What is Biometrics?
Biometrics is the automated recognition of individuals based on their behavioural and biological characteristics.
Fingerprints, face geometry, iris patterns and hand geometry are examples of biological characteristics, while dynamic signature recognition (the way in which a signature is written rather than the resulting graphic) is an example of a behavioural characteristic. In reality, most biometric characteristics comprise elements of both biology and behaviour. Speaker recognition for example, depends on biological factors such as the shape of the vocal tract as well as behavioural influences such as the region of upbringing. Conversely, biological characteristics such as fingerprints are affected by behaviour when placing a finger onto a sensor.
How do Biometric Systems Work?
Biometrics systems work by recording and comparing biometric characteristics. In many cases, characteristics are recorded as images, but for speaker recognition a waveform is recorded, and for signature recognition, time series data. For efficiency reasons, rather than using recorded characteristics directly, it is usual to extract identifying features from the samples and encode these features in a form that facilitates storage and comparison.
When an individual first uses a biometric system, their identifying features are enrolled as a reference for future comparison. This reference may be stored in a central database or on a card (or both) depending on the needs of the application.
When biometric recognition is required, the individual 's biometric characteristics are recorded again. This time however, the identifying features are compared by the system with the stored reference to determine if there is a close match.
There are two modes for biometric recognition: verification and identification. In verification, an identity is claimed and the comparison process is limited to checking the reference corresponding to this identity. In identification, no claim of identity is necessary and the system searches its reference database to find if a stored reference matches the biometric characteristics recorded.
Why Use Biometrics?
Unlike the use of other forms of authentication, such as passwords or tokens, biometric recognition provides a strong link between an individual and a claimed identity.
One area where biometrics can provide substantial help is in guarding against attempts to establish fraudulent multiple identities or prevent identity theft. By searching through the stored references, individuals who appear to have previously enrolled using a different identity can be highlighted for further investigation. It is very difficult to perform this type of check without the use of biometrics.
What constitutes a good biometric system is not a simple question because the answer depends greatly on the requirements of the application. Desirable factors include:
- Accurate discrimination between individuals
- Speed of operation
- The ability to deal with present and future numbers of individuals
- Environmental robustness
- Ease of use
- Capable of coping with as much individual variability as possible
- Social acceptability, i.e. people are happy to use it
- Secure and robust against potential attackers.
How are Biometrics used?
Currently, national-scale applications, such as the national identity scheme, are prominent. Biometric passports, visas and other border control programmes are increasingly using biometrics to address major concerns of impersonation and multiple identities. By supplementing existing document checks with biometrics, it is believed that instances of identify fraud in international travel can be substantially reduced.
In the commercial sector, biometric recognition is typically used for physical access control to buildings and logical access control to IT systems. Financial institutions are making increasing use of speaker recognition systems for remote identification of customers telephoning call centres. Advantages includeconvenience to customers (no need to remember passwords), increased security and accountability, and lower administration costs.
For biometric applications to be effective, high quality registration and enrolment processes must be in place to establish the correct identity of the individuals being registered, their entitlement to be registered, and to generate high quality biometric references that will facilitate reliable recognition in the future.
Interoperability is also very important for biometrics. Large-scale multi-nation programmes such as biometric passports, require systems provided by different vendors to interoperate. This necessitates common specifications for biometric data formats, quality and performance, and corresponding conformance tests. The development of these specifications lies at the heart of biometric standards.
Privacy Issues
Biometric data contains information acquired from individuals, which can be used to identify them. This raises issues of privacy and data protection. If the biometric data is recorded in a central database, privacy concerns may be higher than for systems where an individual’s data is stored only on a card retained by the individual. Note however, some biometric applications require a central database for their basic functionality e.g. to check for multiple enrolment attempts.
Enrolees may be concerned that their biometric data could be used for other purposes than it was originally acquired; for example, face image data might be used for surveillance purposes and fingerprint data checked against forensic databases. These concerns are at the heart of many objections to the use of biometrics.
It is therefore necessary to understand privacy issues in regard to biometric data and biometric systems and to apply to protective safeguards in the deployment of these systems. In the UK, the Information Commissioner’s Office is responsible for monitoring the use of biometric systems and for requiring that appropriate procedural and technical measures are deployed in accordance with the Data Protection Act. The biometric standards community is also addressing these issues and developing a code of good practice for applications.
FaceEnforce Image reproduced by permission of Cybula Ltd
