Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Abstract
As a characteristic:
As a process:
Biometric systems have been researched and tested for a few decades, but have only
recently entered into the public consciousness because of high profile applications, usage
in entertainment media (though often not realistically) and increased usage by the public
in day-to-day activities. Example deployments within the United States Government
include the FBI’s Integrated Automated Fingerprint Identification System (IAFIS), the
US-VISIT program, the Transportation Workers Identification Credentials (TWIC)
program, and the Registered Traveler (RT) program. Many companies are also
implementing biometric technologies to secure areas, maintain time records, and enhance
user convenience. For example, for many years Disney World has employed biometric
devices for season ticket holders to expedite and simplify the process of entering its
parks, while ensuring that the ticket is used only by the individual to whom it was issued.
1
human-assisted) uses the results from the matching component to make a system-level
decision.
2. Biometrics
2.1History of Biometrics:
Biometrics dates back to the ancient Egyptians who measured people to identify them.
Such rudimentary means of identification based on measurements of parts of bodies or
aspects of behavior have continued to be used ever since throughout the centuries.
Fingerprint identification dates back to ancient China. Identification based on fingerprints
has been in effect in the United States and Western Europe for over 100 years.
Commercial advancements for biometric devices began in earnest in the 1970s when a
system called Identimat which measured the shape of the hand and length of the fingers
was used as part of a time clock at Shearson Hamill, a Wall Street investment firm.
Subsequently, hundreds of Identimat devices were used to establish identity for physical
access at secure facilities run by Western Electric, U.S. Naval Intelligence, the
Department of Energy, U.S. Naval Intelligence and like organizations.2 Identimat went
out of business in the 1980s, but it set the stage for future biometric identification systems
based on hand measurement.
2
Progress was made on fingerprint biometric devices during the 1960s and 1970s when a
number of companies developed products to automate the identification of fingerprints
for use in law enforcement. In the late 1960s, the FBI began to automatically check
fingerprints, and by the mid 1970s, it had installed a number of automatic fingerprint
systems across the U.S. Automated Fingerprint Identification Systems (AFIS) are now
used by police forces all around the globe. This widespread use of fingerprint data for law
enforcement lends a ‘Big Brother’ feel to the use of fingerprint biometrics for
identification, making it important for current fingerprint identification system providers
to reassure consumers that their identity is ‘safe,’ their privacy maintained, and that their
fingerprint will not be entered into a law enforcement database. Consumers must
understand that current fingerprint recognition systems used for digital transactions differ
widely from traditional AFIS systems. Automated systems for measuring other
biometrics developed similarly to those used with fingerprints. The first systems to
measure the retina were introduced in the 1980s. The work of Dr. John Daughman at
Cambridge University led to the first iris measurement technology. Identification based
on signature and face biometrics is relatively new.
Biometrics has been widely researched inside certain universities for the past two to three
decades, and most commercial products emerging today have strong roots inside
institutions of advanced education. Caltech and MIT are two leaders in the study of
biometrics and the related fields of pattern recognition, learning theory and artificial
intelligence. Because of its inherent complexity and because of their longer history with
biometrics, individuals inside universities are closely involved with the most important
product innovations involving biometrics.
3
replacing PINs, biometric techniques can potentially prevent unauthorized access to or
fraudulent use of ATMs, cellular phones, smart cards, desktop PCs, workstations, and
computer networks. PINs and passwords may be forgotten, and token based methods of
identification like passports and driver's licenses may be forged, stolen, or lost. Thus
biometric based systems of identification are receiving considerable interest. Various
types of biometric systems are being used for real-time identification, the most popular
are based on face, iris and fingerprint matching. However, there are other biometric
systems that utilize retinal scan, speech, signatures and hand geometry.
4
What You Know
Smart cards, access tokens (both challenge-response and time-based), and other "what
you have" authentication methods solve some of the problems associated with "what you
know" authentication, but they create a set of different problems. Unlike theft of a
password, theft of a smart card or access token can, of course, be easily detected. Unlike
passwords, smart cards usually cannot be used simultaneously by two or more parties in
different places. However, "what you have" authentication devices may be lost, damaged,
and stolen. They may also run out of power (if self-powered) or may be prone to power-,
synchronization- and time-based attacks if externally powered. They may also be
subjected to reverse engineering and other treatment, which may compromise their
security.
There are two biometric authentication methods: biometric verification and biometric
identification of identity. Biometric identification is also sometimes referred to as pure
5
biometrics because it is based only on biometric data and is more difficult to design and
operate—but alas, pure biometrics is not the most secure, useful, or efficient one. Also,
both methods can not always be used with all biometrics—some biometrics can only be
used in verification mode because of their intrinsic properties.
Verification
Biometric verification uses entity IDs and a biometric—in this case biometric merely
serves to prove identity already declared by the entity—which may be done using
something you know (a username) or something you have (a smart card). Biometric
(something you are) works to actually complete the authentication process. Hence, the
biometric database keeps a list of valid entity IDs (which may be said to serve as primary
keys to the database) and corresponding biometric templates, and compares ("matches")
the stored template with the biometric provided. The result of this comparison is either an
accept or reject decision based on a complex algorithm and system settings (refer to the
section "Matching").
Identification
Unlike biometric verification of identity, biometric identification is based solely on
biometrics. The biometric serves as both the identifier and the authenticator. The
biometric database contains the enrolled biometric templates, and they all are compared
against the provided biometric to find a match. Biometric identification may be described
as "putting all your eggs in one basket," partly because somehow faking or stealing a
biometric compromises both the ID and the authenticator.
6
A biometric identification system may operate in one of the two modes: positive
identification or negative identification. In a positive identification biometric system, the
provided biometric must be in the database and there must be only one match to
positively identify the person. The risks present in a biometric system are false
acceptance and false rejection, whereas unauthorized subjects are incorrectly accepted, or
authorized ones are denied identification, resulting in a denial of service. A negative
identification system, in contrast, works by determining whether the provided biometric
is not in the database.
7
exchange in the cyberspace, and expands e-commerce fields to the growth of the
related businesses.
Convenience
Convenience is one of the greatest advantages of biometrics compared to existing
methods of personal authentication such as keys, identification numbers (ID) and
passwords. As it is lot more convenient to simply place our finger on to a scanner
instead of remembering a long and complex series of characters and their cases.
Similar is the case with other biometric techniques. In other words, everyone can be
uniquely identified without the need for an ID, a magnetic card, a smart card, a key or
a personal identification number (PIN).
A user can verify each individual by using only physical traits such as fingerprints
and voice. Also such techniques are difficult to fake without the help of the owner.
There is a wide consensus that there are three levels of security. The first level is
something that an individual knows, which can correspond to a password. The second
level is something that an individual possesses; some sort of a plastic card or a key.
Finally, the third level is something an individual is or does. Biometrics is the third level
of security. This authentication occurs in real-time, is automatic, and is non-forensic.
The key to all types of biometrics is that the measured characteristic is distinct, unique,
and unchangeable or repeatable over time for the same individual.
The first process is the enrollment phase, where a sensor measures the individual’s
characteristics. The output of the sensor is the convolution of the biometric measure,
the presentation of the current measure, and the technical characteristics of the sensor.
8
Next is transmission, the data needs to be transmitted depending upon the system.
Some systems transmit the data to another location, and if the data is large, then it
needs to be compressed first. This can cause a decrease in the quality of the signal.
The more the data is compressed the greater the decrease in quality.
9
After the transmission step is signal processing. Signal processing involves three
steps. First is feature extraction where the true biometric pattern is extracted from
noise and signal loss that was gained or added during transmission. In this step you
also trying to preserve the features of the biometrics pattern that are distinct and
repeatable and eliminate the features that are redundant. Next, some systems run a
diagnostic at this point to check the quality of the signal, others check the signal
quality later. If the signal received from the data is insufficient, it is marked as
defective and a new biometrics sample is requested. Once the data is acquired, it
needs to be compared with other measures. In order to build a template for person, the
physical characteristic has to be presented again and compared to the template. This
process is called pattern matching. For authentication to be successful in the future,
the individual’s physical characteristic is compared to the template. Finally, the
biometrics sample is entered and assigned to person. This is where the term
enrollment comes into play meaning that the biometric sample is entered into the
system for the very first time. The biometric sample is now referred to as a template.
There is an exception to the pattern matching process. Some systems allow multiple
enrollments and this allows the pattern matching process to be skipped.
Next is the decision subsystem, which invokes a distance measure for comparison.
This step directs the database in its search to find matches or non-matches based upon
the distance measures received from the pattern matcher. Some systems implement a
policy to accept the biometric sample if the distance is lower than some set threshold
and reject the biometric sample if the distance is greater than the threshold. The
policy could also be set to give a user three attempts to enter an acceptable biometric
sample.
Finally, there are numerous ways to store the data based upon the type of biometrics
used. Feature templates are stored in a database for comparison by the pattern
matcher. For one-to-one matching systems the database could be stored on magnetic
10
strip cards carried by the individuals. A centralized database is not needed in a one-
to-one system, but a database would be helpful to identify counterfeit cards or reissue
lost or stolen cards. For one-to-N, where N is greater than one and systems with
identification verification a centralized database is needed. As the numbers of entries
grow (N) the speed of verification becomes important, therefore, the database may
need to be partitioned so that feature samples can be matched to templates stored in a
separate identified partition. This allows the search time for authentication to decline.
If the Biometric pattern needs to be reconstructed from stored data, raw data storage
will be needed. The storing of raw data allows changes in the system and can also
eliminate the need to recollect data from all the users.
4. Types Of Biometrics
The different types of biometrics techniques are classified according to the following
characteristics:
Fingerprints, face, iris, vein, cornea, hand, DNA pattern, ear, etc
Relatively stable
Does not change much in a lifetime
Huge, expensive equipment needed. Intrusive method
11
Change a lot
Simple, inexpensive equipment. Non-.offensive method
A biometrics system should use personal traits developed with the following "ideal"
criteria: universal (everyone has it), unique (no two people have it alike), permanent
(does not change and cannot be changed), collectable (easy to obtain and quantify with a
sensor).
5. Biometric Features
Humans have fingerprints for better grip, different people have entirely different sets of
fingerprints, which enables identification.A fingerprint is made up of ridges and valleys
(lines and the gaps separating them) and it is these ridges and valleys, which are scanned
to verify the authenticity of a print. To authenticate a set of prints, a scanner has to firstly
get the images of the prints, which are to be authenticated, and secondly it needs to
actually go about the business of verifying.
The most commonly used method of scanning is optical scanning. An optical scanner has
a CCD (charged coupled device). There is an array of light sensitive diode (photosites).
When these diodes come in contact with light they generate an electrical signal. Every
photosite records a pixel representing the light it came in contact with. It is not necessary
that the same kind of light fall on all diodes. So what is generated is a mix of dark and
light areas, which together make up the image.
12
The process begins as soon as you place your finger on the glass plate. The scanner has
its own source of light (mostly an array of LED’s) which illuminates the finger the CCD
inside takes a picture of the finger. It then checks for the integrity of the Image in terms
of contrast, sharpness and sheer quality. The system checks the average pixel darkness,
or, might employ a sampling technique and check the overall values in a simple area. If
the image is too dark or too light, it is rejected. Exposure settings are then accordingly
adjusted and the print is rescanned.
If the exposure level is found to be correct, it goes on to check the image definition
(sharpness of fingerprint). It does so by analyzing the several straight lines moving
horizontally and vertically across the image. If a line perpendicular to the ridges will
comprise alternating segments of light and dark pixels then the scanner proceeds to
compare the captured fingerprint with those in the database to see if it can find a match.
Matching of prints is a fairly complex process in itself and is far removed-from the super-
imposing method. This is so because smudging (due to scan surface or oily fingers) can
make the same print appear different in different photos. Also, scanning and matching the
entire finger consumes a lot of processing power.
Scanners compare specific features of the fingerprint, which is called minutiae. These
points are generally places where ridgelines end or bifurcation occurs. The idea is to
measure the relative positions of the minutiae. Depending on the algorithm, a specific
number of minutiae must be matched for the print to be accepted.
13
Face recognition is a Biometrics technology that uses an image or series of images from
either a camera or photograph to recognize a person. Unlike other biometrics
technologies, face recognition is a passive biometrics and does not require a person’s
cooperation. Face recognition is completely oblivious to differences in appearance as a
result of race or genders differences and is a highly robust Biometrics. The main
application of facial recognition is in security wherein the software is expected to pick a
face out of say thousands of passengers at the airport, and match it with the database of
wanted criminals.
Every face has certain characteristics and distinguishable features, which allow us to
differentiate between two people. The software does the whole work.. The software
divides the face into 80 nodes, some of the common ones being distance between the
eyes, width of the nose, and depth of eye sockets, cheekbones, jaw line and chin. The
system generally needs to match between 14-25 nodes in order to obtain a positive ID.
There are a lot of people coming in and out of a place where this system is set up
(stadiums, airports etc). The real challenge is to recognize the face instantly. To facilitate
this, a database is created with the help of an algorithm, which goes through the
characteristics of the faces and stores them as a string of numbers. This string is called
faceprint.
False Detection: The camera pans around looking for a face. The minute it
encounters a face, it starts scanning it and proceeds to identifying various nodes and
taking measurements if possible.
Detection of Orientation: Once the face is detected, the system determines the
head’s size and position. Generally, a face needs to be around 40 degrees towards the
camera for the system to register and analyze it.
14
Mapping: The facial image is scaled down to the level of the images in the database
and is then rotated and otherwise adjusted to match the formatting of the images in
the database.
Encoding: The algorithm then converts the face into a face print based on the pre-
defined criteria programmed into the algorithm.
Matching: This new data is then used as a filter to sort through the database of faces
at super fast speeds to come up with a match.
15
Since it uses a variety of nodes, simpler alterations of the face will not fool it; however,
twins might; so, the system is certainly not infallible.
identical irises. Also, the two irises of a single individual are unique. The iris is a better
biometric tool than fingers or hands because it has thousands of measurable features that
can be captured, extracted, and used to form a reference template. Since the iris has more
measurable features that can be captured, extracted, and used the resulting template is
more complex than that of other biometric devices. Therefore, the false acceptances and
rejections that are reality for other biometric devices are extremely unlikely. The chances
of an iris scan creating the same template from two different individuals are about 1 in
107
107
16
Iris recognition technology is safe, accurate and capable of performing 1-to-many
matches at extraordinarily high speeds, without sacrificing accuracy. Iris recognition has
also become more passive, and acquisition devices can be situated at distances of up to
10" away from the individual attempting verification. Iris scan though related to the eye
(like retinal scan) uses a completely different method of identification. The iris is the
colored ring surrounding the pupil. Over 200 points can be used for comparison such as
rings, furrows and freckles. The scan is done with a regular camera and the subject stands
about a foot from the lens of the camera so it is lot more convenient.
In India, Kerala embraces biometrics for cooperatives. The Kerala State Cooperative
Institute of Information Technology Electronics and Communication is partnering with
Access Shield International (ASI) to work on program in Iris Technology.
Introduction
Hand geometry recognition is the longest implemented biometric type, debuting in the
market in the late 1980s. The systems are widely implemented for their ease of use,
public acceptance, and integration capabilities. One of the shortcomings of the hand
geometry characteristic is that it is not highly unique, limiting the applications of the
hand geometry system to verification tasks only.
Approach
The devices use a simple concept of measuring and recording the length, width,
thickness, and surface area of an individual’s hand while guided on a plate (Figure 1).
Hand geometry systems use a camera to capture a silhouette image of the hand (Figure
17
2). The hand of the subject is placed on the plate, palm down, and guided by five pegs
that sense when the hand is in place. The resulting data capture by a Charge-Coupled
Device (CCD) camera of the top view of the hand including example distance
measurements
The image captures both the top surface of the hand and a side image that is captured
using an angled mirror (Figure 3). Upon capture of the silhouette image, 31,000 points
are analyzed and 90 measurements are taken; the measurements range from the length of
the fingers, to the distance between knuckles, to the height or thickness of the hand and
fingers (Figure 4). This information is stored in nine bytes of data, an extremely low
number compared to the storage needs of other biometric systems.
Figure 3: Hand Including Mirror Figure 4: Image as Seen by the CCD Camera
18
The enrollment process of a hand geometry system typically requires the capture of three
sequential images of the hand, which are evaluated and measured to create a template of
the user’s characteristics. Upon the submission of a claim, the system recalls the template
associated with that identity; the claimant places his/her hand on the plate; and the system
captures an image and creates a verification template to compare to the template
developed upon enrollment. A similarity score is produced and, based on the threshold of
the system; the claim is either accepted or rejected.
The biometric most familiar to us is the signature. Our ability to judge by sight if one
signature matches another has made this a time-proven and legally binding biometric.
However, by sight alone, most of us cannot recognize the pressure of the pen on the paper
or the speed and rhythms of its traverse of the page. Computers can do all these things,
and quantify, analyze and compare each of these properties to make signature recognition
a viable biometric technology.
The process used by a biometric system to verify a signature is called dynamic signature
verification (DSV). As a person signs his or her name, a DSV system captures a number
of behavioral characteristics with a special sensitive pen and tablet. These characteristics
include the angle at which the pen is held, the number of times the pen is lifted, the time
it takes to write the entire signature, the pressure exerted by the person while signing, and
the variations in the speed with which different parts of the signature are written.
Together these things become a biometric trait. Each time a person signs his or her name,
slight variations can be found in the signature. Thus, several signatures must be taken
from one person to compile an average profile. This average profile is the template for
comparison when a person uses the signature verification system.
19
Signature biometrics poses a couple of unique problems. The first is the comfort with
which people are already willing to use their signature as a form of identification. While
this high level of consumer acceptance is viewed as strength by vendors of such systems,
this bears with it a strong downside. Without proper notification, a person may sign an
electronic signature pad and unwittingly also be surrendering a reference or live
biometric sample. Since the custom of leaving a signature as one's "official mark" is
based on the presumption of irreproducibility (i.e., that a forger would be hard-pressed to
imitate a signature just by looking at it), people are willing to provide a signature without
giving its potential for reproduction a second thought. However, electronic data is easy to
copy and transmit. And so, a forger posing as a deliveryman might fraudulently secure a
signature biometric by presenting a victim with a "gift" box, requesting a signature to
confirm delivery, and making off with the victim's biometric data.
The second unique property of signature biometrics is that unlike all other biometrics,
which either establish an identity (identification) or confirm an identity (authentication), a
signature can convey intent (authorization). In other words, a traditional signature on
paper is taken both to authenticate the signatory, and to convey the signatory’s legal
authority. An electronic system that solicits a user's non-signature biometric must provide
a separate step to convey the user's legal authorization for any binding transaction. A
signature-based biometric system could mimic our current legally customary acceptance
of a signature to simultaneously convey both identity and authority.
Humans have 23 pairs of chromosomes containing their DNA blueprint. One member of
each chromosomal pair comes from their mother; the other comes from their father.
Every cell in a human body contains a copy of this DNA. The large majority of DNA
does not differ from person to person, but 0.10 percent of a person's entire genome would
be unique to each individual. This represents 3 million base pairs of DNA.
20
Genes make up 5 percent of the human genome. The other 95 percent are non-coding
sequences, (which used to be called junk DNA). In non-coding regions there are identical
repeat sequences of DNA, which can be repeated anywhere from one to 30 times in a
row. These regions are called variable number tandem repeats (VNTRs). The number of
tandem repeats at specific places (called loci) on chromosomes varies between
individuals. For any given VNTR loci in an individual's DNA, there will be a certain
number of repeats. The higher number of loci is analyzed, the smaller the probability to
find two unrelated individuals with the same DNA profile.
DNA profiling determines the number of VNTR repeats at a number of distinctive loci,
and uses it to create an individual's DNA profile. The main steps to create a DNA profile
are: isolate the DNA (from a sample such as blood, saliva, hair, semen, or tissue), cut the
DNA up into shorter fragments containing known VNTR areas, sort the DNA fragments
by size, and compare the DNA fragments in different samples.
21
The distinctive, behavioral characteristics measured by Keystroke Recognition include:
22
Infrared Thermography, thermal imaging, or thermal video, is a type of infrared imaging
science. Thermographic cameras detect radiation in the infrared range of the
electromagnetic spectrum (roughly 900–14,000 nanometers or 0.9–14 µm) and produce
images of that radiation. Since infrared radiation is emitted by all objects based on their
temperatures, according to the black body radiation law, thermography makes it possible
to "see" one's environment with or without visible illumination. The amount of radiation
emitted by an object increases with temperature, therefore thermography allows one to
see variations in temperature (hence the name). When viewed by thermographic camera,
warm objects stand out well against cooler backgrounds; humans and other warm-
blooded animals become easily visible against the environment, day or night. As a result,
thermography's extensive use can historically be ascribed to the military and security
services.
So these infrared cameras are used to detect the heat patterns of different parts of the
body.
6.4.Skin Reflection
in this type of biometrics the light is sent is sent in to the body. The reflected light is
different for different persons which forms the basis of recognition.
7. FRR, FAR
The most striking difference between the biometrics system and a traditional
authentication system based on an ID/password is that the new system cannot generate
100 percent 'Yes' or 'No' answers. On the other hand, other existing systems can do so
according to letters or numbers entered. In the case of biometrics, biological information
could change in terms of its shape or angle when it is read, so matching scores against
Templates could change accordingly.
As a result, even a valid person may be rejected or a wrong person may be accepted. The
ratios developed to evaluate the probabilities of the two cases are called FRR (False
Rejection Ratio) and FAR (False Acceptance Ratio).
23
24
In Figure 1.3 shown above, the shaded portion with oblique lines on the left part of a
critical value is FRR, and the other portion on the right part, is FAR. Certainly, a system
with less shaded portion is better.
_ The above Figure 1.4 shows the change patterns of FAR and FRR according to changes
in the critical value. The point where FAR and FRR are the same is called EER (Equal
Error Rate), and is used as a yardstick for evaluating the system's performance along with
the two other ratios.
The smaller the shaded portion in Figure 1.3 is, the closer the graph in Figure 1.4 will be
to the X and Y axis. A user can set a different critical value according to his or her
purposes. For example, in the case of a very important security system, the user can
reduce the possibility that an unauthorized person is accepted to near zero by setting a
critical value high enough. Instead, even an authorized person can fail to get access at
times. On the other hand, if police is looking for a criminal with fingerprints obtained
from the crime scene, it will be necessary to search for and analyze all possible
fingerprints. In areas such as these, it is useful to set the critical value low enough to find
all possible matches in the fingerprint database. In short, the higher the critical value is,
the less convenient the system can be but, at the same time, its security is higher.
Conversely, the lower the value is, the more convenient the system is, but its security is
lax.
8.Applications:
The practical applications of biometric technologies are diverse and expanding, as new
needs are identified. By and large, biometric applications fall into two main categories:
law enforcement and civilian applications.
The law enforcement community is perhaps the largest biometric user group. Police
forces throughout the world use AFIS technology to process criminal suspects, match
finger images and bring guilty criminals to justice.
Those biometric applications not involving crime detection utilize some form of access
control. This will either involve the physical access of people to secure areas, or securing
25
the access to sensitive data. In other words, access control is either physical access or
data access. Whether securing benefit systems from fraud, preventing illegal immigrants
from entering a country, or prisoners from leaving a prison - controlling access is the
underlying principle. Access control ensures that authorized individuals can gain access
to a particular area and that unauthorized individuals cannot.
Banking
Banks have been evaluating a range of biometric technologies for many years. Fraud and
general breaches of security must be controlled if banks are to remain competitive in the
financial services industry. Automated teller machines (ATMs) and transactions at the
point of sale are particularly vulnerable to fraud and can be secured by biometrics. Other
emerging markets include telephone banking and Internet banking, both of which demand
the utmost security for bankers and customers alike.
Computer Access
Fraudulent access to computer systems affects private computer networks and the
Internet in the same way: confidence is lost and the network is unable to perform at full
capacity until the breach in security is patched. Biometric technologies are proving to be
more than capable of securing computer networks. This market area has phenomenal
potential, especially if the biometrics industry can migrate to large-scale Internet
applications. As banking data, business intelligence, credit card numbers, medical
information and other personal data becomes the target of attack, the opportunities for
biometric vendors are rapidly escalating.
Benefits systems are particularly vulnerable to fraud. The battle against fraud has been
waged by welfare departments across many U.S. states for years. A variety of
26
technologies are being evaluated, although fingerprint scanning is particularly
widespread. AFIS technology and one-to-one verification are used to ensure that the
benefit claimant legitimately receives a benefit check. Another development that may
revolutionize the payment of benefits is Electronic Benefits Transfer (EBT), which
involves loading funds onto a plastic card. The card can then be used to purchase food
and other essentials in shops fitted with special point-of-sale smart card readers.
Biometrics are well-placed to capitalize on this phenomenal market opportunity and
vendors are building on the strong relationship currently enjoyed with the benefits
community.
Immigration
National Identity
Physical Access
27
More and more organizations are using biometrics to secure the physical movement of
people. Schools, nuclear power stations, military facilities, theme parks, hospitals, offices
and supermarkets across the globe employ biometrics to minimize security threats. As
security becomes more important for parents, employers, governments and other groups,
biometrics will be seen as a more acceptable and therefore essential tool. The potential
applications are endless. Biometrics could even be employed to protect our cars and
homes.
Prisons
Prisons, as opposed to law enforcement, use biometrics not to catch criminals, but to
make sure that they are securely detained. A surprising number of prisoners simply walk
out of prison gates before they are officially released. A wide range of biometrics are now
being employed worldwide to secure prison access, police detention areas, enforce home
confinement orders, and regulate the movement of probationers and parolees.
28
Telecommunications
With the rapid growth of global communications, cellular telephones, dial inward system
access (DISA), and a range of telecommunication services are under attack from
fraudsters. Cellular companies are vulnerable to cloning (a new phone is created using
stolen code numbers) and new subscription fraud (a phone is obtained using a false
identity). Meanwhile, DISA - which allows authorized individuals to contact a central
exchange and make free calls - is being targeted by telephone hackers. Once again,
biometrics are being called upon to defend this onslaught. Speaker ID is well suited to the
telephone environment and is making inroads into these markets.
Recording and monitoring the movement of employees as they arrive at work, take
breaks, and leave for the day was traditionally performed by "clocking-in" machines.
However, manual systems can be circumvented by someone "punching in" for someone
else, a process known as "buddy punching." This disrupts time management and unit
costing exercises and costs companies millions of dollars. Replacing the manual process
with biometrics prevents abuses of the system. In addition, biometrics can be
incorporated with time management software to produce management accounting and
personnel reports.
29
10. Major Concerns
30
Some biometric technologies are discriminatory. A nontrivial percentage of the
population cannot present suitable features to participate in certain biometric systems.
Many people have fingers that simply do not "print well." Even if people with "bad
prints" represent 1% of the population, this would mean massive inconvenience and
suspicion for that minority. And scale matters. The INS, for example, handles about 1
billion distinct entries and exits every year. Even a seemingly low error rate of 0.1%
means 1 million errors, each of which translates to INS resources lost following a
false lead.
Biometric systems' accuracy is impossible to assess before deployment. Accuracy
and error rates published by biometric technology vendors are not trustworthy, as
biometric error rates are intrinsically manipulable. Biometric systems fail in two
ways: false match (incorrectly matching a subject with someone else's reference
sample) and false non-match (failing to match a subject with her own reference
sample). There's a trade-off between these two types of error, and biometric systems
may be "tuned" to favor one error type over another. When subjected to real world
testing in the proposed operating environment, biometric systems frequently fall short
of the performance promised by vendors.
The cost of failure is high. If you lose a credit card, you can cancel it and get a new
one. If you lose a biometric, you've lost it for life. Corrupt or deceitful agents within
the organization must build any biometric system to the highest levels of data
security, including transmission that prevents interception, storage that prevents theft
and system-wide architecture to prevent both intrusion and compromise.
Despite these concerns, political pressure for increasing use of biometrics appears to be
informed and driven more by marketing from the biometrics industry than by scientists.
Much federal attention is devoted to deploying biometrics for border security. This is an
easy sell, because immigrants and foreigners are, politically speaking, easy targets. But
once a system is created, new uses are usually found for it, and those uses will not likely
stop at the border.
31
With biometric ID systems, as with national ID systems, we must be wary of getting the
worst of both worlds: a system that enables greater social surveillance of the population
in general, but does not provide increased protection against terrorists.
One of the most important disadvantages of biometrics is the cost. Some of the newer
systems use a laser to read the surface of your finger. Because biometric testing is
extremely expensive government agencies are usually the only agencies that
implement and utilize the newer systems
Facial imaging can also hinder accurate identifications. Individuals who look alike
can fool the scanner. Individuals have the ability to alter their appearance like their
facial hair, for instance, to fool the scanner.
Another problem is false acceptances and rejections. These two problems can occur
during authentication. False acceptances can occur when an impersonator is accepted
by the system. Rejections can occur when a person with an accurate identity is
rejected by the system. The fact remains that no biometric system will ever be 100
percent accurate. As a result, commercial developers often set a threshold in their
systems. This threshold serves as a reference score that is compared to the actual
score. If the score falls above the threshold, the person is accepted but if the person
falls below the threshold the person is rejected.
The amount of comfort with using biometrics is a concern for many individuals. The
scanning of hands or fingers has criminal connotations for some. For others the
scanning of their eye is fearful. Scanning the eye requires close physical contact to a
scanning device and many people are afraid to stick their eye close to anything that
32
has a laser in it. Despite the public does not generally accept the fact that the laser
does not generate enough power to harm the retinal scanning. Furthermore, the
nervousness that people feel about the scanners identification could result in
authentication errors, because the user is not relaxed.
11. Conclusion
Biometrics is a powerful tool to secure our networks such as banks, offices and personal
data. It provides high security and reduces the incidence of unauthorized access in
sensitive areas. But as no technology is foolproof there are some loop holes in this
technology which have yet to be covered.
Some people object to biometrics for cultural or religious reasons. Others imagine a
world in which cameras identify and track them as they walk down the street, following
their activities and buying patterns without their consent. They wonder whether
companies will sell biometric data the way they sell email addresses and phone numbers.
People may also wonder whether a huge database will exist somewhere that contains vital
information about everyone in the world, and whether that information would be safe
there.
At this point, however, biometric systems don't have the capability to store and catalog
information about everyone in the world. Most store a minimal amount of information
about a relatively small number of users. They don't generally store a recording or real-
life representation of a person's traits -- they convert the data into a code. Most systems
also work in only in the one specific place where they're located, like an office building
or hospital. The information in one system isn't necessarily compatible with others,
although several organizations are trying to standardize biometric data.
However above all these advantages and disadvantages this technology will be creating
ripples in the field of security and privacy.
33
12. References
34
35
15. BIOMETRICS IN USE TODAY
In March 1998, a senator introduced a bill that would authorize banks and other
financial institutions to switch to electronic fund-transfer systems. To ensure security,
an individual would have to submit some type of biometric data, such as a fingerprint
Biometrics is also being used at Walt Disney World. A person who has a season or
annual pass no longer needs a photo identification card to enter the park.
36
Facial recognition is gaining popularity among biometric tools. The Department of
Motor Vehicles in West Virginia (and six other states including Missouri) use facial
recognition. The system takes a digital picture of a person when they apply for,
renew, or seek a replacement for a lost driver’s license. Any tampering with the
license to alter or replace the photograph renders it invalids. If a person tries to renew
a license or replace a lost license, the picture in the system must match the person
trying to get the license before it will be issued.
16. CONCLUSION
The conclusion that can be inferred from this seminar is that the various
Biometric Techniques are designed to solve the problems faced by traditional methods,
however it also has certain shortcomings but these are very limited and small as
compared to the traditional methods. It is a growing area of application of computing
techniques. It is serving for security and convenience in various areas and has a bright
future.
37
17. REFRENCES
38