Biometrics


 * For the use of statistics in biology, see Biostatistics.

Biometrics (ancient Greek: bios ="life", metron ="measure") is the study of automated methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioural traits.

In information technology, biometric authentication  refers to technologies that measure and analyze human physical and behavioural characteristics for authentication purposes. Examples of physical characteristics include fingerprints, eye retinas and irises, facial patterns and hand measurements, while examples of mostly behavioural characteristics include signature, gait and typing patterns. Voice is considered a mix of both physical and behavioural characteristics. However, it can be argued that all biometric traits share physical and behavioural aspects.

Operation and performance
In a typical IT biometric system, a person registers with the system when one or more of his physical and behavioural characteristics are obtained. This information is then processed by a numerical algorithm, and entered into a database. The algorithm creates a digital representation of the obtained biometric. If the user is new to the system, he or she enrolls, which means that the digital template of the biometric is entered into the database. Each subsequent attempt to use the system, or authenticate, requires the biometric of the user to be captured again, and processed into a digital template. That template is then compared to those existing in the database to determine a match. The process of converting the acquired biometric into a digital template for comparison is completed each time the user attempts to authenticate to the system. The comparison process involves the use of a Hamming distance. This is a measurement of how similar two bit strings are. For example, two identical bit strings have a Hamming Distance of zero, while two totally dissimilar ones have a Hamming Distance of one. Thus, the Hamming distance measures the percentage of dissimilar bits out of the number of comparisons made. Ideally, when a user logs in, nearly all of his features match; then when someone else tries to log in, who does not fully match, and the system will not allow the new person to log in. Current technologies have widely varying Equal Error Rates, varying from as low as 60% and as high as 99.9%.

Performance of a biometric measure is usually referred to in terms of the false accept rate (FAR), the false non match or reject rate (FRR), and the failure to enroll rate (FTE or FER). The FAR measures the percent of invalid users who are incorrectly accepted as genuine users, while the FRR measures the percent of valid users who are rejected as impostors.

In real-world biometric systems the FAR and FRR can typically be traded off against each other by changing some parameter. One of the most common measures of real-world biometric systems is the rate at which both accept and reject errors are equal: the equal error rate (EER), also known as the cross-over error rate (CER). The lower the EER or CER, the more accurate the system is considered to be.

Stated error rates sometimes involve idiosyncratic or subjective elements. For example, one biometrics vendor set the acceptance threshold high, to minimize false accepts. In the trial, three attempts were allowed, and so a false reject was counted only if all three attempts failed. At the same time, when measuring performance biometrics (e.g. writing, speech etc.), opinions may differ on what constitutes a false reject. If a signature verification system is trained with an initial and a surname, can a false reject be legitimately claimed when it then rejects the signature incorporating a full first name?

Despite these misgivings, biometric systems have the potential to identify individuals with a very high degree of certainty. Forensic DNA evidence enjoys a particularly high degree of public trust at present (ca. 2004) and substantial claims are being made in respect of iris recognition technology, which has the capacity to discriminate between individuals with identical DNA, such as monozygotic twins.

A comparison of biometrics
The figure at the right (Yun 2003) compares several biometrics with each other against seven categories:
 * Universality describes how common a biometric is found in each individual.
 * Uniqueness is how well the biometric separates one individual from another.
 * Permanence measures how well a biometric resists aging.
 * Collectability explains how easy it is to acquire a biometric for measurement.
 * Performance indicates the accuracy, speed, and robustness of the system capturing the biometric.
 * Acceptability indicates the degree of approval of a technology by the public in everyday life.
 * Circumvention is how easy it is to fool the authentication system.

Yun ranks each biometric based on the categories as being either low, medium, or high. A low ranking indicates poor performance in the evaluation criterion whereas a high ranking indicates a very good performance.

Issues and concerns
As with many interesting and powerful developments of technology, there are concern about biometrics. The biggest concern is the fact that once a fingerprint or other biometric source has been compromised it is compromised for life, because users can never change their fingerprints. Theoretically, a stolen biometric can haunt a victim for decades.

Identity theft and privacy issues
Concerns about Identity theft through biometrics use have not been resolved. If a person's credit card number is stolen, for example, it can cause them great difficulty since this information can be used in situations where the security system requires only "single-factor" authentication; IE, just knowing the credit card number and its expiration date can sometimes be enough to use a stolen credit card successfully. "Two-factor" security solutions requires something you know plus something you have; for example, a debit card and a personal Identification Number(PIN) or a biometric. Some argue that if a person's biometric data is stolen it might allow someone else to access personal information or financial accounts, in which case the damage could be irreversible. But this argument ignores a key operational factor intrinsic to all biometrics-based security solutions; biometric solutions are based on matching, at the point of transaction, the information obtained by the scan of a "live" biometric sample to a prestored, static "match template" created when the user originally enrolled in the security system. Most of the commercially-available biometric systems address the issues of ensuring that the static enrollment sample has not been tampered with (IE, using hash codes and encryption), so the problem is effectively limited to cases where the scanned "live" biometric data is hacked. Even then, most competently-design solutions contain anti-hacking routines. For example, the scanned "live" image is virtually never the same from scan-to-scan owing to the inherent plasticity of biometrics; ironically, a "replay" attack using the stored biometric is easily detected because it is too perfect a match.

Recently the television program Mythbusters attempted to break into a commercial security door equipped with biometric authentication as well as a personal laptop so equipped. The results were shocking as they were able to easily defeat the technology with not one, but all of the different techniques they used. The most eye-opening was their quick success with a simple photocopy of a fingerprint. That the technology was so easily undermined strongly suggests that biometrics, in its present form, cannot yet be considered a strong form of authentication.

Sociological concerns
As technology advances, and time goes on, more and more private companies and public utilities will use biometrics for safe, accurate identification. However, these advances will raise many concerns throughout society, where many may not be educated on the methods. Here are some examples of concerns society has with biometrics:


 * Physical - Some believe this technology can cause physical harm to an individual using the methods, or that instruments used are unsanitary. For example, there are concerns that retina scanners might not always be clean.


 * Personal Information - There are concerns whether our personal information taken through biometric methods can be misused, tampered with, or sold, e.g. by criminals stealing, rearranging or copying the biometric data. Also, the data obtained using biometrics can be used in unauthorized ways without the individual's consent.

Brazil
Since the beginning of the 20th century, Brazilian citizens have used ID cards. The decision by the Brazilian government to adopt fingerprint-based biometrics was spearheaded by Dr. Felix Pacheco at Rio de Janeiro, at that time capital of the Federative Republic. Dr. Pacheco was a friend of Dr. Juan Vucetich, who invented one of the most complete tenprint classification systems in existence. The Vucetich system was adopted not only in Brazil, but also by most of the other South American countries. The oldest and most traditional ID Institute in Brazil (Instituto de Identificação Félix Pacheco) was integrated at DETRAN (Brazilian equivalent to DMV) into the civil and criminal AFIS system in 1999.

Each state in Brazil is allowed to print its own ID card, but the layout and data are the same for all of them. The ID cards printed in Rio de Janeiro are fully digitized using a 2D bar code with information which can be matched against its owner off-line. The 2D bar code encodes a color photo, a signature, two fingerprints, and other citizen data. This technology was developed in 2000 in order to enhance the safety of the Brazilian ID cards.

At the end of 2005, the Brazilian government started the development of its new passport. The soon to be released new passport will include several security features. Brazilian citizens will have their signature, photo, and 10 rolled fingerprints collected during passport requests. All of the data is planned to be stored in ICAO E-passport standard. This allows for contactless electronic reading of the passport content and Citizens ID verification since fingerprint templates and token facial images will be available for automatic recognition. The project is expected to go into operation phase by the second semester of 2006.

United States
The United States government has become a strong advocate of biometrics with the increase in security concerns in recent years. Starting in 2005, US passports with facial (image-based) biometric data were scheduled to be produced. Privacy activists in many countries have criticized the technology's use for the potential harm to civil liberties, privacy, and the risk of identity theft. Currently, there is some apprehension in the United States (and the European Union) that the information can be "skimmed" and identify people's citizenship remotely for criminal intent, such as kidnapping. There also are technical difficulties currently delaying biometric integration into passports in the United States, the United Kingdom, and the rest of the EU. These difficulties include compatibility of reading devices, information formatting, and nature of content (e.g. the US and UK currently expect to use only image data, whereas the EU intends to use fingerprint and image data in their passport RFID biometric chip(s)).

The speech made by President Bush on May 15, 2006, live from the Oval Office, was very clear: from now on, anyone willing to go legally in the United States in order to work there will be card-indexed and will have to communicate his fingerprints while entering the country. Many foreigners will have to subject themselves to these procedures, formerly only imposed to criminals and to spies, not to immigrants and visitors, and even less to citizens.

"A key part of that system [for verifying documents and work eligibility of aliens] should be a new identification card for every legal foreign worker. This card should use biometric technology, such as digital fingerprints, to make it tamper-proof." President W Bush (Addresses on Immigration Reform, May 15, 2006)

The US Department of Defense (DoD) Common Access Card, is an ID card issued to all US Service personnel and contractors on US Military sites. This card contains biometric data and digitized photographs. It also has laser-etched photographs and holograms to add security and reduce the risk of falsification. There have been over 10 million of these cards issued.

According to Jim Wayman, director of the National Biometric Test Center at San Jose State University, Walt Disney World is the nation's largest single commercial application of biometrics.

Germany
The biometrics market in Germany will experience enormous growth till 2009. “The market size will increase from approximately 12 million € (2004) to 377 million €” (2009). “The federal government will be a major contributor to this development”. In particular, the biometric procedures of fingerprint and facial recognition can profit from the government project. In May 2005 the German Upper House of Parliament approved the implementation of the ePass, a passport issued to all German citizens which contain biometric technology. The ePass has been in circulation since November 2005, and contains a chip that initially will hold a digital photo of the holder's face. “Starting in March 2007, fingerprints also will be stored on the chips – one from each hand”. “A third biometric identifier – iris scans – could be added at a later stage”. An increase in the prevalence of biometric technology in Germany is an effort to not only keep citizens safe within German borders but also to comply with the current US deadline for visa-waiver countries to introduce biometric passports. In addition to producing biometric passports for German citizens, the German government has put in place new requirements for visitors for apply for visas within the country. “Only applicants for long-term visas, which allow more than three months' residence, will be affected by the planned biometric registration program. The new work visas will also include fingerprinting, iris scanning, and digital photos”.

Germany is also one of the first countries to implement biometric technology at the Olympic Games to protect German athletes. “The Olympic Games is always a diplomatically tense affair and previous events have been rocked by terrorist attacks - most notably when Germany last held the Games in Munich in 1972 and 11 Israeli athletes were killed”.

Biometric technology was first used at the Olympic Summer Games in Athens, Greece in 2004. “On registering with the scheme, accredited visitors will receive an ID card containing their fingerprint biometrics data that will enable them to access the 'German House'. Accredited visitors will include athletes, coaching staff, team management and members of the media”.

Australia
Visitors intending to visit Australia may soon have to submit to biometric authentication, linking individuals to their visas and passports. Biometric data are already collected from some visa applicants by Immigration. Other applications include authentication of gym users etc.

Israel
Biometrics have been used extensively in Israel for several years.

The border crossing points from Israel to the Gaza Strip and West Bank are controlled by gates through which authorised Palestinians may pass. Thousands of Palestinians (upwards of 90,000) pass through the turnstiles every day to work in Israel, and each of them has an ID card which has been issued by the Israeli Military at the registration centres. At peak periods more than 15,000 people an hour pass through the gates. The ID card is a smartcard with stored biometrics of fingerprints, facial geometry and hand geometry. In addition there is a photograph printed on the card and a digital version stored on the smartcard chip.

Tel Aviv Ben Gurion Airport has a frequent flyer's fast check-in system which is based on the use of a smartcard which holds information relating to the holders hand geometry and fingerprints. For a traveller to pass through the fast path using the smartcard system takes less than 10 seconds.

The Immigration Police at Tel Aviv Airport use a system of registration for foreign workers that utilises fingerprint, photograph and facial geometry which is stored against the Passport details of the individual. There is a mobile version of this which allows the police to check on an individual's credentials at any time.