1 (800) 329-9691
Watch Demo
 
 
The modern rapid advancements in networking, communication and mobility increased the need of reliable ways to verify the identity of any person. Nowadays identity verification is mainly performed in two ways:
 
possession-based: the whole security is based on a "token" the user has (such as a credit card or a document). If it is lost, somebody else might use it to falsify his identity
knowledge-based using a password. Even if we use the best encrypting algorithm, the whole security is based on the key. If it is too short, it is simple to guess it or crack it making several attempts, but if it is too complicated it can't be remembered and the common user will keep it written somewhere, so it can be lost or stolen
 
Those weaknesses of standard validation systems can be avoided if our own body becomes our key. Particular characteristics of the body or habits are much more complicated to forge than a string of text, even if it is very long. Reliability of biometric systems will be discussed later, but it is evident that using biometrics adds a complexity to identification systems that would be hard to reach with a standard password-based approach. The main advantages of biometrics over a standard system are:
 
biometric traits cannot be forgotten or mislaid, and can be lost only through trauma (whereas passwords can be forgotten and tokens easily lost or mislaid)
biometric traits are relatively difficult to copy, share and distribute (passwords can be announced in crackers' websites)
pace the previous point, biometric traits require the person being authenticated to be present at the time and point of authentication
 
Moreover biometric systems can be used in conjunction with passwords or tokens, thus improving the security of existing systems without replacing them.
 
Common biometric characteristics
 
Classification of some biometric traits:
Biometric characteristics can be divided in two main classes, as represented in the figure:
 
physiological are related to the shape of the body. The oldest traits, that have been used for more than 100 years, are fingerprints. Other examples are face recognition, hand geometry and iris recognition.
behavioral are related to the behavior of a person. The first characteristic to be used, still widely used today, is the signature. More modern approaches are the study of keystroke dynamics and of voice.
 
Strictly speaking, voice is also a physiological trait because every person has a different pitch, but voice recognition is mainly based on the study of the way a person speaks, which is why it is commonly classified as behavioral.

 
There are many other biometric strategies being developed such as those based on gait (way of walking), retina, hand veins, ear recognition, facial thermo gram, DNA, odor and palm prints.
 
It is possible to understand if a human characteristic can be used for biometrics in terms of the following parameters
 
Universality describes how commonly a biometric is found in each individual.
Uniqueness is how well the biometric separates one individual from another.
Permanence measures how well a biometric resists aging.
Collect ability explains how easy it is to acquire a biometric for measurement.
Performance indicates the accuracy, speed, and robustness of the system capturing the biometric.
Acceptability indicates the degree of approval of a technology by the public in everyday life.
Circumvention is how hard it is to fool the authentication system.
 
The following table shows a comparison of existing biometric systems in terms of those parameters:
 
 
 
The basic block diagram of a biometric system

The diagram on right shows a simple block diagram of a biometric system. The main operations a system can perform are enrollment and test. During the enrollment biometric information of an individual are stored, during the test biometric information are detected and compared with the stored ones. The first block (sensor) is the interface between the real world and our system; it has to acquire all the necessary data. Most of the times it is an image acquisition system, but it can change according to the characteristics we want to consider. The second block performs all the necessary pre-processing: it has to remove artifacts from the sensor, to enhance the input (e.g. removing some noise), to use some kind of normalization, etc. In the third block we have to extract the features we need. This step is really important: we have to choose which features to extract and how. Moreover we have to do it with a certain efficiency (it can't take hours!). After that, we can have a vector of numbers or an image with particular properties: all those data are used to create a template. A template is a synthesis of all the characteristics we could extract from the source, it has to be as short as possible (to improve efficiency) but we can't discard too many details, thus losing discrimination ability. Then the behavior of the system changes according to what was requested.

Then, if it is performing enrollment, then the template is simply stored somewhere (it can be in on a card or within a database). If it is performing the matching phase, the obtained template is passed to a matcher that compares it with other existing templates, estimating the distance between them using any algorithm (e.g. Hamming distance). The decision that the matcher has taken is sent as output, so that it can be used for any purpose (e.g. it can allow a purchase or the entrance in a restricted area).

 
Functions

A biometric system can provide the following three functions.

 
Verification is he the person he claims to be? Somebody claims to be a person whose biometric info are already known (e.g. they were stored on a card or in a database). We want to extract new biometric info from the person and check if those are matching with the ones we have. This way we can verify the identity of a person. In other words, it's a 1:1 match verification.
Identification who is he? we extract biometric info from a person and we compare them with our database. It is a much more difficult task than verification because we have to compare those info with all people in the database.
 
Performance measurement
 
false accept rate (FAR) or false match rate (FMR): the probability that the system incorrectly declares a successful match between the input pattern and a non-matching pattern in the database. It measures the percent of invalid matches. These systems are critical since they are commonly used to forbid certain actions by non-allowed people.
false reject rate (FRR) or false non-match rate (FNMR): the probability that the system incorrectly declares failure of match between the input pattern and the matching template in the database. It measures the percent of valid users who are rejected as impostors.
receiver (or relative) operating characteristic (ROC): In general, the matching algorithm performs a decision using some parameters (e.g. a threshold). In real-world biometric systems the FAR and FRR can typically be traded off against each other by changing those parameters. We obtain the ROC plot by graphing the values of FAR and FRR, changing the variables implicitly. A common variation is the Detection error trade-off (DET), which is obtained using normal deviate scales on both axes. This more linear graph illuminates the differences for higher performances (rarer errors).
Cequal error rate (EER): the rate at which both accept and reject errors are equal. The best way to show the performance of a biometric system is by using a ROC or DET plot because they show clearly how FAR and FRR can be changed. However, if we want to quickly compare two systems, the ERR is commonly used. It can be obtained from the ROC plot by taking the point where FAR and FRR have the same value. The lower the EER, the more accurate the system is considered to be.
failure to enroll rate (FTE or FER): the percentage of people who fail to enroll in the system. Failure to enroll happens when the data obtained by the sensor are considered invalid.
failure to capture rate (FTC): Within automatic systems, the probability that the system fails to detect a biometric characteristic if it is presented to it correctly.
template capacity: the maximum number of people it is possible to discriminate. If we use a template of n bits and if we choose the features so that each individual generates a different template, then we could ideally discriminate 2n individuals. Unfortunately, we can't find such ideal features and we have to consider noise and a certain range of uncertainty, so the actual template capacity will be much smaller than 2n.
 
 
One simple but artificial way to judge a system is by EER, but not all the authors provided it. Moreover, there are two particular values of FAR and FRR to show how one parameter can change depending on the other. For fingerprint there are two different results, the one from 2003 is older but it was performed on a huge set of people, while in 2004 much less people were involved but stricter conditions have been applied. For iris, both references belong to the same year, but one was performed on more people, the other one is the result of a competition between several universities so, even if the sample is much smaller, it could reflect better the state of art of the field.
 
Issues and concerns
 
As with many interesting and powerful developments of technology, there are concerns about biometrics. The biggest concern is the fact that once a fingerprint or other biometric source has been compromised it is compromised for life, because users can never change their fingerprints. A theoretical example is a debit card with a personal Identification Number (PIN) or a biometric. Some argue that if a person's biometric data is stolen it might allow someone else to access personal information or financial accounts, in which case the damage could be irreversible. However, this argument ignores a key operational factor intrinsic to all biometrics-based security solutions: biometric solutions are based on matching, at the point of transaction, the information obtained by the scan of a "live" biometric sample to a pre-stored, static "match template" created when the user originally enrolled in the security system. Most of the commercially available biometric systems address the issues of ensuring that the static enrollment sample has not been tampered with (for example, by using hash codes and encryption), so the problem is effectively limited to cases where the scanned "live" biometric data is hacked. Even then, most competently designed solutions contain anti-hacking routines.

For example, the scanned "live" image is virtually never the same from scan to scan owing to the inherent plasticity of biometrics; so, ironically, a "replay" attack using the stored biometric is easily detected because it is too perfect a match.

The television program Myth busters attempted to break into a commercial security door equipped with biometric authentication as well as a personal laptop so equipped. While the laptop's system proved more difficult to bypass, the advanced commercial security door with "live" sensing was fooled with a printed scan of a fingerprint after it had been licked. Assuming the tested security door is representative of the current typical state of biometric authentication, that it was so easily bypassed suggests biometrics may not yet be reliable as a strong form of authentication.

 
Use of biometrics in schools
 
Starting in the early 2000s, the use of biometrics in schools has become widespread, particularly in the UK and USA. A number of justifications are given for such practices, including struggling against truancy, and replacing library cards or meal cards by fingerprinting systems. Opponents of school biometrics have raised privacy concerns against the creation of databases that would progressively include the entire population.

 
Sociological concerns
 
As technology advances, and time goes on, more and more private companies and public utilities will use biometrics for safe, accurate identification. However, these advances will raise many concerns throughout society, where many may not be educated on the methods. Here are some examples of concerns society has with biometrics:

 
Physical - Some believe this technology can cause physical harm to an individual using the methods, or that instruments used are unsanitary. For example, there are concerns that retina scanners might not always be clean.
Personal Information - There are concerns whether our personal information taken through biometric methods can be misused, tampered with, or sold, e.g. by criminals stealing, rearranging or copying the biometric data. Also, the data obtained using biometrics can be used in unauthorized ways without the individual's consent.
 
Danger to owners of secured items
 
When thieves cannot get access to secure properties, there is a chance that the thieves will stalk and assault the property owner to gain access. If the item is secured with a biometric device, the damage to the owner could be irreversible, and potentially cost more than the secured property. In 2005, Malaysian car thieves cut off the finger of a Mercedes-Benz S-Class owner when attempting to steal the car.

 
Uses and initiatives

Brazil

 
Since the beginning of the 20th century, Brazilian citizens have user ID cards. The decision by the Brazilian government to adopt fingerprint-based biometrics was spearheaded by Dr. Felix Pacheco at Rio de Janeiro, at that time capital of the Federative Republic. Dr. Pacheco was a friend of Dr. Juan Vucetich, who invented one of the most complete tenprint classification systems in existence. The Vucetich system was adopted not only in Brazil, but also by most of the other South American countries. The oldest and most traditional ID Institute in Brazil (Instituto de Identificação Félix Pacheco) was integrated at DETRAN (Brazilian equivalent to DMV) into the civil and criminal AFIS system in 1999.

Each state in Brazil is allowed to print its own ID card, but the layout and data are the same for all of them. The ID cards printed in Rio de Janeiro are fully digitized using a 2D bar code with information which can be matched against its owner off-line. The 2D bar code encodes a color photo, a signature, two fingerprints, and other citizen data. This technology was developed in 2000 in order to enhance the safety of the Brazilian ID cards.

By the end of 2005, the Brazilian government started the development of its new passport. The new documents started to be released by the beginning of 2007, at Brasilia-DC. The new passport included several security features, like Laser perforation, UV hidden symbols, security layer over variable data and etc.. Brazilian citizens will have their signature, photo, and 10 rolled fingerprints collected during passport requests. All of the data is planned to be stored in ICAO E-passport standard. This allows for contact less electronic reading of the passport content and Citizens ID verification since fingerprint templates and token facial images will be available for automatic recognition.

 
United States
 
The United States government has become a strong advocate of biometrics with the increase in security concerns in recent years, since September 11, 2001. Starting in 2005, US passports with facial (image-based) biometric data were scheduled to be produced. Privacy activists in many countries have criticized the technology's use for the potential harm to civil liberties, privacy, and the risk of identity theft. Currently, there is some apprehension in the United States (and the European Union) that the information can be "skimmed" and identify people's citizenship remotely for criminal intent, such as kidnapping. There also are technical difficulties currently delaying biometric integration into passports in the United States, the United Kingdom, and the rest of the EU. These difficulties include compatibility of reading devices, information formatting, and nature of content (e.g. the US currently expect to use only image data, whereas the EU intends to use fingerprint and image data in their passport RFID biometric chip(s)).

The speech made by President Bush on May 15, 2006, live from the Oval Office, was very clear: from now on, anyone willing to go legally in the United States in order to work there will be card-indexed and will have to communicate his fingerprints while entering the country. Many foreigners will have to subject themselves to these procedures, formerly only imposed to criminals and to spies, not to immigrants and visitors, and even less to citizens.

"A key part of that system [for verifying documents and work eligibility of aliens] should be a new identification card for every legal foreign worker. This card should use biometric technology, such as digital fingerprints, to make it tamper-proof." President George W Bush (Addresses on Immigration Reform, May 15, 2006)

The US Department of Defense (DoD) Common Access Card, is an ID card issued to all US Service personnel and contractors on US Military sites. This card contains biometric data and digitized photographs. It also has laser-etched photographs and holograms to add security and reduce the risk of falsification. There have been over 10 million of these cards issued.

According to Jim Wayman, director of the National Biometric Test Center at San Jose State University, Walt Disney World is the nation's largest single commercial application of biometrics. However, the US Visit program will very soon surpass Walt Disney World for biometrics deployment.

 
Germany
 
The biometrics market in Germany will experience enormous growth until 2009. “The market size will increase from approximately 12 million € (2004) to 377 million €” (2009). “The federal government will be a major contributor to this development”. In particular, the biometric procedures of fingerprint and facial recognition can profit from the government project. In May 2005 the German Upper House of Parliament approved the implementation of the ePass, a passport issued to all German citizens which contain biometric technology. The ePass has been in circulation since November 2005, and contains a chip that initially will hold a digital photo of the holder's face. “Starting in March 2007, fingerprints also will be stored on the chips – one from each hand”. “A third biometric identifier – iris scans – could be added at a later stage”. An increase in the prevalence of biometric technology in Germany is an effort to not only keep citizens safe within German borders but also to comply with the current US deadline for visa-waiver countries to introduce biometric passports. In addition to producing biometric passports for German citizens, the German government has put in place new requirements for visitors for apply for visas within the country. “Only applicants for long-term visas, which allow more than three months' residence, will be affected by the planned biometric registration program. The new work visas will also include fingerprinting, iris scanning, and digital photos”.

Germany is also one of the first countries to implement biometric technology at the Olympic Games to protect German athletes. “The Olympic Games is always a diplomatically tense affair and previous events have been rocked by terrorist attacks - most notably when Germany last held the Games in Munich in 1972 and 11 Israeli athletes were killed”.

Biometric technology was first used at the Olympic Summer Games in Athens, Greece in 2004. “On registering with the scheme, accredited visitors will receive an ID card containing their fingerprint biometrics data that will enable them to access the 'German House'. Accredited visitors will include athletes, coaching staff, team management and members of the media”.

 
Australia
 
Visitors intending to visit Australia may soon have to submit to biometric authentication as part of the Smartgate system, linking individuals to their visas and passports. Biometric data are already collected from some visa applicants by Immigration. Other applications include authentication of gym users etc.

 
Israel
 
Biometrics have been used extensively in Israel for several years. The border crossing points from Israel to the Gaza Strip and West Bank are controlled by gates through which authorized Palestinians may pass. Thousands of Palestinians (upwards of 90,000) pass through the turnstiles every day to work in Israel, and each of them has an ID card which has been issued by the Israeli Military at the registration centers. At peak periods more than 15,000 people an hour pass through the gates. The ID card is a smartcard with stored biometrics of fingerprints, facial geometry and hand geometry. In addition there is a photograph printed on the card and a digital version stored on the smartcard chip.

Tel Aviv Ben Gurion Airport has a frequent flyer's fast check-in system which is based on the use of a smartcard which holds information relating to the holders hand geometry and fingerprints. For a traveller to pass through the fast path using the smartcard system takes less than 10 seconds.

The Immigration Police at Tel Aviv Airport use a system of registration for foreign workers that utilises fingerprint, photograph and facial geometry which is stored against the Passport details of the individual. There is a mobile version of this which allows the police to check on an individual's credentials at any time.

 
Iraq
 
Biometrics are being used extensively in Iraq to catalogue as many Iraqis as possible providing Iraqis with a verifiable identification card, immune to forgery. During account creation, the collected biometrics information is logged into a central database which then allows a user profile to be created. Even if an Iraqi has lost their ID card, their identification can be found and verified by using their unique biometric information. Additional information can also be added to each account record, such as individual personal history. This can help American forces determine whether someone has been causing trouble in the past. One major system in use in Iraq is called BISA. This system uses a smartcard and a users biometrics (fingerpint, iris, and face photos) to ensure they are authorized access to a base or facility.

 
Japan
 
Several banks in Japan have adopted palm vein authentication technology on their ATMs. This technology which was developed by Fujitsu, among other companies, proved to have low false rejection rate (around 0.01%) and a very low false acceptance rate (less than 0.00008%).