1. The Holy Grail of authentication

The Holy Grail of authentication

A mix of identification strategies will have to be used for foolproof authentication; labs are exploring an emerging market for alternative bio-markers

By: | Published: September 24, 2015 12:21 AM

Rejoice, Nandan Nilekani, for it is now proven that not only can human identity be uniquely established by fingerprints and retinal scans, it can also be detected by the bugs that humans carry. Each individual lives in a ‘microbiome’, a cloud of bugs which we rain upon our surroundings at the rate of a million per hour. Following an experiment in Portland, US, it appears that the microbiome is specific to individuals, and may one day stand in for a fingerprint or a DNA sample.

Since biological litter is much more freely available that human genetic material at crime scenes—or any other scene, for that matter—forensic labs the world over would probably be interested in replicating this experiment. Even if it fails to validate identity with the specificity of genetic analysis, it should be able to indicate the probability that a suspect was at the scene.

The experiment, whose results were reported in the open journal Peer J on Tuesday, sequenced ribosomal RNA from the cloud of micro-organisms emitted by a healthy person who had not been taking antibiotics for months, sitting in a completely sanitised and climate-controlled chamber. Since humans spread their bugs through the air and by contact with material surfaces, particles which settled on surfaces around individuals were also examined.

Bug transmission has been a subject of intense study since the 19th century, as a central concern of epidemiology and social medicine. We spread innumerable pathogens by droplet transmission, and superficial microbes by contact with surfaces. But the idea that a mix of flora may constitute a specific marker like a fingerprint is new, and will be embraced by genetic forensics and biometric authentication, sunrise industries which are expected to have social and political implications. As the crime graph rises worldwide, in direct proportion to population density and economic aspiration, the former will assume salience, rendering redundant the very notion of the insoluble crime and, sadly, taking the mystery out of the phrase ‘murder mystery’. Unless the scene of the crime is rendered sterile, the sequencer will always know who was there.

While genetic forensics will hopefully find very occasional use, authentication, of course, will be a pervasive, everyday reality. Humans are moving on from claiming to be who they are, via passwords, to asserting, by some intrinsic property, their incontrovertible identity. Laptops already log in the user by recognising their faces or fingerprints, and security doors open if eye scans, which map the unique pattern of blood vessels on the retina, are successful. However, as critics of biometric authentication have rightly pointed out, such methods are not fail-safe because the patterns being matched may be altered by age or life events. An injury could impair a fingerprint. Cataracts are known to confuse retinal scans.

It appears that a mix of identification strategies will have to be used for foolproof authentication, and labs are already exploring an emerging market for alternative bio-markers. For instance, the US company Descartes Biometrics awaits a patent on an app which unlocks an Android phone by recognising the impression of the ear of the owner. The whorls of each ear are as unique as fingerprints. Even the left ear and the right ear of the same person are visibly different.

Since car automation is an industry priority, driver identification got off to an early start in 2011, when researchers at Tokyo’s new Advanced Institute of Industrial Technology innovated a car seat which can figure out who is sitting in it. Sensors read contact and pressure at 360 points to arrive at a matrix of weight, anatomy and posture, uniquely identifying the driver. The technology is not in production but one day, when a triumphant carjacker sits down behind the wheel, it could just kill the engine.

As it grows, the authentication industry will weed out technologies which are easy to crack. The doughty fingerprint will be the first to go. As Indian jurisprudence knows, it is all too easy to force the owner of a thumb to press it to paper to authenticate it. And more than one crime thriller depends on the stratagem of amputating the thumbs of authorised persons and pressing them to sensors on stubbornly closed doors, which spring miraculously open.

Retinal scans are less liable to manipulation. Blood vessels look different in life and death, and one would expect the image of a dead retina to ring alarm bells on presentation. But the microbiome would be a dead cert, facetiously speaking, not least because it alters rapidly upon death, making criminal interference self-defeating. But the killer feature is that it is not a single pattern, like a fingerprint or the network of retinal vessels, but an intersection of multiple genetic patterns. It could be the Holy Grail of authentication, a mesh of living signatures that is impossible to spoof.


Get live Stock Prices from BSE and NSE and latest NAV, portfolio of Mutual Funds, calculate your tax by Income Tax Calculator, know market’s Top Gainers, Top Losers & Best Equity Funds. Like us on Facebook and follow us on Twitter.

  1. Hitoshi Anatomi
    Sep 25, 2015 at 11:06 am
    Biometrics do not help solve the problem, but only help make the confusion worse. Whether face, iris, fingerprint, typing, gesture, heartbeat or brainwave, biometric authentication could be a candidate for displacing the pword if/when (only if/when) it has stopped depending on a pword to be registered in case of false rejection while keeping the near-zero false acceptance. Threats that can be thwarted by biometric products operated together with fallback/backup pwords can be thwarted more securely by pwords alone. We could be certain that biometrics would help for better security only when it is operated together with another factor by AND/Conjunction (we need to go through both of the two), not when operated with another factor by OR/Disjunction (we need only to go through either one of the two) as in the cases of Touch ID and many other biometric products on the market that require a backup/fallback pword, which only increase the convenience by bringing down the security. In short, biometric solutions could be recommended to the people who want convenience but should not be recommended to those who need security. It may be interesting to have a quick look at a slide led “PWORD-DEPENDENT PWORD-KILLER” shown at

    Go to Top