Since the day Brandon Mayfield, a lawyer from Portland, Oregon, was released from federal custody after a fingerprint had linked him to this year’s Madrid terror bombings, a national debate has erupted over the scientific validity of fingerprint identification. Legal scholars and defense attorneys have been shocked to discover that almost no research has been done to confirm that everyone actually has different fingerprints. The problem is compounded by the fact that matching fingerprints to a specific person can be a matter of some interpretation. Coincidentally, just as fingerprints are being challenged within the judicial system, they are finding new life in the private sector. If a company called DigitalPersona has its way, fingerprints will someday become the preferred means of personal identification every time anyone uses a credit card or withdraws money from an ATM.
One of the strange side effects of modern life is the sheer number of accessories we cart around to confirm that we are who we say we are. Our wallets bulge with drivers’ licenses, Social Security cards, school or company IDs, and credit cards. We have car keys that prove to our automobiles that we’re allowed to drive them, front-door keys that prove to our homes that we’re the rightful occupants. And we need passwords: Of all the irritants of high-tech society, only spam has reproduced at a faster clip.
Passwords have multiplied because of two parallel developments unleashed by the Internet revolution. The whole world is now at our fingertips thanks to the Web, but the world can’t be sure whose fingers are doing the typing. When we greet old friends in person, countless flesh-and-blood traits make us recognizable beyond a shadow of a doubt. So why not use some of those traits to reduce the identity clutter in our lives? So-called biometric forms of identification such as voice recognition and retinal scans have been staples of science fiction for decades, and the former has advanced far enough that it is now possible to ask a computer for directions while driving or to converse with a computer over the phone. But voice-activated computers often have difficulty understanding what someone is saying, let alone making a positive identification of anyone. For the time being, the most promising form of biometrics is still the fingerprint.
DigitalPersona has developed fingerprint hardware and software for home PC users called Password Manager as well as versions designed for businesses. The way it works is simple. You type in the URL for your banking site, for example, and click on the button that says ‘‘see accounts.’’ A pop-up window appears, requesting that you identify yourself. You press your right index finger for a split second on a postage-stamp-size scanner located next to the keyboard, and moments later you’re surfing through that checking account. Then you log on to Discover.com using the same technique. No user IDs, no passwords. Just type, click, and scan. ‘‘It’s one of those technologies that straddle security and convenience,’’ says DigitalPersona’s chief technology officer, Vance Bjorn.
DigitalPersona has already established a foothold south of the border. ‘‘We have a deployment with a Mexican bank called Azteca,’’ Bjorn adds. ‘‘They’ve registered about 4 million people who use our fingerprint technology when they go to make a deposit or use an ATM.” The bank caters to a population of users—migrant workers, for example—who often do not have existing forms of ID.
The DigitalPersona technology uses a small optical scanner to capture a fingerprint image. Before transferring the data to your PC, the scanner must answer a time-sensitive challenge issued from the computer to confirm, as Bjorn puts it, that the ‘‘data is fresh—to ensure someone isn’t replaying the image.’’ The software then stores a description of the fingerprint, focused primarily on a property called minutia points—the locations where fingerprint ridges begin and end. ‘‘Typically, there are 50 to 70 minutia points on a fingerprint,’’ Bjorn says. The challenge of fingerprint recognition is cutting through the static. “There’s a lot of variation in the real world: scars and cuts, different finger placements, dirt on the sensor surface. But the underlying signal of the fingerprint is so strong—because there is so much information unique to it—that even if some of the features are occluded, we can still reconstruct and define the features. If you get in the range of 20 or 30 of the features, that’s enough to make an accurate ID.’’