IntroductionIn our global information society, there is an ever-growing need to authenticate individuals. Biometrics-based authentication is emerging as a reliable method that can overcome some of the limitations of the traditional automatic personal identification technologies. Automated biometrics deal with physiological and/or behavioral characteristics, such as a fingerprint, signature, palmprint, iris, hand, voice or face, which can be used to authenticate a person's claim to a certain identity or establish a person's identity from a large database. With the rapid progress made in electronics and Internet commerce and with the increased emphasis on security, there will be a growing need for secure transaction processing using biometrics technology.
Biometrics is expected to be incorporated in solutions to provide for Homeland Security including applications for improving airport security, strengthening our national borders, in travel documents, visas and in preventing ID theft. Now, more than ever, there is a wide range of interest in biometrics across federal, state, and local governments. Congressional offices and a large number of organizations involved in many markets are addressing the important role that biometrics will play in identifying and verifying the identity of individuals and protecting national assets.
There are many needs for biometrics beyond Homeland Security. Enterprise-wide network security infrastructures, secure electronic banking, investing and other financial transactions, retail sales, law enforcement, and health and social services are already benefiting from these technologies. A range of new applications can been found in such diverse environments as amusement parks, banks, credit unions, and other financial organizations, Enterprise and Government networks, passport programs and driver licenses, colleges, physical access to multiple facilities (e.g., nightclubs) and school lunch programs.
Biometrics are automated methods of recognizing a person based on a physiological or behavioral characteristic. Among the features measured are; face, fingerprints, hand geometry, handwriting, iris, retinal, vein, and voice. Biometric technologies are becoming the foundation of an extensive array of highly secure identification and personal verification solutions. As the level of security breaches and transaction fraud increases, the need for highly secure identification and personal verification technologies is becoming apparent.
Biometric-based solutions are able to provide for confidential financial transactions and personal data privacy. The need for biometrics can be found in federal, state and local governments, in the military, and in commercial applications. Enterprise-wide network security infrastructures, government IDs, secure electronic banking, investing and other financial transactions, retail sales, law enforcement, and health and social services are already benefiting from these technologies.
Physiological or BehavioralTo elaborate on this definition, physiological biometrics are based on measurements and data derived from direct measurement of a part of the human body. Fingerprint, iris-scan, retina-scan, hand geometry, and facial recognition are leading physiological biometrics.
Behavioral characteristics are based on an action taken by a person. Behavioral biometrics, in turn, are based on measurements and data derived from an action, and indirectly measure characteristics of the human body. Voice recognition, keystroke-scan, and signature-scan are leading behavioral biometric technologies. One of the defining characteristics of a behavioral biometric is the incorporation of time as a metric - the measured behavior has a beginning, middle and end.
Verification vs IdentificationA biometric system is essentially a pattern recognition system which makes a personal identification by determining the authenticity of a specific physiological or behavioral characteristic possessed by the user. An important issue in designing a practical system is to determine how an individual is identified. Depending on the context, a biometric system can be either a verification (authentication) system or an identification system.
There are two different ways to resolve a person's identity: verification and identification. Verification (Am I whom I claim I am?) involves confirming or denying a person's claimed identity. In identification, one has to establish a person's identity (Who am I?). Each one of these approaches has it's own complexities and could probably be solved best by a certain biometric system.
In day-to-day life most people with whom you do business verify your identity. You claim to be someone (your claimed identity) and then provide proof to back up your claim. For encounters with friends and family, there is no need to claim an identity. Instead, those familiar to you identify you, determining your identity upon seeing your face or hearing your voice.
These two examples illustrate the difference between the two primary uses of biometrics: identification and verification.
Identification (1:N, one-to-many, recognition) - The process of determining a person's identity by performing matches against multiple biometric templates. Identification systems are designed to determine identity based solely on biometric information. There are two types of identification systems: positive identification and negative identification. Positive identification systems are designed to find a match for a user's biometric information in a database of biometric information.
Positive identification answers the "Who am I?," although the response is not necessarily a name - it could be an employee ID or another unique identifier. A typical positive identification system would be a prison release program where users do not enter an ID number or use a card, but simply look at a iris capture device and are identified from an inmate database. Negative identification systems search databases in the same fashion, comparing one template against many, but are designed to ensure that a person is not present in a database. This prevents people from enrolling twice in a system, and is often used in large-scale public benefits programs in which users enroll multiple times to gain benefits under different names.
Not all identification systems are based on determining a username or ID. Some systems are designed determine if a user is a member of a particular category. For instance, an airport may have a database of known terrorists with no knowledge of their actual identities. In this case the system would return a match, but no knowledge of the person's identity is involved.
Verification (1:1, matching, authentication) - The process of establishing the validity of a claimed identity by comparing a verification template to an enrollment template. Verification requires that an identity be claimed, after which the individual's enrollment template is located and compared with the verification template. Verification answers the question, "Am I who I claim to be?" Some verification systems perform very limited searches against multiple enrollee records. For example, a user with three enrolled fingerprint templates may be able to place any of the three fingers to verify, and the system performs 1:1 matches against the user's enrolled templates until a match is found. One-to-few. There is a middle ground between identification and verification referred to as one-to-few (1:few). This type of application involves identification of a user from a very small database of enrollees. While there is no exact number that differentiates a 1:N from a 1:few system, any system involving a search of more than 500 records is likely to be classified as 1:N. A typical use of a 1:few system would be access control to sensitive rooms at a 50-employee company, where users place their finger on a device and are located from a small database.
ApplicationsBiometrics is a rapidly evolving technology which is being widely used in forensics such as criminal identification and prison security, and has the potential to be used in a large range of civilian application areas. Biometrics can be used to prevent unauthorized access to ATMs, cellular phones, smart cards, desktop PCs, workstations, and computer networks. It can be used during transactions conducted via telephone and internet (electronic commerce and electronic banking). In automobiles, biometrics can replace keys with key-less entry devices.
Biometrics TechnologiesThe primary biometric disciplines include the following:
¤ Fingerprint (optical, silicon, ultrasound, touch less)
¤ Facial recognition (optical and thermal)
¤ Voice recognition (not to be confused with speech recognition)
¤ Hand geometry
¤ Palm-scan (forensic use only)
Disciplines with reduced commercial viability or in exploratory stages include:
¤ Ear shape
¤ Odor (human scent)
¤ Vein-scan (in back of hand or beneath palm)
¤ Finger geometry (shape and structure of finger or fingers)
¤ Nailbed identification (ridges in fingernails)
¤ Gait recognition (manner of walking)
How It WorksBiometric systems convert data derived from behavioral or physiological characteristics into templates, which are used for subsequent matching. This is a multi-stage process whose stages are described below.
Enrollment - The process whereby a user's initial biometric sample or samples are collected, assessed, processed, and stored for ongoing use in a biometric system. Enrollment takes place in both 1:1 and 1:N systems. If users are experiencing problems with a biometric system, they may need to re-enroll to gather higher quality data.
Submission - The process whereby a user provides behavioral or physiological data in the form of biometric samples to a biometric system. A submission may require looking in the direction of a camera or placing a finger on a platen. Depending on the biometric system, a user may have to remove eyeglasses, remain still for a number of seconds, or recite a pass phrase in order to provide a biometric sample.
Acquisition device - The hardware used to acquire biometric samples. The following acquisition devices are associated with each biometric technology:
|Desktop peripheral, PCMCIA card, mouse, chip or reader embedded in keyboard
|Video camera, PC camera, single-image camera
|Infrared-enabled video camera, PC camera
|Proprietary desktop or wall-mountable unit
|Proprietary wall-mounted unit
|Signature tablet, motion-sensitive stylus
|Keyboard or keypad
Biometric sample - The identifiable, unprocessed image or recording of a physiological or behavioral characteristic, acquired during submission, used to generate biometric templates. Also referred to as biometric data. The following sample types are associated with each biometric technology:
|3-D image of top and sides of hand and fingers
|Image of signature and record of related dynamics measurements
|Recording of characters typed and record of related dynamics measurements
Feature extraction - The automated process of locating and encoding distinctive characteristics from a biometric sample in order to generate a template. The feature extraction process may include various degrees of image or sample processing in order to locate a sufficient amount of accurate data. For example, voice recognition technologies can filter out certain frequencies and patterns, and fingerprint technologies can thin the ridges present in a fingerprint image to the width of a single pixel. Furthermore, if the sample provided is inadequate to perform feature extraction, the biometric system will generally instruct the user to provide another sample, often with some type of advice or feedback. The manner in which biometric systems extract features is a closely guarded secret, and varies from vendor to vendor. Common physiological and behavioral characteristics used in feature extraction include the following:
|Location and direction of ridge endings and bifurcations on fingerprint
|Frequency, cadence and duration of vocal pattern
|Relative position and shape of nose, position of cheekbones
|Furrows and striations in iris
|Blood vessel patterns on retina
|Height and width of bones and joints in hands and fingers
|Speed, stroke order, pressure, and appearance of signature
|Keyed sequence, duration between characters
Just as the feature extraction process is a closely held secret, the manner in which information is organized and stored in the template is proprietary to biometric vendors. Biometric templates are not interoperable - a template generated in vendor A's fingerprint system cannot be compared to a template generated in vendor B's fingerprint system. Biometric decision-making is frequently misunderstood. For the vast majority of technologies and systems, there is no such thing as a 100% match, though systems can provide a very high degree of certainty. The biometric decision-making process is comprised of various components, as indicated below.
Matching - The comparison of biometric templates to determine their degree of similarity or correlation. A match attempt results in a score that, in most systems, is compared against a threshold. If the score exceeds the threshold, the result is a match; if the score falls below the threshold, the result is a non-match.
Biometric comparisons take place when proprietary algorithms process biometric templates. These algorithms manipulate the data contained in the template in order to make valid comparisons, accounting for variations in placement, background noise, etc. Without the vendor algorithm, there is no way to compare biometric templates - comparing the bits which comprise the templates does not indicate if they came from the same user. The bits must be processed by the vendor as a precondition of comparison.
The matching process involves the comparison of the match template, created upon sample submission, with the reference template(s) already on file. In 1:1 verification systems, there is generally a single match template matched against a reference template. In 1:N identification systems, the single match template can be matched against dozens, thousands, even millions of reference templates.
In most systems, reference and match templates should never be identical. An identical match is an indicator that some sort of fraud is taking place, such as the resubmission of an intercepted or otherwise compromised template.
Score - A number indicating the degree of similarity or correlation of a biometric match. Traditional verification methods - passwords, PINs, keys, and tokens - are binary, offering only a strict yes/no response. This is not the case with most biometric systems. Nearly all biometric systems are based on matching algorithms that generate a score subsequent to a match attempt. This score represents the degree of correlation between the match template and the reference template. There is no standard scale used for biometric scoring: for some vendors a scale of 1-100 might be used, others might use a scale of -1 to 1; some vendors may use a logarithmic scale and others a linear scale. Regardless of the scale employed, this verification score is compared to the system's threshold to determine how successful a verification attempt has been.
Incidentally, many systems return a score during enrollment, referred to as an enrollment score or quality score. This score refers to how successful the extraction process was at finding distinctive features in the biometric sample. If the sample was rich in information, there will likely be a high enrollment score. This score is not used in the matching process, but might be used to determine whether a user can enroll successfully. A low quality score may indicate that the user cannot be reliable verified.
Threshold - A predefined number, often controlled by a biometric system administrator, which establishes the degree of correlation necessary for a comparison to be deemed a match. If the score resulting from template comparison exceeds the threshold, the templates are a "match" (though the templates themselves are not identical).
When a biometric system is set to low security, the threshold for a successful match is more forgiving than when a system is set to high security.
Decision - The result of the comparison between the score and the threshold. The decisions a biometric system can make include match, non-match, and inconclusive, although varying degrees of strong matches and non-matches are possible. Depending on the type of biometric system deployed, a match might grant access to resources, a non-match might limit access to resources, while inconclusive may prompt the user to provide another sample.
One of the most interesting facts about most biometric technologies is that unique biometric templates are generated every time a user interacts with a biometric system. As an example, two immediately successive placements of a finger on a biometric device generate entirely different templates. These templates, when processed by a vendor's algorithm, are recognizable as being from the same person, but are not identical. In theory, a user could place the same finger on a biometric device for years and never generate an identical template.
Therefore, for most technologies, there is simply no such thing as a 100% match. This is not to imply that the systems are not secure - biometric systems may be able to verify identify with error rates of less than 1/100,000 or 1/1,000,000. However, claims of 100% accuracy are misleading and are not reflective of the technology's basic operation.
Benefits For employers Reduced costs - password maintenance
Reduced costs - no buddy punching
Increased security - no shared or compromised passwords
Increased security - deter and detect fraudulent account access
Increased security - no badge sharing in secure areas
Competitive advantage - familiarity with advanced technology
For employees Convenience - no passwords to remember or reset
Convenience - faster login
Security - confidential files can be stored securely
Non-repudiation - biometrically transactions difficult to refute
For consumers Convenience - no passwords to remember or reset
Security - personal files, including emails, can be secured
Security - online purchases safer when enabled by biometric
Privacy - ability to transact anonymously
For retailers (online and point-of-sale)
Reduced costs - biometric users less likely to commit fraud
Competitive advantage - first to offer secure transaction method
Security - account access much more secure than via password
For public sector usage
Reduced costs - strongest way to detect and deter benefits fraud
Increased trust - reduced entitlement abuse
Are Biometric Systems Difficult to Use? Biometrics are much easier to use than one might expect. Here is a brief technology-by-technology summary of how one interacts with biometric systems.
Application designAs in all good application designs, it is the business process requirements which should drive the design - not the other way around. Similarly the specific type of biometric chosen, i.e., fingerprints, iris codes, hand geometry etc. should reflect the application requirements - the application should not be a slave to an individual biometric methodology.
A successful application development and deployment scenario may follow a path something like the following;
Identify the business and operational requirements clearly, together with any current problems and the effect they are having on the situation.
Develop and agree a suitable business process which has the potential to significantly improve on the current situation, given the current state of technology.
Quantify the operational logistics such as (in an access control context) number of people, time profile / distribution of transactions, type of entry point, target transaction time, environmental considerations, availability and profile of system operators and so on.
Analyse existing situation and processes in order to identify legacy requirements and system interaction - it may be necessary to retain or assure compatibility with certain existing processes.
Design a system architecture which accounts for all of the above whilst remaining open for future development and enhancement.
Design an operating methodology and user interface which satisfies the above requirements in an intuitive and attractive manner.
Choose the appropriate front end technology accordingly (i.e., biometric / biometric and chip card etc.) ensuring that the biometric methodology is the most suitable for this application.
Interface the biometric / token technology with your system.
Thoroughly test and document the system in house before demonstrating the system to the client and agreeing and documenting any design changes.
Develop and schedule an operator training programme together with the provision of system manuals as necessary.
Install and commission the system having surveyed the site and noted relevant conditions and with due consideration to existing systems.
Hand over the system after ensuring that operators have a comprehensive understanding of the functionality and that all operating data is present and correct.
In the above example, you will notice that the final choice of a biometric came relatively far down the list. We should only be considering this parameter once we have fully understood the business requirement and the potential benefit that adopting a biometric system might bring.
In defining the specification required, we should concern ourselves with perceived ease of use, acceptable transaction time, contingency measures for errors, where the biometric template should be stored, enrolment procedures and logistics and general compatibility and connectivity issues.
We should also understand the distinction between verification and identification. In short, verification is a straightforward one to one check whereby we are comparing a live biometric sample with a single stored template with a simple match or no match result. Identification is a different kettle of fish entirely as we may be seeking to compare a live biometric sample with hundreds, thousands or conceivably even millions of stored templates. The probability of errors multiplies with the number of templates in the database. Currently, there is really only one commercially available product which offers the promise of practical identification from a large database of templates. For the majority of applications we are probably going to be concerned with biometric verification..
We must also consider where the biometric template (the individual reference derived from taking a biometric sample or series of samples) will be stored. It may be that the template is stored on a token such as a chip card and input into the system by the user prior to verification. This would certainly allow for a large user base as well as a degree of portability between systems and would provide for automatic updating of templates if appropriate. Alternatively, we may decide to keep the templates on a central database and call them from either a card swipe or PIN input for comparison. This decision will naturally have an impact on system hardware and configuration - if we are maintaining a central database we had better be sure about our system host and it's communication with the biometric readers, not to mention the usual database maintenance and backup requirements.
Whilst we are on the subject of hardware, it is worth stressing the importance of understanding the cabling and line termination requirements of different communication protocols. Lack of attention to detail in this area can often result in temperamental performance and perceived intermittent faults which can be difficult to trace subsequently. Whilst this may seem like stating the obvious, it is surprising how often otherwise well designed systems are tripped over by poor installation practice.
You will have noticed that we have got a long way into this paper without trundling out the usual marketing promises about biometrics or contemplating the old chestnuts of false accepts / false rejects etc. This is deliberate - one can concentrate too much on the theoretical individual device performance issues. The performance we should concern ourselves with is that of the entire system, not individual components. In the real world, theoretical performance may be influenced greatly by other less quantitative parameters. For example, a badly sited reader which is difficult for individuals to use comfortably will almost certainly result in increased false rejects, even though the system may be functioning properly. Similarly, a lack of training or understanding among both system administrators and regular users will play havoc with your anticipated performance. The operational processes coupled to the perception and attitude of the user are as much of a performance criterion as biometric hardware specifications. These elements, coupled with overall system design and component performance combine to produce the Total System Performance (TSP). It is the TSP that we should have uppermost in our minds throughout the development and implementation of the entire project.
To put this into perspective, it would seem rather pointless to have lengthy discussions about the inclined valve angle on a one litre petrol engine which we are fitting into a three ton vehicle - we should be asking about power to weight ratios and what sort of engine we need to propel this vehicle at the required speed. The same is true of our biometric system. We must consider the system as a whole, together with our business related objectives for implementing such a system.
So far, we have discussed some of the issues inherent in a typical systems supplier / client situation. In certain cases, the end user (or retained systems house) may wish to buy in the component technology on an OEM basis and develop their own custom application according to precise requirements. In the early days of biometrics this would have been quite difficult with many of the proprietary products available. These days life is a lot easier for the application development team as several of the leading device manufacturers have taken the trouble to make available a Software Development Kit (SDK) for use with their product. This usually takes the form of a set of DLL's which the developer may call from his application in order to access various functions of the device. This allows the developer to concentrate on the user interface and program logic without having to get too involved with the low level coding detail.
This is certainly a step forward and is to be welcomed. However, it is a little device specific in the sense that if you decided later on to use a different front end biometric device, then you would need to rewrite your application accordingly. This may be acceptable in some instances, but what if you wish to use more than one type of biometric device on your system? This is not unreasonable. You may wish to use a dual biometric for high security reasons, or to use different biometrics in different areas for environmental reasons. This can complicate matters somewhat. It would be nice perhaps if there were a universally accepted biometric Application Programming Interface (API) which developers could use in order to mix biometric methodologies within a single system. In fact, there has been much work undertaken in this context and by the time you read this paper at least one such API should be freely available. The question is, will the biometric manufacturers be happy to comply with and support such an initiative? I hope that they will, but suspect that this may take a while to become embedded in biometric culture.
What of the future? The is no doubt that biometric technology is mature and eminently useable across a wide variety of advanced personal ID related applications. Both the systems integrator and the end user have a wider choice than ever of front end biometric components and it is easier than it has ever been to integrate these components into bespoke systems. Individual unit cost is still relatively high for biometric products, but this too is changing and several manufacturers are introducing lower cost OEM modules to the market place.
In short, if you have an operational problem that biometrics might solve there is no reason to sit on the fence any longer - biometrics are alive and well and available off the shelf at a location near you!