| |
"The Coming of Biometrics Era"
by
Mr. P. Benjamin, Security and Management Consultant, New Delhi.
Biometrics refers to automatic identification of persons based on
his or her physiological and behavioral characteristic. It replaces the
generally used identity card with a unique characteristic of a person's
body, such as hand geometry, fingerprint, retina of eye, voice or face.
Being unique and hence more authentic, biometrics are making the most
inroads in many access control applications. Biometric readers today are
protecting everything from server rooms to computer access to daycare
facilities.
Why Consider Biometrics?
Biometric systems use biological information regarding the individual
characteristics of the human body or behavioural traits of individuals for
authentication / identification. Bar code readers, swipe / proximity card,
smart card systems, and passwords have long been used for the purpose
identification, but these are increasingly being complemented with, or
replaced by biometrics security solutions. The authentication of identities
through unique physical characteristics is fast making in roads into every
conceivable security applications today -from server rooms to access to
real-life computer and network systems and even in applications as mundane
as driving licenses.
Common physical characteristics that are used in biometrics include
fingerprints, hand or palm geometry, retina, iris and facial characteristics
and behavioural traits comprise signature, voice, keystroke pattern and
gait. The basic idea behind biometrics is that such unique properties of
individuals can be used to distinguish one from the other. With increasing
demands for greater levels of security and the end user looking for a higher
degree of security than provided by a regular access / proximity card,
biometrics with its increased convenience and better security is fast
emerging as the most effective solution to identification and
authentication.
Biometric Technology
The technological approaches to biometrics vary but there also are
common elements for all of them. Some of the basic methods of human
identification are: fingerprint, voiceprint, face recognition, hand geometry
and iris/retina scan. Either one or a combination of these, are used for
uniquely identifying an individual. The basic aspects of different products
are briefly described below:
Fingerprint-recognition packages scan the finger from several
angles and store the template on a server or local hard disk. Another type
of scanner read 'live' fingerprints-they measure the static on a person's
finger for instance. This is how they can tell whether the finger placed on
the scanner is 'live'.
Voice-authentication products create a voiceprint based on the
inflection points of one's speech, emphasizing the highs and lows specific
to his/her way of talking.
Face-recognition software uses a camera attached to the PC to
capture and map key identifying features. Some also perform a "liveness"
test to see how your face moves, so that a photo cannot be used in place of
a live person.
In Hand Geometry, also known as Hand-scan technology, a
scanner examines the top and sides of hands and fingers, measuring the
height of the fingers, distance between joints, and shape of the knuckles.
Iris recognition leverages on the unique patterns of the human
Iris for identification. A primary characteristic is the trabecular
meshwork, a tissue that gives the appearance of dividing the iris in a
radial fashion. Other visible characteristics include rings, furrows,
freckles, and the corona. These visible characteristics are converted into a
template and stored for future verification.
Retina recognition identifies the unique pattern of blood
vessels in the retina in an individual.
Boost To Biometrics
The January-February 2001 issue of MIT's Magazine of Innovation:
Technology Review identifies biometrics as one of the top 10 emerging
technologies that will change the world. Biometrics is one technology that
has been thrust into the spotlight since the September 11 WTC attacks and
since then the biometric industry has been growing at the rate of 300 per
cent. The impact is visible in the US from the rise in stock prices of
biometric companies. Subsequent to 9/11 disaster, in its anti-terror mode,
the U.S. House voted to require closer scrutiny of people applying for
visas. The legislation would require that, in due course of time, the
government would begin issuing machine-readable, tamper-resistant visas with
"biometrics information" that could be used to verify a person's identity.
Another area of major public concern where biometrics is expected to play a
major role is airport security. With the ever-increasing concern for airport
safety since September 11, the airlines have taken a major economic hit. How
can airports restore the confidence of the weary traveler? Biometric
technology, airport authorities feel, is one type of electronic security
that can be used at the airports effectively to help rebuild the foundation
of the public's confidence in airline security.
Biometric Developments in India
As reported in the Express Computer, Pune-based Axis Software
is one of the pioneering Indian companies engaged in. fingerprint, iris and
face recognition technologies and is planning to add voice recognition
technology to its range of authentication products and systems. In fact,
they also reported to have proposed to the government of India the concept
of using biometrics fingerprint identification for voting which can
effectively deter impersonation.
Its products of biometrics solutions are also being used at many sensitive
government establishments, in hotels, in large corporate houses and also the
banks for controlling access to bank vaults/safe deposit boxes. Active
developments are taking place for pitching biometrics at Internet banking.
Andhra Pradesh government is said to have contracted Zicom Electronic
Security Systems for fingerprint identification solutions. Fingerprint
identification is being used in home security systems and is also finding
its way for securing the operation of PCs and other peripherals.
Acer is said to have integrated biometrics fingerprint identification into
its recently developed series of notebook computers. This protects the
notebook from unauthorised use and prevents one from copying even encrypted
files without requiring the need to memorise passwords. Replacing passwords
with biometrics authentication, fortifies computer system security and makes
logging on easier for users.
There are also other Indian firms developing Time & Attendance and employee
tracking systems based on biometrics technology.
How Biometric Systems Work?
There are various biometrics solutions that capture different physical
characteristics of the human body, unique to each individual. In the
biometrics products market today, one can see a plethora of fingerprint
scanners, voice and facial recognition systems, retina/iris scanners, hand
geometry devices, and signature verification systems.
Fingerprint scanners: Finger print verification is the most
mature product on the market and is the most widely used product with the
largest number of producers. The fingerprint extraction step represents the
key finger scan technology.
The basic principle used in fingerprint recognition is the analysis of the
maze of ridges and troughs on the finger's surface. Special characteristics
such as the terminal points, intersections and crossover angles of
fingerprint ridge patterns are the most commonly used identification data.
According to the science of fingerprint recognition, if a fingerprint shares
13 points in common with another set of fingerprint data, both fingerprints
can be considered as coming from the same finger. Most makers use this rule
as the underlying principle in their fingerprint verification systems.
Every fingerprint recognition system maker uses its own unique extraction
technology to accomplish the task. There are two types of fingerprint
scanners. The optical scanner records an image of the finger when a person
enrolls his/her fingerprint. Other scanners read 'live' fingerprints-they
measure the static on a person's finger for instance.
Here's how fingerprint scanning/authentication works. When a finger is
placed on the scanners plastic window, a light-sensitive CCD (charged
coupled device) chip records the image as dark ridges and light grooves.
This analogue representation is then digitised, using specialised software.
The image of the fingerprint is never stored. Instead, the software
considers the distances between ridges and grooves and minutiae (fixed
points on the ridges). Based on a mathematical algorithm, this data is used
to create a template, which is encrypted and stored in a database. This
method requires less computer memory than saving visual images of
fingerprints and allows for faster recognition.
Later, when a user enrolls his fingerprint for authentication, it is
compared with the template stored in the database.
Some scanners use sensors (capacitive units) that use the human body's
natural electric charge to measure the difference in potential energy
between ridges and grooves on the fingerprint. This is how they can tell
whether the finger placed on the scanner is 'live'.'
Voice recognition: Also known as Voice Scan, Voice or Speaker
Verification. Voice recognition is a biometric authentication technology
well suited for a handful of applications and systems in which other
biometric technologies would be difficult to use. Making use of distinctive
qualities of a person's voice, some of which are behaviourally determined
and others of which are physiologically determined, voice scan is deployed
in areas such as call centres, banking, account access, home PC and network
access, and many others.
Voice-scan is most often deployed in environments where the voice is already
captured, such as telephony and call centres. If users become accustomed to
speaking to their PC, especially in speech-to-text applications, voice-scan
may also become a solution for PC and Web access.
Facial recognition: Here too there are various methods of
recognising human characteristics (in this case facial features). But all
methods usually examine those areas of the face that are less susceptible to
alteration-the upper outlines of the eye sockets, the areas surrounding
one's cheekbones, and the sides of the mouth. Most technologies ignore
moderate changes in hairstyle and growth of facial hair.
There are four steps involved in the facial recognition process: sample
capture, feature extraction, template comparison, and matching. During
sample capture, several pictures are taken of one's face-a series of
pictures will capture differing angles and facial expressions, allowing for
more accuracy during authentication later on. Next, distinctive features are
extracted and a template is created.
Hand Geometry: Hand Geometry recognition uses three dimensional
characteristics such as the distance between fingertips and knuckles, or
between knuckles, the width and length of the palm and other physical
features of the hand to determine the identity of its owner.
There are various methods for hand scanning. In one method, to enroll, one
places his or her palm on the reader's surface. The user then aligns his or
her hand with the five pegs on the reader designed to indicate the proper
location of the thumb, forefinger, and middle finger. Three placements may
be required to enroll on the unit. The resulting template is a
representation of the most relevant data from the three placements.
A CCD digital camera is used for inferring the length, width, thickness, and
surface area of the hand and fingers from silhouetted images projected
within the scanner. Over 90 measurements are taken, and the hand and
fingers' characteristics are represented as a nine-byte template.
Iris / Retina Scanning: Iris recognition leverages on the unique
patterns of the human Iris for identification. A primary characteristic is
the trabecular meshwork, a tissue that gives the appearance of dividing the
iris in a radial fashion. Other visible characteristics include rings,
furrows, freckles, and the corona. These visible characteristics are
converted into a template and stored for future verification.
The Retina is a thin nerve at the rear of the inner eyeball. It senses light
and transmits impulses to the brain via the optic nerve. The Retina has a
unique pattern of blood vessels that are used for biometric identification.
Retina scan devices read through the pupil-this requires the user to
position his/her eye within 1/2 inch of the capture device, and to hold
still while the reader ascertains the patterns. The user looks at a rotating
green light as the patterns of the retina are measured at over 400 points.
How Reliable is the Technology?
The biometric community has identified two main indicators that
determine the efficacy of a product and these are: (i) the false acceptance
rate (FAR) and (ii) the false rejection rate (FRR). FAR represents the
frequency at which the system recognizes incorrectly an unauthorized user as
authorized one and is a measure of the security level of the product. FRR is
the frequency at which the system falsely registers an authorized user as an
unauthorized one, and is a measure of the convenience of the use of the
product. Controlling the FAR and FRR that are relatively higher in the
biometric systems is the main challenge facing the manufactures today. But
it is possible to set the FAR and FRR to situational exactions and control
the security-convenience equation.
The recognition process of biometric products tend to require relatively
longer response time and combined with the requirement of large computer
memory tend to inhibit the wide spread usage of biometric products.
The biggest remaining obstacle the fingerprint verification systems yet to
overcome is their susceptibility to certain physical conditions which can
significantly reduce the efficacy of verification, such as the presence of
sweat or users with very dry skin, or high levels of dust or dirt.
Whereas in the case of hand geometry recognition, the efficacy of
recognition of the palm scanners is unaffected by dirt or other physical
factors which normally affect fingerprint scanners.
Iris scans and retina scans are the two current forms of eye recognition
systems. Both methods rely upon the unique pattern of blood vessels and
colours in a person's iris or retina. However, iris scans have advantage
over retina scans because the iris is situated on the eye's surface just
under the epithelium and so is relatively unaffected by disease conditions
which affect the interior of the eye ball and can cloud images of the
retina.
Retina scans operate on the principle that every person has a different
pattern of blood vessels in the back of the eye. In the absence of damage to
the retina, it is reported, a person's retinal pattern does not change after
the age of three. On close inspection, the differences between the retinal
images are found to be extremely large which allow for a high level of
recognition efficacy.
Iris scans have a high level of efficacy and are easier to conduct and
cheaper than retina scan and they are already in use in bank ATM systems and
for e commerce. However, iris scans require a relatively long processing
time. Some of the users have expressed discomfort at having bright lights
shown in their eyes.
Biometrics will not serve as a replacement technology, but it will serve as
an enhancement. Layered with existing access control systems, it provides an
exceptional level of security for both the public and private sectors.
* * * |
