Biometrics
From Wikipedia, the free encyclopedia
For the academic journal of statistics in biology, see Biometrics (journal). For the application
of statistics to topics in biology, seeBiostatistics.
This article has multiple issues. Please help improve it or discuss these issues on
the talk page.
It may contain original research or unverifiable claims. Tagged since
August 2010.
It is incomplete and may require expansion or cleanup. Tagged since July
2010.
At Walt Disney World biometric measurements are taken from the fingers of guests to ensure that the
person's ticket is used by the same person from day to day
Biometrics comprises methods for uniquely recognizing humans based upon one or
moreintrinsic physical or behavioral traits. In computer science, in particular, biometrics is used as a form
of identity access management and access control. It is also used to identify individuals in groups that are
under surveillance.
Biometric characteristics can be divided in two main classes [citation needed]:
Physiological are related to the shape of the body. Examples include, but are not limited
to fingerprint, face recognition, DNA, Palm print, hand geometry, iris recognition, which has largely
replaced retina, and odour/scent.
� Behavioral are related to the behavior of a person. Examples include, but are not limited
to typing rhythm, gait, and voice. Some researchers[1] have coined the termbehaviometrics for this
class of biometrics.
Strictly speaking, voice is also a physiological trait because every person has a differentvocal tract, but
voice recognition is mainly based on the study of the way a person speaks, commonly classified as
behavioral.
Contents
[hide]
1 Introduction
2 Performance
3 Current, emerging and future applications of biometrics
o 3.1 Proposal calls for biometric authentication to access certain public networks
4 Issues and concerns
o 4.1 Privacy and discrimination
o 4.2 Danger to owners of secured items
o 4.3 Cancelable biometrics
o 4.4 International trading of biometric data
o 4.5 Governments are unlikely to disclose full capabilities of biometric deployments
5 Countries applying biometrics
o 5.1 United States
o 5.2 Gambia
o 5.3 Germany
o 5.4 Brazil
o 5.5 Iraq
o 5.6 India
o 5.7 Italy
o 5.8 United Kingdom
o 5.9 Australia
o 5.10 Canada
o 5.11 Israel
� o 5.12 Netherlands
5.12.1 Recent requirements for passport photographs
o 5.13 New Zealand
6 Biometrics in popular culture
7 See also
8 References
9 Further reading
[edit]Introduction
The basic block diagram of a biometric system
It is possible to understand if a human characteristic can be used for biometrics in terms of the following
parameters:[2]
Universality – each person should have the characteristic.
Uniqueness – is how well the biometric separates individuals from another.
Permanence – measures how well a biometric resists aging and other variance over time.
Collectability – ease of acquisition for measurement.
Performance – accuracy, speed, and robustness of technology used.
Acceptability – degree of approval of a technology.
Circumvention – ease of use of a substitute.
A biometric system can operate in the following two modes [citation needed]:
� Verification – A one to one comparison of a captured biometric with a stored template to verify
that the individual is who he claims to be. Can be done in conjunction with a smart card, username or
ID number.
Identification – A one to many comparison of the captured biometric against a biometric
database in attempt to identify an unknown individual. The identification only succeeds in identifying
the individual if the comparison of the biometric sample to a template in the database falls within a
previously set threshold.
The first time an individual uses a biometric system is called an enrollment. During the enrollment,
biometric information from an individual is stored. In subsequent uses, biometric information is detected
and compared with the information stored at the time of enrollment. Note that it is crucial that storage and
retrieval of such systems themselves be secure if the biometric system is to be robust. The first block
(sensor) is the interface between the real world and the system; it has to acquire all the necessary data.
Most of the times it is an image acquisition system, but it can change according to the characteristics
desired. The second block performs all the necessary pre-processing: it has to remove artifacts from the
sensor, to enhance the input (e.g. removing background noise), to use some kind of normalization, etc. In
the third block necessary features are extracted. This step is an important step as the correct features need
to be extracted in the optimal way. A vector of numbers or an image with particular properties is used to
create a template. A template is a synthesis of the relevant characteristics extracted from the source.
Elements of the biometric measurement that are not used in the comparison algorithm are discarded in the
template to reduce the filesize and to protect the identity of the enrollee [citation needed].
If enrollment is being performed, the template is simply stored somewhere (on a card or within a database
or both). If a matching phase is being performed, the obtained template is passed to a matcher that
compares it with other existing templates, estimating the distance between them using any algorithm
(e.g. Hamming distance). The matching program will analyze the template with the input. This will then
be output for any specified use or purpose (e.g. entrance in a restricted area) [citation needed].
[edit]Performance
The following are used as performance metrics for biometric systems: [3]
false accept rate or false match rate (FAR or FMR) – the probability that the system
incorrectly matches the input pattern to a non-matching template in the database. It measures the
percent of invalid inputs which are incorrectly accepted.
� false reject rate or false non-match rate (FRR or FNMR) – the probability that the system
fails to detect a match between the input pattern and a matching template in the database. It measures
the percent of valid inputs which are incorrectly rejected.
receiver operating characteristic or relative operating characteristic (ROC) – The ROC plot
is a visual characterization of the trade-off between the FAR and the FRR. In general, the matching
algorithm performs a decision based on a threshold which determines how close to a template the
input needs to be for it to be considered a match. If the threshold is reduced, there will be less false
non-matches but more false accepts. Correspondingly, a higher threshold will reduce the FAR but
increase the FRR. A common variation is theDetection error trade-off (DET), which is obtained using
normal deviate scales on both axes. This more linear graph illuminates the differences for higher
performances (rarer errors).
equal error rate or crossover error rate (EER or CER) – the rate at which both accept and
reject errors are equal. The value of the EER can be easily obtained from the ROC curve. The EER is
a quick way to compare the accuarcy of devices with different ROC curves. In general, the device
with the lowest EER is most accurate. Obtained from the ROC plot by taking the point where FAR
and FRR have the same value. The lower the EER, the more accurate the system is considered to be.
failure to enroll rate (FTE or FER) – the rate at which attempts to create a template from an
input is unsuccessful. This is most commonly caused by low quality inputs.
failure to capture rate (FTC) – Within automatic systems, the probability that the system fails
to detect a biometric input when presented correctly.
template capacity – the maximum number of sets of data which can be stored in the system..
[edit]Current, emerging and future applications of biometrics
[edit]Proposal calls for biometric authentication to access certain public networks
John Michael (Mike) McConnell, a former vice admiral in the United States Navy, a former Director
of US National Intelligence, and Senior Vice President of Booz Allen Hamilton promoted the
development of a future capability to require biometric authentication to access certain public networks in
his Keynote Speech[4] at the 2009 Biometric Consortium Conference.
A basic premise in the above proposal is that the person that has uniquely authenticated themselves using
biometrics with the computer is in fact also the agent performing potentially malicious actions from that
computer. However, if control of the computer has been subverted, for example in which the computer is
part of a botnet controlled by a hacker, then knowledge of the identity of the user at the terminal does not
materially improve network security or aid law enforcement activities.
�[edit]Issues and concerns
This section needs additional citations for verification.
Please help improve this article by adding reliable references. Unsourced material
may be challenged and removed.(March 2009)
[edit]Privacy and discrimination
Data obtained during biometric enrollment could be used in ways the enrolled individual does not consent
to.
[edit]Danger to owners of secured items
When thieves cannot get access to secure properties, there is a chance that the thieves will stalk and
assault the property owner to gain access. If the item is secured with a biometric device, the damage to the
owner could be irreversible, and potentially cost more than the secured property. For example, in 2005,
Malaysian car thieves cut off the finger of a Mercedes-Benz S-Class owner when attempting to steal the
car.[5]
[edit]Cancelable biometrics
One advantage of passwords over biometrics is that they can be re-issued. If a token or a password is lost
or stolen, it can be cancelled and replaced by a newer version. This is not naturally available in
biometrics. If someone’s face is compromised from a database, they cannot cancel or reissue it.
Cancelable biometrics is a way in which to incorporate protection and the replacement features into
biometrics. It was first proposed by Ratha et al. [6]
Several methods for generating cancelable biometrics have been proposed. The first fingerprint based
cancelable biometric system was designed and developed by Tulyakov et al. [7] Essentially, cancelable
biometrics perform a distortion of the biometric image or features before matching. The variability in the
distortion parameters provides the cancelable nature of the scheme. Some of the proposed techniques
operate using their own recognition engines, such as Teoh et al. [8] and Savvides et al.,[9] whereas other
methods, such as Dabbah et al.,[10] take the advantage of the advancement of the well-established
biometric research for their recognition front-end to conduct recognition. Although this increases the
restrictions on the protection system, it makes the cancellable templates more accessible for available
biometric technologies.
[edit]International trading of biometric data
Many countries, including the United States, already trade biometric data. To quote a 2009 testimony
made before the US House Appropriations Committee, Subcommittee on Homeland Security on
�“biometric identification” by Kathleen Kraninger and Robert A Mocny [11]According to article written by
S. Magnuson in the National Defense Magazine, the United States Defense Department is under pressure
to share biometric data.[12] To quote that article:
“ Miller, (a consultant to the Office of Homeland Defense and America’s security affairs) said the
United States has bi-lateral agreements to share biometric data with about 25 countries. Every
time a foreign leader has visited Washington during the last few years, the State Department
has made sure they sign such an agreement. ”
[edit]Governments are unlikely to disclose full capabilities of biometric deployments
Certain members of the civilian community are worried about how biometric data is used. Unfortunately,
full disclosure may not be forthcoming to the civilian community. [13]
DSTO-GD-0538
Feature analysis is currently the most widely used facial recognition technology. Specific
features are extracted from many different regions of the face and these features (boththeir
type and arrangement) are used for identification and verification. Although, likemost facial
recognition systems, feature analysis works best with front-on images, one ofits distinct
advantages is its ability to deal with changes in appearance or the angles atwhich a face is
presented.
Eigenface utilises 2D gray scale images which represent distinctive characteristics of the
face. Once a user has enrolled, their eigenface is mapped to a series of coefficients.
Inverification mode (i.e. for access control) a user’s live template is compared against
theenrolled template and in identification mode (i.e. for surveillance) the template iscompared
to many in a pre-existing database to determine coefficient variation. Thedegree of coefficient
variance determines acceptance or rejection. Eigenface is best suited to well-lit environments
and when using front-on image capture.
Neural network mappingutilisesamatchingalgorithmtodeterminewhetherfeaturesfrom
an enrolment/reference and verification/live face are similar or different. Neuralnetworking
technology uses as many features of the face as possible to ascertain whetherthere is a match
or not. A false match prompts the algorithm to modify the weights it givesto certain features
of the face to double check that the false match is the correct decision to make.
Automatic face processingusesdistanceanddistanceratiosbetweenthedistinctivefeatures
�of the face (such as the distance between eyes) for matching purposes. Although
automaticface processing is a more simple technology and is best suited to front-on image
capturesituations, it has been shown to be ineffective in dimly lit environments.
Of the leading three biometric technologies, face is the only viable tool for surveillance
orwatch list functions. Facial recognition systems are able to capture faces of people inpublic
areas and images from some distance away, suggesting that no physical contact isrequired.
Thus the system’s covert capability and capacity to be used in coordination withexisting
national security databases and surveillance cameras or closed circuit television(CCTV)
systems make it a valuable biometric tool (Woodward, Horn, Gatune & Thomas,2003). The
performance of facial recognition technology has improved dramatically overthe past 14 years,
with error rates dropping dramatically over this time (see Figure 11).This increase in
performance has been attributed to the development of the recognitiontechnology, higher
resolution imagery and improved picture quality due to greaterconsistency in lighting. Note
that inFigure11,FRR(falserejectrate)equatestoFNMRandFAR (false accept rate) equates to FMR.
12
����DSTO-GD-0538
Figure 11: Decreasing error rates for facial recognition technology 1993-200610
In terms of user acceptance, facial recognition is generally widely acceptable since
humanbeings are already familiar with this process and the sensors (i.e. cameras) are
wellunderstood and unobtrusive (Woodward, Horn, Gatune & Thomas, 2003).
3.3 Iris
�Iris recognition systems are based on visible qualities of the iris (such as the trabecular
meshwork, rings, furrows and the corona).
Figure 12: Collage of irises11
Iris structure is practically unique and may be sensed via regular and or/ infrared light.The
first step in acquisition of an iris image is to position the camera the required distancefrom
the eye. Once the camera has situated the eye it narrows in (from right to left to avoidthe
eyelids) to locate the outer edge of the iris. The unique visible characteristics of the iris are
converted into a template and stored for future matching.
10Phillips et al (2007)
11www.cl.cam.ac.uk
13
��DSTO-GD-0538
Figure 13: Desktop iris scanning12
Iris recognition technologies are used primarily in high security environments and accountfor around 8%
of the entire biometric market. IBG estimates that their use will increasemarkedly, with revenues set to
increase from $36 million in 2003 to $366 million in 2008(http://www.biometricgroup.com/).
Competition in the development of iris recognition software had been stifled by a company called
Iridian Technologies, who held patents foriris recognition since the 1980s. These patents expired in 2005
and development of irisrecognition algorithms has flourished since (Phillips et al, 2007).
The claimed error rates for iris systems are exceedingly low. Iris Challenge Evaluation2006
(ICE2006) reported an FNMR of 0.09 for an FMR of 0.001 (Phillips et al, 2007). Iristechnology
appears to be very well suited to a range of verification applications,particularly high security
applications where low error rates are essential. The technologydoes not lend itself to some
identification activities because it requires a co-operativeenrolment process. Users must stay still
while the iris image is being captured and manyusers take some time to become accustomed to this
aspect of iris recognition systems. Forthis reason reported user satisfaction with systems that are
used infrequently has been
