Biometrics

Biometrics ~ Introduction:

The terms"Biometrics"and"Biometry"have been used since early in the 20th century to refer to the field of development of statistical and mathematical methods applicable to data analysis problems in the biological sciences. Recently, these terms have also been used to refer to the emerging field of information technology devoted to automated identification of individuals using biological traits, such as those based on retinal or iris scanning, voice patterns, dynamic signatures, fingerprints, face recognition, or hand measurements, especially for authentication purposes. Thus biometrics can be defined as the science and technology of measuring and statistically analyzing biological data. They are measurable physiological and / or behavioral characteristics that can be utilized to verify the identity of an individual. For a layman, it could be said that biometrics are the science of measuring physical and/or behavioral characteristics that are unique to each individual and they verify that an individual is who he or she claims to be.

Often seen in science-fiction action adventure movies, face pattern matchers and body scanners seem about to emerge as replacements for computer passwords. Thus biometric techniques are of interest in any area where it is important to verify the true identity of an individual. Initially, these techniques were employed primarily in specialist high security applications, however we are now seeing their use and proposed use in a much broader range of public facing situations.

Fingerprint, facial, or other biometric data can also be placed on a smart card and users can present both the smart card and their fingerprints or faces to merchants, banks, or telephones for an extra degree of authentication.

Background ~ How it all Started:

It is tempting to think of biometrics as being sci-fi futuristic technology that we shall all be using some time in the near future. But actually the basic principles of biometric verification were understood and practiced somewhat earlier. Thousands of years earlier, the people in the Nile valley routinely employed biometric verification formally identify individuals via unique physiological parameters such as scars and a combination of features such as complexion, eye color, height and so on. Though they did not use the advanced technological tools that we do today, the basic principles used by them were similar.

Later, in the nineteenth century there was a peak of interest as researchers into criminology attempted to relate physical features and characteristics with criminal tendencies. This resulted in a variety of measuring devices being produced and much data being collected. The results were not conclusive but the idea of measuring individual physical characteristics seemed to stick and the parallel development of fingerprinting became the international methodology among police forces for identity verification.

But, for many years, a fascination with the possibility of using electronics and the power of microprocessors to automate identity verification had occupied the minds of individuals and organizations both in the military and commercial sectors. Hence, various projects were initiated to look at the potential of biometrics. In the last decade, the biometric industry has matured to a global industry shipping respectable numbers of devices and poised for significant growth as large-scale applications have started to unfold.

Basic Technique:

A biometric system is areal-time identificationsystem which identifies a person by measuring a particular physical or behavioral characteristic and later comparing it to a library of characteristics belonging to many people.Fingerprint and other biometric devices consist of a reader or scanning device, software that converts the scanned information into digital form, and wherever the data is to be analyzed, a database that stores the biometric data for comparison with previous records. When converting the biometric input, the software identifies specific points of data asmatch points. The match points are processed using an algorithm into a value that can be compared with biometric data scanned when a user tries to gain access.

Thus biometric devices can be explained with a 3-step procedure. They are -

  1. A sensor takes an observation. The type of sensor and its observation depend on the type of biometrics device used. This observation gives us aABiometric Signatureof the individual.
  2. A computer algorithmAnormalizesthe biometric signature so that it is in the same format (size, resolution, etc.) as the signatures on the system's database. The normalization of the biometric signature gives us anANormalized Signatureof the individual.
  3. A matcher compares the normalized signature with the set (or sub-set) of normalized signatures on the system's database and provides aAsimilarity scorethat compares the individual's normalized signature with each signature in the database set (or sub-set). What is then done with the similarity scores depends on the biometric system's application.

Thus a biometric system is essentially apattern recognition system,which makes a personal identification by determining the authenticity of a specific physiological, or behavioral characteristic possessed by the user. An important issue in designing a practical system is to determine how an individual is identified. Depending on the context, a biometric system can be either averification (authentication)system or anidentificationsystem.

Verifation Vs Identification:

There are two different ways to resolve a person's identity:VerificationandIdentification. Identification means establishing a person's identity Verification involves confirming or denying a person's claimed identity. Each one of these approaches has it's own complexities and could probably be solved best by a certain biometric system.

The majority of available devices operate inidentificationmode. This means that an identity is claimed by calling a particular template from storage (by the input of a PIN or presentation of a token) and then presenting a live sample for comparison, resulting in a match or no match according to predefined parameters. Thus a simpleone to one matchmay be performed quickly and generate a binary yes/no result. A few devices claim to offer biometric identification whereby the user submits his live sample and the system attempts to identify him within a database of templates.

A more complexone to many matchmay generate a multiple result according to the number and similarity of stored templates. Suppose that a large number of templates (say 750’000) are stored in a database. The user presents his live sample and the database engine starts searching. Depending on how tightly the likeness threshold parameter is defined, the search may result in a large number (say 10000) of possible identities for the user. Now filters may be applied based upon sex, ethnic origin, age and so forth in order to reduce this list to a manageable size, if this information can be captured from the user. But still the list of potential identities may be sizeable. Of course, in a smaller database this becomes less of a problem, but it is precisely with large databases that this functionality is typically sought.

All of this assumes that the system can indeed function as claimed inidentificationmode. Certain devices have been demonstrated to work well in this manner with small databases of tens of users, but the situation becomes very complicated with databases of even a few hundred. The mathematical probability of finding an exact match within such a database is extremely slim (to say the least). A large database, such as might be the case with travelers across borders for example, would be almost impossible to manage in this manner with current technology. This is without considering the time taken to search such a database and the impact of multiple concurrent users.

For these and other reasons, one should exercise extreme caution when considering biometricidentificationsystems. Whilst one can readily understand the attraction of this mode of operation, it has to date rarely been successful in practice, except in small scale and carefully controlled situations.

Verificationsystems on the other hand are straightforward in operation and may easily be deployed within a broad cross section of applications, as indeed has been the case.

Potential and Current Application Areas:

PINs (personal identification numbers) were one of the first identifiers to offer automated recognition. However they meant recognition of the PIN and not necessarily recognition of the person who provided it. Card tokens had a similar problem. A biometric however cannot be easily transferred between individuals and represents as unique an identifier. It means that verifying an individual's identity can become both more streamlined (by the user interacting with the biometric reader) and considerably more accurate as biometric devices are not easily fooled.

Reference to a number of biometrics can be seen. Some of these are rather impractical even if technically interesting. The method of identification using biometrics is preferred over traditional methods involving passwords and PIN numbers for various reasons:

(i) The person to be identified is required to be physically present at the point-of-identification.

(ii) Identification based on biometric techniques obviates the need to remember a password or carry a token.

(iii)The critical variable for identification cannot be lost or forged.

Presently, biometrics gravitate around the following methodologies -

  • Fingerprint verification -

There are a variety of approaches to fingerprint verification. Some of them try to emulate the traditional police method of matching minutiae, others are straight pattern matching devices, and some adopt a unique approach all of their own, including ultrasonics. There are a greater variety of fingerprint devices available than other biometric systems at present.

Potentially capable of good accuracy (low instances of false acceptance) fingerprint devices can also suffer from usage errors among insufficiently disciplined users (higher instances of false rejection) such as might be the case with large user bases. Fingerprint verification may be a good choice for in house systems where adequate explanation and training can be provided to users and where the system is operated within a controlled environment. It is not surprising that the workstation access application area seems to be based almost exclusively around fingerprints, due to the relatively low cost, small size (easily integrated into keyboards) and ease of integration.

  • Hand geometry -

Hand geometry is concerned with measuring the physical characteristics of the users hand and fingers, from a three-dimensional perspective. One of the most established methodologies, it offers a good balance of performance characteristics and is relatively easy to use. This methodology may be suitable where we have larger user bases or users who may access the system infrequently and may therefore be less disciplined in their approach to the system. Accuracy can be very high if desired. Hand geometry readers are deployed in a wide range of scenarios, including time and attendance recording where they have proved extremely popular. Ease of integration into other systems and processes, coupled to ease of use makes hand geometry an obvious first step for many biometric projects.

  • Voice verification -

This is a potentially interesting technique if the amount of voice communication that takes place with regard to everyday business transactions is considered. Some designs have concentrated on wall-mounted readers whilst others have sought to integrate voice verification into conventional telephone handsets. Whilst there have been a number of voice verification products introduced to the market, many of them have suffered in practice due to the variability of both transducers and local acoustics. In addition, the enrolment procedure has often been more complicated than with other biometrics leading to the perception of voice verification as unfriendly in some quarters. However, much work has been and continues to be undertaken in this context and it will be interesting to monitor progress accordingly.

  • Retinal scanning -

This is an established technology where the unique patterns of the retina are scanned by a low intensity light source via an optical coupler. Retinal scanning has proved to be quite accurate in use but does require the user to look into a receptacle and focus on a given point. This is not particularly convenient for spectacle wearers and for those who avoid intimate contact with the source used for the scan and hence this has a few user acceptance problems although the technology itself can work well.It is believed to replace traditional ID methods such as P.I.N. numbers for accessing A.T.M.s and virtually every other electronic device used for conducting business where identification is a requirement and prerequisite.

  • Iris scanning -

Iris scanning is the less intrusive of the eye related biometrics. It utilizes a conventional camera element and requires no intimate contact between user and reader. In also has the potential for higher than average template matching performance. It has been demonstrated to work with spectacles in place and with a variety of ethnic groups and is one of the few devices that can work well in identification mode. However, ease of use and system integration have not traditionally been strong points with the iris scanning devices.

  • Signature verification-

Signature verification enjoys a synergy with existing processes that other biometrics do not as people are used to signatures as a means of transaction related identity verification and mostly see nothing unusual in extending this to encompass biometrics. Signature verification devices have proved to be reasonably accurate in operation and obviously lend themselves to applications where the signature is an accepted identifier.

  • Facial recognition -

Facial recognition devices have been difficult to substantiate in practice and extravagant claims have sometimes been made them. Facial recognition is very attractive from the user perspective and they may eventually become a primary biometric methodology.

Applications ~ The Story so Far:

Most of the biometric applications are related to security and are used extensively for military purposes and other government purposes. The applications in the public domain that are available to common people include:

  • Prison visitor systems, where visitors to inmates are subject to verification procedures in order that identities may not be swapped during the visit - a familiar occurrence among prisons worldwide.
  • Driver's licenses, whereby drivers are expected to have multiple licenses or swapped licenses among themselves when crossing state lines or national borders.
  • Canteen administration, particularly on campus where subsidized meals are available to bona fide students, a system that was being heavily abused in some areas.
  • Benefit payment systems - In America, several states have saved significant amounts of money by implementing biometric verification procedures. The numbers of individuals claiming benefit has also dropped dramatically in the process, validating the systems as an effective deterrent against multiple claims.
  • Border control - A notable example for this is the INSPASS trial in America where travelers were issued with a card enabling them to use the strategically based biometric terminals and bypass long immigration queues. There are other pilot systems operating elsewhere in this respect.
  • Voting systems, where eligible politicians are required to verify their identity during a voting process. This is intended to stop ‘proxy’ voting where the vote may not go as expected.
  • Junior school areas where problems are experienced with children being either molested or kidnapped.

In addition there are numerous applications in gold and diamond mines, bullion warehouses and bank vaults as well as the more commonplace physical access control applications in industry.

Problems:

There are significant privacy and civil liberties concerns regarding the use of devices using biometrics that must be addressed before any widespread deployment. Briefly there are six major areas of concern:

  1. Storage.How is the data stored, centrally or dispersed? How should scanned data be retained?
  2. Vulnerability.How vulnerable is the data to theft or abuse?
  3. Confidence.How much of an error factor in the technology's authentication process is acceptable? What are the implications of false positives and false negatives created by a machine?
  4. Authenticity.What constitutes authentic information? Can that information be tampered with?
  5. Linking.Will the data gained from scanning be linked with other information about spending habits, etc.? What limits should be placed on the private use (as contrasted to government use) of such technology?
  6. Ubiquity.What are the implications of having an electronic trail of our every movement if cameras and other devices become commonplace, used on every street corner and every means of transportation?

Future Applications ~ Some Common Ideas:

With the increased use of computers as vehicles of information technology, it is necessary to restrict access to sensitive/personal data. By replacing PINs, biometric techniques can potentially prevent unauthorized access to or fraudulent use of ATMs, cellular phones, smart cards, desktop PCs, workstations, and computer networks. PINs and passwords may be forgotten, and token-based methods of identification like passports and driver's licenses may be forged, stolen, or lost. Thus biometric systems of identification are enjoying a renewed interest.

There are many views concerning potential biometric applications, some popular examples being -

1.ATM machine use -Most of the leading banks are considering using biometrics for ATM machine and as a general means of combating card fraud.

2.Workstation and network access

3.Travel and tourism -Many people hold the vision for a multi application card for travelers which, incorporating a biometric, would enable them to participate in various frequent flyer and border control systems as well as paying for their air ticket, hotel room, hire care etc., all with one convenient token.

4.Public identity cards

5.Internet transactions

6.Telephone transactions

Conclusion:

The increased need of privacy and security in our daily life has given birth to this new area of science. These devices are here and are present around us everywhere in the society and are here to stay for a long time to come. Indeed, it will be interesting to watch the future impact that they will have on our day-to-day lives ...

Who can tell ??? Only time ...