1.

Abstract

“Biometrics” is a general term used alternatively to describe a characteristic or a process.

As a characteristic:

1. A measurable biological (anatomical and physiological) and behavioral

characteristic that can be used for automated recognition.

As a process:

2. Automated methods of recognizing an individual based on measurable

biological (anatomical and physiological) and behavioral characteristics.

Biometric systems have been researched and tested for a few decades, but have only
recently entered into the public consciousness because of high profile applications, usage
in entertainment media (though often not realistically) and increased usage by the public
in day-to-day activities. Example deployments within the United States Government
include the FBI’s Integrated Automated Fingerprint Identification System (IAFIS), the
US-VISIT program, the Transportation Workers Identification Credentials (TWIC)
program, and the Registered Traveler (RT) program. Many companies are also
implementing biometric technologies to secure areas, maintain time records, and enhance
user convenience. For example, for many years Disney World has employed biometric
devices for season ticket holders to expedite and simplify the process of entering its
parks, while ensuring that the ticket is used only by the individual to whom it was issued.

A typical biometric system is comprised of five integrated components: A sensor is used

to collect the data and convert the information to a digital format. Signal processing
algorithms perform quality control activities and develop the biometric template. A
data storage component keeps information that new biometric templates will be
compared to. A matching algorithm compares the new biometric template to one or
more templates kept in data storage. Finally, a decision process (either automated or

1
human-assisted) uses the results from the matching component to make a system-level
decision.

2. Biometrics

Biometrics is the technology or discipline that recognizes a person’s biological and

behavioral characteristics thereby verifying the identity of the corresponding individual.
A more restricted definition of biometrics refers to the science designed to enable a
machine to analyze a person’s biological and behavioral traits for the verification of his
or her individual identity. Many body parts, personal characteristics and imaging methods
have been suggested and used for biometric systems. We can list them as fingers, hands,
feet, faces, eyes, ears, teeth, veins, voices, signatures, typing styles, gaits and odors etc.
Biometrics also refers to an entirely different field (today more commonly called
Biostatistics), which concerns the development of statistical and mathematical methods
applicable to data analysis problems in the biological sciences (a definition in use since
the early 20th century).

2.1History of Biometrics:

Biometrics dates back to the ancient Egyptians who measured people to identify them.
Such rudimentary means of identification based on measurements of parts of bodies or
aspects of behavior have continued to be used ever since throughout the centuries.
Fingerprint identification dates back to ancient China. Identification based on fingerprints
has been in effect in the United States and Western Europe for over 100 years.

Commercial advancements for biometric devices began in earnest in the 1970s when a
system called Identimat which measured the shape of the hand and length of the fingers
was used as part of a time clock at Shearson Hamill, a Wall Street investment firm.
Subsequently, hundreds of Identimat devices were used to establish identity for physical
access at secure facilities run by Western Electric, U.S. Naval Intelligence, the
Department of Energy, U.S. Naval Intelligence and like organizations.2 Identimat went
out of business in the 1980s, but it set the stage for future biometric identification systems
based on hand measurement.

2
Progress was made on fingerprint biometric devices during the 1960s and 1970s when a
number of companies developed products to automate the identification of fingerprints
for use in law enforcement. In the late 1960s, the FBI began to automatically check
fingerprints, and by the mid 1970s, it had installed a number of automatic fingerprint
systems across the U.S. Automated Fingerprint Identification Systems (AFIS) are now
used by police forces all around the globe. This widespread use of fingerprint data for law
enforcement lends a ‘Big Brother’ feel to the use of fingerprint biometrics for
identification, making it important for current fingerprint identification system providers
to reassure consumers that their identity is ‘safe,’ their privacy maintained, and that their
fingerprint will not be entered into a law enforcement database. Consumers must
understand that current fingerprint recognition systems used for digital transactions differ
widely from traditional AFIS systems. Automated systems for measuring other
biometrics developed similarly to those used with fingerprints. The first systems to
measure the retina were introduced in the 1980s. The work of Dr. John Daughman at
Cambridge University led to the first iris measurement technology. Identification based
on signature and face biometrics is relatively new.

Biometrics has been widely researched inside certain universities for the past two to three
decades, and most commercial products emerging today have strong roots inside
institutions of advanced education. Caltech and MIT are two leaders in the study of
biometrics and the related fields of pattern recognition, learning theory and artificial
intelligence. Because of its inherent complexity and because of their longer history with
biometrics, individuals inside universities are closely involved with the most important
product innovations involving biometrics.

Biometrics refers to the automatic identification of a person based on his/her

physiological or behavioral characteristics. This method of identification is preferred over
traditional methods involving passwords and PIN numbers for various reasons: (i) the
person to be identified is required to be physically present at the point-of-identification;
(ii) identification based on biometric techniques obviates the need to remember a
password or carry a token. With the increased use of computers as vehicles of
information technology, it is necessary to restrict access to sensitive/personal data. By

3
replacing PINs, biometric techniques can potentially prevent unauthorized access to or
fraudulent use of ATMs, cellular phones, smart cards, desktop PCs, workstations, and
computer networks. PINs and passwords may be forgotten, and token based methods of
identification like passports and driver's licenses may be forged, stolen, or lost. Thus
biometric based systems of identification are receiving considerable interest. Various
types of biometric systems are being used for real-time identification, the most popular
are based on face, iris and fingerprint matching. However, there are other biometric
systems that utilize retinal scan, speech, signatures and hand geometry.

A biometric system is essentially a pattern recognition system which makes a personal

identification by determining the authenticity of a specific physiological or behavioral
characteristic possessed by the user. An important issue in designing a practical system is
to determine how an individual is identified. Depending on the context, a biometric
system can be either a verification (authentication) system or an identification system.

2.2 Authentication in General

Authentication is the second step in the identify-authenticate-authorize process, which is

done countless times every day by humans and computers alike. When speaking about
human authentication, basically we have three choices: using something we know (such
as passwords and passphrases), something we have (such as access tokens, smart cards,
and so on) or something we are (biometrics). There is no "best" authentication method;
each has its pros and cons, depending on the application, the users, and the environment.
Whatever authentication method we use, we can make it stronger by using one or both of
the other methods. An example of strong authentication would be a system that requires
possession of a smart card, knowledge of a password or Personal Identification Number
(PIN), and biometric verification. Obviously to steal or fake all three would be much
more difficult than to steal or fake any one of these—however, more expensive and
laborious to operate as well. The other two factors—the time of access and the location of
subject—may also be used for access control, but usually only as auxiliary factors.

4
What You Know

Unquestionably the most widely used method of authentication, passwords, passphrases,

and PINs share both pros and cons with each other. Moreover, an advantage in one
situation easily becomes a problem in another—an example being the ease of password
sharing. Passwords are easy to change, but are also easy to intercept. Systems can force
the use of strong passwords, but the user may respond by storing or transmitting them in
such a way that the added security is effectively reduced to nil.

Unauthorized disclosure of a password is not usually detected until after unauthorized

access has already taken place. Passwords are also vulnerable to guessing, dictionary, and
brute-force attacks. On the other hand, they require no additional hardware, they are an
accepted method of authentication, and they are well-understood—even by the most
technologically challenged part of human species.

What You Have

Smart cards, access tokens (both challenge-response and time-based), and other "what
you have" authentication methods solve some of the problems associated with "what you
know" authentication, but they create a set of different problems. Unlike theft of a
password, theft of a smart card or access token can, of course, be easily detected. Unlike
passwords, smart cards usually cannot be used simultaneously by two or more parties in
different places. However, "what you have" authentication devices may be lost, damaged,
and stolen. They may also run out of power (if self-powered) or may be prone to power-,
synchronization- and time-based attacks if externally powered. They may also be
subjected to reverse engineering and other treatment, which may compromise their
security.

What You Are: Biometric Authentication

There are two biometric authentication methods: biometric verification and biometric
identification of identity. Biometric identification is also sometimes referred to as pure

5
biometrics because it is based only on biometric data and is more difficult to design and
operate—but alas, pure biometrics is not the most secure, useful, or efficient one. Also,
both methods can not always be used with all biometrics—some biometrics can only be
used in verification mode because of their intrinsic properties.

Verification
Biometric verification uses entity IDs and a biometric—in this case biometric merely
serves to prove identity already declared by the entity—which may be done using
something you know (a username) or something you have (a smart card). Biometric
(something you are) works to actually complete the authentication process. Hence, the
biometric database keeps a list of valid entity IDs (which may be said to serve as primary
keys to the database) and corresponding biometric templates, and compares ("matches")
the stored template with the biometric provided. The result of this comparison is either an
accept or reject decision based on a complex algorithm and system settings (refer to the
section "Matching").

Identification
Unlike biometric verification of identity, biometric identification is based solely on
biometrics. The biometric serves as both the identifier and the authenticator. The
biometric database contains the enrolled biometric templates, and they all are compared
against the provided biometric to find a match. Biometric identification may be described
as "putting all your eggs in one basket," partly because somehow faking or stealing a
biometric compromises both the ID and the authenticator.

6
A biometric identification system may operate in one of the two modes: positive
identification or negative identification. In a positive identification biometric system, the
provided biometric must be in the database and there must be only one match to
positively identify the person. The risks present in a biometric system are false
acceptance and false rejection, whereas unauthorized subjects are incorrectly accepted, or
authorized ones are denied identification, resulting in a denial of service. A negative
identification system, in contrast, works by determining whether the provided biometric
is not in the database.

Any human physiological or behavioral trait can serve as a biometric characteristic as

long as it satisfies the following requirements:

 Universality - Each person should have the characteristic.

 Distinctiveness - Any two persons should be different in terms of the characteristic.
 Permanence - The characteristic should be sufficiently invariant (with respect to the
matching criterion) over a period of time.
 Collectability -The characteristic should be quantitatively measurable. However, for
a practical biometric system, we must also consider issues of performance,
acceptability, and circumvention.

Need For Biometrics

Biometrics has gained popularity because of two main reasons:

 Security and Management
The biometrics market arose from the need to prevent any risks or damages in various
fields that includes areas like banks, defense, various private institutions and it uses
identity authentication to answer that need. It uses range from physical control and
management including entrance control, diligence management, and machine access
control to security and management in the information industry, including computer
security, distance education, e-commerce, information security, and so on. These
days, computer processing of so much important information fosters information

7
 exchange in the cyberspace, and expands e-commerce fields to the growth of the
related businesses.
 Convenience
Convenience is one of the greatest advantages of biometrics compared to existing
methods of personal authentication such as keys, identification numbers (ID) and
passwords. As it is lot more convenient to simply place our finger on to a scanner
instead of remembering a long and complex series of characters and their cases.
Similar is the case with other biometric techniques. In other words, everyone can be
uniquely identified without the need for an ID, a magnetic card, a smart card, a key or
a personal identification number (PIN).
A user can verify each individual by using only physical traits such as fingerprints
and voice. Also such techniques are difficult to fake without the help of the owner.

The Biometric Process

There is a wide consensus that there are three levels of security. The first level is
something that an individual knows, which can correspond to a password. The second
level is something that an individual possesses; some sort of a plastic card or a key.
Finally, the third level is something an individual is or does. Biometrics is the third level
of security. This authentication occurs in real-time, is automatic, and is non-forensic.
The key to all types of biometrics is that the measured characteristic is distinct, unique,
and unchangeable or repeatable over time for the same individual.

There are five steps in the Biometrics process:

 The first process is the enrollment phase, where a sensor measures the individual’s
characteristics. The output of the sensor is the convolution of the biometric measure,
the presentation of the current measure, and the technical characteristics of the sensor.

8
 Next is transmission, the data needs to be transmitted depending upon the system.
Some systems transmit the data to another location, and if the data is large, then it
needs to be compressed first. This can cause a decrease in the quality of the signal.
The more the data is compressed the greater the decrease in quality.

9
 After the transmission step is signal processing. Signal processing involves three
steps. First is feature extraction where the true biometric pattern is extracted from
noise and signal loss that was gained or added during transmission. In this step you
also trying to preserve the features of the biometrics pattern that are distinct and
repeatable and eliminate the features that are redundant. Next, some systems run a
diagnostic at this point to check the quality of the signal, others check the signal
quality later. If the signal received from the data is insufficient, it is marked as
defective and a new biometrics sample is requested. Once the data is acquired, it
needs to be compared with other measures. In order to build a template for person, the
physical characteristic has to be presented again and compared to the template. This
process is called pattern matching. For authentication to be successful in the future,
the individual’s physical characteristic is compared to the template. Finally, the
biometrics sample is entered and assigned to person. This is where the term
enrollment comes into play meaning that the biometric sample is entered into the
system for the very first time. The biometric sample is now referred to as a template.
There is an exception to the pattern matching process. Some systems allow multiple
enrollments and this allows the pattern matching process to be skipped.

 Next is the decision subsystem, which invokes a distance measure for comparison.
This step directs the database in its search to find matches or non-matches based upon
the distance measures received from the pattern matcher. Some systems implement a
policy to accept the biometric sample if the distance is lower than some set threshold
and reject the biometric sample if the distance is greater than the threshold. The
policy could also be set to give a user three attempts to enter an acceptable biometric
sample.

 Finally, there are numerous ways to store the data based upon the type of biometrics
used. Feature templates are stored in a database for comparison by the pattern
matcher. For one-to-one matching systems the database could be stored on magnetic

10
 strip cards carried by the individuals. A centralized database is not needed in a one-
to-one system, but a database would be helpful to identify counterfeit cards or reissue
lost or stolen cards. For one-to-N, where N is greater than one and systems with
identification verification a centralized database is needed. As the numbers of entries
grow (N) the speed of verification becomes important, therefore, the database may
need to be partitioned so that feature samples can be matched to templates stored in a
separate identified partition. This allows the search time for authentication to decline.
If the Biometric pattern needs to be reconstructed from stored data, raw data storage
will be needed. The storing of raw data allows changes in the system and can also
eliminate the need to recollect data from all the users.

4. Types Of Biometrics

The different types of biometrics techniques are classified according to the following
characteristics:

4.1. Biometrics using Physical Characteristics

Fingerprints, face, iris, vein, cornea, hand, DNA pattern, ear, etc

 Relatively stable
 Does not change much in a lifetime
 Huge, expensive equipment needed. Intrusive method

4.2. Biometrics using Behavioral Traits

Signature, voice recognition, walking style

 Change according to psychological condition

 Influenced by physical traits (men/women, build)

11
 Change a lot
 Simple, inexpensive equipment. Non-.offensive method
A biometrics system should use personal traits developed with the following "ideal"
criteria: universal (everyone has it), unique (no two people have it alike), permanent
(does not change and cannot be changed), collectable (easy to obtain and quantify with a
sensor).

5. Biometric Features

5.1 Fingerprint Recognition

Humans have fingerprints for better grip, different people have entirely different sets of
fingerprints, which enables identification.A fingerprint is made up of ridges and valleys
(lines and the gaps separating them) and it is these ridges and valleys, which are scanned
to verify the authenticity of a print. To authenticate a set of prints, a scanner has to firstly
get the images of the prints, which are to be authenticated, and secondly it needs to
actually go about the business of verifying.

The most commonly used method of scanning is optical scanning. An optical scanner has
a CCD (charged coupled device). There is an array of light sensitive diode (photosites).
When these diodes come in contact with light they generate an electrical signal. Every
photosite records a pixel representing the light it came in contact with. It is not necessary
that the same kind of light fall on all diodes. So what is generated is a mix of dark and
light areas, which together make up the image.

12
The process begins as soon as you place your finger on the glass plate. The scanner has
its own source of light (mostly an array of LED’s) which illuminates the finger the CCD
inside takes a picture of the finger. It then checks for the integrity of the Image in terms
of contrast, sharpness and sheer quality. The system checks the average pixel darkness,
or, might employ a sampling technique and check the overall values in a simple area. If
the image is too dark or too light, it is rejected. Exposure settings are then accordingly
adjusted and the print is rescanned.

If the exposure level is found to be correct, it goes on to check the image definition
(sharpness of fingerprint). It does so by analyzing the several straight lines moving
horizontally and vertically across the image. If a line perpendicular to the ridges will
comprise alternating segments of light and dark pixels then the scanner proceeds to
compare the captured fingerprint with those in the database to see if it can find a match.

Matching of prints is a fairly complex process in itself and is far removed-from the super-
imposing method. This is so because smudging (due to scan surface or oily fingers) can
make the same print appear different in different photos. Also, scanning and matching the
entire finger consumes a lot of processing power.

Scanners compare specific features of the fingerprint, which is called minutiae. These
points are generally places where ridgelines end or bifurcation occurs. The idea is to
measure the relative positions of the minutiae. Depending on the algorithm, a specific
number of minutiae must be matched for the print to be accepted.

5.2. Facial Recognition

13
Face recognition is a Biometrics technology that uses an image or series of images from
either a camera or photograph to recognize a person. Unlike other biometrics
technologies, face recognition is a passive biometrics and does not require a person’s
cooperation. Face recognition is completely oblivious to differences in appearance as a
result of race or genders differences and is a highly robust Biometrics. The main
application of facial recognition is in security wherein the software is expected to pick a
face out of say thousands of passengers at the airport, and match it with the database of
wanted criminals.

Every face has certain characteristics and distinguishable features, which allow us to
differentiate between two people. The software does the whole work.. The software
divides the face into 80 nodes, some of the common ones being distance between the
eyes, width of the nose, and depth of eye sockets, cheekbones, jaw line and chin. The
system generally needs to match between 14-25 nodes in order to obtain a positive ID.
There are a lot of people coming in and out of a place where this system is set up
(stadiums, airports etc). The real challenge is to recognize the face instantly. To facilitate
this, a database is created with the help of an algorithm, which goes through the
characteristics of the faces and stores them as a string of numbers. This string is called
faceprint.

Following are the broad steps utilized by facial recognition software:

 False Detection: The camera pans around looking for a face. The minute it
encounters a face, it starts scanning it and proceeds to identifying various nodes and
taking measurements if possible.

 Detection of Orientation: Once the face is detected, the system determines the
head’s size and position. Generally, a face needs to be around 40 degrees towards the
camera for the system to register and analyze it.

14
 Mapping: The facial image is scaled down to the level of the images in the database
and is then rotated and otherwise adjusted to match the formatting of the images in
the database.

 Encoding: The algorithm then converts the face into a face print based on the pre-
defined criteria programmed into the algorithm.

 Matching: This new data is then used as a filter to sort through the database of faces
at super fast speeds to come up with a match.

15
Since it uses a variety of nodes, simpler alterations of the face will not fool it; however,
twins might; so, the system is certainly not infallible.

5.3. Iris Recognition

Iris scanning is the best choice for verification of identity because no two people have

identical irises. Also, the two irises of a single individual are unique. The iris is a better
biometric tool than fingers or hands because it has thousands of measurable features that
can be captured, extracted, and used to form a reference template. Since the iris has more
measurable features that can be captured, extracted, and used the resulting template is
more complex than that of other biometric devices. Therefore, the false acceptances and
rejections that are reality for other biometric devices are extremely unlikely. The chances
of an iris scan creating the same template from two different individuals are about 1 in
107

107

16
 Iris recognition technology is safe, accurate and capable of performing 1-to-many
matches at extraordinarily high speeds, without sacrificing accuracy. Iris recognition has
also become more passive, and acquisition devices can be situated at distances of up to
10" away from the individual attempting verification. Iris scan though related to the eye
(like retinal scan) uses a completely different method of identification. The iris is the
colored ring surrounding the pupil. Over 200 points can be used for comparison such as
rings, furrows and freckles. The scan is done with a regular camera and the subject stands
about a foot from the lens of the camera so it is lot more convenient.

In India, Kerala embraces biometrics for cooperatives. The Kerala State Cooperative
Institute of Information Technology Electronics and Communication is partnering with
Access Shield International (ASI) to work on program in Iris Technology.

5.4. Hand Recognition

Introduction

Hand geometry recognition is the longest implemented biometric type, debuting in the
market in the late 1980s. The systems are widely implemented for their ease of use,
public acceptance, and integration capabilities. One of the shortcomings of the hand
geometry characteristic is that it is not highly unique, limiting the applications of the
hand geometry system to verification tasks only.

Approach

The devices use a simple concept of measuring and recording the length, width,
thickness, and surface area of an individual’s hand while guided on a plate (Figure 1).
Hand geometry systems use a camera to capture a silhouette image of the hand (Figure

17
2). The hand of the subject is placed on the plate, palm down, and guided by five pegs
that sense when the hand is in place. The resulting data capture by a Charge-Coupled
Device (CCD) camera of the top view of the hand including example distance
measurements

Figure1: Bottom view Figure 2: Silhouette of Hand Image

The image captures both the top surface of the hand and a side image that is captured
using an angled mirror (Figure 3). Upon capture of the silhouette image, 31,000 points
are analyzed and 90 measurements are taken; the measurements range from the length of
the fingers, to the distance between knuckles, to the height or thickness of the hand and
fingers (Figure 4). This information is stored in nine bytes of data, an extremely low
number compared to the storage needs of other biometric systems.

Figure 3: Hand Including Mirror Figure 4: Image as Seen by the CCD Camera

18
The enrollment process of a hand geometry system typically requires the capture of three
sequential images of the hand, which are evaluated and measured to create a template of
the user’s characteristics. Upon the submission of a claim, the system recalls the template
associated with that identity; the claimant places his/her hand on the plate; and the system
captures an image and creates a verification template to compare to the template
developed upon enrollment. A similarity score is produced and, based on the threshold of
the system; the claim is either accepted or rejected.

5.5. Signature Recognition

The biometric most familiar to us is the signature. Our ability to judge by sight if one
signature matches another has made this a time-proven and legally binding biometric.
However, by sight alone, most of us cannot recognize the pressure of the pen on the paper
or the speed and rhythms of its traverse of the page. Computers can do all these things,
and quantify, analyze and compare each of these properties to make signature recognition
a viable biometric technology.

The process used by a biometric system to verify a signature is called dynamic signature
verification (DSV). As a person signs his or her name, a DSV system captures a number
of behavioral characteristics with a special sensitive pen and tablet. These characteristics
include the angle at which the pen is held, the number of times the pen is lifted, the time
it takes to write the entire signature, the pressure exerted by the person while signing, and
the variations in the speed with which different parts of the signature are written.
Together these things become a biometric trait. Each time a person signs his or her name,
slight variations can be found in the signature. Thus, several signatures must be taken
from one person to compile an average profile. This average profile is the template for
comparison when a person uses the signature verification system.

19
Signature biometrics poses a couple of unique problems. The first is the comfort with
which people are already willing to use their signature as a form of identification. While
this high level of consumer acceptance is viewed as strength by vendors of such systems,
this bears with it a strong downside. Without proper notification, a person may sign an
electronic signature pad and unwittingly also be surrendering a reference or live
biometric sample. Since the custom of leaving a signature as one's "official mark" is
based on the presumption of irreproducibility (i.e., that a forger would be hard-pressed to
imitate a signature just by looking at it), people are willing to provide a signature without
giving its potential for reproduction a second thought. However, electronic data is easy to
copy and transmit. And so, a forger posing as a deliveryman might fraudulently secure a
signature biometric by presenting a victim with a "gift" box, requesting a signature to
confirm delivery, and making off with the victim's biometric data.

The second unique property of signature biometrics is that unlike all other biometrics,
which either establish an identity (identification) or confirm an identity (authentication), a
signature can convey intent (authorization). In other words, a traditional signature on
paper is taken both to authenticate the signatory, and to convey the signatory’s legal
authority. An electronic system that solicits a user's non-signature biometric must provide
a separate step to convey the user's legal authorization for any binding transaction. A
signature-based biometric system could mimic our current legally customary acceptance
of a signature to simultaneously convey both identity and authority.

5.6. DNA Recognition

Principles of DNA biometrics

Humans have 23 pairs of chromosomes containing their DNA blueprint. One member of
each chromosomal pair comes from their mother; the other comes from their father.
Every cell in a human body contains a copy of this DNA. The large majority of DNA
does not differ from person to person, but 0.10 percent of a person's entire genome would
be unique to each individual. This represents 3 million base pairs of DNA.

20
Genes make up 5 percent of the human genome. The other 95 percent are non-coding
sequences, (which used to be called junk DNA). In non-coding regions there are identical
repeat sequences of DNA, which can be repeated anywhere from one to 30 times in a
row. These regions are called variable number tandem repeats (VNTRs). The number of
tandem repeats at specific places (called loci) on chromosomes varies between
individuals. For any given VNTR loci in an individual's DNA, there will be a certain
number of repeats. The higher number of loci is analyzed, the smaller the probability to
find two unrelated individuals with the same DNA profile.

DNA profiling determines the number of VNTR repeats at a number of distinctive loci,
and uses it to create an individual's DNA profile. The main steps to create a DNA profile
are: isolate the DNA (from a sample such as blood, saliva, hair, semen, or tissue), cut the
DNA up into shorter fragments containing known VNTR areas, sort the DNA fragments
by size, and compare the DNA fragments in different samples.

6. Future trends of biometrics

6.1 keystroke recognition

As we possess unique physiological biometrics, we also possess unique behavioral

biometrics-such as the way we sign our name. The way and the manner in which we type
on our computer keyboard varies from individual to individual, and in fact it is unique
enough, it is also considered to be a behavioral biometric.

How Keystroke Recognition Works

In comparison to the other biometric technologies examined, Keystroke Recognition is

probably of the easiest to implement and administer. This is so because at the present
time, Keystoke Recognition is completely a software based solution. There is no need to
install any new hardware. All that is needed is the existing computer and keyboard that
the individual is currently using. There is only one primary vendor for this technology,
and that is BioNet Systems, LLC.

21
The distinctive, behavioral characteristics measured by Keystroke Recognition include:

1. The cumulative typing speed;

2. The time that elapses between consecutive keystrokes;
3. The time that each key is held down;
4. The frequency of the individual in using other keys on the keyboard, such as the
number pad or function keys;
5. The sequence utilized by the individual when attempting to type a capital letter-
for example, does the individual release the shift key or the letter key first?

6.2 Gait Recognition

The characteristics of your walk may not be as

distinctive as the swaggering of John Wayne or
the sashay of Joan Collins, but your stride may
still be unique enough to identify you at a
distance -- alone or among a group of people.

Researchers at the Georgia of In experiments last year, Georgia

Institute
Technology and elsewhere are developing Tech Research Institute researchers
technologies to recognize a person's walk, or monitored 70 subjects as they walked
gait. Results indicate these new identification past a laboratory-based radar system
methods hold promise as tools in the war on similar to the radar guns carried by
terrorism and in medical diagnosis. police officers.

Gait recognition technology is a biometric

method -- that is, a unique biological or behavioral identification characteristic, such as a
fingerprint or a face. Though still in its infancy, the technology is growing in significance
because of federal studies.

6.3. Thermo grams

22
Infrared Thermography, thermal imaging, or thermal video, is a type of infrared imaging
science. Thermographic cameras detect radiation in the infrared range of the
electromagnetic spectrum (roughly 900–14,000 nanometers or 0.9–14 µm) and produce
images of that radiation. Since infrared radiation is emitted by all objects based on their
temperatures, according to the black body radiation law, thermography makes it possible
to "see" one's environment with or without visible illumination. The amount of radiation
emitted by an object increases with temperature, therefore thermography allows one to
see variations in temperature (hence the name). When viewed by thermographic camera,
warm objects stand out well against cooler backgrounds; humans and other warm-
blooded animals become easily visible against the environment, day or night. As a result,
thermography's extensive use can historically be ascribed to the military and security
services.

So these infrared cameras are used to detect the heat patterns of different parts of the
body.

6.4.Skin Reflection

in this type of biometrics the light is sent is sent in to the body. The reflected light is
different for different persons which forms the basis of recognition.

7. FRR, FAR

The most striking difference between the biometrics system and a traditional
authentication system based on an ID/password is that the new system cannot generate
100 percent 'Yes' or 'No' answers. On the other hand, other existing systems can do so
according to letters or numbers entered. In the case of biometrics, biological information
could change in terms of its shape or angle when it is read, so matching scores against
Templates could change accordingly.
As a result, even a valid person may be rejected or a wrong person may be accepted. The
ratios developed to evaluate the probabilities of the two cases are called FRR (False
Rejection Ratio) and FAR (False Acceptance Ratio).

23
24
In Figure 1.3 shown above, the shaded portion with oblique lines on the left part of a
critical value is FRR, and the other portion on the right part, is FAR. Certainly, a system
with less shaded portion is better.
_ The above Figure 1.4 shows the change patterns of FAR and FRR according to changes
in the critical value. The point where FAR and FRR are the same is called EER (Equal
Error Rate), and is used as a yardstick for evaluating the system's performance along with
the two other ratios.

The smaller the shaded portion in Figure 1.3 is, the closer the graph in Figure 1.4 will be
to the X and Y axis. A user can set a different critical value according to his or her
purposes. For example, in the case of a very important security system, the user can
reduce the possibility that an unauthorized person is accepted to near zero by setting a
critical value high enough. Instead, even an authorized person can fail to get access at
times. On the other hand, if police is looking for a criminal with fingerprints obtained
from the crime scene, it will be necessary to search for and analyze all possible
fingerprints. In areas such as these, it is useful to set the critical value low enough to find
all possible matches in the fingerprint database. In short, the higher the critical value is,
the less convenient the system can be but, at the same time, its security is higher.
Conversely, the lower the value is, the more convenient the system is, but its security is
lax.

8.Applications:

The practical applications of biometric technologies are diverse and expanding, as new
needs are identified. By and large, biometric applications fall into two main categories:
law enforcement and civilian applications.

The law enforcement community is perhaps the largest biometric user group. Police
forces throughout the world use AFIS technology to process criminal suspects, match
finger images and bring guilty criminals to justice.

Those biometric applications not involving crime detection utilize some form of access
control. This will either involve the physical access of people to secure areas, or securing

25
the access to sensitive data. In other words, access control is either physical access or
data access. Whether securing benefit systems from fraud, preventing illegal immigrants
from entering a country, or prisoners from leaving a prison - controlling access is the
underlying principle. Access control ensures that authorized individuals can gain access
to a particular area and that unauthorized individuals cannot.

Some examples of biometric applications are listed below.

Banking

Banks have been evaluating a range of biometric technologies for many years. Fraud and
general breaches of security must be controlled if banks are to remain competitive in the
financial services industry. Automated teller machines (ATMs) and transactions at the
point of sale are particularly vulnerable to fraud and can be secured by biometrics. Other
emerging markets include telephone banking and Internet banking, both of which demand
the utmost security for bankers and customers alike.

Computer Access

Fraudulent access to computer systems affects private computer networks and the
Internet in the same way: confidence is lost and the network is unable to perform at full
capacity until the breach in security is patched. Biometric technologies are proving to be
more than capable of securing computer networks. This market area has phenomenal
potential, especially if the biometrics industry can migrate to large-scale Internet
applications. As banking data, business intelligence, credit card numbers, medical
information and other personal data becomes the target of attack, the opportunities for
biometric vendors are rapidly escalating.

Electronic Benefits Transfer (EBT)

Benefits systems are particularly vulnerable to fraud. The battle against fraud has been
waged by welfare departments across many U.S. states for years. A variety of

26
technologies are being evaluated, although fingerprint scanning is particularly
widespread. AFIS technology and one-to-one verification are used to ensure that the
benefit claimant legitimately receives a benefit check. Another development that may
revolutionize the payment of benefits is Electronic Benefits Transfer (EBT), which
involves loading funds onto a plastic card. The card can then be used to purchase food
and other essentials in shops fitted with special point-of-sale smart card readers.
Biometrics are well-placed to capitalize on this phenomenal market opportunity and
vendors are building on the strong relationship currently enjoyed with the benefits
community.

Immigration

Terrorism, drug-running, illegal immigration and an increasing throughput of legitimate

travelers is putting a strain on immigration authorities around the world. It is essential for
these authorities to quickly and automatically process law-abiding travelers and identify
the lawbreakers. Biometrics are being employed in a number of diverse applications to
make this possible. The U.S. Immigration and Naturalization Service (INS) is a major
user and evaluator of biometric technologies. Systems are currently in place throughout
the U.S. to automate the flow of legitimate travelers and deter illegal immigrants.
Biometrics are also gaining widespread acceptance in Australia, Bermuda, Germany,
Malaysia, and Taiwan.

National Identity

Biometrics are beginning to assist governments as they record population growth,

identify citizens, and prevent fraud occurring during local and national elections. Often
this involves storing a biometric template on a card which, in turn, acts as a national
identity document. Fingerprint scanning is particularly strong in this area and programs
are already underway in Jamaica, Lebanon, the Philippines, and South Africa.

Physical Access

27
More and more organizations are using biometrics to secure the physical movement of
people. Schools, nuclear power stations, military facilities, theme parks, hospitals, offices
and supermarkets across the globe employ biometrics to minimize security threats. As
security becomes more important for parents, employers, governments and other groups,
biometrics will be seen as a more acceptable and therefore essential tool. The potential
applications are endless. Biometrics could even be employed to protect our cars and
homes.

Prisons

Prisons, as opposed to law enforcement, use biometrics not to catch criminals, but to
make sure that they are securely detained. A surprising number of prisoners simply walk
out of prison gates before they are officially released. A wide range of biometrics are now
being employed worldwide to secure prison access, police detention areas, enforce home
confinement orders, and regulate the movement of probationers and parolees.

28
Telecommunications

With the rapid growth of global communications, cellular telephones, dial inward system
access (DISA), and a range of telecommunication services are under attack from
fraudsters. Cellular companies are vulnerable to cloning (a new phone is created using
stolen code numbers) and new subscription fraud (a phone is obtained using a false
identity). Meanwhile, DISA - which allows authorized individuals to contact a central
exchange and make free calls - is being targeted by telephone hackers. Once again,
biometrics are being called upon to defend this onslaught. Speaker ID is well suited to the
telephone environment and is making inroads into these markets.

Time & Attendance

Recording and monitoring the movement of employees as they arrive at work, take
breaks, and leave for the day was traditionally performed by "clocking-in" machines.
However, manual systems can be circumvented by someone "punching in" for someone
else, a process known as "buddy punching." This disrupts time management and unit
costing exercises and costs companies millions of dollars. Replacing the manual process
with biometrics prevents abuses of the system. In addition, biometrics can be
incorporated with time management software to produce management accounting and
personnel reports.

29
10. Major Concerns

 Biometric technology is inherently individuating and interfaces easily to

database technology, making privacy violations easier and more damaging. If we
are to deploy such systems, privacy must be designed into them from the beginning,
as it is hard to retrofit complex systems for privacy.
 Biometric systems are useless without a well-considered threat model. Before
deploying any such system on the national stage, we must have a realistic threat
model, specifying the categories of people such systems are supposed to target, and
the threat they pose in light of their abilities, resources, motivations and goals. Any
such system will also need to map out clearly in advance how the system is to work,
in both in its successes and in its failures.
 Biometrics is no substitute for quality data about potential risks. No matter how
accurately a person is identified, identification alone reveals nothing about whether a
person is a terrorist. Such information is completely external to any biometric ID
system.
 Biometric identification is only as good as the initial ID. The quality of the initial
"enrollment" or "registration" is crucial. Biometric systems are only as good as the
initial identification, which in any foreseeable system will be based on exactly the
document-based methods of identification upon which biometrics are supposed to be
an improvement. A terrorist with a fake passport would be issued a US visa with his
own biometric attached to the name on the phony passport. Unless the terrorist A) has
already entered his biometrics into the database, and B) has garnered enough
suspicion at the border to merit a full database search, biometrics won't stop him at
the border.
 Biometric identification is often overkill for the task at hand. It is not necessary to
identify a person (and to create a record of their presence at a certain place and time)
if all you really want to know is whether they're entitled to do something or be
somewhere. When in a bar, customers use IDs to prove they're old enough to drink,
not to prove who they are, or to create a record of their presence.

30
 Some biometric technologies are discriminatory. A nontrivial percentage of the
population cannot present suitable features to participate in certain biometric systems.
Many people have fingers that simply do not "print well." Even if people with "bad
prints" represent 1% of the population, this would mean massive inconvenience and
suspicion for that minority. And scale matters. The INS, for example, handles about 1
billion distinct entries and exits every year. Even a seemingly low error rate of 0.1%
means 1 million errors, each of which translates to INS resources lost following a
false lead.
 Biometric systems' accuracy is impossible to assess before deployment. Accuracy
and error rates published by biometric technology vendors are not trustworthy, as
biometric error rates are intrinsically manipulable. Biometric systems fail in two
ways: false match (incorrectly matching a subject with someone else's reference
sample) and false non-match (failing to match a subject with her own reference
sample). There's a trade-off between these two types of error, and biometric systems
may be "tuned" to favor one error type over another. When subjected to real world
testing in the proposed operating environment, biometric systems frequently fall short
of the performance promised by vendors.
 The cost of failure is high. If you lose a credit card, you can cancel it and get a new
one. If you lose a biometric, you've lost it for life. Corrupt or deceitful agents within
the organization must build any biometric system to the highest levels of data
security, including transmission that prevents interception, storage that prevents theft
and system-wide architecture to prevent both intrusion and compromise.

Despite these concerns, political pressure for increasing use of biometrics appears to be
informed and driven more by marketing from the biometrics industry than by scientists.
Much federal attention is devoted to deploying biometrics for border security. This is an
easy sell, because immigrants and foreigners are, politically speaking, easy targets. But
once a system is created, new uses are usually found for it, and those uses will not likely
stop at the border.

31
With biometric ID systems, as with national ID systems, we must be wary of getting the
worst of both worlds: a system that enables greater social surveillance of the population
in general, but does not provide increased protection against terrorists.

10. Disadvantages Of Biometrics

 One of the most important disadvantages of biometrics is the cost. Some of the newer
systems use a laser to read the surface of your finger. Because biometric testing is
extremely expensive government agencies are usually the only agencies that
implement and utilize the newer systems

 Facial imaging can also hinder accurate identifications. Individuals who look alike
can fool the scanner. Individuals have the ability to alter their appearance like their
facial hair, for instance, to fool the scanner.

 Another problem is false acceptances and rejections. These two problems can occur
during authentication. False acceptances can occur when an impersonator is accepted
by the system. Rejections can occur when a person with an accurate identity is
rejected by the system. The fact remains that no biometric system will ever be 100
percent accurate. As a result, commercial developers often set a threshold in their
systems. This threshold serves as a reference score that is compared to the actual
score. If the score falls above the threshold, the person is accepted but if the person
falls below the threshold the person is rejected.

 The amount of comfort with using biometrics is a concern for many individuals. The
scanning of hands or fingers has criminal connotations for some. For others the
scanning of their eye is fearful. Scanning the eye requires close physical contact to a
scanning device and many people are afraid to stick their eye close to anything that

32
 has a laser in it. Despite the public does not generally accept the fact that the laser
does not generate enough power to harm the retinal scanning. Furthermore, the
nervousness that people feel about the scanners identification could result in
authentication errors, because the user is not relaxed.

11. Conclusion

Biometrics is a powerful tool to secure our networks such as banks, offices and personal
data. It provides high security and reduces the incidence of unauthorized access in
sensitive areas. But as no technology is foolproof there are some loop holes in this
technology which have yet to be covered.

Some people object to biometrics for cultural or religious reasons. Others imagine a
world in which cameras identify and track them as they walk down the street, following
their activities and buying patterns without their consent. They wonder whether
companies will sell biometric data the way they sell email addresses and phone numbers.
People may also wonder whether a huge database will exist somewhere that contains vital
information about everyone in the world, and whether that information would be safe
there.

At this point, however, biometric systems don't have the capability to store and catalog
information about everyone in the world. Most store a minimal amount of information
about a relatively small number of users. They don't generally store a recording or real-
life representation of a person's traits -- they convert the data into a code. Most systems
also work in only in the one specific place where they're located, like an office building
or hospital. The information in one system isn't necessarily compatible with others,
although several organizations are trying to standardize biometric data.

However above all these advantages and disadvantages this technology will be creating
ripples in the field of security and privacy.

33
12. References

1.Jain, A.K; Pankati, S; Prabhakar, S; Lin,Hong;Ross,A; “Biometric a great challenge”

IEEE Pattern Recognition, 6 July 2005 , PP : 17-20

2.Ives, R.W; Yengzi, Du; Etter, D.M; Welch,T.B; “A Multidisciplinary Approach To

Biometric” Education IEEE Transaction, August,2005, PP : 462-471

3.Delac,K; Grgio,M; “A Survey of Biometric Recognition Methods” Electronics in

Marine IEEE, 16 June,2004 PP : 184-193

4.Prabhakar,S; Pankanti,S;Jain,A.K; “Biometric Recognition:Security and Privacy

Concerned” Security And Privacy Magazine IEEE, April,2004 PP : 33-42

5.Lee,Kwanyong; Park,Hye Yound; “A Statistical Identification And Verification for

Biometrics” Springer Verlag Gmbh, PP : 611

6.”Biometrics” article from DIGIT magazine, August,2005 PP:30-34

34
35
15. BIOMETRICS IN USE TODAY

 In March 1998, a senator introduced a bill that would authorize banks and other
financial institutions to switch to electronic fund-transfer systems. To ensure security,
an individual would have to submit some type of biometric data, such as a fingerprint

 Biometrics is also being used at Walt Disney World. A person who has a season or
annual pass no longer needs a photo identification card to enter the park.

 The Connecticut Department of Social Services currently uses fingerprint scanning to

verify the identity of the 85,000 people who are available for benefits. This system is
being tested to see if the use of biometrics can reduce – or even eliminate – fraud.

36
 Facial recognition is gaining popularity among biometric tools. The Department of
Motor Vehicles in West Virginia (and six other states including Missouri) use facial
recognition. The system takes a digital picture of a person when they apply for,
renew, or seek a replacement for a lost driver’s license. Any tampering with the
license to alter or replace the photograph renders it invalids. If a person tries to renew
a license or replace a lost license, the picture in the system must match the person
trying to get the license before it will be issued.

16. CONCLUSION

The conclusion that can be inferred from this seminar is that the various
Biometric Techniques are designed to solve the problems faced by traditional methods,
however it also has certain shortcomings but these are very limited and small as
compared to the traditional methods. It is a growing area of application of computing
techniques. It is serving for security and convenience in various areas and has a bright
future.

37
17. REFRENCES

1. Jain , A.K; Pankati, S; Prabhkar, S; Lin, Hong; Ross, A; “Biometric a great

challenge” IEEE Pattern Recognition, 6 July 2005, PP : 17-20
2. Ives, R.W; Yengzi, Du; Etter, D.M; Welch, T.B; “A Multidisciplinary Approach to
Biometric” Education IEEE Transaction Aug 2005, PP : 462-471
3. Delac,K; Grgic, M; “ A Survey of Biometric Recognition Methods ” Electronics in
Marine IEEE 16 June,2004, PP : 184-193
4. Prabhakar, S; Pankanti, S; Jain, A.K; “ Biometric Recognition:Security and Privacy
concerns” Security and Privacy Magazine IEEE April ,2004 PP : 33-42
5. Lee, Kwanyong; Park,Hye Young; “ A Statistical Identification and Verification
Method for Biometric” Springer Verlag GmbH PP : 611
6. “ Biometrics” article from DIGIT Magazine August,2005 PP : 30-34

38