PREFACE
Accurate and automatic identification and authentication of users is a fundamental problem in network environments. Shared secrets such as PIN or passwords and key devices like smart cards just are not enough in some cases. What is needed is something that could verify that you are physically the person you claim to be - biometrics.
Biometric identification technologies have been associated generally with very costly top secure applications. Today the core technologies have evolved and the cost of the equipment is going down dramatically due to the integration and increasing processing power. Certain applications of biometric identification technology are now cost-effective, reliable and highly accurate. As a result, there is no technological or financial barrier for stepping from the pilot projects to widespread deployment. This paper introduces the biometric technologies and the problematic incorporated.
Contents
- Certificate
- Acknowledgement
- Preface
1.How Do Identification and Verification Differ? 1
2. Introduction 2
2.1 History
2.2 Definitions
3. Basic Architecture of Biometric Identification 6
4. Components of Biometrics 8
5. How Biometric System Matches 11
6. Biometrics
6.1 Eye 13
6.1.1 Iris
6.1.2. Retina
6.2 Face 17
6.3 Fingerprint 18
6.4 Hand geometry 22
6.5 Finger geometry 23
6.6 Palm 24
6.7 Signature 24
6.8 Voice 25
8. Comparison chart 29
9. Integration 31
9.1 APIs
9.3 Privacy
10. Applications 33
11. Benefits of Biometric Technology 35
12. Conclusions 37
1. How Do Identification and Verification Differ?
In day-to-day life most people with whom you do business verify your identity. You claim to be someone (your claimed identity) and then provide proof to back up your claim. For encounters with friends and family, there is no need to claim an identity. Instead, those familiar to you identify you, determining your identity upon seeing your face or hearing your voice
Identification (1: N, one-to-many, recognition) – The process of determining a person’s identity by performing matches against multiple biometric templates. Identification systems are designed to determine identity based solely on biometric information. There are two types of identification systems: positive identification and negative identification. Positive identification systems are designed to find a match for a user’s biometric information in a database of biometric information.
Verification (1:1, matching, authentication) – The process of establishing the validity of a claimed identity by comparing a verification template to an enrollment template. Verification requires that an identity be claimed, after which the individual’s enrollment template is located and compared with the verification template. Verification answers the question, “Am I who I claim to be?” Some verification systems perform very limited searches against multiple enrollee records. For example, a user with three enrolled fingerprint templates may be able to place any of the three fingers to verify, and the system performs 1:1 matches against the user’s enrolled templates until a match is found. One-to-few. There is a middle ground between identification and verification referred to as one-to-few (1:few). This type of application involves identification of a user from a very small database of enrollees. While there is no exact number that differentiates a 1:N from a 1:few system, any system involving a search of more than 500 records is likely to be classified as 1:N. A typical use of a 1:few system would be access control to sensitive rooms at a 50-employee company, where users place their finger on a device and are located from a small database.
2. Introduction
Before we go any further let us define exactly what we mean when we talk about biometric technologies. The term 'biometrics' refers strictly speaking to a science involving the statistical analysis of biological characteristics. Here biometrics is used in a context of making analysis of human characteristics for security purposes. The distinction can be clarified with following definition: "A biometric is a unique, measurable characteristic or trait of a human being for automatically recognizing or verifying identity." This measurable characteristic, Biometric, can be physical, such as eye, face, finger image, hand and voice or behavioral, like signature and typing rhythm. Biometric system must be able to recognize or verify it quickly and automatically. It is often said that with biometric products you are able to reach the highest level of security. To help illustrate this point, a much quoted definition is used by the biometrics industry. Three levels of security are:
- The lowest level of security is defined as something you have in your possession, such as an ID badge with a photograph on it.
- The second level of security is something that you know, such as a password used with computer login or PIN code to use your bank account card on ATM.
- The highest level of security is something what you are and something that you do. This is essentially what biometric technology is all about. It is clear that people see exciting potential in this technology.
One has to keep in mind that biometric technologies are not even at their best the sole key to security problems. Only with proper system design and smart use of strong cryptography biometric identification systems can claim their big promises. On worst scenarios possibilities of whole new kind of fraud is also possible. This is due to the fact that biometric information of large amount of individuals stored on central databases is always a risk to our privacy.
2.1 Definitions
Biometrics can be used for identification and verification of different things about human beings. Identification a.k.a recognition is one-to-many comparing process of a biometric sample or a code derived from it against all of the known biometric reference templates on file. If the acquired sample matches a template stored within error marginal the identity of the enrollee is also matched to that of the previously stored reference. The stored identity information really should not reveal the physical identity of the owner of the biometric, but instead a role which authorizes the use of service or access.
Verification is process of comparing a submitted biometric sample against single biometric reference of a single enrollee whose identity or role is being claimed. The reference template doesn't have to reside in large database but can be carried with oneself within a smart card or other security device. If the verification process is well designed the biometric information is not revealed to the system, only the result: match or non-match is confirmed. All biometric identification or authentication technologies operate using the following four stage procedure:
Capture - A physical or behavioral sample is captured by the system during enrolment and also in identification or verification process.
- Extraction - Unique data is extracted from the sample and a template is created.
- Comparison - The template is then compared with a new sample.
- Match/Non Match - The system then decides if the features extracted from the new sample are a match or a non match.
- When comparing different biometrics the probabilities of false rejection (FRR) of true owner of biometric and false acceptance of fraudulent user (FAR) are used to measure the accuracy and performance of biometric technology. Physical Biometric devices have 3 primary components:
- An automated mechanism that scans & captures a digital or analog image of a living personal characteristic.
- Another entity handles compression, processing, storage, and comparison of the captured data with the stored data.
- The third interfaces with application systems.
On biometric systems there are various template storage options. The biometric template can reside in
- Biometric device. This is usually the case on small, closed systems.
- Database on central computer.
- Plastic card or token (barcode, stripe, optical, pcmcia, smart card)
Biometric (noun) - one of various technologies that utilize behavioral or physiological characteristics to determine or verify identity. “Fingerprint is a commonly used biometric.” Plural form also acceptable: “Retina-scan and iris-scan are eye-based biometrics."
Biometrics (noun) – Field relating to biometric identification. “What is the future of biometrics?”
Biometric (adjective) – Of or pertaining to technologies that utilize behavioral or physiological characteristics to determine or verify identity. “Do you plan to use biometric identification or older types of identification?”
Biometric system - The integrated biometric hardware and software used to conduct biometric identification or verification.
2.2 History
The human beings themselves recognize each other by familiar characteristics of the face and voice, this inbuilt system is very sophisticated. The human beings have noticed the need for verifiable measurements to assure that the human sensors are not cheated. Biometrics as the word we have defined here have existed for centuries in a very simple and non sophisticated way; at the time of pharaohs height measurement was used, study of finger images dates back to ancient China. Also signatures have been an established authentication method throughout the recent history.
Automatic Biometric technology was first applied in controlling access in some top secret applications. In the late 1960’s famous device called "Identimat” was introduced. It was a machine that measured finger length and shape of the hand and was installed in a time-keeping system at Shearson Hamill, a Wall Street investment firm. It was retired as late as 1987! FBI began automatically check finger images at late 1960s and began larger scale use of automatic finger scanning systems in 70s. Today Automated Fingerprint Identification Systems (AFIS) are used by law enforcement throughout the world. Other technologies are younger and more complex. The uniqueness of human eye, especially on patterns of retina and iris, was used first time in the mid 1980s on a biometric system. Face recognition and dynamic signature verification are even newer issues. Today the emphasis has moved from the basic research towards commercialization and usability. The human factor and user interface aspects has to be taken count of, otherwise the public will choose the old, conventional way to do things.
3. Basic Architecture of Biometric Identification
To understand better biometric identification then we have to concentrate on the basic architecture of biometric model. A generic biometric model consists of five subsystems, namely
a) Data collection and transmission
Data collection involves use of sensors to detect and measure an individual’s physiological or behavioural characteristics. The measured biometric must be unique and repeatable over multiple measurements. The data collection subsystem most directly impact user .Sensor specification determines the intrusiveness of the system. Intrusiveness is the degree to which the user feels that the measurement process violates his personal space, and is often correlated to how close the user has to be near the sensor. For instance, a retinal scan, which requires close proximity to the camera, is considered far more intrusive than a voice recognition system.
b). Signal processing
The signal processing subunit uses feature extraction algorithms to extract true biometric information from the sample in the presence of noise introduced during data collection and transmission. Additional measurements are made if any flaw or corruption is noted, to ensure good quality. Pattern matching involves comparing the feature sample to a stored sample. (Biometric data can be stored locally on the biometric device, some central database/server, on a smart card issued to user.) The result of comparison is sent to the decision system to determine the match.
c) Decision making and data storage
The decision subsystem uses statistical method to confirm authentication if
the variance between the sample and template data is within a certain threshold.
4. What Are Biometrics' Basic Components and Processes?
Biometric systems convert data derived from behavioral or physiological characteristics into templates, which are used for subsequent matching. This is a multi-stage process whose stages are described below.
Enrollment - The process whereby a user’s initial biometric sample or samples are collected, assessed, processed, and stored for ongoing use in a biometric system. Enrollment takes place in both 1:1 and 1:N systems. If users are experiencing problems with a biometric system, they may need to re-enroll to gather higher quality data.
Submission - The process whereby a user provides behavioral or physiological data in the form of biometric samples to a biometric system. A submission may require looking in the direction of a camera or placing a finger on a platen. Depending on the biometric system, a user may have to remove eyeglasses, remain still for a number of seconds, or recite a pass phrase in order to provide a biometric sample.
Acquisition device – The hardware used to acquire biometric samples. The following acquisition devices are associated with each biometric technology:
Technology | Acquisition Device |
Fingerprint | Desktop peripheral, PCMCIA card, mouse, chip or reader embedded in keyboard |
Voice recognition | Microphone, telephone |
Facial recognition | Video camera, PC camera, single-image camera |
Iris recognition | Infrared-enabled video camera, PC camera |
Retina-scan | Proprietary desktop or wall-mountable unit |
Hand geometry | Proprietary wall-mounted unit |
Signature verification | Signature tablet, motion-sensitive stylus |
Keystroke biometrics | Keyboard or keypad |
Biometric sample - The identifiable, unprocessed image or recording of a physiological or behavioral characteristic, acquired during submission, used to generate biometric templates. Also referred to as biometric data. The following sample types are associated with each biometric technology:
Technology | Biometric Sample |
Fingerprint | Fingerprint image |
Voice recognition | Voice recording |
Facial recognition | Facial Image |
Iris recognition | Iris Image |
Retina-scan | Retina Image |
Hand geometry | 3-D image of top and sides of hand and fingers |
Signature verification | Image of signature and record of related dynamics measurements |
Keystroke biometrics | Recording of characters typed and record of related dynamics measurements |
Feature extraction - The automated process of locating and encoding distinctive characteristics from a biometric sample in order to generate a template. The feature extraction process may include various degrees of image or sample processing in order to locate a sufficient amount of accurate data. For example, voice recognition technologies can filter out certain frequencies and patterns, and fingerprint technologies can thin the ridges present in a fingerprint image to the width of a single pixel. Furthermore, if the sample provided is inadequate to perform feature extraction, the biometric system will generally instruct the user to provide another sample, often with some type of advice or feedback.
The manner in which biometric systems extract features is a closely guarded secret, and varies from vendor to vendor. Common physiological and behavioral characteristics used in feature extraction include the following:
Technology | Feature Extracted |
Fingerprint | Location and direction of ridge endings and bifurcations on fingerprint |
Voice recognition | Frequency, cadence and duration of vocal pattern |
Facial recognition | Relative position and shape of nose, position of cheekbones |
Iris recognition | Furrows and striations in iris |
Retina-scan | Blood vessel patterns on retina |
Hand-scan | Height and width of bones and joints in hands and fingers |
Signature verification | Speed, stroke order, pressure, and appearance of signature |
Keystroke biometrics | Keyed sequence, duration between characters |
Template – A comparatively small but highly distinctive file derived from the features of a user’s biometric sample or samples, used to perform biometric matches. A template is created after a biometric algorithm locates features in a biometric sample. The concept of the template is one of biometric technology’s defining elements, although not all biometric systems use templates to perform biometric matching: some voice recognition system utilize the original sample to perform a comparison.
Depending on when they are generated, templates can be referred to as enrollment templates or verification templates. Enrollment templates are created upon the user’s initial interaction with a biometric system, and are stored for usage in future biometric comparisons. Verification templates are generated during subsequent verification attempts, compared to the stored template, and generally discarded after the comparison. Multiple samples may be used to generate an enrollment template – facial recognition, for example, will utilize several facial images to generate an enrollment template. Verification templates are normally derived from a single sample – a template derived from a single facial image can be compared to the enrollment template to determine the degree of similarity.
5. How Do Biometric Systems Determine 'Matches'?
Biometric decision-making is frequently misunderstood. For the vast majority of technologies and systems, there is no such thing as a 100% match, though systems can provide a very high degree of certainty. The biometric decision-making process is comprised of various components, as indicated below.
Matching - The comparison of biometric templates to determine their degree of similarity or correlation. A match attempt results in a score that, in most systems, is compared against a threshold. If the score exceeds the threshold, the result is a match; if the score falls below the threshold, the result is a non-match.
Biometric comparisons take place when proprietary algorithms process biometric templates. These algorithms manipulate the data contained in the template in order to make valid comparisons, accounting for variations in placement, background noise, etc. Without the vendor algorithm, there is no way to compare biometric templates – comparing the bits which comprise the templates does not indicate if they came from the same user. The bits must be processed by the vendor as a precondition of comparison.
The matching process involves the comparison of the match template, created upon sample submission, with the reference template(s) already on file. In 1:1 verification systems, there is generally a single match template matched against a reference template. In 1:N identification systems, the single match template can be matched against dozens, thousands, even millions of reference templates.
In most systems, reference and match templates should never be identical. An identical match is an indicator that some sort of fraud is taking place, such as the resubmission of an intercepted or otherwise compromised template.
6. Biometrics
Biometric systems come in many shapes and sizes. This can range from distinct hardware, software to complete systems. All biometric systems have the principles of capture, extraction and comparison and matching in common. Different biometrics, measures or traits of human body focus on very different features. Only thing common among them is that they are considered unique.
6.1 Eye
Biometrics which analysis the eye are generally thought to offer the highest levels of accuracy. They can be divided in two specific technologies: examination of iris and retina patterns. As internal parts of human eye are very well protected the sight being the most important sensor, the biometric data is also safe and immune to degradation in normal life on the contrary to more external parts like fingertips. In medical science examination of the eye is used as one indication that could reveal the certain illnesses and for example the user excessive usage of drugs and alcohol. This is information the user does not necessarily want to reveal to the operator of the scanning device. According to the equipment manufacturers, they concentrate into extracting the unique pattern from the eye, and not any other information, thus ensuring the privacy of user.
6.1.1 Iris
The iris is the only internal organ normally visible from outside the body. The main feature of iris is that it is protected internal organ of the eye, behind the cornea and the aqueous humour. Visually examined iris is the colored ring of textured tissue that surrounds the pupil of the eye as shown.
Each iris is a unique structure, featuring a complex system which is stable and unchanging throughout life and is not very susceptible to wear and injury. Indeed, an individual’s right and left iris patterns are completely different.
Iris scanning takes advantage of random variations in the visible features the iris, the colored part of the eye. The iris consists largely of a system of muscle that expand and contract the pupil in response to changing lighting conditions. After taking a picture of the eye, the system samples the radial and angular variations of each individual iris to form an Iris Code, a digital file that serves as a reference in database. A person using the system simply looks into a camera. The computer program then locates the iris. Next, the system locates the iris' outer and inner edges.
Sample of Iris to form Iris Code
The monochrome camera uses both visible and infrared (700-900nm) light. The program maps segments of the iris into hundreds of vectors. Then analyze the information density of iris patterns roughly at the rate of 3.4 bits per square millimetre. Position, orientation and spatial frequency provide the basis for calculation of the Iris Code. The system also manages to take into account normal changes in the eye. For example, the system compensates for papillary expansion and contraction. It can also detect reflections from the cornea. There are two types of iris recognition systems: automatic capture and manual capture. In the manual system, the user must adjust the camera forward or backward a few inches in order to bring the iris into focus. Further the user must be within 6 – 12 inches of the camera. This requires substantial supervision and instruction.
Manual Iris Scan security system
The automatic capture system incorporates a set of cameras to automatically locate the users face and eye, therefore removing the need to manually focus the camera. This system is substantially easier to use.
How to use iris recognition?
User positions him or herself near the acquisition device (peripheral or standalone camera). User centers eye on device so he or she can see the eye’s reflection. Depending on the device, the user is between 2-18 inches away. Capture and verification are nearly immediate. Typical verification time from “system ready” prompt: 3-5 seconds.
6.1.2. Retina
The retina is the layer of blood vessels situated at the back of the eye. As
with iris, the retina forms a unique pattern and begins to decay quickly after death. Retina biometrics often thought, along with the iris scanning, to be the most accurate of all the biometrics. The technique used to capture data from the retina is often thought to be the most inconvenient for end users. A user must position the eye approximately three inches from an eyepiece, stabilize head movement and focus on a green dot. After this has been performed the system uses a beam of light to capture the unique characteristics in the area known as fovea, situated in the center of retina. Because of the high accuracy, the retina biometrics are usually found in the high security applications where preventing false acceptance is extremely important. Partly this is achieved by setting high threshold for accepting the scanned biometric.
How to use retina scan?
User looks into a small opening on a desktop or wall-mounted device. User holds head very still, looking at a small green light located within the device. Typical verification time from “system ready” prompt: 10-12 seconds
6.2 Face
Face recognition technologies analyze the unique shape, pattern and positioning of facial features. The face is natural biometric because it is a key component in the way we humans remember and recognize each other. Face recognition is very complex technology and largely software based. Artificial intelligence is used to simulate human interpretation of faces. The problem with human face is that people do change over time; wrinkles, beard, glasses and position of the head can affect the performance considerably. To increase the accuracy and adapt to these changes some kind of machine learning has to be implemented.
There are essentially two methods of capture: using video or thermal imaging. Video is more common as standard video cameras can be used. The precise position and angle of the head and surrounding lightning conditions may affect the system's performance.
The complete facial image is usually captured and a number of points on the face can then be mapped, position of the eyes, mouth and nostrils as example. More advanced technologies make three-dimensional map of the face which multiplies the possible measurements that can be made. Thermal imaging has better accuracy as it uses facial temperature variations caused by vein structure as the distinguishing trait. As the heat pattern is emitted from the face itself without source of external radiation these systems can capture images despite the lighting conditions, even in the dark. The drawback is cost, thermal cameras are significantly more expensive than standard video. One-to-one verification is mainly used with this method. Certain new systems have announced the possibility to one-to-many identification, even real time from live video feed.
How to use facial recognition?
In this the User faces the camera, preferably positioned within 24 inches of the face. Generally, the system will locate one’s face very quickly and perform matches against the claimed identity. In some situations, the user may need to alter his facial aspect slightly to be verified. Typical verification time from “system ready” prompt: 3-4 seconds.
6.3 Fingerprint scanning
Fingerprint scanning is one of the most commercially successful biometric technologies used for the identification these days in the world. Systematic classification of fingerprints scanning started in the 1800's and is developed further through extensive use in forensic societies. The technology has got fairly positive user response in the enrolled pilot projects, while drawbacks and disappointments have occurred through the years. Taking ones fingerprints is often associated in the way criminals are treated. The main points for which fingerprints are generally used for scanning are as
- Positive identification and tighter security than existing token systems (e.g., proximity cards, magnetic keys, swipe cards, passwords) that can easily be lost, borrowed, stolen, or hacked
- Convenience and ease-of-use due to no more hassles with lost or stolen keys, swipe cards, or badges
- State-of-the-art biometric technology
- Lower Maintenance Costs – no cards to buy/replace
- Complete installation
- "Irrefutable" access information
- Forensic logging
- Toll-free customer support
- Free security audit & analysis
- Flexible financing- affordable monthly payment options
- Comprehensive training
- Significant cost advantages over older, traditional access solutions
Traditional finger scanning technique is analysis of small unique marks of the finger image known as minutiae. Minutiae points such as finger image ridge endings or bifurcations, branches made by ridges. The relative position of minutiae is used for comparison, and according to empirical studies, two individuals will not have eight or more common minutiae. Because no fingers have identical prints, even from the same person or identical twins. Fingerprint matching techniques can be placed into two categories:
- Minutae based
Minutiae-based techniques first find minutiae points and then map their relative placement on the finger. However, there are some difficulties when using this approach. It is difficult to extract the minutiae points accurately when the fingerprint is of low quality. Also this method does not take into account the global pattern of ridges and furrows.
Digitized fingerprint image with the minutiae points extracted.
b) correlation based
The correlation-based method is able to overcome some of the difficulties of the minutiae-based approach. However, it has some of its own shortcomings. Correlation-based techniques require the precise location of a registration point and are affected by image translation and rotation.
Correlation method for detection of registration point
Finger scanning is not immune to environmental disturbance. As the image is captured when the finger is touching the scanner device it is possible that dirt, condition of the skin, the pressure and alignment of the finger all affect the quality of fingerprint. This has appeared to be a problem with the introduction of the system; users had to wipe and clean their fingers each time before scanning their finger if they did not want to be falsely rejected. To minimize the degradation caused by erroneous user interaction usability and ergonomics have to be taken special care of. When capturing the fingerprint image directly from the fingertip, a.k.a "live-scan", four main techniques are available:
- Optical image capture typically involves a light source which is refracted trough a prism. Users place a finger on a glass surface known as platen. Light shines on the parts of the fingertip touching the glass and the formed image is captured.
- Tactile or thermal techniques use sophisticated silicon chip sensitive to pressure or heat to capture the finger image. Thermal image maps also heat patterns detail that is below the surface adding the accuracy rejecting artificial finger mock-ups.
- Capacitance silicon sensors measure electrical charges and give an electrical signal from the areas where the finger ridges are touching the sensor surface. No signal is generated by the valleys.
- Ultrasound image capture.
Finger scanning is suitable to both one-to-one verification and one-to-many identification schemes. When talking about identification usually we're concerned about the AFIS systems predominantly used by law enforcement organizations around the world. It is developed for rapid and automatic comparison of single finger images with a large database of known images. In addition of live-scans, images collected from criminal suspects and crime scenes, known as latent can be added to the database. As the system has been in use for some time now databases have grown very large. For example FBI database contains approximately 70 million fingerprints.
More developed algorithms are prepared which are more robust to noise in fingerprint images and deliver increased accuracy in real-time. A commercial fingerprint-based authentication system requires a very low False Reject Rate (FAR) for a given False Accept Rate (FAR). This is very difficult to achieve with any one technique. We are investigating methods to pool evidence from various matching techniques to increase the overall accuracy of the system. In a real application, the sensor, the acquisition system and the variation in performance of the system over time is very critical. We are also testing our system on a limited number of users to evaluate the system performance over a period of time.
How to use finger recognition?
In this the user gently places his or her finger on a postage-stamp sized optical or silicon surface. This surface, known as a platen, is built into a peripheral device, mouse, keyboard, or PCMCIA card. The user generally must hold the finger in place for 1-2 seconds, during which automated comparison and matching takes place. After a successful match, the user has access to programs, files, or resources. Typical verification time from “system ready” prompt: 2-3 seconds
6.4 Hand geometry
When measuring hand geometry biometrics, three-dimensional image of the hand is taken and the shape and length of fingers and knuckles are measured. Hand geometry has been in use for many years in various applications, predominantly for access control. The technology does not achieve the highest levels of accuracy but it is convenient and fast to use. On the capture process a user places a hand on the reader, aligning fingers with specially positioned guides. Cameras, positioned on above and on the side of hand capture images from which measurements are taken at selected points. As the hand geometry is not found to be as unique as for example fingerprints or eye scans it cannot be used as accurate identification. Because of its user-friendliness it is well suited to user id verification.
Hand with biometric measurement visualized Image
how to use hand recognition?
User places hand, palm-down, on an 8 x 10 metal surface with five guidance pegs. Pegs ensure that fingers are placed properly, ensure correct hand position. Typical verification time from “system ready” prompt: 2-3 seconds.
6.5 Finger geometry
Finger geometry biometric is very closely related to hand geometry. The
use of just one or two fingers means more robustness, smaller devices and even higher throughput. Two variations of capture processes are used, first being similar to hand geometry presented above. The second technique requires the user to insert a finger into a tunnel so that three-dimensional measurements of the finger can be made.
6.6 Palm scanning
Palm biometrics is close to finger scanning and in particular AFIS technology. Ridges, valleys and other minutiae data are found on the palm as with finger images. Main interest in palm biometrics industry is law enforcement as latent images - "palmprints" - found from the crime scenes are equally useful as latent fingerprints. Certain vendors are also looking at the access control market and hope to follow the footsteps of finger scanning.
6.7 Signature
Signature is one of the most accepted methods of asserting ones identity. As we normally use it the signature is scrutinized as a static trace of pen on the paper. In digitized form the static geometry of signature is not enough to ensure the uniqueness of its author.
Signature biometrics often referred to dynamic signature verification (DSV) and look at the way we sign our names. The dynamic nature differentiates it from the study of static signatures on paper. Within DSV a number of characteristics can be extracted from the physical signing process. Examples of these behavioral characteristics are the angle of the pen is held, the time taken to sign, velocity and acceleration of the tip of the pen, number of times the pen is lifted from the paper. Despite the fact that the way we sign is mostly learnt during the years it is very hard to forge and replicate.
Signature data can be captured via a special sensitive tablet or pen, or both. On some simpler cases equipment found rather cheap from normal computer stores can be used. A variation on these techniques has been developed and is known as acoustic emission. This measures the sound that a pen makes against paper. Because of the behavioral nature of signature, more than one signature enroll is needed so that the system can build a profile of the signing characteristic.
How to use signature recognition?
User positions himself to sign on tablet (if applicable). When prompted, user signs name in tablet’s capture area. Typical verification time from “system ready” prompt: 4-6 seconds.
Voice biometrics examines particularly the sound of the voice. Therefore it has to be distinguished as a technology from the also very much researched field of speech recognition. On the following these few closely related but different terms are explained. Speech recognition can be defined as a system that recognizes words and phrases that are spoken. Voice identification has been derived from the basic principles of speech recognition.
- Speaker recognition focuses on recognizing the speaker, and is accomplished either by speaker verification or speaker identification.
- Speaker verification is a means of accepting or rejecting the claimed identity of a speaker.
- Speaker identification is the process of determining which speaker is present based solely on the speaker's utterance. The speaker identification application evaluates the input with models stored in a database to determine the speaker's identity.
The sound of a human voice is caused by resonance in the vocal tract. The length of the vocal tract, the shape of the mouth and nasal cavities are all important. Sound is measured, as affected by these specific characteristics. The technique of measuring the voice may use either text dependent or text independent. On the former speech templates are made from a number of words or phrases which are trained in the system. On the latter the voice is analyzed as syllable, phoneme, triphone or more fine-grained part at a time so on the recognition phase speaker doesn't have to use specific words. On most sophisticated systems the factors analyzed are dependent only on unique physical characteristics of the vocal tract so if you catch a cold or use different tones of speech is not affect the performance of the system.
Evident threat to poorly designed speaker recognition/verification system is replay attack especially when text dependent methods are used. The only way to get completely around of it is to combine voice recognition to other biometric methods. The text independent method gives much more freedom in the voice analyzing interaction, the scene is then more alike a challenge-response pair. In applications, such as phone banking and other man-machine interaction which is voice controlled the voice could be constantly monitored and verified to be authorized.
How to use voice recognition?
User positions him or herself near the acquisition device (microphone, telephone). At the prompt, user either recites enrollment pass phrase or repeats pass phrase given by the system. Typical verification time from “system ready” prompt: 4-6 seconds
7. Future biometrics
A system that analyses the chemical make-up of body odor is currently in development. In this system sensors are capable of capturing body odor from non-intrusive parts of the body such as the back of the hand. Each unique human smell consists of different amount of volatiles. These are extracted by the system and converted into a biometric template.
a) DNA SCANNING
All testing and fastest possible analysis of the human DNA takes at least 10 minutes to complete and it needs human assistance. Thus, it cannot be considered as biometric technology in its sense of being fast and automatic. Additionally current DNA capture mechanisms, taking a blood sample or a test swab inside of the mouth, are extremely intrusive compared to other biometric systems. Apart from these problems DNA, as a concept, has a lot of potential.
b) EAR SHAPE
Ear shape biometrics research is based on law enforcement needs to collect ear markings and shape information from crime scenes. It has some potential in some access control applications in similar use as hand geometry. There are not excessive research activities going on with the subject.
c) KEYSTROKE DYNAMIC SCANNING
Keystroke dynamics is a strongly behavioral, learnt biometric. As being behavioral, it evolves significantly as the user gets older. One of the many problems includes that highly sophisticated measuring software and statistical calculations have to be made real time if the user actions should be constantly verified. Standard keyboard could be used in simplest cases.
d) VEINCHECK
Veincheck is a technique where infrared camera is used to extract vein pattern from the back of the hand. The pattern is very unique and the capture method is user friendly and non-intrusive as hand geometry check. Maybe combining them could result very accurate and easy-to-use biometric. The body of human being has indefinite number of details which could be used for biometric measurement. The habit to use clothes renders major of those unresearched details out of sight from non-intrusive measurement devices. Despite the most of the visible and audible traits of man have been already mapped out the race of finding new biometrics still goes on. As an example, there is even talk of a device that could measure the frequency emitted from the vibration of a person's major organs.
8. Comparison chart
With the following chart the features of major biometrics can be compared side to side.
9. Integration
9.1 APIs
To make interoperability possible between the access control or other application software and the biometric scanning hardware devices standardization and application programming interfaces (APIs) are needed. Beneath the API layer is hardware dependent driver software which is supplied from the hardware manufacturer. Due to the nature of and rather young age of the technology most of the system providers use proprietary interfaces to their hardware.
The following interfaces are available or are confirmed to be under development:
Name | Author | Comments |
BAPI | BAPI Working Group - BWG (many companies) | Deigned primarily for fingerprint scanners. Claimed to fit also to other technologies. |
Bio API | Bio API Consortium (many companies) | Multilevel, object oriented approach. In rather early stage. |
HA-API | DoD/US governmental | Research project to define a generic API to various biometric technologies. The spec. and reference implementation will be made available for free. |
Voice API / SVAPI / SRAPI | SVAPI committee (many companies) | Targeted to only speaker verification and identification systems. |
9.2 Privacy
Biometric templates of people provide a reference from one human being unique to just one identity. This can be too tempting target to link different personal data to if stored on a central database. Solutions with central databases are reasoned for better service. For example replacement of smart card which has biometric information inside is time consuming and inconvenient if the biometric data cannot be recovered from anywhere else than the users body itself. In the privacy point of view storing templates on central databases, even in encrypted form, is always a possible threat. The biometric information is not needed there, in most cases unique but anonymous identifiers could be stored instead. These identifiers would then be referred to when the person initiates authorization sequence, authenticity is then validated by cryptographic challenge-response sequence with the smart card holding the secret key.
The problematics with the key management with the biometric methods stays the same as in any other distributed authorization scheme. One possible improvement to this could be technique called biometric encryption. In that concept the biometric scan itself could be converted to unique key that could be used in encryption or hash algorithms or to anonymize the user information. One problem is that the nature of encryption algorithms are far from fuzzy computation that would be needed when using biometric scans, the scan is identical to another scan of the same trait only in probabilistic relation, they are never exactly the same. If not secured by methods of strong cryptography the communication with the external scanner and for example a PC could be vulnerable to replay attack. The best way could be that the biometric data is not transferred externally in any case. This could be possible with smart cards with finger scanning device incorporated. It is possible as a technique today but the cost limits its use on larger scale right away.
The SPKI schemes and standards like X.509 will definitely incorporate the means and terms of storing the biometric data in the same hierarchy of trust as the public and secret keys.
10. Applications
These days biometric is playing an important role in many application which are listed below
10.1 INTERNET SECURITY
Litronix, USA, a leading provider of public key infrastructure (PKI)-based Internet security solution, has developed biometric identification techniques for use in electronic data applications such as digital networks and smart cards. Apart from Iris, Voice and handwritten signature recognition can be used for authentication purpose when digitally signing a document or obtaining access to secure webpages. The smart card, integrating voice and handwritten functions, incorporates the appropriate biometric template to deliver the final match and authorization. There is planning to incorporate capture, manipulation, enrollment, and extraction features in the smart card reader also.
10.2 CYBER SECURITY
Cyber security has been built- in signature security management features of Adobe Acrobat software. This software enables the handwritten signature to be included as an electronic signature in any Acrobat portable document format (PDF) file on the web. Anyone can online use his handwritten signature to authorise and sign electronic Acrobat documents. Costs involved in businesses are reduced, as signed document and forms are available online, and productivity and security are increased when vendors and suppliers can quickly access sighed, secure and trusted electronic documents.
10.3 BIOMETRIC SMART CARD
Polaroid and Atmel have developed secure identity cards that merge ultra-secure smart card, Finger print verification, Biometric imaging. These cards will be used in e-commerce, online, remote access, and any IT environment where authentication is required.
The information stored in the card is protected by circuits inside the card that perform encryption/decryption of the data in the card. The tiny smart card circuits in these ID cards are actually integrated circuits, called smart card ICs, supplied by Atmel’s smart card ICs can perform critical encryption/decryption functions within the card and are able to securely identify the person or system reading the card.
The cards, known as ATSSSC1608 smart card ICs, provide 17408 bits of serial EEPROM memory organized into nine zones, of which there are eight user zones and one configuration zone. These provide secure identification without the need for a microprocessor. The chip include 64-bit authentication, eight sets of passwords, and authentication and passwords counters.
10.4 BIOMETRIC CELLULARS
Fujistu microelectronics has developed an innovative fingerprint identification system that combines sweep sensor technology with advanced algorithms to provide a powerful, dependable, easy-to-use authentication for PDAs, cell phones, and other mobile devices. The sensor measure just 1.28x0.20cm and is powered by sophisticated algorithms that generate unique minutiae templates that correspond to specific fingerprint features. A single fingerprint sweep across the sensor capture fingerprint feature to rapidly authenticate user of cell phones and PDAs.
11. What are the Benefits of Biometric Technology?
For employers
Reduced costs – password maintenance
Reduced costs – no buddy punching
Increased security – no shared or compromised passwords
Increased security – deter and detect fraudulent account access
Increased security – no badge sharing in secure areas
Competitive advantage – familiarity with advanced technology
For employees
Convenience – no passwords to remember or reset
Convenience – faster login
Security – confidential files can be stored securely
Non-repudiation – biometrically transactions difficult to refute
For consumers
Convenience – no passwords to remember or reset
Security – personal files, including emails, can be secured
Security – online purchases safer when enabled by biometric
Privacy – ability to transact anonymously
For retailers (online and point-of-sale)
Reduced costs – biometric users less likely to commit fraud
Competitive advantage – first to offer secure transaction method
Security – account access much more secure than via password
For public sector usage
Reduced costs – strongest way to detect and deter benefits fraud
Increased trust – reduced entitlement abuse
12. Conclusions
Authorizing the user with secret PIN and physical token is not enough for applications where the importance of user being really the one certified is emphasized. If biometric technologies are not used we accept the possibility that the token and secrecy of PIN can be compromised. On applications like bank account cards the companies count the money lost because of fraud and value the risk with the bottom line. When new uses like electronic id-cards which are validated with automation emerge the possible harm done to a individual cannot be paid back to account, it must be prevented.
Biometrics itself is not solution to this problem. It just provides means to treat the possible user candidates uniquely. When doing so biometric system handles the unique data scanned from the user. Secrecy of this information has to be ensured by strong cryptographic methods. The best case could still be that the biometric templates would never leave the scanner device, with or without encryption. The result should only be granting the scanning device, which could be special smart card carried by user itself, to complete the challenge-response sequence needed. In that case your fingerprint may be the password, but the problematics with management of public and secret cryptographic keys stays the same.
References
www.internationalbiometricsgroup.com
1