Welcome!

News Feed Item

Think ID Theft Is a Problem Here? Try Protecting One Billion People

The cutting edge of biometric identification — using fingerprints or eye scans to confirm a person’s identity — isn’t at the FBI or the Department of Homeland Security. It’s in India.

India’s Aadhaar program, operated by the Unique Identification Authority of India (UIDAI) and created to confirm the identities of citizens who collect government benefits, has amassed fingerprint and iris data on 500 million people. It is the biggest biometric database in the world, twice as big as that of the FBI. It can verify one million identities per hour, each one taking about 30 seconds.

The program unnerves some privacy advocates with its Orwellian overtones, and the U.S.-based Electronic Frontier Foundation has criticized it as a threat to privacy.

But many developing countries see biometric identification (ID) as a potential solution for millions of citizens who don’t have any official and fraud-resistant ID. The Indian government distributes $40 billion a year in food rations, but fraud is rampant because most people lack proper ID. Analysts estimate that 40 percent of India’s food rations never reach the people they are intended to help. Indeed, a new study of initial results from India’s biometric program found that it both reduced corruption and was popular with beneficiaries.

India isn’t the only developing nation to explore biometric strategies. The Center for Global Development, a Washington-based think tank, reports that 70 nations have some sort of biometric program.

Now a Stanford business professor is proposing a way to make India’s program far more accurate. Lawrence Wein, a professor of management science, applies mathematical and statistical modeling to solve complex practical puzzles.

In health care, Wein has analyzed strategies to optimize food aid in Africa and to mitigate the toll of pandemic influenza. In homeland security, he has developed strategies that the U.S. government has adopted for responding to bioterrorist attacks involving smallpox, anthrax, and botulism.

Wein’s interest in biometrics started almost a decade ago, with his analysis of fingerprint strategies used by the Department of Homeland Security’s US-VISIT program for nonresidents entering the country. That analysis influenced the government’s decision to switch from a two-finger to a 10-finger identification system.

For Indian officials, the big practical challenge has been to make the program more accurate without getting bogged down when used by a billion people.

The system has to be accurate enough to spot all but about one in 10,000 imposters. But it shouldn’t be so foolproof that it falsely rejects large numbers of people who are who they claim to be. Nor should it take so long that people have to wait in long lines. If either of those things happened, few people would sign up. Participation in India’s program is voluntary, not mandatory.

India’s system is sophisticated. When a person first enrolls, scanners take image data for all 10 fingers and both irises. When people show up at a local office to receive a benefit, they get scanned again. That data is then sent to the central database, which compares it to the person’s original enrollment data.

But comparisons are complicated. One problem is that the scanning equipment where people first enroll is usually more expensive and sophisticated than the equipment at local government offices. That sets the stage for a lot of false rejections. Making matters more difficult, fingerprints and even irises vary tremendously in how distinctive they are.

The tradeoff is between accuracy and speed. Comparing all 10 fingerprints, or both irises, is extremely accurate, but it takes about 107 seconds. That may sound lightning fast, but it isn’t for a system that is supposed to perform 1 million verifications an hour. To speed up the process, Indian officials originally compared only a person’s right thumbprint. But a single thumbprint — or any other individual fingerprint — may be too hazy to compare. Indian officials then latched on to the idea of picking a person’s best fingerprint — the one that provides the easiest match. Results were better, but not ideal.

Wein teamed up with two graduate researchers, Apaar Sadhwani and Yan Yang, to derive and test sophisticated algorithms based on the Indian biometric data. Wein didn’t charge for his work, but he thought that it might have ramifications for many other governments, as well as for commercial companies. Indeed, banks in India are already developing their own applications for the Aadhaar system.

The researchers’ solution, which Indian officials are studying at the highest levels, is to focus on a particular subset of each person’s fingerprints and eye scans that are the easiest to compare to those originally scanned. The combination of fingerprints and iris data will vary from person to person. For some people, it could be just the right index finger. For others, it could be an index finger and a thumb. Or, it could be the irises, or a combination of fingerprints and irises.

For many people, as it turned out, an easy check of only one or two fingerprints is enough for an accurate identity confirmation. For about 37 percent of people, it’s necessary to compare just the irises. And for a very small number of people, it’s necessary to compare both irises and some fingerprints.

By spending a small amount of time on most people, and more time on a minority of others, the researchers found they could keep the average verification time to just 37 seconds. That’s a bit longer than it takes to just compare one finger, but the rate of false rejections is about 200,000 times lower.

Wein doesn’t expect the United States to replicate the Indian approach. Americans are already suspicious about government surveillance, and most Americans already carry drivers’ licenses and other photo identification that are fairly hard to forge. But for low-income countries, he says, biometrics may have a big future.

The paper, “Analyzing Personalized Policies for Online Biometric Verification,” was published by PLOS ONE on May 1, 2014.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
When shopping for a new data processing platform for IoT solutions, many development teams want to be able to test-drive options before making a choice. Yet when evaluating an IoT solution, it’s simply not feasible to do so at scale with physical devices. Building a sensor simulator is the next best choice; however, generating a realistic simulation at very high TPS with ease of configurability is a formidable challenge. When dealing with multiple application or transport protocols, you would be...
As organizations shift towards IT-as-a-service models, the need for managing and protecting data residing across physical, virtual, and now cloud environments grows with it. Commvault can ensure protection, access and E-Discovery of your data – whether in a private cloud, a Service Provider delivered public cloud, or a hybrid cloud environment – across the heterogeneous enterprise. In his general session at 18th Cloud Expo, Randy De Meno, Chief Technologist - Windows Products and Microsoft Part...
Personalization has long been the holy grail of marketing. Simply stated, communicate the most relevant offer to the right person and you will increase sales. To achieve this, you must understand the individual. Consequently, digital marketers developed many ways to gather and leverage customer information to deliver targeted experiences. In his session at @ThingsExpo, Lou Casal, Founder and Principal Consultant at Practicala, discussed how the Internet of Things (IoT) has accelerated our abilit...
Data is the fuel that drives the machine learning algorithmic engines and ultimately provides the business value. In his session at Cloud Expo, Ed Featherston, a director and senior enterprise architect at Collaborative Consulting, discussed the key considerations around quality, volume, timeliness, and pedigree that must be dealt with in order to properly fuel that engine.
In IT, we sometimes coin terms for things before we know exactly what they are and how they’ll be used. The resulting terms may capture a common set of aspirations and goals – as “cloud” did broadly for on-demand, self-service, and flexible computing. But such a term can also lump together diverse and even competing practices, technologies, and priorities to the point where important distinctions are glossed over and lost.
Dion Hinchcliffe is an internationally recognized digital expert, bestselling book author, frequent keynote speaker, analyst, futurist, and transformation expert based in Washington, DC. He is currently Chief Strategy Officer at the industry-leading digital strategy and online community solutions firm, 7Summits.
Detecting internal user threats in the Big Data eco-system is challenging and cumbersome. Many organizations monitor internal usage of the Big Data eco-system using a set of alerts. This is not a scalable process given the increase in the number of alerts with the accelerating growth in data volume and user base. Organizations are increasingly leveraging machine learning to monitor only those data elements that are sensitive and critical, autonomously establish monitoring policies, and to detect...
Two weeks ago (November 3-5), I attended the Cloud Expo Silicon Valley as a speaker, where I presented on the security and privacy due diligence requirements for cloud solutions. Cloud security is a topical issue for every CIO, CISO, and technology buyer. Decision-makers are always looking for insights on how to mitigate the security risks of implementing and using cloud solutions. Based on the presentation topics covered at the conference, as well as the general discussions heard between sessio...
In his session at 20th Cloud Expo, Scott Davis, CTO of Embotics, discussed how automation can provide the dynamic management required to cost-effectively deliver microservices and container solutions at scale. He also discussed how flexible automation is the key to effectively bridging and seamlessly coordinating both IT and developer needs for component orchestration across disparate clouds – an increasingly important requirement at today’s multi-cloud enterprise.
In his session at @DevOpsSummit at 20th Cloud Expo, Kelly Looney, director of DevOps consulting for Skytap, showed how an incremental approach to introducing containers into complex, distributed applications results in modernization with less risk and more reward. He also shared the story of how Skytap used Docker to get out of the business of managing infrastructure, and into the business of delivering innovation and business value. Attendees learned how up-front planning allows for a clean sep...
In his session at 20th Cloud Expo, Brad Winett, Senior Technologist for DDN Storage, will present several current, end-user environments that are using object storage at scale for cloud deployments including private cloud and cloud providers. Details on the top considerations of features and functions for selecting object storage will be included. Brad will also touch on recent developments in tiering technologies that deliver single solution and an end-user view of data across files and objects...
In his session at @ThingsExpo, Arvind Radhakrishnen discussed how IoT offers new business models in banking and financial services organizations with the capability to revolutionize products, payments, channels, business processes and asset management built on strong architectural foundation. The following topics were covered: How IoT stands to impact various business parameters including customer experience, cost and risk management within BFS organizations.
Given the popularity of the containers, further investment in the telco/cable industry is needed to transition existing VM-based solutions to containerized cloud native deployments. The networking architecture of the solution isolates the network traffic into different network planes (e.g., management, control, and media). This naturally makes support for multiple interfaces in container orchestration engines an indispensable requirement.
Businesses and business units of all sizes can benefit from cloud computing, but many don't want the cost, performance and security concerns of public cloud nor the complexity of building their own private clouds. Today, some cloud vendors are using artificial intelligence (AI) to simplify cloud deployment and management. In his session at 20th Cloud Expo, Ajay Gulati, Co-founder and CEO of ZeroStack, discussed how AI can simplify cloud operations. He covered the following topics: why cloud mana...
"I will be talking about ChatOps and ChatOps as a way to solve some problems in the DevOps space," explained Himanshu Chhetri, CTO of Addteq, in this SYS-CON.tv interview at @DevOpsSummit at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.