Trusted Fallbacks Only

|
  1. Introduction
  2. User Population
  3. Fingerprint Users
  4. Fallback Mechanisms for Non-Enrollables
  5. Conclusions
  6. Frequently asked questions

Authentication is only as strong as its weakest fallback. All access paths must uphold primary security.

Introduction

Below we will discuss how permanent and temporary issues may cause a fingerprint authentication attempt to fail and how, in the security and safety market, trusted fallback methods are needed to prevent ‘back doors’ that could be exploited by unauthorized users.

User Population

The number of legitimate users of a biometric system can range from a few only to many millions. By nature, every biometric modality has restrictions and cannot be used by a certain fraction of the population. The table below lists some biometric modalities and user groups that cannot apply this kind of biometric identification.

Table 1: Some biometric modalities and disqualified user groups
Modality Randomness Disqualified users
Fingerprint Phenotype Damaged fingerprints or disabled by disease
Face Genotype Monozytic twins
Iris Phenotype Blind, disabled by disease
Voice recognition Phenotype Deaf, disabled by disease

Fingerprint Users

Fingerprint is the most popular biometric modality daily used by hundreds of millions of people. Fingerprints are developed during a fetal stage at random, meaning that even monozygotic twins have different fingerprints. Opposite to what may be the case for face recognition it requires a willful user-controlled action to present the fingerprint to a reader or embedded device with integrated sensor.

Permanent Disability

There are a few cases of people that cannot use fingerprinting. Some humans do not have sweat glands in the hands as a rare genetic condition. While they may still have visible fingerprints, these cannot be captured with mass market available sensing equipment relying on some level of moisture of the skin such as optical or capacitive sensors. Exposure to excessive chemical or mechanical influence by work or hobbies can turn the fingerprints no longer usable. People with amputated hands can no longer use fingerprint as well. All these conditions are rare and can account for 0.1% of users depending on the population.

Such users must be offered an alternative biometric solution or access through a manned station or some other likely inconvenient fallback not compromising the total system security / safety level.

Temporary Disability

Hands and fingers are used in daily life and can get damaged. For large sensors a small or medium sized cut or swollen finger will not affect a fingerprint system. For small sized sensors, even a minor cut may damage a significant part of the scan and render the system useless.

If the hand is wrapped in bandage due to injury, it cannot be used until healed and unwrapped. Two weeks of hardcore surfing vacation can also partially wear off fingerprints and temporarily turn some fingers useless for automated verification. After some time, the fingerprints grow again from the dermal layer and work fine just like before. For such scenarios it is then important to have backup fingers or face recognition fallback to still access the system.

Difficult Users

Some users do not have a permanent or temporary disability, but their fingerprints can hardly be used for scanning with a sensor and automated recognition. This includes people with excessively sweaty or dry skin on the hands. Too much moisture or a lack thereof can prevent scanning with a sensor system. A useful tip for moist hands is to touch a piece of cloth before placing the finger onto the sensor. People with dry skin in turn can touch the forehead or side of the nose to pick up moisture from their body and enable scanning. Infants and siblings have much smaller features that adult persons and require a high-resolution sensor of at least 500ppi. Elderly people can also be more difficult, since their fingers may have various permanent cuts and wrinkles plus reduced moisture.

A trusted system implementation in a security sensitive governmental or corporate context must serve very close to 100% of the targeted user. The following requirements must be considered mandatory:

  • A quality sensor system with large area and high resolution plus a high-end algorithm. This allows a level of tolerance to operate reliable even under varying conditions of environments and fingers.
  • Supervised enrolment by a trained officer improves overall enrolment quality. The officer must determine which fingers meet the quality thresholds for enrollment. In rare cases all fingers will be disqualified, and the user must be offered another biometric modality — or an alternative way of authentication (typically less convenient).
  • A short user introduction to the nature of fingerprinting that includes how the user may cope with dirty fingers (wipe off dirt), very sweaty fingers (wipe of sweat), very dry fingers (breathe on the finger or touch your skin). These simple instructions can be given in a few minutes process during enrollment.

Fallback Mechanisms for Non-Enrollables

So, a certain fraction of users will be disqualified from using fingerprint or other biometrics. They require a fallback solution to securely proof their identity. Depending on the application, that fallback mechanism can be less convenient.

Trusted Fallbacks

Existing market authentication systems from traditional keys, to passwords, pin-codes, rfid access cards, hardware authenticators, biometric smartphones and small sized sensor smartcards have all been proven to be exploited by criminal organisations and hostile nations.

A secure system must be secure always, also in fallback scenarios.

False rejections and temporary disabilities can never be avoided 100%. Therefore, it is important to allow multiple trials for biometric verification and to enroll at least two backup fingers — preferably one from the other hand. If the dominant hand is wrapped in bandage, just use the other enrolled finger. For a Biometric System-on-Card, the thumbs are ergonomically best suitable. It is recommended to enroll both thumbs and possibly both index fingers as well. When the system fails to recognize one finger three times in a row, the user naturally switches to a different finger. That is only possible, if one invested the time and effort to enroll it supervised before.

Another option is to add a system complementing second biometric modality. Even if the BSoC does not carry a camera or other dedicated sensor, it could still accept digitally signed biometric probe data from an external system and perform on-card biometric verification of face or iris. This would be superior to a passcode that can easily be shared or spied out. This solution is planned as a future functional extension.

Conclusions

  • Every biometric system must deal with permanent and temporary disabilities as well as false rejects and requires a fallback mechanism to verify the user.
  • Security centric applications should refrain from knowledge-based fallback for all or even some of the users.
  • A quality biometric sensor and algorithm can reduce the number of failures and required fallback occurrences.
  • Supervised enrolment of at least three fingers helps to reduce rejects. The second thumb and an index finger is typically the best fallbacks.
  • Supervised enrolment must decide to disqualify problematic users.
  • Verifying a different biometric modality like face in the BSoC will be a good addition in the future.

Frequently Asked Questions