Biometrics (ancient Greek: bios life, metron measure) refers to two very different fields of study and application. The first, which is the older and is used in biological studies, including forestry, is the collection, synthesis, analysis and management of quantitative data on biological communities such as forests. Biometrics in reference to biological sciences has been studied and applied for several generations and is somewhat simply viewed as "biological statistics."
Some researchers have coined the term behaviometrics for behavioral biometrics such as typing rhythm or mouse gestures where the analysis can be done continuously without interrupting or interfering with user activities.
Biometrics are used to identify the input sample when compared to a template, used in cases to identify specific people by certain characteristics.
Standard validation systems often use multiple inputs of samples for sufficient validation, such as particular characteristics of the sample. This intends to enhance security as multiple different samples are required such as security tags and codes and sample dimensions.
Biometric characteristics can be divided in two main classes, as represented in figure on the right:
Recently, a new trend has been developed that merges human perception to computer database in a brain-machine interface. This approach has been referred to as cognitive biometrics. Cognitive biometrics is based on specific responses of the brain to stimuli which could be used to trigger a computer database search. Currently, cognitive biometrics systems are being developed to use brain response to odor stimuli , facial perception and mental performance for search at ports and high security areas. These systems are based on use of functional transcranial Doppler (fTCD) and functional transcranial Doppler spectroscopy (fTCDS) to obtain brain responses, which are used to match a target odor, a target face or target performance profile stored in a computer database. Thus, the precision of human perception provides the data to match that stored in the computer with improve sensitivity of the system.
Strictly speaking, voice is also a physiological trait because every person has a different pitch, but voice recognition is mainly based on the study of the way a person speaks, commonly classified as behavioral.
It has been shown that working memory is typically associated with activations in the prefrontal cortex (PFC), anterior cingulate, parietal and occipital regions. These brain areas received blood supply from the middle cerebral arteries. Two fundamental working-memory processes have been identified: the passive maintenance of information in short-term memory and the active manipulation of this information .
In young subjects, studies using RPM tasks showed areas of regional CBF activation that comprised inferolateral temporal cortex including the fusiform gyrus bilaterally, and the middle temporal gyrus on the left, portions of the left medial temporal cortex including the parahippocampal gyrus, the left inferior parietal lobule, and the cerebellum. The identified anatomic structures (except for the cerebellum) derive major blood supply from the middle cerebral artery. In a study, using functional transcranial Doppler (fTCD), Njemanze demonstrated that for successful resolution of RPM tasks, females used a left hemisphere strategy while males used the right hemisphere. The latter implies that general intelligence is associated with neural systems within one hemisphere that are accessible to a variety of cognitive processes. It was demonstrated that bi-hemispheric activation was associated with Wrong ANSWER, which may suggest that, increasing level of task difficulty is associated with diverse pattern of neural activation due to broad sampling of all major cognitive functions . Njemanze postulated that, successful RPM problem-solving employs a discrete knowledge strategy (DKS), that selects neural pathways represented in one hemisphere. While unsuccessful outcome implicates a non-discrete knowledge strategy (nDKS). RPM paradigm could be viewed as a working memory task.
This suggests that the DKS model may have a correlate in mnemonic operations. In other words, DKS model may have a discrete knowledge base (DKB) of essential components needed for task resolution, while for nDKS, DKB is absent, and hence a "global" or bi-hemispheric search occurs. Based on these findings, a brain-machine interface system was designed as described in United State Patent No. 6,390,979. A pattern of blood flow velocity changes is obtained in response to a set intelligence task, which is used to form a 'mental signature' that could be repeatedly recognized, in an automated man-machine interface system. The system is designed to go beyond passive recognition, but rather to set a desired level of 'mental performance', before access is gained into the system. The device could be used as a 'lie detector' based on the fact that, it could distinguish Wrong ANSWER which elicits bi-hemispheric activation, from Correct ANSWER that activates unilateral response.
It is possible to understand if a human characteristic can be used for biometrics in terms of the following parameters:
The following table shows a comparison of existing biometric systems in terms of those parameters:
A. K. Jain ranks each biometric based on the categories as being either low, medium, or high. A low ranking indicates poor performance in the evaluation criterion whereas a high ranking indicates a very good performance.
The diagram on right shows a simple block diagram of a biometric system. When such a system is networked together with telecommunications technology, biometric systems become telebiometric systems. The main operations a system can perform are enrollment and test. During the enrollment, biometric information from an individual is stored. During the test, biometric information is detected and compared with the stored information. Note that it is crucial that storage and retrieval of such systems themselves be secure if the biometric system is to be robust. The first block (sensor) is the interface between the real world and our system; it has to acquire all the necessary data. Most of the times it is an image acquisition system, but it can change according to the characteristics desired. The second block performs all the necessary pre-processing: it has to remove artifacts from the sensor, to enhance the input (e.g. removing background noise), to use some kind of normalization, etc. In the third block features needed are extracted. This step is an important step as the correct features need to be extracted and the optimal way. A vector of numbers or an image with particular properties is used to create a template. A template is a synthesis of all the characteristics extracted from the source, in the optimal size to allow for adequate identifiability.
If enrollment is being performed the template is simply stored somewhere (on a card or within a database or both). If a matching phase is being performed, the obtained template is passed to a matcher that compares it with other existing templates, estimating the distance between them using any algorithm (e.g. Hamming distance). The matching program will analyze the template with the input. This will then be output for any specified use or purpose (e.g. entrance in a restricted area ) .
|false accept rate or false match rate||FAR or FMR||the probability that the system incorrectly declares a successful match between the input pattern and a non-matching pattern in the database. It measures the percent of invalid matches. These systems are critical since they are commonly used to forbid certain actions by disallowed people.|
|false reject rate or false non-match rate||FRR or FNMR||the probability that the system incorrectly declares failure of match between the input pattern and the matching template in the database. It measures the percent of valid inputs being rejected.|
|receiver operating characteristic or relative operating characteristic||ROC||In general, the matching algorithm performs a decision using some parameters (e.g. a threshold). In biometric systems the FAR and FRR can typically be traded off against each other by changing those parameters. The ROC plot is obtained by graphing the values of FAR and FRR, changing the variables implicitly. A common variation is the Detection error trade-off (DET), which is obtained using normal deviate scales on both axes. This more linear graph illuminates the differences for higher performances (rarer errors).|
|equal error rate||EER||the rate at which both accept and reject errors are equal. ROC or DET plotting is used because how FAR and FRR can be changed, is shown clearly. When quick comparison of two systems is required, the ERR is commonly used. Obtained from the ROC plot by taking the point where FAR and FRR have the same value. The lower the EER, the more accurate the system is considered to be.|
|failure to enroll rate||FTE or FER||the percentage of data input is considered invalid and fails to input into the system. Failure to enroll happens when the data obtained by the sensor are considered invalid or of poor quality.|
|failure to capture rate||FTC||Within automatic systems, the probability that the system fails to detect a biometric characteristic when presented correctly.|
|template capacity||the maximum number of sets of data which can be input into the system..|
The following table shows the state of art of some biometric systems:
|Face||n.a.||1%||10%||37437||Varied lighting, indoor/outdoor||FRVT (2002)|
|Fingerprint||n.a.||1%||0.1%||25000||US Government operational data||FpVTE (2003)|
|Fingerprint||2%||2%||2%||100||Rotation and exaggerated skin distortion||FVC (2004)|
|Hand geometry||1%||2%||0.1%||129||With rings and improper placement||(2005)|
|Iris||< 1%||0.94%||0.99%||1224||Indoor environment||ITIRT (2005)|
|Iris||0.01%||0.0001%||0.2%||132||Best conditions||NIST (2005)|
|Keystrokes||1.8%||7%||0.1%||15||During 6 months period||(2005)|
|Voice||6%||2%||10%||310||Text independent, multilingual||NIST (2004)|
One simple but artificial way to judge a system is by EER, but not all the authors provided it. Moreover, there are two particular values of FAR and FRR to show how one parameter can change depending on the other. For fingerprint there are two different results, the one from 2003 is older but it was performed on a huge set of people, while in 2004 far fewer people were involved but stricter conditions have been applied. For iris, both references belong to the same year, but one was performed on more people, the other one is the result of a competition between several universities so, even if the sample is much smaller, it could reflect better the state of art of the field.
The television program MythBusters attempted to break into a commercial security door equipped with biometric authentication as well as a personal laptop so equipped. While the laptop's system proved more difficult to bypass, the advanced commercial security door with "live" sensing was fooled with a printed scan of a fingerprint after it had been licked. There is no basis to assume that the tested security door is representative of the current typical state of biometric authentication, however. With careful matching of tested biometric technologies to the particular use that is intended, biometrics provide a strong form of authentication that effectively serves a wide range of commercial and government applications.
Biometric verification of an individual’s identity can help control the risks associated with misidentification. However, biometric verification can itself be compromised through vulnerabilities in the system. This can occur through deliberate attempts to breach security and the integrity of the biometric process as shown in the television program MythBusters. To address this risk the Biometrics Institute has established a Biometrics Vulnerability Assessment Methodology
However, the clear concern is that the number of biometric samples of an individual are limited. If all samples are lost via compromise the legitimate owner will be unable to replace the old ones. Additionally, the limited number of samples means that there is a concern with secondary use of biometric data: a user who accesses two systems with the same fingerprint may allow one to masquerade is her to the other. Several solutions to this problem are actively being researched.
Another concern is that if the system is used at more than one location, a person's movements may be tracked as with any non-anonymous authentication system. An example of this would be posted security cameras linked to a facial recognition system, or a public transortation system requireing the use of biometry or registered identification card.
Despite confirmed cases of defeating commercially available biometric scanners, many companies marketing biometric products (especially consumer-level products such as readers built into keyboards) claim the products as replacements, rather than supplements, for passwords. Furthermore, regulations regarding advertising and manufacturing of biometric products are (as of 2006) largely non-existent. Consumers and other end users must rely on published test data and other research that demonstrate which products meet certain performance standards and which are likely to work best under operational conditions. Given the ease with which other security measures such passwords and access tokens may be compromised, and the relative resistance of biometrics to being defeated through alteration and reverse engineering, large scale adoption of biometrics may offer significant protection against the economic and social problems associated with identity theft.
Previously, research was focusing on using biometrics to overcome the weakness in traditional authentication systems that use tokens, passwords or both. Weakness, such as sharing passwords, losing tokens, guessable passwords, forgetting passwords and a lot more, were successfully targeted by biometric systems, although accuracy still remains a great challenge for many different biometric data. But one ordinary advantage of password does not exist in biometrics. That is re-issue. If a token or a password is lost or stolen, they can be cancelled and replaced by a newer version i.e. reissued. On the other hand, this is not naturally available in biometrics. If someone’s face is compromised from a database, they cannot cancel it neither reissue it. All data, including biometrics is vulnerable whether in storage or in processing state. It is relatively recently research has been undertaken to consider protection of biometric data more seriously. Cancelable biometrics is a way in which to inherit the protection and the replacement features into biometrics. It was first proposed by Ratha et al. Besides reliable accuracy performance and the replacement policy cancellable biometric has to be non-revisable in order to fulfill the aim.
Several methods for generating cancellable biometrics have been proposed. Essentially, cancelable biometrics perform a distortion of the biometric image or features before matching. The variability in the distortion parameters provides the cancelable nature of the scheme. Some of the proposed techniques operate using their own recognition engines, such as Teoh et al and Savvides et al, whereas other methods, such as Dabbah et al, take the advantage of the advancement of the well-established biometric research for their recognition front-end to conduct recognition. Although this increases the restrictions on the protection system, it makes the cancellable templates more accessible for available biometric technologies.
In general, cancelable biometrics may be seen to represent a promising approach to address biometric security and privacy vulnerabilities. However, there are several concerns about the security of such schemes. First, there is very little work analysing their security, except for an analysis of biohashing . Secondly, while distortion schemes should be preferably non-invertible, no detailed proposed scheme has this property. In fact, it would appear to be trivial to undistort the template given knowledge of the distortion key in most cases. Third, cancelable biometrics would appear to be difficult to implement in the untrusted scenarios for which they are proposed: if the user does not trust the owner of the biometric sensor to keep the biometric private, how can they enforce privacy on the distortion parameters used? This last concern is perhaps the most serious: the security of cancelable biometrics depends on secure management of the distortion parameters, which must be used for enrollment and made available at matching. Furthermore, such keys may not be much better protected than current passwords and PINs. In summary, cancelable biometrics offer a possible solution to certain serious security and privacy concerns of biometric technology; however, current schemes leave a number of important issues unaddressed. Research is very active in this subject, and may succeed in addressing these concerns.
Each state in Brazil is allowed to print its own ID card, but the layout and data are the same for all of them. The ID cards printed in Rio de Janeiro are fully digitized using a 2D bar code with information which can be matched against its owner off-line. The 2D bar code encodes a color photo, a signature, two fingerprints, and other citizen data. This technology was developed in 2000 in order to enhance the safety of the Brazilian ID cards.
By the end of 2005, the Brazilian government started the development of its new passport. The new documents started to be released by the beginning of 2007, at Brasilia-DC. The new passport included several security features, like Laser perforation, UV hidden symbols, security layer over variable data and etc.. Brazilian citizens will have their signature, photo, and 10 rolled fingerprints collected during passport requests. All of the data is planned to be stored in ICAO E-passport standard. This allows for contactless electronic reading of the passport content and Citizens ID verification since fingerprint templates and token facial images will be available for automatic recognition.
Germany is also one of the first countries to implement biometric technology at the Olympic Games to protect German athletes. “The Olympic Games is always a diplomatically tense affair and previous events have been rocked by terrorist attacks - most notably when Germany last held the Games in Munich in 1972 and 11 Israeli athletes were killed”.
Biometric technology was first used at the Olympic Summer Games in Athens, Greece in 2004. “On registering with the scheme, accredited visitors will receive an ID card containing their fingerprint biometrics data that will enable them to access the 'German House'. Accredited visitors will include athletes, coaching staff, team management and members of the media”.
As a protest against the increasing use of biometric data, the influential hacker group Chaos Computer Club published a fingerprint of German Minister of the Interior Wolfgang Schäuble in the March 2008 edition of its magazine Datenschleuder. The magazine also included the fingerprint on a film that readers could use to fool fingerprint readers.
The border crossing points from Israel to the Gaza Strip and West Bank are controlled by gates through which authorized Palestinians may pass. Thousands of Palestinians (upwards of 90,000) pass through the turnstiles every day to work in Israel, and each of them has an ID card which has been issued by the Israeli Military at the registration centers. At peak periods more than 15,000 people an hour pass through the gates. The ID card is a smartcard with stored biometrics of fingerprints, facial geometry and hand geometry. In addition there is a photograph printed on the card and a digital version stored on the smartcard chip.
Tel Aviv Ben Gurion Airport has a frequent flyer's fast check-in system which is based on the use of a smartcard which holds information relating to the holders hand geometry and fingerprints. For a traveller to pass through the fast path using the smartcard system takes less than 10 seconds.
The Immigration Police at Tel Aviv Airport use a system of registration for foreign workers that utilizes fingerprint, photograph and facial geometry which is stored against the Passport details of the individual. There is a mobile version of this which allows the police to check on an individual's credentials at any time.
The speech made by President Bush on May 15, 2006, live from the Oval Office, was very clear: from now on, anyone willing to go legally in the United States in order to work there will be card-indexed and will have to communicate his fingerprints while entering the country.
"A key part of that system [for verifying documents and work eligibility of aliens] should be a new identification card for every legal foreign worker. This card should use biometric technology, such as digital fingerprints, to make it tamper-proof." President George W Bush (Addresses on Immigration Reform, May 15, 2006). Bush issued a presidential directive (NSPD 59, HSPD 24) in 2008 which requires increased capability for sharing and interoperability in "collection, storage, use, analysis, and sharing of biometric and associated biographic and contextual information of individuals" among the departments and agencies of the executive branch of the U.S. federal government.
The US Department of Defense (DoD) Common Access Card, is an ID card issued to all US Service personnel and contractors on US Military sites. This card contains biometric data and digitized photographs. It also has laser-etched photographs and holograms to add security and reduce the risk of falsification. There have been over 10 million of these cards issued.
According to Jim Wayman, director of the National Biometric Test Center at San Jose State University, Walt Disney World is the nation's largest single commercial application of biometrics. However, the US Visit program will very soon surpass Walt Disney World for biometrics deployment.
On February 6, 2008, West Virginia University, in Morgantown, West Virginia, became the national academic leader for the FBI's biometric research. The university was the first in the world to establish a Bachelor of Science Degree in Biometric Systems, and also established the initial chapter of the Student Society for the Advancement of Biometrics (SSAB) in 2003. WVU also offers a graduate level certificate and Master’s degree emphasis in Biometrics.