The terms "Biometrics" and "Biometry" have been used since early in the 20th century to refer to the field of development of statistical and mathematical methods applicable to data analysis problems in the biological sciences. Recently, these terms have also been used to refer to the emerging field of information technology devoted to automated identification of individuals using biological traits, such as those based on retinal or iris scanning, voice patterns, dynamic signatures, fingerprints, face recognition, or hand measurements, especially for authentication purposes. Thus biometrics can be defined as the science and technology of measuring and statistically analyzing biological data. They are measurable physiological and / or behavioral characteristics that can be utilized to verify the identity of an individual. For a layman, it could be said that biometrics are the science of measuring physical and/or behavioral characteristics that are unique to each individual and they verify that an individual is who he or she claims to be.
4. The terms "Biometrics" and "Biometry" have been used since
early in the 20th century to refer to the field of development of
statistical and mathematical methods applicable to data analysis
problems in the biological sciences. Recently, these terms have
also been used to refer to the emerging field of information
technology devoted to automated identification of individuals
using biological traits, such as those based on retinal or iris
scanning, voice patterns, dynamic signatures, fingerprints, face
recognition, or hand measurements, especially for
authentication purposes. Thus biometrics can be defined as the
science and technology of measuring and statistically analyzing
biological data. They are measurable physiological and / or
behavioral characteristics that can be utilized to verify the
identity of an individual. For a layman, it could be said that
biometrics are the science of measuring physical and/or
behavioral characteristics that are unique to each individual and
they verify that an individual is who he or she claims to be.
Sumit Gupta 4
5. Often seen in science-fiction action adventure movies, face
pattern matchers and body scanners seem about to emerge as
replacements for computer passwords. Thus biometric
techniques are of interest in any area where it is important to
verify the true identity of an individual. Initially, these
techniques were employed primarily in specialist high security
applications, however we are now seeing their use and
proposed use in a much broader range of public facing
situations.
Fingerprint, facial, or other biometric data can also be placed
on a smart card and users can present both the smart card and
their fingerprints or faces to merchants, banks, or telephones
for an extra degree of authentication.
Sumit Gupta 5
7. The results were not conclusive but the idea of measuring
individual physical characteristics seemed to stick and the
parallel development of fingerprinting became the international
methodology among police forces for identity verification.
But, for many years, a fascination with the possibility of using
electronics and the power of microprocessors to automate
identity verification had occupied the minds of individuals and
organizations both in the military and commercial sectors.
Hence, various projects were initiated to look at the potential of
biometrics. In the last decade, the biometric industry has
matured to a global industry shipping respectable numbers of
devices and poised for significant growth as large-scale
applications have started to unfold.
Sumit Gupta 8
8. Basic Technique
A biometric system is a real-time identification system which
identifies a person by measuring a particular physical or
behavioral characteristic and later comparing it to a library of
characteristics belonging to many people.Fingerprint and other
biometric devices consist of a reader or scanning device,
software that converts the scanned information into digital
form, and wherever the data is to be analyzed, a database that
stores the biometric data for comparison with previous records.
When converting the biometric input, the software identifies
specific points of data as match points. The match points are
processed using an algorithm into a value that can be compared
with biometric data scanned when a user tries to gain access
Sumit Gupta 9
9. Thus biometric devices can be explained with a 3-step
procedure. They are-
Sumit Gupta 10
10. -
A sensor takes an observation. The type of sensor and its
observation depend on the type of biometrics device used. This
observation gives us a ABiometric Signature of the individual.
A computer algorithm Anormalizes the biometric signature so
that it is in the same format (size, resolution, etc.) as the
signatures on the system's database. The normalization of the
biometric signature gives us an ANormalized Signature of the
individual.
A matcher compares the normalized signature with the set (or
sub-set) of normalized signatures on the system's database and
provides a Asimilarity score that compares the individual's
normalized signature with each signature in the database set (or
sub-set). What is then done with the similarity scores depends on
the biometric system's application.
Sumit Gupta 11
12. There are two different ways to resolve a person's
identity: Verification and Identification. Identification means
establishing a person's identity Verification involves
confirming or denying a person's claimed identity. Each one of
these approaches has it's own complexities and could probably
be solved best by a certain biometric system.
The majority of available devices operate
in identification mode. This means that an identity is claimed
by calling a particular template from storage (by the input of a
PIN or presentation of a token) and then presenting a live
sample for comparison, resulting in a match or no match
according to predefined parameters. Thus a simple one to one
match may be performed quickly and generate a binary yes/no
result. A few devices claim to offer biometric identification
whereby the user submits his live sample and the system
attempts to identify him within a database of templates.
Sumit Gupta 13
13. A more complex one to many match may generate a multiple
result according to the number and similarity of stored templates.
Suppose that a large number of templates (say 750’000) are
stored in a database. The user presents his live sample and the
database engine starts searching. Depending on how tightly the
likeness threshold parameter is defined, the search may result in a
large number (say 10000) of possible identities for the user. Now
filters may be applied based upon sex, ethnic origin, age and so
forth in order to reduce this list to a manageable size, if this
information can be captured from the user. But still the list of
potential identities may be sizeable. Of course, in a smaller
database this becomes less of a problem, but it is precisely with
large databases that this functionality is typically sought.
All of this assumes that the system can indeed function as claimed
in identification mode. Certain devices have been demonstrated to
work well in this manner with small databases of tens of users,
but the situation becomes very complicated with databases of
even a few hundred.
Sumit Gupta 14
14. The mathematical probability of finding an exact match within
such a database is extremely slim (to say the least). A large
database, such as might be the case with travelers across
borders for example, would be almost impossible to manage in
this manner with current technology. This is without
considering the time taken to search such a database and the
impact of multiple concurrent users. For these and other
reasons, one should exercise extreme caution when considering
biometric identification systems. Whilst one can readily
understand the attraction of this mode of operation, it has to
date rarely been successful in practice, except in small scale
and carefully controlled situations.
Verification systems on the other hand are straightforward in
operation and may easily be deployed within a broad cross
section of applications, as indeed has been the case.
Sumit Gupta 15
16. PINs (personal identification numbers) were one of the first
identifiers to offer automated recognition. However they meant
recognition of the PIN and not necessarily recognition of the
person who provided it. Card tokens had a similar problem. A
biometric however cannot be easily transferred between
individuals and represents as unique an identifier. It means that
verifying an individual's identity can become both more
streamlined (by the user interacting with the biometric reader)
and considerably more accurate as biometric devices are not
easily fooled.
Reference to a number of biometrics can be seen. Some of these
are rather impractical even if technically interesting. The method
of identification using biometrics is preferred over traditional
methods involving passwords and PIN numbers for various
reasons:
Sumit Gupta 17
17. (i) The person to be identified is required to be physically
present at the point-of-identification.
ii) Identification based on biometric techniques obviates the
need to remember a password or carry a token.
(iii) The critical variable for identification cannot be lost or
forged.
Presently, biometrics gravitate around the following
methodologies
Sumit Gupta 18
19. There are a variety of approaches to fingerprint verification.
Some of them try to emulate the traditional police method of
matching minutiae, others are straight pattern matching
devices, and some adopt a unique approach all of their own,
including ultrasonics. There are a greater variety of fingerprint
devices available than other biometric systems at present.
Potentially capable of good accuracy (low instances of false
acceptance) fingerprint devices can also suffer from usage
errors among insufficiently disciplined users (higher instances
of false rejection) such as might be the case with large user
bases. Fingerprint verification may be a good choice for in
house systems where adequate explanation and training can be
provided to users and where the system is operated within a
controlled environment. It is not surprising that the workstation
access application area seems to be based almost exclusively
around fingerprints, due to the relatively low cost, small size
(easily integrated into keyboards) and ease of integration.
Sumit Gupta 20
21. Hand geometry is concerned with measuring the physical
characteristics of the users hand and fingers, from a three-
dimensional perspective. One of the most established
methodologies, it offers a good balance of performance
characteristics and is relatively easy to use. This methodology
may be suitable where we have larger user bases or users who
may access the system infrequently and may therefore be less
disciplined in their approach to the system. Accuracy can be
very high if desired. Hand geometry readers are deployed in a
wide range of scenarios, including time and attendance
recording where they have proved extremely popular. Ease of
integration into other systems and processes, coupled to ease of
use makes hand geometry an obvious first step for many
biometric projects.
Sumit Gupta 22
23. This is a potentially interesting technique if the amount of
voice communication that takes place with regard to
everyday business transactions is considered. Some
designs have concentrated on wall-mounted readers whilst
others have sought to integrate voice verification into
conventional telephone handsets. Whilst there have been a
number of voice verification products introduced to the
market, many of them have suffered in practice due to the
variability of both transducers and local acoustics. In
addition, the enrolment procedure has often been more
complicated than with other biometrics leading to the
perception of voice verification as unfriendly in some
quarters. However, much work has been and continues to
be undertaken in this context and it will be interesting to
monitor progress accordingly.
Sumit Gupta 24
25. This is an established technology where the unique patterns of
the retina are scanned by a low intensity light source via an
optical coupler. Retinal scanning has proved to be quite
accurate in use but does require the user to look into a
receptacle and focus on a given point. This is not particularly
convenient for spectacle wearers and for those who avoid
intimate contact with the source used for the scan and hence
this has a few user acceptance problems although the
technology itself can work well. It is believed to replace
traditional ID methods such as P.I.N. numbers for accessing
A.T.M.s and virtually every other electronic device used for
conducting business where identification is a requirement and
prerequisite.
Sumit Gupta 26
27. Iris scanning is the less intrusive of the eye related biometrics.
It utilizes a conventional camera element and requires no
intimate contact between user and reader. In also has the
potential for higher than average template matching
performance. It has been demonstrated to work with spectacles
in place and with a variety of ethnic groups and is one of the
few devices that can work well in identification mode.
However, ease of use and system integration have not
traditionally been strong points with the iris scanning devices.
Sumit Gupta 28
29. Signature verification enjoys a synergy with existing processes
that other biometrics do not as people are used to signatures as
a means of transaction related identity verification and mostly
see nothing unusual in extending this to encompass biometrics.
Signature verification devices have proved to be reasonably
accurate in operation and obviously lend themselves to
applications where the signature is an accepted identifier.
Sumit Gupta 30
31. Facial recognition devices have been difficult to substantiate in
practice and extravagant claims have sometimes been made
them. Facial recognition is very attractive from the user
perspective and they may eventually become a primary
biometric methodology.
Sumit Gupta 32
32. Applications ~ The Story so Far:
Most of the biometric applications are related to security and are
used extensively for military purposes and other government
purposes. The applications in the public domain that are available
to common people include:
Prison visitor systems, where visitors to inmates are subject to
verification procedures in order that identities may not be swapped
during the visit - a familiar occurrence among prisons worldwide.
Driver's licenses, whereby drivers are expected to have multiple
licenses or swapped licenses among themselves when crossing
state lines or national borders.
Canteen administration, particularly on campus where subsidized
meals are available to bona fide students, a system that was being
heavily abused in some areas.
Benefit payment systems - In America, several states have saved
significant amounts of money by implementing biometric
verification procedures. The numbers of individuals claiming
benefit has also dropped dramatically in the process, validating the
systems as an effective deterrent against multiple claims.
Sumit Gupta 33
33. Border control - A notable example for this is the INSPASS
trial in America where travelers were issued with a card
enabling them to use the strategically based biometric terminals
and bypass long immigration queues. There are other pilot
systems operating elsewhere in this respect.
Voting systems, where eligible politicians are required to verify
their identity during a voting process. This is intended to stop
‘proxy’ voting where the vote may not go as expected.
Junior school areas where problems are experienced with
children being either molested or kidnapped.
In addition there are numerous applications in gold and
diamond mines, bullion warehouses and bank vaults as well as
the more commonplace physical access control applications
in industry.
Sumit Gupta 34
34. Problems:
There are significant privacy and civil liberties concerns regarding the
use of devices using biometrics that must be addressed before any
widespread deployment. Briefly there are six major areas of concern:
Storage. How is the data stored, centrally or dispersed? How should
scanned data be retained?
Vulnerability. How vulnerable is the data to theft or abuse?
Confidence. How much of an error factor in the technology's
authentication process is acceptable? What are the implications of false
positives and false negatives created by a machine?
Authenticity. What constitutes authentic information? Can that
information be tampered with?
Linking. Will the data gained from scanning be linked with other
information about spending habits, etc.? What limits should be placed
on the private use (as contrasted to government use) of such
technology?
Ubiquity. What are the implications of having an electronic trail of our
every movement if cameras and other devices become commonplace,
used on every street corner and every means of transportation?
Sumit Gupta 35
35. Future Applications ~ Some Common Ideas:
With the increased use of computers as vehicles of
information technology, it is necessary to restrict access to
sensitive/personal data. By replacing PINs, biometric
techniques can potentially prevent unauthorized access to or
fraudulent use of ATMs, cellular phones, smart cards,
desktop PCs, workstations, and computer networks. PINs
and passwords may be forgotten, and token-based methods
of identification like passports and driver's licenses may be
forged, stolen, or lost. Thus biometric systems of
identification are enjoying a renewed interest.
Sumit Gupta 36
36. There are many views concerning potential biometric applications,
some popular examples being -
1. ATM machine use - Most of the leading banks are
considering using biometrics for ATM machine and as a general
means of combating card fraud.
2. Workstation and network access
3. Travel and tourism - Many people hold the vision for a
multi application card for travelers which, incorporating a
biometric, would enable them to participate in various frequent
flyer and border control systems as well as paying for their air
ticket, hotel room, hire care etc., all with one convenient token.
4. Public identity cards
5. Internet transactions
6. Telephone transactions
Sumit Gupta 37
37. Conclusion
The increased need of privacy and security in our daily
life has given birth to this new area of science. These
devices are here and are present around us everywhere in
the society and are here to stay for a long time to come.
Indeed, it will be interesting to watch the future impact
that they will have on our day-to-day lives ...
Who can tell ??? Only time ...
Sumit Gupta 38