This Saturday, June 13, 2020, Yves Portalier, executive vice-president of activities related to biometrics at IDEMIA explained the new requirements of biometrics for health in the program 01 Business presented by Frédéric Simottel.

During this interview, Yves Portalier clarified the current challenges of contactless biometrics (via facial recognition or fingerprints) in this context of emerging from the global pandemic.
He explains that “fluidity, security and hygiene” are the main advantages of contactless biometrics.

Finally, the exchange highlights the already widespread use in the world of the MorphoWave ™ Compact. This very popular biometric reader sees its popularity growing in the current health context.

You can watch the interview directly below:

Source : https://bfmbusiness.bfmtv.com/mediaplayer/video/quels-usages-pour-la-biometrie-en-entreprise-1306-1255261.html

morphoaccess sigma lite

Fingerprint readers have been removed by few companies to be replaced by simple badge readers. This decision made by many security managers is actually enhancing risk level instead of protecting employees.

How to keep security and employee’s health protection during the crisis?

We explain  here what measures and considerations should be taken to NOT deactivate fingerprint readers during the crisis.

You have a fingerprint reader to increase security, right? The existing systems based on fingerprint technology are a more trustful system than ID badge or RFID system, because fingerprint assures authorized people to be identity’s holders and not someone holding a badge and trying to break into secured area with others’ credential.

Badges can be stolen and even cloned, but not your fingerprint features.

The General Data Protection Regulations – GDPR and Data Protection Impact Assessment – DPIA are a major issue for many countries, overall in the European Continent.

These countries need to respect the regulated framework for user’s privacy. The legal environment for biometric projects using fingerprint capture are strong well-though and planned by governments and actors in the market. This implies that today, in the current stage, fingerprint and biometric systems are stronger than other systems.

Concerning this structured offer and protection of data, why would a company remove these layers of security in a fingerprint based system ?

Many will think and see the contact biometric technology as a vector to certain diseases or virus. But, the removal of these protection represent a bigger risk than the others.

Indeed, by deactivating biometric systems with already structured framework to low level security appears a bad choice and risk taken.

The deactivation of the system already in function give a breach and higher exposure to attacks in terms of personal data and physical access control amidst others. The risk here is augmented if systems are not active.

Can you as a security manager let this risk happen?

You are not going to remove all contact objects, are you ?

In our daily life and relations, contact is key. Now, if we speak about companies, will you remove door handles or common objects as coffee machine, tables, desks to avoid contact? Probably not, the same is applied to biometrics with fingerprint technology.

“Back to badge” : clearly not the best idea !

The replacement of fingerprint contact readers to badges is far from being ideal in both security and health aspects. It’s to be emphasized that cards can be easily cloned, and have a low security option for protection.

A false sense of security is common in cards or RFID technologies, because it’s difficult to identify an illegitimate entry into the secured area.

Health issues: Badges aren’t hygienic as you think, just because they work through a contactless technology, it does not mean it can reduce virus transmissions. The card in contact with other objects can be turned into a vector. The avoidance of virus transmissions is more about how often do you wash or sanitize your hands than grab contact-objects.

In addition, badges are bigger than fingerprint sensor, this means that there are more contact surface to contain viruses. A sensor measures only 15×20 mm / 0.6×0.8 inches VS a classic card 54x86mm / 2.12 / 3.38 inches).

So what are the recommendations?

Put or leave your fingerprint terminals active, for matters of security. You will maintain a high level of protection.

IDEMIA made several recommendations to clean and sanitize the sensors on its terminals. But we could also recommend that you treat such readers as you treat other objects already mentioned here above, and provide (touchless) hydro-alcoholic gel or wipes dispensers next to them. This way, your employees can clean their hands right after using the fingerprint sensor and the door/handle.

This is maybe an inspiring example: pedal-activated gel dispenser next to the reader and door handle.

Source: Document from Nicolas Raffin – VP of Marketing at IDEMIA

This project is part of the World Economic Forum’s Shaping the Future of Technology Governance: Artificial Intelligence and Machine Learning

How can we preserve human rights concerns in the advent of facial recognition technology? 

Facial recognition offers a seamless experience throughout identification processes, offering also a high-level of security.

This technology is considered to be a non-invasive method in which we do not get interrupted, stopped or in contact with any devices. Seamless and contactless experience are keywords.

Good or bad, the technology retains personal data of many citizens. And it’s a right to know by whom, to what purpose and for how long our personal data is used and kept.

While algorithms increase as fast pace the accuracy score and machines’ responsiveness, the  policy and regulations still have a long way to go.

Thinking of this 2020 trend growth of facial recognition use, enhanced by sanitary crisis, world leaders in technology, digital identity and biometrics gathered with policy-makers, civil society representatives and academics to develop a governance framework, delimiting the use and safe conditions of the technology.

4 steps to build a framework that ensures trustworthy were made in a pilot phase by companies and IDEMIA, MICROSOFT, AFNOR, SNCF, AWS among others:

  1. Define what constitutes the responsible use of facial recognition through drafting a set of principles for action
  2. Design best practices to support product teams in the development of systems “responsible by design”
  3. Assess to what extent the system designed is responsible through an assessment questionnaire that describes for each use-case what rules should be respected to comply with the principles for action.
  4. Validate compliance with the principle for action through the design of an audit framework by a trusted third party

The framework takes into account different use-cases and applications across jurisdictions. For instance: Access control, safety in public spaces, marketing and KYC services, healthcare, etc.

Sources:

https://www.idemia.com/news

https://www.weforum.org/projects/responsible-limits-on-facial-recognition-technology

Biometric data interchange formats enables the interoperability of different biometric systems. Plenty of applications and hardware are intended for surveillance, border control, healthcare, boarding pass among others. Given this variety of biometric systems and the rapidly evolution in biometric technology, It exists many suppliers with dissimilar devices relying on minutiae-based, pattern-based or other algorithms.

In anticipation to avoid compliance and interoperability issues between different systems, the ISO experts’ committee alongside the International Electro-technical Committee (IEC) developed a third generation of data interchange format presented in a Common Biometric Format Framework (CCBEF).

With the wide-range of biometric products, the third and brand new framework is addressed to open systems, which requires the use of an interoperable, open standard allowing enrollment and recognition components to be supplied from different manufacturers. While closed system has specific applications, e.g. the physical access control to a datacenter, it can be designed and implemented under proprietary format standards.

Concretely, the establishment of an image-based representation of fingerprint information will not rely on pre-established definitions of minutiae, patterns or other types. It will provide implementers with the flexibility to accommodate images captured from dissimilar devices, varying image sizes, spatial sampling rates and different greyscale depths. Use of the finger image will allow each vendor to implement their own algorithms to determine whether two fingerprint records are from the same finger.

 Said so, the open system allows the same biometric reference to be read by different applications. Applications that are different in nature will therefore require the biometric data to be encoded in one harmonized record format. For instance, the read of trusted travelers’ document by air companies or the use of eGovernment software demand an unique format to be exchanged in different biometric readers.

The international standards for biometric data have just been published and are composed by different parts, it can be seen here in the links:

  • ISO/IEC39794-1, Information technology – Extensible biometric data interchange formats – Part 1: Framework
  • ISO/IEC39794-4, Information technology – Extensible biometric data interchange formats – Part 4: Finger image data
  • ISO/IEC39794-5, Information technology – Extensible biometric data interchange formats – Part 5: Face image data

 The different parts above will cancel and replace the correspondent parts in the ISO/IEC 19794, that define the framework for interoperability biometric data, specially for fingerprint and face images.

The changing will be adopted by the International Civil Aviation Organization (ICAO) during this year. It has as a basis the 9303 regulation relative to readable travel documents by biometric machines. Other parts will be added up to the ISO/IEC 39794, notably to specific data as vascular images, iris and whole body capture.

 Accordingly to Patrick Grother, President of ISO/IEC Technical Committee and in charge of ISO/IEC 39794, the released part form the last framework of international regulations, it takes a large horizon covering wide range of questions related to interoperability in the biometrics:

« We understand to elaborate agreed regulations concerning an international scope for different biometric modals, taking into account the range of applications, the nature which is often sensitive to data and the exigencies in regulation. », he explains.

 The parts were developed by a mix committee ISO/IEC JTC 1, Information Technology sub-committee SC 37, Biometrics, which the secretariat is assure by ANSI, member of ISO in the United States of America. They are available directly from ISO members in your country or at ISO Store

Based on:

https://www.iso.org/obp/ui#iso:std:iso-iec:39794:-4:ed-1:v1:en

https://www.iso.org/fr/news/ref2478.html

Idemia communication – Courbevoie – April 10th, 2020

As we all manage the difficult challenges arising from the Coronavirus (COVID-19)
pandemic, please be reassured that IDEMIA is continuously monitoring the situation
and is ready to assist whenever needed.
In this document, you will find disinfection and sanitizing recommendations applicable
to the following list of IDEMIA’s devices :

  • FingerPrint Sensors: CBM, MSO1300, MSO1350, MSO300, MSO301,
    FingerVP
  •  Optical Livescan Slap and Palm acquisition devices: MTOP, MTOP Slim,
    TP5300
  • Access control and time management biometric terminals: SIGMA Family,
    MorphoAccess VP, MorphoWave Compact, VisionPass
  • Mobile device : MorphoTablet

Overview

IDEMIA recommends the following steps to limit the spread of COVID-19 when using
biometric devices. They are based on the information made available by the World
Health Organization (WHO) and other governmental health and safety organizations.
As IDEMIA has not specifically tested these steps on Coronavirus (COVID-19), we can
however not warrant their effectiveness

Use Best Practices for Hand Sanitation of Users

  • Instruct users to thoroughly clean their fingers and hands with an alcohol-based
    rub, or wash with soap and water BEFORE and AFTER touching the device
  • Ensure that the fingers and hands are completely dry before touching the
    device

Use Personal Protective Equipment when Touching the Hands of a User (during
enrollment or verification phase for instance)

  • Follow your local Health Agency protocols for the use of Personal Protective
    Equipment (PPE) when touching the hands of individuals that need to be
    enrolled/verified
  • Review WHO recommendations[1] on the use of PPE for your setting, personnel,
    and activity
  • The WHO may recommend additional PPE (gloves and mask) when interacting
    with individuals exhibiting symptoms suggestive of COVID-19

Cleaning and Disinfecting the Biometric Device itself

  •  First, please note that it is NOT necessary to unplug the device to clean it
  • Thoroughly clean your hands with an alcohol-based rub or wash with soap and
    water BEFORE and AFTER cleaning the biometric device
  •  Always use a new pair of gloves when cleaning the device, and immediately
    dispose of the gloves once finished
  • Regularly clean and disinfect the fingerprint sensor, especially after someone
    exhibiting COVID-19 symptoms touches the device
  • From the US Environmental Protection Agency list[2] of disinfectants for use
    against the Coronavirus, IDEMIA recommends either:

    •  Windex® Multi-Surface Disinfectant or another similar product containing
      L-Lactic acid; or
    •  Hydrogen peroxide : apply the disinfectant to a non-abrasive wipe.
      IDEMIA recommends either:

      • Economizer® Wipers; or
      • 3M Scotch-Brite® High Performance Cloth
    •  Wipe the device surface and leave the surface wet with disinfectant for at
      least 5 minutes

Important!

  • Do not apply products containing bleach to the fingerprint sensor. This may
    permanently damage and affect the performance of the device
  •  Do not use abrasive cloths or wipes (e.g., paper towels)
  •  Do not spray liquid directly onto the sensor. Always spray cleaning solution onto a
    non-abrasive cloth, and then use it to wipe the sensor

 

[1] https://apps.who.int/iris/bitstream/handle/10665/331215/WHO-2019-nCov-IPCPPE_use-2020.1-eng.pdf
[2] https://www.epa.gov/pesticide-registration/list-n-disinfectants-use-against-sars-cov-2