I'm doing an MSc at Murdoch University here in sunny Perth, and the central subject area is biometrics. Specifically, can you improve the security of a mobile phone by adding a biometric sensor? It's interesting stuff, there's a huge amount of research covering a number of options, and the list of options available is far longer than I would have suspected a year ago.
It's not all good news though. For the most part, there are two kinds of biometric sensor - those that almost work, and those which clearly don't.
But let me rewind a bit first. What is a biometric sensor? What does it measure? Essentially, biometrics uses the features of a body part or a behaviour to identify you or me, and, when it's working properly, the system is able to tell that you and I are not the same person. Anyone who has watched NCIS has seen the iris (or retina, it's not immediately clear which it's supposed to be) scanner outside the lift and the unreasonably bright blue light which proves that it's working. That's a biometric sensor, and it's able to identify Gibbs or Abby or any of the other characters uniquely and quickly after which the security system allows them to use the lift.
Setting aside the blue light (which also appeared in Minority Report as the film junkies out there will remember), what can be used? Well, a partial list can be:
Then we move onto those which are a bit more "out there"
At current levels of technology and knowledge none of the second batch are practical - at all, not just impractical on a mobile phone. There's no guarantee that most of them are detectably unique, not even DNA surprisingly.
But why would you want to add biometrics to a mobile phone?
Mobiles do a whole lot more than just make calls. For many people they have a portion of your life in their memory: address books, call logs, SMS messages, music and perhaps video, emails and your web browsing history. If it's a business phone, there could be documents, more contacts, the ability to securely connect to your corporate network. You get the idea.
It's all data which needs to be protected. Most of us want some privacy, your employer may demand it, particularly if it's a government department. To cap it all, banks are pushing the idea of handling your finances via your mobile phone. Think about that for a moment - if your phone knows how to connect to your bank, you don't want it to be stolen or lost. If you do leave it on the train or in the bag that gets taken, you don't want the thief to be able to empty your bank account.
From the surveys, it's clear that lots of people are bad at even using a PIN on their phone, so perhaps a biometric would improve things. After all, you don't have to remember anything, just put up with the blue light for a second or two, or run a finger over a sensor.
Do they work though?
That's for another day.