 |
|||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
All About Biometric Systems
- Are Biometrics and forensics same?
- How a handwriting biometric system works?
- How hand and finger geometry works?
- What is the difference between Authenticate and Identify?
- What is the difference between Layered and Multimodal?
- What is the difference between Iris and Retinal scanning?
- What are the future of biometrics, privacy and other concerns and their disadvantages?
Introduction to biometrics:
Biometrics are automated methods of recognizing a person based on a physiological or behavioral characteristic. Among the features measured are; face, fingerprints, hand geometry, handwriting, iris, retinal, vein, and voice. Biometric technologies are becoming the foundation of an extensive array of highly secure identification and personal verification solutions. As the level of security breaches and transaction fraud increases, the need for highly secure identification and personal verification technologies is becoming apparent.
Biometric-based solutions are able to provide for confidential financial transactions and personal data privacy. The need for biometrics can be found in federal, state and local governments, in the military, and in commercial applications. Enterprise-wide network security infrastructures, government IDs, secure electronic banking, investing and other financial transactions, retail sales, law enforcement, and health and social services are already benefiting from these technologies.
Biometric-based authentication applications include workstation, network, and domain access, single sign-on, application logon, data protection, remote access to resources, transaction security and Web security. Trust in these electronic transactions is essential to the healthy growth of the global economy. Utilized alone or integrated with other technologies such as smart cards, encryption keys and digital signatures, biometrics are set to pervade nearly all aspects of the economy and our daily lives. Utilizing biometrics for personal authentication is becoming convenient and considerably more accurate than current methods (such as the utilization of passwords or PINs). This is because biometrics links the event to a particular individual (a password or token may be used by someone other than the authorized user), is convenient (nothing to carry or remember), accurate (it provides for positive authentication), can provide an audit trail and is becoming socially acceptable and cost effective. More information about biometrics is stated below. (Back to top)Biometrics and Forensics:
Biometrics and forensics have a lot in common, but they're not exactly the same. Biometrics uses your physical or behavioral characteristics to determine your identity or to confirm that you are who you claim to be. Forensics uses the same kind of information to establish facts in civil or criminal investigations.
(Back to top)Explanation:
You take basic security precautions every day -- you use a key to get into your house and log on to your computer with a username and password. You've probably also experienced the panic that comes with misplaced keys and forgotten passwords. It isn't just that you can't get what you need -- if you lose your keys or jot your password on a piece of paper, someone else can find them and use them as though they were you. Instead of using something you have (like a key) or something you know (like a password), biometrics uses who you are to identify you. Biometrics can use physical characteristics, like your face, fingerprints, irises or veins, or behavioral characteristics like your voice, handwriting or typing rhythm. Unlike keys and passwords, your personal traits are extremely difficult to lose or forget. They can also be very difficult to copy. For this reason, many people consider them to be safer and more secure than keys or passwords.Biometric systems can seem complicated, but they all use the same three steps:
Enrollment:
The first time you use a biometric system, it records basic information about you, like your name or an identification number. It then captures an image or recording of your specific trait.Storage:
Contrary to what you may see in movies, most systems don't store the complete image or recording. They instead analyze your trait and translate it into a code or graph. Some systems also record this data onto a smart card that you carry with you.Comparison:
The next time you use the system, it compares the trait you present to the information on file. Then, it either accepts or rejects that you are who you claim to be.Systems also use the same three components:
A Sensor that detects the characteristic being used for identification
A Computer that reads and stores the information
A Software that analyzes the characteristic, translates it into a graph or code and performs the actual comparisons
Biometric security systems, like the fingerprint scanner available on the IBM ThinkPad T43, is becoming more common for home use. (Back to top)
Some types of Biometric systems:
Next, we'll examine how biometrics provides security using other traits, starting with handwriting.Handwriting
At first glance, using handwriting to identify people might not seem like a good idea. After all, many people can learn to copy other people's handwriting with a little time and practice. It seems like it would be easy to get a copy of someone's signature or the required password and learn to forge it.
But biometric systems don't just look at how you shape each letter; they analyze the act of writing. They examine the pressure you use and the speed and rhythm with which you write. They also record the sequence in which you form letters, like whether you add dots and crosses as you go or after you finish the word.
Unlike the simple shapes of the letters, these traits are very difficult to forge. Even if someone else got a copy of your signature and traced it, the system probably wouldn't accept their forgery.
A handwriting recognition system's sensors can include a touch-sensitive writing surface or a pen that contains sensors that detect angle, pressure and direction. The software translates the handwriting into a graph and recognizes the small changes in a person's handwriting from day to day and over time.
(Back to top)Pictures & Codes:
Movies and television shows often depict the process of comparing traits in a way that is fun to watch, but not accurate. For example, you may see a whole fingerprint compared to other whole fingerprints until a computer finds a match. This method would be slow and difficult. Instead of comparing actual pictures, biometric systems use various algorithms to analyze and encode information about the trait. This information takes up only a few bits of space.Determining Accuracy:
All biometric systems use human traits that are, to some degree, unique. Which system is best depends on the necessary level of security, the population who will use the system and the system's accuracy. Most manufacturers use measurements like these to describe accuracy:False Accept Rate (FAR): How many imposters the system accepts
False Reject Rate (FRR): How many authorized users the system rejects
Failure to Enroll Rate (FTE): How many people's traits are of insufficient quality for the system to use
Failure to Acquire Rate (FTA): How many times a user must present the trait before the system correctly accepts or rejects them.Hand and Finger Geometry:
People's hands and fingers are unique -- but not as unique as other traits, like fingerprints or irises. That's why businesses and schools, rather than high-security facilities, typically use hand and finger geometry readers to authenticate users, not to identify them. Disney theme parks, for example, use finger geometry readers to grant ticket holders admittance to different parts of the park. Some businesses use hand geometry readers in place of timecards.
Systems that measure hand and finger geometry use a digital camera and light. To use one, you simply place your hand on a flat surface, aligning your fingers against several pegs to ensure an accurate reading. Then, a camera takes one or more pictures of your hand and the shadow it casts. It uses this information to determine the length, width, thickness and curvature of your hand or fingers. It translates that information into a numerical template.
Hand and finger geometry systems have a few strengths and weaknesses. Since hands and fingers are less distinctive than fingerprints or irises, some people are less likely to feel that the system invades their privacy. However, many people's hands change over time due to injury, changes in weight or arthritis. Some systems update the data to reflect minor changes from day to day. For higher-security applications, biometric systems use more unique characteristics, like voices. (Back to top)Authenticate vs. Identify A biometric system can either authenticate that you are who you say you are, or it can identify you by comparing your information to all of the information on file. Authentication is a one-to-one comparison; it compares your characteristic with your stored information. Identification, on the other hand, is a one-to-many comparison. (Back to top)
Voiceprints
Your voice is unique because of the shape of your vocal cavities and the way you move your mouth when you speak. To enroll in a voiceprint system, you either say the exact words or phrases that it requires, or you give an extended sample of your speech so that the computer can identify you no matter which words you say.When people think of voiceprints, they often think of the wave pattern they would see on an oscilloscope. But the data used in a voiceprint is a sound spectrogram, not a wave form. A spectrogram is basically a graph that shows a sound's frequency on the vertical axis and time on the horizontal axis. Different speech sounds create different shapes within the graph. Spectrograms also use colors or shades of gray to represent the acoustical qualities of sound.
Some companies use voiceprint recognition so that people can gain access to information or give authorization without being physically present. Instead of stepping up to an iris scanner or hand geometry reader, someone can give authorization by making a phone call. Unfortunately, people can bypass some systems, particularly those that work by phone, with a simple recording of an authorized person's password. That's why some systems use several randomly-chosen voice passwords or use general voiceprints instead of prints for specific words. Others use technology that detects the artifacts created in recording and playback.
Other systems are more difficult to bypass. We'll look at some of those next. (Back to top)
Layered vs. Multimodal
For some security systems, one method of identification is not enough. Layered systems combine a biometric method with a keycard or PIN. Multimodal systems combine multiple biometric methods, like an iris scanner and a voiceprint system.Iris Scanning
Iris scanning can seem very futuristic, but at the heart of the system is a simple CCD digital camera. It uses both visible and near-infrared light to take a clear, high-contrast picture of a person's iris. With near-infrared light, a person's pupil is very black, making it easy for the computer to isolate the pupil and iris.When you look into an iris scanner, either the camera focuses automatically or you use a mirror or audible feedback from the system to make sure that you are positioned correctly. Usually, your eye is 3 to 10 inches from the camera. When the camera takes a picture, the computer locates:
The center of the pupil
The edge of the pupil
The edge of the iris
The eyelids and eyelashes
It then analyzes the patterns in the iris and translates them into a code.Iris scanners are becoming more common in high-security applications because people's eyes are so unique (the chance of mistaking one iris code for another is 1 in 10 to the 78th power. They also allow more than 200 points of reference for comparison, as opposed to 60 or 70 points in fingerprints.
The iris is a visible but protected structure, and it does not usually change over time, making it ideal for biometric identification. Most of the time, people's eyes also remain unchanged after eye surgery, and blind people can use iris scanners as long as their eyes have irises. Eyeglasses and contact lenses typically do not interfere or cause inaccurate readings.
Retinal Scans:
Some people confuse iris scans with retinal scans. Retinal scans, however, are an older technology that required a bright light to illuminate a person's retina. The sensor would then take a picture of the blood vessel structure in the back of the person's eye. Some people found retinal scans to be uncomfortable and invasive. People's retinas also change as they age, which could lead to inaccurate readings. (Back to top)Vein Geometry:
As with irises and fingerprints, a person's veins are completely unique. Twins don't have identical veins, and a person's veins differ between their left and right sides. Many veins are not visible through the skin, making them extremely difficult to counterfeit or tamper with. Their shape also changes very little as a person ages.To use a vein recognition system, you simply place your finger, wrist, palm or the back of your hand on or near the scanner. A camera takes a digital picture using near-infrared light. The hemoglobin in your blood absorbs the light, so veins appear black in the picture. As with all the other biometric types, the software creates a reference template based on the shape and location of the vein structure. Scanners that analyze vein geometry are completely different from vein scanning tests that happen in hospitals. Vein scans for medical purposes usually use radioactive particles. Biometric security scans, however, just use light that is similar to the light that comes from a remote control. NASA has lots more information on taking pictures with infrared light. (Back to top)
The Future of Biometrics:
Biometrics can do a lot more than just determine whether someone has access to walk through a particular door. Some hospitals use biometric systems to make sure mothers take home the right newborns. Experts have also advised people to scan their vital documents, like birth certificates and social security cards, and store them in biometrically-secured flash memory in the event of a national emergency. Here are some biometric technologies you might see in the future:New methods that use DNA, nail bed structure, teeth, ear shapes, body odor, skin patterns and blood pulses
More accurate home-use systems
Opt-in club memberships, frequent buyer programs and rapid checkout systems with biometric security
More prevalent biometric systems in place of passports at border crossings and airports. (Back to top)Privacy and Other Concerns
Some people object to biometrics for cultural or religious reasons. Others imagine a world in which cameras identify and track them as they walk down the street, following their activities and buying patterns without their consent. They wonder whether companies will sell biometric data the way they sell email addresses and phone numbers. People may also wonder whether a huge database will exist somewhere that contains vital information about everyone in the world, and whether that information would be safe there.
At this point, however, biometric systems don't have the capability to store and catalog information about everyone in the world. Most store a minimal amount of information about a relatively small number of users. They don't generally store a recording or real-life representation of a person's traits -- they convert the data into a code. Most systems also work in only in the one specific place where they're located, like an office building or hospital. The information in one system isn't necessarily compatible with others, although several organizations are trying to standardize biometric data.
In addition to the potential for invasions of privacy, critics raise several concerns about biometrics, such as:Over reliance: The perception that biometric systems are foolproof might lead people to forget about daily, common-sense security practices and to protect the system's data.
Accessibility: Some systems can't be adapted for certain populations, like elderly people or people with disabilities.
Interoperability: In emergency situations, agencies using different systems may need to share data, and delays can result if the systems can't communicate with each other.
Coming Soon!
Privacy Statement │ Legal Notice │ Our Services │ Our Contact
Site best viewed at 1024 x 768 - IE V5+ Recommended.