BSI Biometrics Standards Presentation

Biometric standards An overview of biometrics and identity management February 2010 Read more at BSI’s Biometrics website www.bsigroup.com/biometrics

The need to identify
Every day we are required to identify ourselves
Using a bank card with a PIN at a cash machine
A password to log on to a computer
Using a key to open a door
Punching a code into a keypad to enter the workplace
Using passwords on the Internet
Providing a passport and driving licence as proof of identity
We need to be able to accurately IDENTIFY an individual to minimize current issues and threats

Current attributes used to identify
Name
Address
Postcode
Date of Birth
Account no.
Passwords
PINs
Phone no.
Mother’s maiden name
Passport
Birth certificate
Driving licence
Credit cards
Utility bills
Membership cards
Salary slip

Is biometrics the answer?
A biometric is part of the person and is not easily compromised through:
Theft
Collusion
Loss
Simplifies user management resulting in cost savings
Users do not need to remember passwords
Users do not need to remember PINs
User accounts cannot be shared
Easy to use

Biometric definition
The automated recognition of individuals based on their behavioural and biological characteristics
The general meaning of biometrics encompasses counting, measuring and statistical analysis of any kind of data in the biological sciences including the relevant medical sciences
The term is derived from the Greek words “bios” meaning life and “metron” meaning measure

Biological and behavioural
Biological
Fingerprint
Face (2D & 3D)
Iris
Vein pattern
Hand geometry
DNA
Behavioural
Signature
Gait
Voice
Keystroke dynamics

Iris
Captures the pattern of flecks on the iris
Uses conventional cameras
Average 2 seconds for identification
No physical contact between user and reader
Read more about BSI’s biometrics standards development at the Biometrics website www.bsigroup.com/biometrics

Face
Based upon the geometric shape and position of features of the face
Resistant to changes in skin tone, facial hair, hair style, and eyeglasses
No active user involvement required in order to perform identification/verification
Limited success in practical applications

Voice
Analyses voice patterns and characteristics of speech e.g. pitch, tone, etc.
High user acceptance – perceived as least intrusive biometric technology
Easy for end users to implement
Ideal for telephone systems/mobile environments

Hand geometry
Measures the physical characteristics of the user’s hand and fingers
Low level infrared light and camera used to capture an image
Suited to applications where there is a large user base or users access the system infrequently
Systems are easy to use and robust

Signature
Based on analysis of the dynamics of a handwritten signature e.g. shape, speed, stroke order, pen pressure
Generally use pressure sensitive tablets or wired pens
User friendly
Non intrusive – minimal public acceptance issues
Captured signature can be used for digitally signing documents

Keystroke dynamics
Monitors rate of typing and intervals between letters
Verification based on typing rhythm – intruders may guess password but fail to key in with correct rhythm
Neither enrolment nor verification disturbs the regular flow of work
Low cost – only hardware required is keyboard

Fingerprint
Variety of fingerprint devices available (silicon and optical)
Template constructed by analysing patterns that make the fingerprint (minutiae)

DNA
Forensic genetics use deoxyribonucleic acid (DNA) profiling in a number of important human identity applications
0.01% of a person's entire genome is unique to each individual
This represents 3 million base pairs of DNA
95% of the human genome are non-coding sequences (called junk DNA)
Standard profiling systems only exploit the junk DNA to maintain the privacy and civil rights of the donor

Multimodal
Combination of one or more biometrics
Algorithmic level
Results level
Multimodal is the fusion of results with logic applied

Key multimodal facts
Can be used to:
Improve reliability
Make forgery more difficult
Make systems more flexible to user characteristics (decreases failure to enrol)
Make systems more complex
Promote inclusivity
Input Device Matching Result Input Device Matching Result Fusion Fusion Fusion

Verification versus Identification
“Are you who you say you are?”
“ Who are you?” NOT

Verification and Identification
Verification
Involves confirming or denying a person’s claimed identity – Are you who you claim to be?
Biometric sample captured and compared with the previously stored template for that user
One-to-one comparison
Are you who you say you are?
“ I am who I say I am”
Identification
Means establishing a person’s identity from an already established list – Who are you from this list?
Biometric sample presented to a system which searches the existing (enrolled) subjects
One-to-many comparison
Do I know you?
“ I am not known to you already”

Identification before verification
To establish a ‘clean’ database of individuals each individual first needs to be identified
One-to-many match is performed against the central database to ensure the individual does not already exist under correct name or any other aliases
Once identity is established it can be sufficient to verify the individual as proof of identity only
One-to-one match is performed at the point of interface without the need to check back to the central database

Key Consideration in a biometric system Current & Future Technology Risk & Requirement Analysis Research & Development User Perception Accuracy & Throughput Integration Performance Business Process Strategy

Considerations of adding a biometric system
Not all biometrics technologies suit all people
In many cases additional hardware is required
User co-operation is usually necessary
Privacy concerns must be addressed
Cost of personal devices in large systems can be significant
User education is required
Biometric revocation must be considered as biometric data is not secret

Capture the legal and political imperatives
Ask what additional considerations are there with a biometric application as opposed to any other IT deliverable
Privacy?
Data access considerations (who and why)?
Sensitivity of data?
Legislative limitations?
User acceptance?
Standards compliance?

ISO/IEC JTC1 SC 37 Biometrics
Currently 25 participating countries and 7 observer countries
Liaisons with:
JTC 1/SC 17 Cards and Personal Identification.
JTC 1/SC 24 Computer Graphics and Imaging
JTC 1/SC 27 Information Technology Security Techniques.
JTC 1/SC 29 Coding of Audio, Picture and Multimedia and Hypermedia Information.
JTC 1/SC 31 Automatic Identification and Data Capture Techniques
JTC 1/SC 32 Data Management and Interchange
JTC 1/SC 36 Information Technology for Learning, Education and Training.
ITU-T SG17 Telecommunication Standardization Sector Study Group on Data Networks and Telecommunications Software.
BioAPI Consortium
IBIA International Biometrics Industry Association (IBIA)
ILO International Labour Office of the UN

The benefits of standards for biometrics
They foster wide spread utilization of the technology
They are a sign of industry maturity
They reduce time-to-market
They facilitate interchange and/or interoperability
They reduce risk to integrators and end users
They reduce vendor “lock-in” effect

BSI Biometrics Standards Presentation

by BSI British Standards Institution

Accessibility

Categories

Upload Details

Usage Rights

1 Embed 11

Statistics

BSI Biometrics Standards Presentation Presentation Transcript