Guide To Biometrics

Guide To Biometrics

Introduction to Biometrics

Biometrics is a recent field, who tends to be associated with futuristic scenarios such as the ones in films like Minority Report. In that landmark film by Steven Spielberg, Tom Cruise’s character, John Anderton, was easily identified by animated advertisements as he walked through a mal. Later on he had to replace his own eyeballs so he could avoid detection.The film forecasted the world to come: Biometrics!

Biometrics is developing fast, and in a matter of years, will profoundly affect our daily lives. One might be able to pay our shopping not with a card, but by having one’s face photographed by the cashier. The picture, is then matched to a photo in a database, which is linked to your bank account. Eye-scanning technology, voice-print security, palm prints: that is all part of biometrics. If on one hand, biometrics can help the lives of people, it can also raise concerns in terms of privacy.

As an independent field, Biometrics only began since the beginning of the century, resulting from different disciplines. The study of fingerprints came from forensics and pattern recognition, speaker recognition evolved from signal processing, the beginnings of face recognition were in computer vision. The field has now to cope with privacy concerns arising from the public policy arena. The area has been evolving a lot, alongside the increasing digitisation of society, and the mobile revolution.

Over this guide to Biometrics we will review the basic definitions of biometrics, its history, some key concepts and applications, and the basis for advancing biometrics.

What is Biometrics?

Biometrics is a technological approach that is used to identify people based on their physical and behavioural characteristics.The basic premise of biometric authentication is that everyone is unique and an individual can be identified by his or her intrinsic physical or behavioral traits. The term is derived from the Greek words “bio” meaning life and “metric” meaning to measure. Biometric screening is also used for measuring and analysing purposes. Biometrics includes activities such as scanning facial features, or the voice, or performing retinal scans. It offers an excellent level of accuracy in recognising people, given that every person is different.

What is a Biometric System?
A biometric system is a technology that allows biometrics to be put to use. The system is able to input specific characteristics of a person and identify them. By analysing physiological or behavioural characteristics, or both, it can be determined if the user is who they say. For example, facial recognition software can be used to match video of individuals with criminals in databases. Physiological biometrics are significantly harder to alter than behavioural, as behavioural are learned and can change.

Evolution of Biometrics
Biometrics have been used for hundreds of years. The history of biometrics begins centuries ago, when the Chinese were using fingerprinting biometrics. Biometrics became more advanced in the 1800s, when Allphonse Bertillion recognised that body measurements could be used for recognition. He developed the Bertillionage method which did this. He measured finger length and other traits that do not change over time. Later, fingerprinting was developed by Richard Edward Henry, who worked at Scotland Yard. In 1935 biometrics advanced further when Dr Carleton Simon and Dr Isadore Goldstein saw the potential for retinal identification. By 1976 EyeDentify Inc was researching and developing in this area. The first retinal scanning system was launched in 1981. In 1993, John Daugman of Cambridge University identified a means of recognising people by the iris. In Kosovo in 2001, the Biometrics Automated Toolset was launched. Today, biometrics is being increasingly used more generally by organisations.

In ancient Babylon, fingerprints were used on clay tablets for business transactions. In ancient China, thumb prints were found on clay seals

In ancient Babylon, fingerprints were used on clay tablets for business transactions. In ancient China, thumb prints were found on clay seals.

Why Biometrics is Required?

Biometrics are required for security purposes. By analysing different physical attributes of a person it is possible to distinguish them from others. When biometrics is used in security it is difficult to fake identity, offering a higher degree of security. As a result, biometrics is a good solution for identification and access control. The security services also use biometrics to identify people that may be under surveillance. Recognition of people is an important function in our society and biometric access control offers a solution.

Authentication (Identification)
Authentication is a process that undertakes to find out if the person is who they are claiming they are. This requires a process of matching and analysing physical or behavioural characteristics of the person with database records.
Verification is a process of matching data input by a person into a system. The data is compared with that already stored in the database. Where it is identified that similarities reach 70% or more then the verification can be confirmed.
Authorization is a process that allows the person who has been authenticated or verified to have rights. It provides the user with capabilities once the person has shown that biometrically they have the right to the resource.
Shortcomings of Conventional Security Aids
Conventional security aids have imperfections with their use. Conventional security measures include the use of passwords, identification cards and personal identification numbers, among others. In all cases these types of security can be forgotten or lost, or could be stolen. The type of security offered here is flawed since it requires the use of a code associated with the person. This is not as effective as recognising the person. Codes may easily be hacked or compromised, and can be bypassed in some cases. There is little precision offered with these types of security approaches. Given that the security offered is not robust, the security is far more easily threatened than if biometrics are used. Linking security to the actual person rather than a code significantly increases security offered. Biometrics are increasingly needed as the capability of hackers has increased. This means that letters and numbers are no longer good enough to protect systems. Organisations are looking to biometrics as a solution to this problem.

Basic Components of a Biometric System

There are four elements of biometric systems at a basic level. These include the input interface, the processing unit, the data store and the output interface.The input interface relies on sensors. The input interface has the role of taking the input data and transforming it into a digital form that can be understood by the system. There are different types of input interfaces depending on the type of data that is being captured. For example, a microphone will be used in voice recognition systems. For recognising fingerprint systems an optical sensor is employed. For biometric systems that recognise faces, handprints, irises or retinas, a metal oxide semi conductor imager (CMOS) may be used. Alternatively, a charge coupled device (CCD) may be adopted.

Basic Components of a Biometric System

The processing unit is either a computer that processes data, a Digital Signal Processor (DSP) or a microprocessor. Its role is to take the data from the sensors and process it in a way that it can be used. For example, it might extract features for analysis. It might enhance a sample image, or normalise it in some way. The processor compares the database entries with the biometric sample captured to see if there is a match.

The database store takes the sample and stores it. In doing so, it might use Random Access Memory (RAM) or a flash EPROM. Sometimes the data is stored on a data server. To verify data, a removable storage component can be used. This might be a contactless smart card or a contact, among others. The output interface lets the system user know what the biometric system has decided, based on its analysis. It can communicate this in a number of ways. Some systems use Radio Frequency Identification (RFID). Others use Bluetooth or TCP/IP protocol. Yet others may use cellular protocols.

General Working of a Biometric System

Now the biometric system components are understood it is possible to better understand how a biometric system works. The biometric system undertakes four steps to identify or verify a person. The first step is gathering the live sample, and this is achieved through sensors. The second step requires drawing out the key features from that sample. The processing unit does this. The third stage is carrying out a comparison between the sample and the items stored in the database. This is achieved using algorithms. Finally, the system tells the person if they have been accepted or rejected. If the person is accepted they will gain access to the resource or system. If they are rejected they will be denied access.

Application Areas of Biometrics

Biometric systems can be used in a variety of ways. One well known way is the police and security services using forensics to identify perpetrators. Biometrics are also increasingly being used in the process of immigration and assessing people for citizenship. Where control needs to be put in place for access to systems, biometrics may be used. Some workplaces control access using biometrics as well. Other uses of biometric systems include for reducing fraud and theft, as well as law enforcement. They are also used for carrying out transactions online for e-commerce purposes.

Biometrics – Modalities
Biometric modalities are types of data about a person that are input into a system for recognition purposes. The more data a system has within it, the more likely it is to be reliable. There are three types of biometric modalities, and these are physiological, biological, or a combination of both.

Physiological modalities – fingerprint recognition, facial recognition systems, hand geometry recognition systems and iris and retinal recognition systems fit into this category.
Behavioural modalities – there are a variety of behavioural modalities such as signature, a person’s gait or the way that they type.
Combination of physiological and behavioural modalities – these modalities use two or more traits for identification purposes. One example is how voice recognition can be combined with other factors like the shape of the lips.

Authentication and Biometrics

Biometrics is used to authenticate and tell the difference between different people. The main and less common biometric types are explained in greater depth below, to see how each system offers biometric identification and biometric authentication.

The Common Biometrics

Fingerprint recognition is one of the best-known forms of biometrics. It examines fingerprint features such as the whorl, loop and arch, and looks at ridge endings.

Facial recognition looks at features of the face. It examines the jaw, chin, eyes, eyebrows, lips, nose and cheekbones. This type of recognition reviews the shape and size of these features as well as the distance between them. Iris recognition analyses the pattern of the eye’s iris, since colour and patterns vary between people. The texture of the iris stays the same during a person’s life, though the right and left eye may differ.Retinal scanning examines the eyeball, looking at the lining layer at the back of the eye. Retinas are known to be unique to each person due to the blood vessels that provide blood here. Retinas do not change during a person’s life in most cases.

DNA recognition biometrics is important because there is one in a hundred billion chance that two unrelated persons might share the common DNA.

DNA recognition – DNA stands for Deoxyribo Nucleic Acid. DNA is found within the cells of the human body, and it contains the genetics that people are made from. DNA can be tested from a variety of sources. These include hair, saliva, blood and nails. The majority of DNA can be shared between a person and their parents (99.7%), but 0.3% is unique.The reason why this type of biometrics is important and safe is because there is one in a hundred billion chance that two unrelated persons might share the common DNA. There are some limitations that need to be overcome as well. First of all, the matching of DNA isn’t done in real time. There are also issues concerning civil freedom/rights and applicability.

Signature recognition is a behavioural form of biometrics which examines the way a person writes. This includes analysing stroke direction, pressure, speed, pauses and other facets of how a person writes. Signature recognition is well known as it was used in banks and commerce for many years. Voice recognition relies on physiological and behavioural modalities. Physical aspects include the shape, size and health of the vocal cords. Physical features analysed in this also include the mouth cavity, teeth, tongue and lips. The behavioural aspect includes accents, tone and speed of speech, among others.

Image source:

Additional Biometrics

Hand geometry recognition considers various aspects of a person’s hand to identify them. The features analysed may include palm length and width, surface area of palm, and finger position and length. The person’s bone structure in their hand may also be analysed.

Gait recognition – gait is the way a person walks. Different aspects of this can be analysed, such as the posture held while walking and any swaying, for example. The distance between the feet during walking is another aspect of gait that can be analysed.

Keystroke recognition was used during the Second World War. It was used to identify whether messages in Morse Code were being sent by those on the same side, or the enemy. The system measures dwell time and flight time. Flight time is the amount of time between pressing one key and pressing the next. Dwell time is the amount of time that a key is pressed for.

Multimodal biometric systems use more than one biometric method to recognise the person. For this to be effective at least two, or even more biometric modalities are needed. Multimodal biometric systems are more secure. This is because while one biometric can be faked, it may be harder to do so with two concurrently.

Multimodal biometric systems use more than one biometric method to recognise the person.

Basic System Errors

There are quite a few problems with biometric systems, that include the following:

Damage to the finger such as a cut can impact on recognition. These systems can also fall down if they are faced with wax fingers.

Facial recognition
These systems may not be able to determine the difference between identical twins. Also, facial characteristics can change, which impacts possible recognition.

Iris recognition
System errors can occur when high quality images are used. The scanner may be taken in by these. Also, iris recognition requires the individual keep very still during the scanning process. If not, errors can creep in.

Retinal scanning
In some cases health issues can lead to a retina not being recognised. Health issues that can cause this include diabetes, glaucoma and cataracts.

DNA recognition
DNA recognition can be very accurate, but one of its downfalls is telling the difference between identical twins. Sometimes samples can be contaminated, or not in a good condition and this can impact the outcome.

Signature recognition
People may change their signature over time, and this can invalidate the signature recognition process. When a person’s hand is hurt they may write differently as well. There are very high rates of errors with signature recognition systems.

Voice recognition
Voice recognition systems do not cope well with noise. The quality of the microphone can also influence the ability to recognise the person. There are a great variety of factors at play. Also, voices can be altered.

Hand recognition
While hands provide a good recognition system they are not unique, so reliability is a problem. When a person has arthritis, has a plaster, or is simply wearing jewellery, the system may not work properly. The approach cannot be used for growing children.

Gait recognition
To date, no completely reliable system has been developed for analysing the differences between gait, so errors can creep into the process.

Keystroke recognition
Errors can come about with this form of recognition due to a number of factors. These include sickness, tiredness, alcohol, the use of a new keyboard, and even the time of day.In the end, all biometric systems have one fundamental flaw. That is, they are a single point of failure. Systems can be fooled, even when technology seems very robust. It is better to use them in conjunction with other security techniques. Multimodal systems may be beneficial in the future.

Biometrics Terminology

Certain terminology is used in biometrics and biometric systems, as follows:

Biometric template – a biometric template is a digital file that contains characteristics that are distinct that are taken from the sample provided.
Candidate or subject – this is the individual who provides the biometric sample.
Closed set identification – this is the individual that can be identified in the database of biometric templates.
Enrolement – when a candidate (or subject) first uses a biometric system they have to register. Certain data is recorded, like the person’s address and name. During this process the biometrics of the candidate are also captured and saved.
False Acceptance Rate (FAR) – this measure examines the likelihood of an unauthorised person being given access to the system through incorrect validation. It measures the number of false acceptances divided by the number of identification attempts. When the FAR score is low, the biometric system offers a good level of security.
False Reject Rate (FRR) – a biometric system does not always get it right. The FRR is the measure of the likelihood of the system rejecting a user who should have been authorised.
Open set identification – this is when a person may be in the database, but this cannot be guaranteed.
Task – a task is the process of the biometric system analysing the database to find a sample that matches.

The Future of Biometrics

The Future of Biometrics

This an area that is developing at a fast pace, so In the future some of the challenges that exist with systems relying on one modality, might be addressed. Currently, biometrics is widely used in government projects, fintech, and within private companies and it is still quite expensive, and time consuming. Biometric technology is predicted to grow tremendously in sectors such as banking, fintech and healthcare. According to a study done by Acuity Market Intelligence cash and bank cards might vanish over the next decade, and the  ‘virtual credentials’ of iris, voice, finger vein will become mainstream by 2030. The future will also see more alternatives with biometrics using the cloud, as cloud systems are a more convenient way to manage and maintain a database than traditional biometric services. Along the way, issues concerning legislation will have to be tackled, and important questions concerning ethics will be raised and dealt with.