SISL uses Intelligent Digital Passport for total security

In an era when security is on the minds of everyone from corporates to the home user, there is an urgent need for a device that ensures maximum protection against intruders. The scientific applications centre of Siemens Information Systems (SISL) recently came out with a biometric-based smart card, which promises just this. Stanley Glancy has more details

With multiple biometrics available on the same card, the chances of a breach become all the more remote, says Dr Vinay Vaidya

September 11 may now be a distant memory for those of us not directly touched by the carnage. But the fundamental issues it raised with respect to the foolproof nature of our security systems continues to haunt us. No system is invulnerable. But with traditional modes of access control such as passwords, PINs, keys, entry cards, codes and other handwriting-based identification methods proving to be far more susceptible to attack than previously believed, it became imperative to develop a technology that would provide higher levels of security. Over the past year, technologists across the globe went into overdrive, trying to develop the perfect security system. Biometrics has been the buzzword but the fascination with smart card technology still holds sway over the majority. Taking this trend into consideration, many companies have been trying to develop biometrics-based smart cards. Among them is Siemens Information Systems (SISL) India. The company has introduced an authentication device called the Intelligent Digital Passport (IDP), which incorporates multiple biometrics into a smart card for authentication purposes.

The Market
Says Dr Vinay Vaidya, associate vice president-scientific applications centre for SISL, “The total market for security in the US alone is worth $60 billion. The global market for smart cards is worth $100 billion and is expected to touch $600 billion by 2006.” According to Vaidya, most of these cards will be biometrics-based. The reason for this being that biometrics is today considered the most foolproof method of access control. And with multiple biometrics available on the same card, the chances of a breach becomes all the more remote.
Even research and advisory firm Gartner says that the security space is seeing high growth in India. Many countries have introduced smart card-based identity cards and others are in the process of launching them. Hong Kong, for instance, has introduced a national ID card. China, on the other hand, plans to launch close to 800 million cards by the end of March. Master Card has already introduced a PKI-based solution, called MC2 card, in Latin America.

History
SISL’s foray into biometric-based smart cards was a natural evolution of R&D work done at the scientific application centre in Pune. Started in 1997, this centre has been conducting experiments in the areas of image processing, satellite imaging, document processing and medical imaging. Medical imaging required compression of data. Says Vaidya, “Though storage rates have gone down, code optimisation and compression is a must. With the rate of data acquired by an organisation growing at a rapid pace, the overall spending on storage has been on the rise. The only way to cut cost is to compress data as much as possible.”

It was at this point of time that SISL decided to conduct R&D in the biometrics-based smart card space. Vaidya’s team identified three areas of biometrics that could be incorporated on the card to provide maximum security—fingerprint identification, facial recognition and voice recognition. The company had already gained considerable expertise in the area of data compression. The challenge now was in using this expertise to compress the biometrics of an individual into the 32 KB chip on the smart card. Elaborates Vaidya, “Though 64 KB cards are available abroad, 32 KB is the maximum limit offered by vendors here in India. Hence, it was even more of a challenge for us to compress heavy data into a 32 KB chip.”

This was when the company decided to expand its expertise in data compression into other areas. Fingerprint identification was an evolved technology and could be compressed to the required size, but the problem with most companies experimenting with compression of facial data features was that due to loss of data during the compression process the resulting image was difficult to recognise. But SISL’s expertise in the JPEG2000 standards area came in handy. The company was able to compress facial features to the bare minimum without any loss of data. Incidentally, SISL is the only company in India and among 10 other companies in the world working on the JPEG2000 standard.

The next step was speech recognition or what SISL calls speaker identification. According to Vaidya, SISL’s system is not concerned with speech recognition but with speaker verification.

SISL integrated all the various technologies along with the traditional text information and compressed it into a 10 KB file. The entire information could be verified by a system in less than 50 seconds. But many organisations found this too long a time for verification. This prompted SISL to work on further compression of the data on the chip. The company succeeded in its objective. In the current version of biometrics-based smart cards offered by SISL, the data has been compressed to less than 6 KB and can be verified in 15 seconds. The challenge the company has posed for itself is to reduce the verification time to less than eight seconds, without any loss of data or compromise on quality.

Advantages
Since the verification unit is not connected to the server, an organisation deploying IDP can save a lot in terms of cost of hardware and real estate space occupied by servers. Also, since the system is an independent unit, the problems associated with authentication if the server were to crash have been alleviated. The IDP can be used for myriad purposes, including access control to highly secured areas, banking applications such as ATM services, Web-enabled transactions, network access, time and attendance monitoring systems.

The IDP unit has both software and hardware components consisting of a fingerprint scanner, speaker/microphone, camera and a smart card reader. In addition, it also has a computer-processing unit, and application software. If required, all the above components can be integrated in a kiosk along with a barcode reader for additional functionality.

The customer is allowed to choose the number of biometrics at the time of purchase, with options to expand at a later date. IDP also has provisions for adding more biometrics as and when SISL achieves breakthroughs in new areas.

Security
Though it is possible to duplicate a smart card personalised by IDP, the uniqueness of each cardholder’s biometrics makes it practically impossible for an unauthorised person to use the card.

However, according to Vaidya, duplication of the smart card would mean that a new card is created for the original cardholder. But new data insertion for an unauthorised person will be extremely difficult. Says he, “Proper safety measures have been incorporated in the system so that data on the smart cards is difficult to decipher. The entire data is compressed, encrypted, and put in a non-conventional format, ensuring that unauthorised card creation does not take place.”

Challenges
Vaidya visualises several challenges before the solution will gain acceptance in the country. Says he, “Awareness is still not very high in India. The technology can’t work with a mass of people, verification is done on each individual separately. We also have to train people on how the system works.”

In the case of speaker identification, if there are long pauses between words the system can’t function effectively. Or if the concerned person speaks in a different tone—too loudly or too softly—then the system won’t work.

In India, though the government introduced the system of a national ID card, there have been no coherent efforts to develop something on the lines of a smart card. But SISL has been working in association with EPFO (employee provident fund organisation) to provide smart cards to its more than 2.5 crore subscribers. The card, based on the US social security number system, will provide a unique identification number. It will provide the subscriber access to his account position, pension payments, claim settlements, etc. The best part about the card is that the employee can use the same card even if he were to change jobs.

The company plans to spread the technology in India. Target verticals for SISL include defence and banks. But according to Vaidya, the technology is applicable wherever security of premises is valued. As part of its expansion strategy, SISL has appointed a number of channel partners for selling and providing requisite support. Says Vaidya, “We have already appointed partners in Indore, Bhopal and Kolkata and we are at the moment looking for established channel partners in the metros.”

The card is currently priced at Rs 250, which is still too high for many organisations. But advancement in technology should see prices coming down in the near future. Also, though there are no competing products in the Indian market, we should see more and more security companies coming out with similar products. This will definitely provide the boost required for increasing visibility. Besides, government adoption of the technology should also see this sector receiving a major boost.