technology candidates.
Voice & Face
Given the fact that there is no 1-fits-all, Face & Voice are not likely to be winners since for them to work correctly you will need to be able to control the environmental settings (lighting, noise etc) under all circumstances. And that will proof to be a mission impossible. So face and voice will not be the most likely candidates to be the biometric successor of fingerprint.
Iris is becoming interesting again. After Iridian screwed up the market with their idiot patent threats, now with the expiration of the various patents the innovation in iriscamera's reach a new peak. They are becoming affordable and the cameras are getting smaller and the next-gen will probably be embedded in smartphones.
Iris algorithms are fast and perfectly suitable for 1:N matching. Making them a more likely candidate for border-control rather than enterprise and consumer biometrics. As you can see in the video below there is always something needed called "hamming distance" (20cm in the video) the range where the actual iris is captured. It is simply not a very user-friendly technology. It's a bit clumsy to be honest.
My first encounter with vein technology was back in 2005. I had a nasty issue with fingerprint technology by BMF (pressure sensitive readers) in a datacenter and Hitachi as supplier of BMF in Europe invited us to test new groundbreaking technology first hand.
I met the director of biometric technology in Hoofddorp where I saw finger vein technology for the first time. I immediately thought it was a far better technology than fingerprint biometrics, but little too late to enter the border control market. The standards for fingerprint were already set.
A year later Fujitsu launched palm vein technology. Their are both technologies looking at the vein pattern with the differentiator that finger vein technology reads the pattern "through" the finger whereas palm vein technology is based on an reflected image of the pattern.
I leave it up to the reader to judge which of the methods is most secure than the other.
Fact is that the vein algorithms are not suitable for 1:N matching like the iris one. You need additional technologies like fusion in-memory databases to get performance, which increases the total costs of ownership.
The other downside to palm & finger vein technology is the way the two vendors structured their licensing model. In short, it sucks. It's a showstopper for the mass adoption of vein technology. I wrote about this in my previous blog on the "biometrics 2015".
Another vein tech provider is Eyeverifi. This Kansas based startup "reads" the vein pattern in the corner of your eye. It is cool technology as demonstrated below. But like iris recognition one can wonder if it is suitable for mass adoption by consumers. It's a nice add-on, doesn't require any additional hardware but is not very user-friendly as it is now. Maybe in the future when camera's are even beter to recognize from a distance. You always have to look straight in the camera, which you cannot do under every circumstance. Like face recognition you will need to be able to influence the environmental variables needed to acquire a correct and usable picture. And I wonder if it works flawlessly in Asia where people tend not to be able wide open their eyes.
Conclusion vein is a candidate but still has to overcome hurdles technology- and businesswise.
Heartbeat & Behavior technology
I've talked about heartbeat and behavior biometrics in a previous posts. I really like the technology but it is still early stage for heartbeat, and behavior is well suited to be just the additional layer of security. It's an add-on to existing biometric technologies or other security systems.
Heartbeat and Behavior biometrics are both poised for greatness. It will be a long, rough and costly road but the reward will be there. Behavior is taking off now. Companies like Behaviosec changed their business strategy to make it easier to be embedded in the big authentication frameworks. That helps the mass adoption.
As for heartbeat, still a couple of technology breakthroughs will be needed in order to get the technology embedded easily in wristbands of f.i. smartwatches. Smartwatches by itself needs to prove that they are here to stay.
There are various other biometric technologies like handrecognition, signature recognition, ear recognition, the way you walk and yes even butt-recognition.
All nice technological achievements but no serious threats to the fingerprint crown.
My prediction for the successor to fingerprint is;
I am Reinier van der Drift. owner of FERGIL. Serial Entrepreneur & Technology Freak. Expert on Strong Authentication.