Mobile pushes changes in biometric identifiers

Evolving biometrics should be more difficult to spoof, but they present challenges for accuracy and privacy.

iPhone fingerprint reader

The classic methods of collecting biometric data -- fingerprint, iris, face and voice -- are being made obsolete by an increasingly mobile workforce and supplanted by methods that might be more difficult for nefarious actors to overcome but raise questions about privacy.

Like the classic fingerprint or iris scan, some of the new methods are based on anatomy -- for example, palm and ear prints.

Other categories are physiological (measuring pulse, heart rate and respiration), cognitive (measuring responses to stimuli such as text and stylometry of writing and speech) and behavioral (measuring browsing habits and device and application use).

Evolving biometrics will be more difficult to spoof, said Caitlin Newark, a senior consultant at Novetta, at the Smart Card Alliance's 14th Annual Government Conference in Washington.

But there are some hurdles to overcome before any of the new biometric identifiers can be widely used. For starters, the accuracy of the measures must be improved and the impact on system resources must be minimized to strike a balance between usability and privacy, Newark said.

The move from external measures such as fingerprinting to internal information-gathering such as cognitive and behavioral measures will likely raise questions about whether such data collection is too intrusive, she added. She also cited an increased need for transparency in regard to how and when such data is collected and used.

Chris Taylor, senior product manager at Entrust Datacard, said the increased focus on biometric data comes from the changing nature of the workforce: 37 percent of employees are now mobile-equipped.

"It's not about the desktop PC anymore," he said, adding that agencies should be looking for ways to use mobile devices to authenticate identity or link the devices to derived credentials on employees’ personal identity verification cards.