This action might not be possible to undo. Are you sure you want to continue?
Many organizations struggle with the problem of authentication; how users prove their identity in order to get access to applications or other resources. How strong or how secure does the authentication process need to be? Is the combination of a username and password sufficient? If not, should a token device – like SecurID or digital certificate be required? None of these solutions is without its problems. In recent years, biometric technology has emerged as a practical alternative that offers a reasonable level of security. This brief paper offers some insight into the key benefits and critical limitations of the technology. Biometrics, defined broadly, is the scientific discipline of observing and measuring relevant attributes of living individuals or populations to identify active properties or unique characteristics Bank auto-teller machines have improved the security level with the requirement that the customer must also provide something known, such as a PIN number. Keys, transponders and smart-cards can be stolen, and, in some cases, copied. PIN number or other forms of knowledge, such as passwords, can be forgotten or observed and are also inconvenient to remember and use. Biometrics provides the advantage that access is based on who the user is, and not on what is possessed or known. This implies that the driver himself becomes the key. Convenience is improved, as a key or transponder are no longer required.
CHAPTER 2: WHAT IS BIOMETRICS?
Taken from the Greek 'Bio' meaning life, and 'Metric' the measure of, Biometrics is the measure (study) of life( humans, plants and animals).Biometric technologies are defined as "automated methods of identifying or authenticating the identity of a living person based on a physical or behavioral characteristic." Biometrics uses the measurement of biological characteristics and a biometric is any human physiological or behavioral characteristic that is universal, unique, permanent and collectable. An alternate definition for Biometrics is given as “Automatically recognizing a person using distinguishable traits”. The identification of individuals using a biometric is known as biometric identification. There is currently no distinct definition for the terms Biometrics and Biometric Identification and both terms are used synonymous throughout literature. Identification is the process of associating (who am I?) Measured biometric characteristics are compared with a list of previously measured characteristics of individuals. When a match is found, the individual’s identity is deduced to be that of the matching individual found in the list. Authentication is a process of verifying that a person is who he claims to be (Who am I?). It requires that the person being subjected to scrutiny (claimant ) supply information about who he claims to be. This may be in a form of unique index number or index that is used to select a person’s known characteristics out of an existing list of previously measured characteristics of individuals, or it may be in the form of simultaneously supplying a previously validated version of the person’s known characteristics. The known characteristics are then compared against those measured against those measured and a decision is made as to whether the person’s measured characteristics of the claimed identity. The Identification process requires that a database of the unique biometric characteristics (also called Features) of the people be stored inside or available to the system, while Authentication differs in that it can be achieved by supplying the system with only the features of the person being tested at the time and no search through a database is required. The result is that Authentication is faster than identification and that a person’s biometric feature can be carried by the person (perhaps in an encrypted smart card) and do not have to be stored centrally.
Biometric Characteristics A biometric is a unique, measurable characteristic or trait of a human being for automatically recognizing or verifying identity. This definition contains several important components critical to biometrics: • Unique: In order for something to be unique, it has to be the one and only, have no like or equal, and be different from all others. When trying to identify an individual with certainty, finding something that is unique to that person is absolutely essential. • Measurable: In order for identification to be reliable, the item being used must be relatively static and easily quantifiable. For example, hairstyle or colours are not dependable characteristics for identifying an individual, as both can be easily and frequently changed. • Characteristic or Trait: Today, identity is often confirmed by something a person has, such as a card or token (e.g., a drivers license), or something they know, such as their computer password or their personal identification number (PIN) for their bank machine. Biometrics involves something a person is or does. These types of characteristics or traits are intrinsic to a person and can be divided into physiological (i.e., something a person is) such as their fingerprints, voiceprints, or patterns in their eyes, and behavioral (i.e., something a person does), such as the way they sign their name or type on a keyboard. • Automatic: In order for something to be automatic it must work by itself, without direct human intervention. For a process to be considered a biometric technology, it must recognize or verify a human characteristic quickly (e.g., some biometric systems function in under two seconds) and without a high level of human involvement. • Recognition: To recognize someone is to identify them as someone who is known, or to “know again.” A person cannot recognize someone who is completely unknown to them. A computer system can be designed to recognize or identify a person based on a biometric characteristic. To do this it must compare a biometric presented by a live person against all biometric samples stored in a central database. If the presented biometric matches a sample on file, the system then identifies the individual. This is often called a one-to-many match. Essentially, the system is trying to answer the question: Who is this person? 3
CHAPTER 3: PRINCIPLES OF BIOMETRICS Three major components are usually present in a biometric system: A mechanism to scan and capture a digital or analog image of a living person’s biometric characteristic. Software for storing, processing and comparing the image. An interface with the application system that will use the result to confirm an individual’s identity
SYSTEM FUNCTIONAL BLOCKSBiometric identification systems are usually accomplished using the functional blocks.(refer fig:1 and fig:2). The relevant biometric data is collected using a biometric sensor during the data acquisition phase. The quality of the captured data is of great importance and some form of automated data quality assessment is generally necessary. The results of this assessment can be used to adjust sensor parameters, feedback to the user about improved positioning or as a parameter to tune the performance of the processes that follow. The purpose of the Signal Pre-processing phase is to normalize the data and apply filters to remove the distortion introduced by noise, manufacturing tolerances and environmental conditions such as ambient noise in a Voice Recognition System. The Feature Extraction phase reduces the enormous amount of data captured by the sensor into the much smaller amounts of information (features) that permit the differentiation of people. This reduction is necessary for two reasons. The first is to reduce the amount of memory space required for the Matching phase. For example, humans can recognize the letter ‘i’ independent of the font or size. Simplistically, the only relevant information needed for comparison is that the letter has a small vertical line with a dot on top. To introduce a new person to a biometric system is called Enrolment and the set of features extracted for specific people are called Feature Templates which are stored together with other information, such name and access privileges, into the database of the system.
During enrolment, it is usual to repeat the Data Acquisition to Feature Extraction steps multiple times, to make sure that typical and relevant features are stored. Some systems use a quality assessment to select the best of several acquisitions and more sophisticated systems may even combine the information from several acquisitions into one enhanced feature template. Authentication and identification processes both involve comparing the recently extracted features of a Claimant, with the Feature Templates of enrolled users. The process of comparison is called Matching and is a non-trivial task, as it is normal for there to be no exact correlation between extracted features and stored templates. This non-exact correlation is due to a number of factors. Sensors may have a limited field of view and it cannot be guaranteed that the same area of the claimant is exposed to the sensor each time. It is also most likely that the area sampled during enrolment and that features are distorted due to elastic nature of skin. Features can also be hidden or altered by clothing, dirt, injury and environmental conditions. Hence, a comparison provides a Matching Score that indicates the number of coincident features found between those of a Claimant and those found in an enrolment template. This matching score must then be further translated into a Yes/No decisions.
CHAPTER 4: TYPES OF BIOMETRICS The list of human characteristics currently being used for biometrics is varied and continuing to grow as more research is undertaken. A short list of the most well known methods includes DNA, Ear shape, Fingerprints, Face, Hand and Finger Geometry, Infra-red Facial and Hand Vein Thermograms, Iris, Keystroke Dynamics, Signature & Voice. Eye (refer fig: 4) There are two main types of biometric analysis of the eye. One involves the iris, which is the coloured ring that surrounds the pupil, and the other uses the retina, which is the layer of blood vessels at the back of the eye. Iris Each iris has a unique and complex pattern such that even a person's right and left iris patterns are completely different. It has been claimed that the system is "foolproof" because artificial duplication of the iris is virtually impossible due to its properties and the number of measurable characteristics. Face (refer fig: 3) There are two main types of facial recognition systems; the most common uses video, while the other uses thermal imaging. Video face recognition technology analyze the unique shape, pattern and positioning of facial features. A video camera is used to capture an image from a distance of a few feet away from the user. A number of points on the face are usually mapped out. With other systems, a three-dimensional map of the face can be created. A facial thermogram uses an infrared camera to scan a person's face and then digitize the thermal patterns. Apparently no two people, not even identical twins, have the same facial thermogram. The patterns are created by the branching of blood vessels in the face. As the blood is hotter than the tissue surrounding it, it radiates heat that can be picked up at a distance. Signature Verification This involves the analysis of the way in which a person signs their name. Signature biometrics are often referred to as dynamic signature verification (DSV). With this technique, the manner in which someone signs is as important as the static shape of their finished signature. For example, the angle at which the pen is held, the time taken to sign, the velocity and acceleration of the signature, the pressure exerted, and the number of times the pen is lifted from the paper. Signature data can be captured via a special pen or tablet, or both. The pen-based method incorporates sensors inside the writing instrument, while the tablet method relies on sensors imbedded in a writing surface to detect the unique signature characteristics. 7
Recently, another variation has been developed known as acoustic emission. This measures the sound that is generated as an individual writes their signature on a paper document. Speaker Verification (refer fig: 6) Biometric systems involve the verification of the speaker's identity based on numerous characteristics, such as cadence, pitch, and tone. The voice pattern is determined, to a large degree, by the physical shape of the throat and larynx, although it can be altered by the user. Speaker verification works with a microphone or with a regular telephone handset. Keystroke Dynamics Typing biometrics are more commonly referred to as keystroke dynamics. Verification is based on the concept that how a person types, in particular their rhythm, is distinctive. The National Science Foundation and the National Bureau of Standards in the United States have conducted studies establishing that typing patterns are unique. One system creates individual profiles according to how users enter their passwords, accounting for factors such as hand size, typing speed, and how long keys are held down. Palm Print This is a physical biometric that analyzes the unique patterns on the palm of a person's hand, similar to fingerprinting. Like fingerprinting, latent or ink palm images can be scanned into the system. Vein Patterns This physical biometric analyzes the pattern of veins in the back of a person's hand. One proprietary system focuses on the unique pattern of blood vessels that form when a fist is made. The underlying vein structure, or "vein tree" can be captured using a camera and infrared light. Ear Shape A lesser-known physical biometric is the shape of the outer ear, lobes, and bone structure. Apparently, police are able to capture ear prints of criminals left when they listen at windows and doors. The technology has been used to obtain convictions in the Netherlands. Body Odour Sensors are capable of capturing body odour from non-intrusive parts of the body such as the back of the hand. Each unique human smell is made up of chemicals which are extracted by the system and converted into a template. Hand Geometry (refer fig: 5) Hand geometry produces static biometric signal that include finger lengths, heights of knuckles, distance between joints.
FINGERPRINT TECHNOLOGY WHERE DO FINGERPRINTS COME FROM? Fingerprints are composed of ridges and valleys. These contours emanate from stresses within the epidermis, which is the border between living and dead cells in skin. The formation of the contour pattern itself is determined during fetal development and from then on remains permanent and unique for each person and each finger. The new cells from these structures continually drift to the surface of the finger and become callous during this transition. Hence fingerprints are robust and continually renewed, even when subjected to abrasion. THE FEATURES OF A FINGERPRINTFor either authentication or identification, a decision has to be made whether two given fingerprints match. The comparison method selected depends on what are considered to be the features of a fingerprint. The comparison of ridges is most often. (refer fig: 7). If the microscopic structure of the ridge flow is examined, local ridge characteristics (called Minutiae – minute details) can be seen. To date, as many as 150 different types of Minutiae have been found and although other approaches are also used, such as counting the ridges between references points and the distance between skin pores, today’s fingerprint systems are usually based on two minutiae types called Ridge Endings (the point where a ridge abruptly ends) and bifurcations (the point where a single ridge bifurcates). When detailing Minutiae for comparison purposes, it is described by its Type (Ending or Bifurcation), position (X&Y co-ordinates) and Orientation (Direction of flow of the ridges at the minutiae). A fingerprint is described by the total of all its minutiae and the uniqueness of a fingerprint is based on the probability that no two fingerprints will have the same configuration of minutiae. FINGERPRINT IMAGE ACQUISITIONVarying physical principles are used by fingerprint sensors, but the end result is the same. A two-dimensional, grayscale image representation of the fingerprint is created. Optical sensors are the oldest and most familiar type of sensor. A light source illuminates the fingertip, which is placed on one surface of prism. The differences in refractive index between ridges that touch the surface and valleys that do not, alters the reflected light which is conducted through a lens system to a CCD-element.
Capacitance based silicon sensors have recently been developed by many companies. These sensors are usually large silicon chips (15 x 15 mm) with an array of capacitive electrodes, which typically provides a resolution of 500 DPI. Each electrode forms a capacitance together with a fingertip surface just above the area of the electrode. The distance between the skin and an electrode differs between ridges, that directly touch the sensor surface. This difference in distance cases a difference in capacitance, which is measured by the sensor and finally results in an image describing the contours of the fingertip. Some capacitive sensor manufacturers use a DC electric field to measure capacitance, while others use an AC field. These sensors have the advantage that they are flat and they can be easily be manufactured using standard silicon processes. Due to the requirement for close contact between sensor electrodes and the finger, the silicon sensor surface is only protected by a thin coating and hence these sensors are susceptible to mechanical and Electrostatic Discharge (ESD) damage. A thermal silicon sensor, which consists of a 320 x 40 pixel array of electrodes, senses differences in heat. As fingerprint valleys are insulated from the sensor surface by air, the thermal conductance differs from ridges which make direct contact with the sensor surface. Using the natural heat of the finger, the sensor is able to detect the contours of the finger by the different thermal energy transferred to the sensor. The thermal sensor differs from the other types in that a finger must be dragged across the sensor surface and the resulting multiple small image segments are then combined to create a single complete image of the fingerprint. The sensor’s main advantages are a significantly smaller silicon area compared to capacitive sensors and the possibility of a thicker protective layer between the silicon surface and the finger. Ultrasonic sensors emit a sound wave towards the fingertip and due to changes in acoustic impedance, some of the energy is reflected back towards the sensor at the interface of materials of different density. The time difference between emission and receipt of an echo is proportional to the distance the sound wave had to cover to reach these interfaces and thus the contour of the fingerprint can be determined. Bulky commercial sensors, with up to 500 DPI resolution, exist and is still unclear if cost effective sensors can be realized.
FEATURE EXTRACTIONThe output of a fingerprint sensor is a two-dimensional, grayscale image representation of the fingerprint that has been presented to the sensor. A binary image is then computed, in which the ridges are represented by ones and valleys represented by zeroes. Ridges are usually more than one pixel wide and this complicates the search for line ending and bifurcation minutiae. Therefore a much simpler image is computed with Ridge Lines represented by a one pixel width line. The resultant image is known as the Skeleton. Using the Skeleton, line end and fork detection is relatively simple. Initially the start of all ridge lines need to be found. Once the ridge line is detected, a tracking algorithm sequentially enumerates all pixels along the ridge line. The result is a list of minutiae with X and Y co-ordinates, type (either line ending or bifurcation) and ridge orientation. MATCHING Given two minutiae feature lists, matching determines whether these fingerprints belong to the same finger. The matching strategy depends on the choice of features. Minutiae matching is often referred to as Point Pattern Matching and at first glance appears a trivial task, however a lot of issues have to be considered to achieve satisfactory performance. Even using the same finger, no two images will be the same. Finger translation, rotation and distortion all lead to the minutiae lists never being identical and thus it is not possible to compare the absolute co-ordinates contained in minutiae lists. The effect of translation and rotation with a mechanical guide, which provides hard limits and tactile feedback to the user. A comparison of minutiae is only practical in the overlapping portion of two templates. It is likely that some features will be present in the first list, but missing in the second and vice versa. As a consequence, the sensor cannot be too small. The sensor needs to be large enough that a reliable decision can be made based on the features found in an overlapping area. The area size depends on the quality of the quality of the finger-guide and the typical feature density.
CHAPTER 5: APPLICATIONS OF BIOMETRICS Applications Some Automatic Teller Machine (ATM) manufacturers include iris scans as an alternative to passwords or PINs. In May 1999, Bank United of Texas became the first bank in the United States to offer iris recognition at ATMs. In addition, the technology already is used by eleven different banks outside of the United States. German banks have been using face recognition technology to give customers unattended, 24- hour access to their safety deposit boxes. Customers request their boxes at a self-service computer terminal, which includes a video camera. The camera captures and processes the customer's facial image. System software verifies the person's identity and authority to receive the requested safety deposit box. If the person is authorized, the box is retrieved by robots and delivered to the owner by an automated handling system. A Malaysian company is using this technology to create an airport security system that tracks passengers' baggage with an image of their face. Only when passengers actually enter the plane will the system allow their baggage to be loaded. Globally, airports have expressed interest in another system that can pick a moving face out of a crowd. They hope to use this technology as a way of identifying terrorists and other criminals. At the beginning of 1999, the Bank of America started a pilot program that uses finger scans to give customers access to their online banking services. Before using the system, the customer enrolls a fingerscan on a chip attached to a multi-application smart card. Authentication is completed by the customer placing a finger on a scanning device attached to their personal computer. The software matches the fingerscan from the scanner against the image stored in the smart card. Recently, one American hotel chain announced that it would start collecting fingerprints as part of its check-in procedure.
A number of vendors have developed fingerscanners resembling a computer mouse. Scanners built into computer keyboards also have been produced. Recognition of a fingerscan takes place in an average of two seconds on a personal computer or one second on a workstation, with accuracy claimed to be 99.9% The 1996 Summer Olympic Games in Atlanta used hand geometry to identify and secure approximately 150,000 athletes, staff, and other participants. The University of Georgia uses the technology to control access to its student cafeteria. When students visit a cafeteria, they swipe their identity cards through a reader and have their hands verified before being able to enter the food service area. An American elementary school uses the technique to identify individuals picking up children. Anyone authorized by the parents can enrol in the system. To be able to pick up a child from the school, a person first must be verified by a hand geometry reader. In Toronto, hand geometry is used by a racquet and fitness club to verify identity of 12,000 club members and staff.52 Initially, it was introduced at only one location to test acceptability. Now it has been expanded to all locations.
ARTICLE 5.1: AUTOMOTIVE APPLICATION OF BIOMETRICS When first thinking about implementing biometrics in automotive applications, the main benefit appear to be improved security. Improvements in user convenience and efficiency are the main driver for biometrics. UNIQUE CHARACTERISTICS OF BIOMETRIC SYSTEMS IN AUTOMOTIVE SECTOR Personal features are unique and inseparable from the person; so it is not possible to lend them to another. This implies that a vehicle with a biometric system cannot simply be loaned, unless the person is enrolled into the system. Any new user must first be enrolled into the system and added to a database of known users. An administrator is required to authorize the biometric system to learn the characteristics of a new user. It is also reasonable to enable the passing-on of the right to enroll users from an administrator to others. As a result, multiple users may have the right to enroll new users. An effective interface for the administration of users and access rights must be accomplished. As authorization is uniquely linked to a specific person, it is possible to set user-specific usage restrictions. Examples could be maximum speed or an expiration date. Furthermore, any automotive application must allow for the following important scenarios: For motor vehicle rentals, access permission must be given at the sales counter. Together with the access rights discussed above, this offers new opportunities to ensure that a vehicle can only be driven by those customers enrolled at the sales counter and only the duration of the contract. Lending the vehicle to a friend or colleague. Hotel valet parking. Vehicle working servicing . The possibility of driving the vehicle when the enrolled driver cannot, as in an emergency. Sale of the vehicle. Handling of the vehicle during manufacture and transport. If we accept that higher security through biometrics is not our goal, then while biometrics methods are faster and more convenient, any system must also include a non-biometric, non-person-specific bypass method for vehicle entry and driving authorization. One such method would be to provide a mechanical or remote key for vehicle entry and a transponder-based immobilizer as used in today’s solutions.
17 It should be emphasized that the bypass solution is only needed for special situations. Normally, a user will operate a vehicle with the biometric system and thus profit from the advantages already outlined. PERSONAL PROFILEExisting seat memories offer the possibility of storing seat and mirror position for different drivers and to recall these settings whenever the same driver uses the vehicle. The user interface is typically through numbered or colored pushbuttons, which are assigned to different drivers. The maximum number of drivers is limited by the number of buttons and the assignment of buttons needs coordination between the drivers. Furthermore, each driver must remember his assigned button. As biometric system can uniquely identify drivers, automated Personal Profile systems becomes viable. The person specific pushbuttons are replaced by a biometric sensor, which is used for recalling, as well as storing, the user’s specific settings. The maximum number of drivers is no longer limited by the number of pushbuttons, only by memory capacity. User comfort is increased, as user specific buttons (either numbered or colored) do not need to be remembered or coordinated. All the driver has to do when he enters the vehicle is to put his finger on the sensor and adjustment of the accessories can start immediately. Other, not so obvious, settings can also be remembered, such as driving style and suspension tuning parameters, navigation system destination settings, telephone numbers, e-mail or billing account details for a Telematics system, as well as driver status information such as the length of time a person has driven versus the amount of rest. IMMOBILIZATION AND ENGINE STARTChallenged-response based transponder immobilizers, together with encrypted communication to engine management systems, have all but eradicated instances of vehicle theft due to ‘hot wiring’ and component exchange. The only additional security benefit provided by biometrics is in overcoming the unauthorized use of a key or transponder card, as biometric features cannot be copied or stolen. Also convenience is improved as a key or transponder card is no longer required to operate the engine. As the biometric system is a replacement for today’s ignition key, it has to allow for the usual power-on sequence. i.e. off, accessories, ignition and start. For safety and regulatory reasons, the systems may only allow engine start if the driver simultaneously presses the break or clutch pedal while placing his finger on the sensor. (refer fig: 8)The logistics of electrical supply, engine start and steering lock operation needs to be carefully considered.
18 Once again, convenience is improved. When a driver wants to start the engine, he only has to put his finger on the sensor while pressing the break or clutch pedal. This is faster and simpler than fiddling the key into the ignition lock. The fingerprint sensor is integrated into the gear-stick; with biometric system authorization and engine start in one action. As the driver is uniquely identified by the biometric system, specific rights can be assigned for each driver. This may be useful when leading a vehicle for a limited period of time and particularly for motor vehicle rentals. Once the agreed period of time is expired, heavy limitations can be put on the vehicle operation, such as speed or distance. VEHICLE ENTRYUsually, vehicle access is granted by either a mechanical or remote key and although transponder based Passive Entry systems are just being introduced into the market, all these systems require that the driver carries something. Once an ignition key is no longer required for engine start, it makes sense to also use a biometric system for vehicle entry. This completely eliminates the necessity for a key or transponder. A driver parking at the beach will no longer have to find a good hiding place for the keys. Due to the hostile environment, the use of fingerprint sensor on the external surfaces of a vehicle is a technical challenge and although inconvenient, mechanical covers may ultimately be required to protect the sensor. The current state of the art in fingerprint sensor technology does not offer a realistic solution for the problem of external mounting and each of the existing sensor technologies must be further developed in order to support this application. DEMONSTRATION VEHICLETo prove the benefits and functionality of biometrics, Bosch has fitted a demonstration vehicle. Work initially centered around a PC based proof-ofconcept and included fingerprint based engine start and Personal Profile control of seat & mirror positions. Using the PC based solution first provided the benefits of permitting rapid implementation of system concepts, the use of universal tools for algorithm development and a graphical interface for visualization and demonstration purposes. It also permitted the development of a platform independent system which could later be ported to an embedded system once issues such as processor performance and cost requirements were mare clearly known. Current activities include the addition of door access control and the development of embedded electronics solutions to reduce operating time, package size and power consumption.
20 CHAPTER 6: BENEFITS OF BIOMETRICS Biometric technology offers a number of benefits to both businesses and consumers. It is these benefits, in addition to the factors noted above, that are driving their increased sage and acceptance. Positive Identification Companies are looking to biometrics because they see the positive identification provided by the technology as a way to: control fraud and abuse, build non-repudiation into electronic commerce transactions, and to enhance customer service. Companies are looking for means whereby individuals can be recognized reliably, at a distance, over a period of time, without reliance on human memory, and, in some cases, despite the preference by the person not to be recognized. Financial institutions have long been evaluating the merits of biometrics. Biometrics are seen as ideally suited for electronic commerce and other online applications because they can automatically “prove” the identity of a person while ensuring that no-one else can impersonate them. Combating Credit Card Fraud Stolen credit card numbers are routinely posted and swapped on Internet bulletin boards and real-time chat lines. On the Internet, credit card numbers come from traditional offline sources (e.g., stolen wallets and discarded receipts), as well as from poorly-secured Web servers that store credit card information. American survey found that nearly one-third of consumers who have bought products on the Internet have experienced fraud or misuse of credit card information. MasterCard International estimated the use of biometrics could reduce credit card fraud by 90%. Preventing Identity Theft Fuelling consumer interest in biometrics is the rise of identity theft — a crime resulting from the misappropriation and abuse of personal information. Identity theft, also known as identity fraud, includes a range of crimes broadly defined as “the misuse of personal identifying information to commit various types of financial fraud.” The theft of identity can leave someone with a poor credit rating and a ruined reputation that may take months or even years to correct. While there are many ways to combat identity theft, some consumers see biometrics as an effective and convenient way to diminish the problem. Biometrics can fight identity theft by eliminating PINs and passwords, by verifying the identity of parties in a remote transaction, by authorizing credit card or cheque transactions, and by securing personal assets like computers, as well as personal information.
21 Restoring Identity Biometrics offer another potential benefit to consumers in that they can verify their identity should their identifying papers be lost or stolen. An example illustrating the utility of biometrics may be found in Oklahoma where authorities issued new driver’s licenses with a thumbprint, to replace documents lost in tornadoes. Should these licenses be lost in the future, the biometric will reestablish identity so the appropriate person can be issued the necessary documentation quickly and easily. This benefit is equally applicable to membership or credit cards. Enhanced Security Opening up access to computer systems and networks may enhance customer service, but it also increases the potential for security breaches. The most serious losses occurred through the theft of proprietary information and financial fraud. Cards or keys can be forgotten, given away, lost, stolen, duplicated, or forged. Passwords can be shared, guessed, observed, stolen, or forgotten. Passwords are seen as being far too vulnerable, while biometrics are seen, by some, as offering superior security. The technology offers two significant advantages over other authentication methods: • the person to be identified is required to be physically present at the point-ofidentification; • identification based on biometric techniques eliminates the need to remember a password, PIN, or carry a token. Data Authentication To prevent the unauthorized altering of information (deliberate or unintentional) during online transactions, some form of data authentication becomes necessary. Encryption is a mathematical process that changes data from plaintext (i.e., that which can be read) to an unintelligible form. In order to reconstructed the original data or decrypt it, the key to the algorithm used must be known. Certain newer biometric systems can be used to encrypt data — the process is called biometric encryption. Physical Access Control Initially, biometric access controls were limited to high security areas such as nuclear power plants and military facilities. Now, these access control systems are used in theme parks, hotels, and health clubs. Nothing to remember, nothing to carry. A person simply presents their biometric to be authenticated and is given access. No one but they can gain entry.
22 CHAPTER 7: LIMITATIONS OF BIOMETRICS Performance The first thing that consumers should understand is that biometric systems do not guarantee 100% accuracy, 100% of the time. Commercially available biometric systems allow for some degree of variability in the measured characteristic or trait and update the referenced sample after each use. The biometric system must allow for these subtle changes, so a threshold is set. This can take the form of an accuracy score. While the threshold is set to accommodate some variation, the challenge is to set it so that the system only matches authorized individuals. Two potential problems can arise: • False Rejection: This is when an authorized individual is rejected by the system. • False Acceptance: This is when the system accepts an unauthorized individual. Set the threshold too high and legitimate users will fail to be identified. Set the threshold too low and unauthorized users will be accepted. There is usually a trade-off between these settings. This threshold is set depends upon the purpose of the biometric system and the degree of security required. Variations in Characteristics and Traits A percentage of users will have missing or damaged biometric characteristics. This makes automatic identification or verification of all users with a single biometric system impossible. Hence, alternative and appropriate methods of verifying identity for those unable to utilize the biometric should be an important component on any system. In addition, both physiological and behavioural characteristics can vary over time. For example, hands can swell from work, heat, or allergies; fingerprints can be marred by scratches, exposure to chemicals, or embedded dirt; voices can vary from colds; and signatures may change, as a person gets older. User Attitude How users feel about the biometric system can also impact performance. Some individuals are “technophobic” or have other personal reasons for being concerned about using a biometric system. The intention and overall cooperation of the user, as well as the way a person interacts with a system, may affect its accuracy. Some techniques are generally more acceptable to people than others. As an example, one study found iris and retinal scans to be the most unacceptable; finger scans, hand geometry, and hand vein recognition more acceptable; and face, signature, and voice recognition, as well as thermograms, the most acceptable. People’s acceptance of biometrics is based on perceived intrusiveness, speed of enrolment and use, and similarity to other familiar processes.
23 Uniqueness The degree of “uniqueness” varies among the different types of biometric characteristics. While vendors may claim their systems use unique characteristics, in actuality, uniqueness is measured by statistical probability. Some industry analysts maintain that, with the exception of fingerprints, biometric characteristics have not been demonstrated to be unique. The degree to which a biometric characteristic must be unique in order to accurately identify users depends on the type and size of the application. In small applications, the uniqueness of the biometric feature is less important. In large applications, systems based on non-unique features may be more likely to have false positives due to similarities. One of the factors influencing the uniqueness and, therefore, the accuracy of the different biometric techniques is the amount of data collected and compared. Privacy Concerns Privacy of the Person Any form of identification may attract opposition in different circumstances. To some people the need to identify themselves is intrinsically distasteful and demeaning. It is symbolic of the power that an organization they are dealing with has over them. To them, biometric identification represents the ultimate invasion of personal privacy. Certain biometric techniques require touching a communal reader, which may be unacceptable to some, due to cultural norms or religious beliefs. Others are apprehensive about interacting with a machine because they are not familiar with the technology, or are afraid that biometrics may cause them discomfort or harm. Informational Privacy A 1998 Canadian newspaper poll asked if biometric technology was a threat to privacy — 51% of respondents said yes. The majority of privacy concerns about biometrics relate to informational privacy and the ability of a person to determine when, how, and to what extent their biometric information is communicated to others. However, associated with biometrics is a high level of general anxiety about privacy because the technology can reveal information that is so intimate and intrinsic to oneself. Some people have the view that biometrics, “much more so than other identification schemes, may imperil the sense of individuality.” It is necessary to first understand this concern, in order to put the specific informational privacy issues into context.
24 CHAPTER 8: CONCLUSION Advances in semiconductor technologies, as well as data processing techniques, mean that the implementation of biometric applications, which require a large amount of processing power, can now be implemented at a reasonable cost. Many sensor suppliers are also developing AISC based system solutions that implement all of the functional blocks needed for a biometric identification system. Over the next few years, publicly visible biometric systems will become commonplace. Both automated and personal bank teller applications using fingerprint, speaker and iris recognition already exist and will expand. Computer network access and log-on applications involving fingerprint, speaker and face recognition are expected to be widespread. Biometric will appear in automotive applications over the next few years. Existing sensor technology was developed for office environment to be reliable in the automotive environment, but sensor manufacturers are achieving promising progress. As biometric applications become an everyday occurrence, public understanding and acceptance will develop to a point where automotive customers will not only accept, but also expect, the convenience that systems utilizing biometric solutions can bring.
25 REFERENCES: Ronald K. Jurgin –Passenger Safety and Convenience Systems, 2001-01-0171 Automotive Application of Biometric System Fingerprint.
Lawrence O’ Gorman, Avaya labs research, Basking Ridge,NJ- ALR2002-042-paper –Securing Business’s Front Door-password, token and biometric authentication. email@example.com. Biometric Consortium – An introduction to biometrics, www.biometrics.org Smart cards and biometrics in privacy-sensitive secure personal identification system. A smart card alliance white paper, May 2002, www.smartcardalliance.com
This action might not be possible to undo. Are you sure you want to continue?