CHAPTER 1: INTRODUCTION

Many organizations struggle with the problem of authentication; how users

prove their identity in order to get access to applications or other resources. How
strong or how secure does the authentication process need to be? Is the
combination of a username and password sufficient? If not, should a token
device – like SecurID or digital certificate be required? None of these solutions is
without its problems.

In recent years, biometric technology has emerged as a practical

alternative that offers a reasonable level of security. This brief paper offers some
insight into the key benefits and critical limitations of the technology.

Biometrics, defined broadly, is the scientific discipline of observing and

measuring relevant attributes of living individuals or populations to identify active
properties or unique characteristics Bank auto-teller machines have improved the
security level with the requirement that the customer must also provide
something known, such as a PIN number. Keys, transponders and smart-cards
can be stolen, and, in some cases, copied. PIN number or other forms of
knowledge, such as passwords, can be forgotten or observed and are also
inconvenient to remember and use.

Biometrics provides the advantage that access is based on who the user
is, and not on what is possessed or known. This implies that the driver himself
becomes the key. Convenience is improved, as a key or transponder are no
longer required.

1
CHAPTER 2: WHAT IS BIOMETRICS?

Taken from the Greek 'Bio' meaning life, and 'Metric' the measure of,
Biometrics is the measure (study) of life( humans, plants and animals).Biometric
technologies are defined as "automated methods of identifying or authenticating
the identity of a living person based on a physical or behavioral characteristic."
Biometrics uses the measurement of biological characteristics and a biometric is
any human physiological or behavioral characteristic that is universal, unique,
permanent and collectable.

An alternate definition for Biometrics is given as “Automatically

recognizing a person using distinguishable traits”. The identification of individuals
using a biometric is known as biometric identification. There is currently no
distinct definition for the terms Biometrics and Biometric Identification and both
terms are used synonymous throughout literature.

Identification is the process of associating (who am I?) Measured

biometric characteristics are compared with a list of previously measured
characteristics of individuals. When a match is found, the individual’s identity is
deduced to be that of the matching individual found in the list.

Authentication is a process of verifying that a person is who he claims to

be (Who am I?). It requires that the person being subjected to scrutiny (claimant )
supply information about who he claims to be. This may be in a form of unique
index number or index that is used to select a person’s known characteristics out
of an existing list of previously measured characteristics of individuals, or it may
be in the form of simultaneously supplying a previously validated version of the
person’s known characteristics. The known characteristics are then compared
against those measured against those measured and a decision is made as to
whether the person’s measured characteristics of the claimed identity.

The Identification process requires that a database of the unique

biometric characteristics (also called Features) of the people be stored inside or
available to the system, while Authentication differs in that it can be achieved by
supplying the system with only the features of the person being tested at the time
and no search through a database is required. The result is that Authentication is
faster than identification and that a person’s biometric feature can be carried by
the person (perhaps in an encrypted smart card) and do not have to be stored
centrally.

2
Biometric Characteristics

A biometric is a unique, measurable characteristic or trait of a human

being for automatically recognizing or verifying identity. This definition contains
several important components critical to biometrics:

• Unique: In order for something to be unique, it has to be the one and only,
have no like or equal, and be different from all others. When trying to identify an
individual with certainty, finding something that is unique to that person is
absolutely essential.

• Measurable: In order for identification to be reliable, the item being used must
be relatively static and easily quantifiable. For example, hairstyle or colours are
not dependable characteristics for identifying an individual, as both can be easily
and frequently changed.

• Characteristic or Trait: Today, identity is often confirmed by something a

person has, such as a card or token (e.g., a drivers license), or something they
know, such as their computer password or their personal identification number
(PIN) for their bank machine.

Biometrics involves something a person is or does. These types of

characteristics or traits are intrinsic to a person and can be divided into
physiological (i.e., something a person is) such as their fingerprints, voiceprints,
or patterns in their eyes, and behavioral (i.e., something a person does), such as
the way they sign their name or type on a keyboard.

• Automatic: In order for something to be automatic it must work by itself,

without direct human intervention. For a process to be considered a biometric
technology, it must recognize or verify a human characteristic quickly (e.g., some
biometric systems function in under two seconds) and without a high level of
human involvement.

• Recognition: To recognize someone is to identify them as someone who is

known, or to “know again.” A person cannot recognize someone who is
completely unknown to them. A computer system can be designed to recognize
or identify a person based on a biometric characteristic. To do this it must
compare a biometric presented by a live person against all biometric samples
stored in a central database. If the presented biometric matches a sample on file,
the system then identifies the individual. This is often called a one-to-many
match. Essentially, the system is trying to answer the question: Who is this
person?

3
CHAPTER 3: PRINCIPLES OF BIOMETRICS

Three major components are usually present in a biometric system:

 A mechanism to scan and capture a digital or analog image of a living

person’s biometric characteristic.

 Software for storing, processing and comparing the image.

 An interface with the application system that will use the result to confirm
an individual’s identity

SYSTEM FUNCTIONAL BLOCKS-

Biometric identification systems are usually accomplished using the

functional blocks.(refer fig:1 and fig:2).

The relevant biometric data is collected using a biometric sensor during

the data acquisition phase. The quality of the captured data is of great
importance and some form of automated data quality assessment is generally
necessary. The results of this assessment can be used to adjust sensor
parameters, feedback to the user about improved positioning or as a parameter
to tune the performance of the processes that follow.

The purpose of the Signal Pre-processing phase is to normalize the data

and apply filters to remove the distortion introduced by noise, manufacturing
tolerances and environmental conditions such as ambient noise in a Voice
Recognition System.

The Feature Extraction phase reduces the enormous amount of data

captured by the sensor into the much smaller amounts of information (features)
that permit the differentiation of people. This reduction is necessary for two
reasons. The first is to reduce the amount of memory space required for the
Matching phase. For example, humans can recognize the letter ‘i’ independent of
the font or size. Simplistically, the only relevant information needed for
comparison is that the letter has a small vertical line with a dot on top.

To introduce a new person to a biometric system is called Enrolment and

the set of features extracted for specific people are called Feature Templates
which are stored together with other information, such name and access
privileges, into the database of the system.

5
 During enrolment, it is usual to repeat the Data Acquisition to Feature
Extraction steps multiple times, to make sure that typical and relevant features
are stored. Some systems use a quality assessment to select the best of several
acquisitions and more sophisticated systems may even combine the information
from several acquisitions into one enhanced feature template.

Authentication and identification processes both involve comparing the

recently extracted features of a Claimant, with the Feature Templates of enrolled
users. The process of comparison is called Matching and is a non-trivial task, as
it is normal for there to be no exact correlation between extracted features and
stored templates. This non-exact correlation is due to a number of factors.
Sensors may have a limited field of view and it cannot be guaranteed that the
same area of the claimant is exposed to the sensor each time. It is also most
likely that the area sampled during enrolment and that features are distorted due
to elastic nature of skin. Features can also be hidden or altered by clothing, dirt,
injury and environmental conditions.

Hence, a comparison provides a Matching Score that indicates the

number of coincident features found between those of a Claimant and those
found in an enrolment template. This matching score must then be further
translated into a Yes/No decisions.

6
CHAPTER 4: TYPES OF BIOMETRICS

The list of human characteristics currently being used for biometrics is

varied and continuing to grow as more research is undertaken. A short list of the
most well known methods includes DNA, Ear shape, Fingerprints, Face, Hand
and Finger Geometry, Infra-red Facial and Hand Vein Thermograms, Iris,
Keystroke Dynamics, Signature & Voice.
Eye (refer fig: 4)
There are two main types of biometric analysis of the eye. One involves
the iris, which is the coloured ring that surrounds the pupil, and the other
uses the retina, which is the layer of blood vessels at the back of the eye.
Iris
Each iris has a unique and complex pattern such that even a person's
right and left iris patterns are completely different. It has been claimed that
the system is "foolproof" because artificial duplication of the iris is virtually
impossible due to its properties and the number of measurable
characteristics.
Face (refer fig: 3)
There are two main types of facial recognition systems; the most common
uses video, while the other uses thermal imaging. Video face recognition
technology analyze the unique shape, pattern and positioning of facial
features. A video camera is used to capture an image from a distance of a
few feet away from the user. A number of points on the face are usually
mapped out. With other systems, a three-dimensional map of the face can
be created. A facial thermogram uses an infrared camera to scan a
person's face and then digitize the thermal patterns. Apparently no two
people, not even identical twins, have the same facial thermogram. The
patterns are created by the branching of blood vessels in the face. As the
blood is hotter than the tissue surrounding it, it radiates heat that can be
picked up at a distance.
Signature Verification
This involves the analysis of the way in which a person signs their name.
Signature biometrics are often referred to as dynamic signature
verification (DSV). With this technique, the manner in which someone
signs is as important as the static shape of their finished signature. For
example, the angle at which the pen is held, the time taken to sign, the
velocity and acceleration of the signature, the pressure exerted, and the
number of times the pen is lifted from the paper. Signature data can be
captured via a special pen or tablet, or both. The pen-based method
incorporates sensors inside the writing instrument, while the tablet method
relies on sensors imbedded in a writing surface to detect the unique
signature characteristics.

7
 Recently, another variation has been developed known as acoustic
emission. This measures the sound that is generated as an individual
writes their signature on a paper document.

Speaker Verification (refer fig: 6)

Biometric systems involve the verification of the speaker's identity based
on numerous characteristics, such as cadence, pitch, and tone. The voice
pattern is determined, to a large degree, by the physical shape of the
throat and larynx, although it can be altered by the user. Speaker
verification works with a microphone or with a regular telephone handset.
Keystroke Dynamics
Typing biometrics are more commonly referred to as keystroke dynamics.
Verification is based on the concept that how a person types, in particular
their rhythm, is distinctive. The National Science Foundation and the
National Bureau of Standards in the United States have conducted studies
establishing that typing patterns are unique. One system creates individual
profiles according to how users enter their passwords, accounting for
factors such as hand size, typing speed, and how long keys are held
down.
Palm Print
This is a physical biometric that analyzes the unique patterns on the palm
of a person's hand, similar to fingerprinting. Like fingerprinting, latent or ink
palm images can be scanned into the system.
Vein Patterns
This physical biometric analyzes the pattern of veins in the back of a
person's hand. One proprietary system focuses on the unique pattern of
blood vessels that form when a fist is made. The underlying vein structure,
or "vein tree" can be captured using a camera and infrared light.
Ear Shape
A lesser-known physical biometric is the shape of the outer ear, lobes, and
bone structure. Apparently, police are able to capture ear prints of
criminals left when they listen at windows and doors. The technology has
been used to obtain convictions in the Netherlands.
Body Odour
Sensors are capable of capturing body odour from non-intrusive parts of
the body such as the back of the hand. Each unique human smell is made
up of chemicals which are extracted by the system and converted into a
template.
 Hand Geometry (refer fig: 5)
Hand geometry produces static biometric signal that include finger
lengths, heights of knuckles, distance between joints.

9
FINGERPRINT TECHNOLOGY

WHERE DO FINGERPRINTS COME FROM? -

Fingerprints are composed of ridges and valleys. These contours emanate
from stresses within the epidermis, which is the border between living and dead
cells in skin. The formation of the contour pattern itself is determined during fetal
development and from then on remains permanent and unique for each person
and each finger. The new cells from these structures continually drift to the
surface of the finger and become callous during this transition. Hence fingerprints
are robust and continually renewed, even when subjected to abrasion.

 THE FEATURES OF A FINGERPRINT-

For either authentication or identification, a decision has to be made
whether two given fingerprints match. The comparison method selected depends
on what are considered to be the features of a fingerprint. The comparison of
ridges is most often. (refer fig: 7).

If the microscopic structure of the ridge flow is examined, local ridge

characteristics (called Minutiae – minute details) can be seen. To date, as many
as 150 different types of Minutiae have been found and although other
approaches are also used, such as counting the ridges between references
points and the distance between skin pores, today’s fingerprint systems are
usually based on two minutiae types called Ridge Endings (the point where a
ridge abruptly ends) and bifurcations (the point where a single ridge bifurcates).
When detailing Minutiae for comparison purposes, it is described by its Type
(Ending or Bifurcation), position (X&Y co-ordinates) and Orientation (Direction of
flow of the ridges at the minutiae). A fingerprint is described by the total of all its
minutiae and the uniqueness of a fingerprint is based on the probability that no
two fingerprints will have the same configuration of minutiae.

 FINGERPRINT IMAGE ACQUISITION-

Varying physical principles are used by fingerprint sensors, but the end
result is the same. A two-dimensional, grayscale image representation of the
fingerprint is created. Optical sensors are the oldest and most familiar type of
sensor. A light source illuminates the fingertip, which is placed on one surface of
prism. The differences in refractive index between ridges that touch the surface
and valleys that do not, alters the reflected light which is conducted through a
lens system to a CCD-element.

11
 Capacitance based silicon sensors have recently been developed by
many companies. These sensors are usually large silicon chips (15 x 15 mm)
with an array of capacitive electrodes, which typically provides a resolution of 500
DPI. Each electrode forms a capacitance together with a fingertip surface just
above the area of the electrode. The distance between the skin and an electrode
differs between ridges, that directly touch the sensor surface. This difference in
distance cases a difference in capacitance, which is measured by the sensor and
finally results in an image describing the contours of the fingertip.

Some capacitive sensor manufacturers use a DC electric field to measure

capacitance, while others use an AC field. These sensors have the advantage
that they are flat and they can be easily be manufactured using standard silicon
processes. Due to the requirement for close contact between sensor electrodes
and the finger, the silicon sensor surface is only protected by a thin coating and
hence these sensors are susceptible to mechanical and Electrostatic Discharge
(ESD) damage.

A thermal silicon sensor, which consists of a 320 x 40 pixel array of

electrodes, senses differences in heat. As fingerprint valleys are insulated from
the sensor surface by air, the thermal conductance differs from ridges which
make direct contact with the sensor surface. Using the natural heat of the finger,
the sensor is able to detect the contours of the finger by the different thermal
energy transferred to the sensor.

The thermal sensor differs from the other types in that a finger must be
dragged across the sensor surface and the resulting multiple small image
segments are then combined to create a single complete image of the fingerprint.
The sensor’s main advantages are a significantly smaller silicon area compared
to capacitive sensors and the possibility of a thicker protective layer between the
silicon surface and the finger.

Ultrasonic sensors emit a sound wave towards the fingertip and due to
changes in acoustic impedance, some of the energy is reflected back towards
the sensor at the interface of materials of different density. The time difference
between emission and receipt of an echo is proportional to the distance the
sound wave had to cover to reach these interfaces and thus the contour of the
fingerprint can be determined. Bulky commercial sensors, with up to 500 DPI
resolution, exist and is still unclear if cost effective sensors can be realized.

13
FEATURE EXTRACTION-

The output of a fingerprint sensor is a two-dimensional, grayscale image

representation of the fingerprint that has been presented to the sensor. A binary
image is then computed, in which the ridges are represented by ones and valleys
represented by zeroes.

Ridges are usually more than one pixel wide and this complicates the
search for line ending and bifurcation minutiae. Therefore a much simpler image
is computed with Ridge Lines represented by a one pixel width line. The resultant
image is known as the Skeleton.

Using the Skeleton, line end and fork detection is relatively simple. Initially
the start of all ridge lines need to be found. Once the ridge line is detected, a
tracking algorithm sequentially enumerates all pixels along the ridge line. The
result is a list of minutiae with X and Y co-ordinates, type (either line ending or
bifurcation) and ridge orientation.

MATCHING

Given two minutiae feature lists, matching determines whether these

fingerprints belong to the same finger. The matching strategy depends on the
choice of features. Minutiae matching is often referred to as Point Pattern
Matching and at first glance appears a trivial task, however a lot of issues have
to be considered to achieve satisfactory performance.

Even using the same finger, no two images will be the same. Finger
translation, rotation and distortion all lead to the minutiae lists never being
identical and thus it is not possible to compare the absolute co-ordinates
contained in minutiae lists. The effect of translation and rotation with a
mechanical guide, which provides hard limits and tactile feedback to the user.

A comparison of minutiae is only practical in the overlapping portion of two

templates. It is likely that some features will be present in the first list, but missing
in the second and vice versa. As a consequence, the sensor cannot be too small.
The sensor needs to be large enough that a reliable decision can be made based
on the features found in an overlapping area. The area size depends on the
quality of the quality of the finger-guide and the typical feature density.

14
CHAPTER 5: APPLICATIONS OF BIOMETRICS

Applications

 Some Automatic Teller Machine (ATM) manufacturers include iris scans

as an alternative to passwords or PINs. In May 1999, Bank United of
Texas became the first bank in the United States to offer iris recognition at
ATMs. In addition, the technology already is used by eleven different
banks outside of the United States.

 German banks have been using face recognition technology to give

customers unattended, 24- hour access to their safety deposit boxes.
Customers request their boxes at a self-service computer terminal, which
includes a video camera. The camera captures and processes the
customer's facial image. System software verifies the person's identity and
authority to receive the requested safety deposit box. If the person is
authorized, the box is retrieved by robots and delivered to the owner by an
automated handling system.

 A Malaysian company is using this technology to create an airport security

system that tracks passengers' baggage with an image of their face. Only
when passengers actually enter the plane will the system allow their
baggage to be loaded.

 Globally, airports have expressed interest in another system that can pick
a moving face out of a crowd.

 They hope to use this technology as a way of identifying terrorists and

other criminals.

 At the beginning of 1999, the Bank of America started a pilot program that
uses finger scans to give customers access to their online banking
services. Before using the system, the customer enrolls a fingerscan on a
chip attached to a multi-application smart card. Authentication is
completed by the customer placing a finger on a scanning device attached
to their personal computer. The software matches the fingerscan from the
scanner against the image stored in the smart card.

 Recently, one American hotel chain announced that it would start

collecting fingerprints as part of its check-in procedure.

15
 A number of vendors have developed fingerscanners resembling a
computer mouse. Scanners built into computer keyboards also have been
produced. Recognition of a fingerscan takes place in an average of two

 seconds on a personal computer or one second on a workstation, with

accuracy claimed to be 99.9%

 The 1996 Summer Olympic Games in Atlanta used hand geometry to

identify and secure approximately 150,000 athletes, staff, and other
participants.

 The University of Georgia uses the technology to control access to its

student cafeteria. When students visit a cafeteria, they swipe their identity
cards through a reader and have their hands verified before being able to
enter the food service area.

 An American elementary school uses the technique to identify individuals

picking up children. Anyone authorized by the parents can enrol in the
system. To be able to pick up a child from the school, a person first must
be verified by a hand geometry reader.

 In Toronto, hand geometry is used by a racquet and fitness club to verify

identity of 12,000 club members and staff.52 Initially, it was introduced at
only one location to test acceptability. Now it has been expanded to all
locations.

16
ARTICLE 5.1: AUTOMOTIVE APPLICATION OF BIOMETRICS

When first thinking about implementing biometrics in automotive

applications, the main benefit appear to be improved security. Improvements in
user convenience and efficiency are the main driver for biometrics.

UNIQUE CHARACTERISTICS OF BIOMETRIC SYSTEMS IN AUTOMOTIVE

SECTOR-

 Personal features are unique and inseparable from the person; so it is not
possible to lend them to another. This implies that a vehicle with a
biometric system cannot simply be loaned, unless the person is enrolled
into the system.
 Any new user must first be enrolled into the system and added to a
database of known users. An administrator is required to authorize the
biometric system to learn the characteristics of a new user. It is also
reasonable to enable the passing-on of the right to enroll users from an
administrator to others. As a result, multiple users may have the right to
enroll new users.
 An effective interface for the administration of users and access rights
must be accomplished. As authorization is uniquely linked to a specific
person, it is possible to set user-specific usage restrictions. Examples
could be maximum speed or an expiration date.

Furthermore, any automotive application must allow for the following

important scenarios:
 For motor vehicle rentals, access permission must be given at the sales
counter. Together with the access rights discussed above, this offers new
opportunities to ensure that a vehicle can only be driven by those
customers enrolled at the sales counter and only the duration of the
contract.
 Lending the vehicle to a friend or colleague.
 Hotel valet parking.
 Vehicle working servicing .
 The possibility of driving the vehicle when the enrolled driver cannot, as in
an emergency.
 Sale of the vehicle.
 Handling of the vehicle during manufacture and transport.
If we accept that higher security through biometrics is not our goal, then
while biometrics methods are faster and more convenient, any system must also
include a non-biometric, non-person-specific bypass method for vehicle entry and
driving authorization. One such method would be to provide a mechanical or
remote key for vehicle entry and a transponder-based immobilizer as used in
today’s solutions.
 17

It should be emphasized that the bypass solution is only needed for

special situations. Normally, a user will operate a vehicle with the biometric
system and thus profit from the advantages already outlined.

PERSONAL PROFILE-

Existing seat memories offer the possibility of storing seat and mirror
position for different drivers and to recall these settings whenever the same
driver uses the vehicle. The user interface is typically through numbered or
colored pushbuttons, which are assigned to different drivers. The maximum
number of drivers is limited by the number of buttons and the assignment of
buttons needs coordination between the drivers. Furthermore, each driver must
remember his assigned button.
As biometric system can uniquely identify drivers, automated Personal
Profile systems becomes viable. The person specific pushbuttons are replaced
by a biometric sensor, which is used for recalling, as well as storing, the user’s
specific settings. The maximum number of drivers is no longer limited by the
number of pushbuttons, only by memory capacity. User comfort is increased, as
user specific buttons (either numbered or colored) do not need to be
remembered or coordinated. All the driver has to do when he enters the vehicle
is to put his finger on the sensor and adjustment of the accessories can start
immediately.
Other, not so obvious, settings can also be remembered, such as driving
style and suspension tuning parameters, navigation system destination settings,
telephone numbers, e-mail or billing account details for a Telematics system, as
well as driver status information such as the length of time a person has driven
versus the amount of rest.

IMMOBILIZATION AND ENGINE START-

Challenged-response based transponder immobilizers, together with

encrypted communication to engine management systems, have all but
eradicated instances of vehicle theft due to ‘hot wiring’ and component
exchange. The only additional security benefit provided by biometrics is in
overcoming the unauthorized use of a key or transponder card, as biometric
features cannot be copied or stolen. Also convenience is improved as a key or
transponder card is no longer required to operate the engine.
As the biometric system is a replacement for today’s ignition key, it has to
allow for the usual power-on sequence. i.e. off, accessories, ignition and start.
For safety and regulatory reasons, the systems may only allow engine start if the
driver simultaneously presses the break or clutch pedal while placing his finger
on the sensor. (refer fig: 8)The logistics of electrical supply, engine start and
steering lock operation needs to be carefully considered.
 18

Once again, convenience is improved. When a driver wants to start the

engine, he only has to put his finger on the sensor while pressing the break or
clutch pedal. This is faster and simpler than fiddling the key into the ignition lock.
The fingerprint sensor is integrated into the gear-stick; with biometric system
authorization and engine start in one action.
As the driver is uniquely identified by the biometric system, specific rights can be
assigned for each driver. This may be useful when leading a vehicle for a limited
period of time and particularly for motor vehicle rentals. Once the agreed period
of time is expired, heavy limitations can be put on the vehicle operation, such as
speed or distance.

VEHICLE ENTRY-

Usually, vehicle access is granted by either a mechanical or remote key

and although transponder based Passive Entry systems are just being introduced
into the market, all these systems require that the driver carries something. Once
an ignition key is no longer required for engine start, it makes sense to also use a
biometric system for vehicle entry. This completely eliminates the necessity for a
key or transponder. A driver parking at the beach will no longer have to find a
good hiding place for the keys.

Due to the hostile environment, the use of fingerprint sensor on the

external surfaces of a vehicle is a technical challenge and although inconvenient,
mechanical covers may ultimately be required to protect the sensor.
The current state of the art in fingerprint sensor technology does not offer a
realistic solution for the problem of external mounting and each of the existing
sensor technologies must be further developed in order to support this
application.

DEMONSTRATION VEHICLE-

To prove the benefits and functionality of biometrics, Bosch has fitted a

demonstration vehicle. Work initially centered around a PC based proof-of-
concept and included fingerprint based engine start and Personal Profile control
of seat & mirror positions. Using the PC based solution first provided the benefits
of permitting rapid implementation of system concepts, the use of universal tools
for algorithm development and a graphical interface for visualization and
demonstration purposes. It also permitted the development of a platform
independent system which could later be ported to an embedded system once
issues such as processor performance and cost requirements were mare clearly
known. Current activities include the addition of door access control and the
development of embedded electronics solutions to reduce operating time,
package size and power consumption.
 20

CHAPTER 6: BENEFITS OF BIOMETRICS

Biometric technology offers a number of benefits to both businesses and

consumers. It is these benefits, in addition to the factors noted above, that are
driving their increased sage and acceptance.

Positive Identification
Companies are looking to biometrics because they see the positive
identification provided by the technology as a way to: control fraud and abuse,
build non-repudiation into electronic commerce transactions, and to enhance
customer service. Companies are looking for means whereby individuals can be
recognized reliably, at a distance, over a period of time, without reliance on
human memory, and, in some cases, despite the preference by the person not to
be recognized. Financial institutions have long been evaluating the merits of
biometrics. Biometrics are seen as ideally suited for electronic commerce and
other online applications because they can automatically “prove” the identity of a
person while ensuring that no-one else can impersonate them.

Combating Credit Card Fraud

Stolen credit card numbers are routinely posted and swapped on Internet
bulletin boards and real-time chat lines. On the Internet, credit card numbers
come from traditional offline sources (e.g., stolen wallets and discarded receipts),
as well as from poorly-secured Web servers that store credit card information.
American survey found that nearly one-third of consumers who have bought
products on the Internet have experienced fraud or misuse of credit card
information. MasterCard International estimated the use of biometrics could
reduce credit card fraud by 90%.

Preventing Identity Theft

Fuelling consumer interest in biometrics is the rise of identity theft — a
crime resulting from the misappropriation and abuse of personal information.
Identity theft, also known as identity fraud, includes a range of crimes broadly
defined as “the misuse of personal identifying information to commit various
types of financial fraud.” The theft of identity can leave someone with a poor
credit rating and a ruined reputation that may take months or even years to
correct. While there are many ways to combat identity theft, some consumers
see biometrics as an effective and convenient way to diminish the problem.
Biometrics can fight identity theft by eliminating PINs and passwords, by verifying
the identity of parties in a remote transaction, by authorizing credit card or
cheque transactions, and by securing personal assets like computers, as well as
personal information.
 21

Restoring Identity
Biometrics offer another potential benefit to consumers in that they can
verify their identity should their identifying papers be lost or stolen. An example
illustrating the utility of biometrics may be found in Oklahoma where authorities
issued new driver’s licenses with a thumbprint, to replace documents lost in
tornadoes. Should these licenses be lost in the future, the biometric will re-
establish identity so the appropriate person can be issued the necessary
documentation quickly and easily. This benefit is equally applicable to
membership or credit cards.

Enhanced Security
Opening up access to computer systems and networks may enhance
customer service, but it also increases the potential for security breaches. The
most serious losses occurred through the theft of proprietary information and
financial fraud. Cards or keys can be forgotten, given away, lost, stolen,
duplicated, or forged. Passwords can be shared, guessed, observed, stolen, or
forgotten. Passwords are seen as being far too vulnerable, while biometrics are
seen, by some, as offering superior security. The technology offers two
significant advantages over other authentication methods:
• the person to be identified is required to be physically present at the point-of-
identification;
• identification based on biometric techniques eliminates the need to remember a
password, PIN, or carry a token.

Data Authentication
To prevent the unauthorized altering of information (deliberate or
unintentional) during online transactions, some form of data authentication
becomes necessary. Encryption is a mathematical process that changes data
from plaintext (i.e., that which can be read) to an unintelligible form. In order to
reconstructed the original data or decrypt it, the key to the algorithm used must
be known. Certain newer biometric systems can be used to encrypt data — the
process is called biometric encryption.

Physical Access Control

Initially, biometric access controls were limited to high security areas such
as nuclear power plants and military facilities. Now, these access control systems
are used in theme parks, hotels, and health clubs. Nothing to remember, nothing
to carry. A person simply presents their biometric to be authenticated and is
given access. No one but they can gain entry.
 22

CHAPTER 7: LIMITATIONS OF BIOMETRICS

Performance
The first thing that consumers should understand is that biometric systems
do not guarantee 100% accuracy, 100% of the time. Commercially available
biometric systems allow for some degree of variability in the measured
characteristic or trait and update the referenced sample after each use. The
biometric system must allow for these subtle changes, so a threshold is set. This
can take the form of an accuracy score. While the threshold is set to
accommodate some variation, the challenge is to set it so that the system only
matches authorized individuals. Two potential problems can arise:

• False Rejection: This is when an authorized individual is rejected by the

system.
• False Acceptance: This is when the system accepts an unauthorized
individual. Set the threshold too high and legitimate users will fail to be identified.
Set the threshold too low and unauthorized users will be accepted. There is
usually a trade-off between these settings. This threshold is set depends upon
the purpose of the biometric system and the degree of security required.

Variations in Characteristics and Traits

A percentage of users will have missing or damaged biometric
characteristics. This makes automatic identification or verification of all users with
a single biometric system impossible. Hence, alternative and appropriate
methods of verifying identity for those unable to utilize the biometric should be an
important component on any system. In addition, both physiological and
behavioural characteristics can vary over time. For example, hands can swell
from work, heat, or allergies; fingerprints can be marred by scratches, exposure
to chemicals, or embedded dirt; voices can vary from colds; and signatures may
change, as a person gets older.

User Attitude
How users feel about the biometric system can also impact performance.
Some individuals are “technophobic” or have other personal reasons for being
concerned about using a biometric system. The intention and overall co-
operation of the user, as well as the way a person interacts with a system, may
affect its accuracy. Some techniques are generally more acceptable to people
than others. As an example, one study found iris and retinal scans to be the most
unacceptable; finger scans, hand geometry, and hand vein recognition more
acceptable; and face, signature, and voice recognition, as well as thermograms,
the most acceptable. People’s acceptance of biometrics is based on perceived
intrusiveness, speed of enrolment and use, and similarity to other familiar
processes.
 23

Uniqueness
The degree of “uniqueness” varies among the different types of biometric
characteristics. While vendors may claim their systems use unique
characteristics, in actuality, uniqueness is measured by statistical probability.
Some industry analysts maintain that, with the exception of fingerprints, biometric
characteristics have not been demonstrated to be unique. The degree to which a
biometric characteristic must be unique in order to accurately identify users
depends on the type and size of the application. In small applications, the
uniqueness of the biometric feature is less important. In large applications,
systems based on non-unique features may be more likely to have false positives
due to similarities. One of the factors influencing the uniqueness and, therefore,
the accuracy of the different biometric techniques is the amount of data collected
and compared.

Privacy Concerns

Privacy of the Person

Any form of identification may attract opposition in different circumstances.
To some people the need to identify themselves is intrinsically distasteful and
demeaning. It is symbolic of the power that an organization they are dealing with
has over them. To them, biometric identification represents the ultimate invasion
of personal privacy. Certain biometric techniques require touching a communal
reader, which may be unacceptable to some, due to cultural norms or religious
beliefs. Others are apprehensive about interacting with a machine because they
are not familiar with the technology, or are afraid that biometrics may cause them
discomfort or harm.

Informational Privacy
A 1998 Canadian newspaper poll asked if biometric technology was a
threat to privacy — 51% of respondents said yes. The majority of privacy
concerns about biometrics relate to informational privacy and the ability of a
person to determine when, how, and to what extent their biometric information is
communicated to others. However, associated with biometrics is a high level of
general anxiety about privacy because the technology can reveal information that
is so intimate and intrinsic to oneself. Some people have the view that biometrics,
“much more so than other identification schemes, may imperil the sense of
individuality.” It is necessary to first understand this concern, in order to put the
specific informational privacy issues into context.
 24

CHAPTER 8: CONCLUSION

Advances in semiconductor technologies, as well as data processing

techniques, mean that the implementation of biometric applications, which
require a large amount of processing power, can now be implemented at a
reasonable cost. Many sensor suppliers are also developing AISC based system
solutions that implement all of the functional blocks needed for a biometric
identification system.

Over the next few years, publicly visible biometric systems will become
commonplace. Both automated and personal bank teller applications using
fingerprint, speaker and iris recognition already exist and will expand. Computer
network access and log-on applications involving fingerprint, speaker and face
recognition are expected to be widespread.

Biometric will appear in automotive applications over the next few years.
Existing sensor technology was developed for office environment to be reliable in
the automotive environment, but sensor manufacturers are achieving promising
progress.

As biometric applications become an everyday occurrence, public

understanding and acceptance will develop to a point where automotive
customers will not only accept, but also expect, the convenience that systems
utilizing biometric solutions can bring.
 25

REFERENCES:

 Ronald K. Jurgin –Passenger Safety and Convenience Systems,

2001-01-0171 Automotive Application of Biometric System and
Fingerprint.

 Lawrence O’ Gorman, Avaya labs research, Basking Ridge,NJ- ALR-

2002-042-paper –Securing Business’s Front Door-password, token and
biometric authentication. logorman@avaya.com.

 Biometric Consortium – An introduction to biometrics, www.biometrics.org

 Smart cards and biometrics in privacy-sensitive secure personal

identification system. A smart card alliance white paper, May 2002,
www.smartcardalliance.com
26