Classifications / Type of biometrics
Biometric characteristics can be divided in two main classes, as represented in the following figure:
- Physiological are related to the shape of the body. Examples include, but are not limited to fingerprint, face recognition, hand and palm geometry and iris recognition.
- Behavioral are related to the behavior of a person. Characteristic implemented by using biometrics are signature verification, keystroke dynamics, and voice
Whether you are an IT professional of a corporate firm, a professional that is required to replace his existing information system with a more secure and convenient one due to industry regulation, Integrator that would like to incorporate biometric technology into his own application, a student, or a sophisticated home user, this knowledge center will provide you with an appropriate knowledge in regards to the theory behind biometric systems, the current / existing technologies, and industry specific regulations that you may need to comply with.
The patterns of friction ridges and valleys on an individual's fingertips are unique to that individual. For decades, law enforcement has been classifying and determining identity by matching key points of ridge endings and bifurcations. Fingerprints are unique for each finger of a person including identical twins. One of the most commercially available biometric technologies, fingerprint recognition devices for desktop and laptop access are now widely available from many different vendors at a low cost. With these devices, users no longer need to type passwords – instead, only a touch provides instant access.
Face Recognition:The identification of a person by their facial image can be done in a number of different ways such as by capturing an image of the face in the visible spectrum using an optical camera or by using the infrared patterns of facial heat emission. Facial recognition in visible light typically model key features from the central portion of a facial image. Using a wide assortment of cameras, the visible light systems extract features from the captured image(s) that do not change over time while avoiding superficial features such as facial expressions or hair. Several approaches to modeling facial images in the visible spectrum are Principal Component Analysis, Local Feature Analysis, neural networks, elastic graph theory, and multi-resolution analysis. Some of the challenges of facial recognition in the visual spectrum include reducing the impact of variable lighting and detecting a mask or photograph. Some facial recognition systems may require a stationary or posed user in order to capture the image, though many systems use a real-time process to detect a person's head and locate the face automatically. Major benefits of facial recognition are that it is non-intrusive, hands-free, continuous and accepted by most users. Facial recognition uses distinctive facial features, including upper outlines of eye sockets, areas around cheekbones, the sides of the mouth and the location of the nose and eyes. Most technologies avoid areas of the face near the hairline so that hairstyle changes won't affect recognition.
Hand and Finger Geometry:
These methods of personal authentication are well established. Hand recognition has been available for over twenty years. To achieve personal authentication, a system may measure either physical characteristics of the fingers or the hands. These include length, width, thickness and surface area of the hand. One interesting characteristic is that some systems require a small biometric sample (a few bytes). Hand geometry has gained acceptance in a range of applications. It can frequently be found in physical access control in commercial and residential applications, in time and attendance systems and in general personal authentication applications. We're used to fingerprints but seldom think of an entire hand as an individual identifier. This method relies on devices that measure the length and angles of individual fingers. Although more user-friendly than retinal scans, it's still cumbersome.
This recognition method uses the iris of the eye which is the colored area that surrounds the pupil. Iris patterns are thought unique. The iris patterns are obtained through a video-based image acquisition system. Iris scanning devices have been used in personal authentication applications for several years. Systems based on iris recognition have substantially decreased in price and this trend is expected to continue. The technology works well in both verification (1:1) and identification (1:N) modes (in systems performing one-to-many searches in a database). Current systems can be used even in the presence of eyeglasses and contact lenses. The technology is not intrusive. It does not require physical contact with a scanner. Iris recognition has been demonstrated to work with individuals from different ethnic groups and nationalities.
The human retina is a thin tissue compose d of neural cells that is located in the posterior portion of the eye. Because of the complex structure of the capillaries that supply the retina with blood, each person's retina is unique. The network of blood vessels in the retina is so complex that even identical twins do not share a similar pattern. Although retinal patterns may be altered in cases of diabetes, glaucoma, retinal degenerative disorders or cataracts, the retina typically remains unchanged from birth until death. Due to its unique and unchanging nature, the retina appears to be the most precise and reliable biometric. Advocates of retinal scanning have concluded that it is so accurate that its error rate is estimated to be only one in a million. A biometric identifier known as a retinal scan is used to map the unique patterns of a person's retina. The blood vessels within the retina absorb light more readily than the surrounding tissue and are easily identified with appropriate lighting. A retinal scan is performed by casting an undetectable ray of low-energy infrared light into a person’s eye as they look through the scanner's eyepiece. This beam of light outlines a circular path on the retina. Because retinal blood vessels are more sensitive to light than the rest of the eye, the amount of reflection fluctuates. The results of the scan are converted to computer code and stored in a database.
Pros: Low occurrence of false positives, Extremely low (almost 0%) false negative rates, Highly reliable because no two people have the same retinal pattern, Speedy results: Identity of the subject is verified very quickly
Cons: Measurement accuracy can be affected by a disease such as cataracts, Measurement accuracy can also be affected by severe astigmatism, Scanning procedure is perceived by some as invasive, Not very user friendly, Subject being scanned must be close to the camera optics, High equipment costs
As with irises and fingerprints, a person's veins are completely unique. Twins don't have identical veins, and a person's veins differ between their left and right sides. Many veins are not visible through the skin, making them extremely difficult to counterfeit or tamper with. Their shape also changes very little as a person ages. To use a vein recognition system, you simply place your finger, wrist, palm or the back of your hand on or near the scanner. A camera takes a digital picture using near-infrared light. The hemoglobin in your blood absorbs the light, so veins appear black in the picture. As with all the other biometric types, the software creates a reference template based on the shape and location of the vein structure. Scanners that analyze vein geometry are completely different from vein scanning tests that happen in hospitals. Vein scans for medical purposes usually use radioactive particles. Biometric security scans, however, just use light that is similar to the light that comes from a remote control.
The technology, which measures the time for which keys are held down, as well as the length between strokes, takes advantage of the fact that most computer users evolve a method of typing which is both consistent and idiosyncratic – especially for words used frequently such as a user name and password. When registering, the user types his or her details nine times so that the software can generate a profile. Future login attempts are measured against the profile which, the current claim is that it can recognize the same user’s keystrokes with 99 per cent accuracy, using what is known as a “behavioral biometric.”
Biometric signature recognition systems will measure and analyze the physical activity of signing, such as the stroke order, the pressure applied and the speed. Some systems may also compare visual images of signatures, but the core of a signature biometric system is behavioral, i.e. how it is signed rather than visual, i.e. the image of the signature. Benefits of signature biometric systems: 1. While it is easy to copy the image of a signature, it is extremely difficult to mimic the behavior of signing; 2. Low False Acceptance Rates (FAR); 3. People are used to sign documents, so signature recognition systems are not perceived to be invasive. Weaknesses of signature biometric systems: People may not always sign in a consistent manner.
Voice or speech recognition:
Voice or speech recognition is the ability of a machine or program to receive and interpret dictation, or to understand and carry out spoken commands. Strictly speaking, voice is also a physiological trait because every person has a different pitch, but voice recognition is mainly based on the study of the way a person speaks, commonly classified as behavioral.
Recently, a new trend has been developed that merges human perception to computer database in a brain-machine interface. This approach has been referred to as cognitive biometrics. Cognitive biometrics is based on specific responses of the brain to stimuli, which could be used to trigger a computer database search. Currently, cognitive biometrics systems are being developed to use brain response to odor stimuli facial perception and mental performance for search at ports and high security areas. These systems are based on use of functional transcranial Doppler (fTCD) and functional transcranial Doppler spectroscopy (fTCDS) to obtain brain responses, which are used to match a target odor, a target face or target performance profile stored in a computer database. Thus, the precision of human perception provides the data to match that stored in the computer with improve sensitivity of the system.
Comparison of various biometric technologies
It is possible to understand if a human characteristic can be used for biometrics in terms of the following parameters:
- Universality => each person should have the characteristic
- Uniqueness => is how well the biometric separates individually from another.
- Permanence => measures how well a biometric resists aging.
- Collectability => ease of acquisition for measurement.
- Performance => accuracy, speed, and robustness of technology used.
- Acceptability => degree of approval of a technology.
- Circumvention =? ease of use of a substitute.
The following table shows a comparison of existing biometric systems in terms of those parameters:
Comparison of various biometric technologies, modified from Jain et al., 2004 (H=High, M=Medium, L=Low)
Biometric systems – Implementation principles
Basic block diagram of a biometric system
The diagram shows a simple block diagram of a biometric system. When such a system is networked together with telecommunications technology, biometric systems become ‘telebiometric’ systems. The main operations a system can perform are enrollment and test. During the enrollment, biometric information from an individual is stored. During the test, biometric information is detected and compared with the stored information.
Note that it is crucial that storage and retrieval of such systems themselves be secure if the biometric system is to be robust. The first block (sensor) is the interface between the real world and our system; it has to acquire all the necessary data. Most of the times it is an image acquisition system, but it can change according to the characteristics desired.
The second block performs all the necessary pre-processing: it has to remove artifacts from the sensor, to enhance the input (e.g. removing background noise), to use some kind of normalization, etc. In the third block features needed are extracted. This step is an important step as the correct features need to be extracted and the optimal way. A vector of numbers or an image with particular properties is used to create a template. A template is a synthesis of all the characteristics extracted from the source, in the optimal size to allow for adequate identifiably.
If enrollment is being performed the template is simply stored somewhere (on a card or within a database or both). If a matching phase is being performed, the obtained template is passed to a matcher that compares it with other existing templates, estimating the distance between them using any algorithm (e.g. Hamming distance). The matching program will analyze the template with the input. This will then be output for any specified use or purpose (e.g. entrance in a restricted area ) .
A biometric system can provide the following two functions:
- Verification (‘One-to-One’ or 1:1) - Authenticates its users in conjunction with a smart card, username or ID number. The biometric template captured is compared with that stored against the registered user either on a smart card or database for verification.
- Identification (‘One-to-Many’ or 1:N) - Authenticates its users from the biometric characteristic alone without the use of smart cards, usernames or ID numbers. The biometric template is compared to all records within the database and a closest match score is returned. The closest match within the allowed threshold is deemed the individual and authenticated.
PerformanceBiometric systems are susceptible to the following kinds of errors:
- FRR (False Rejection Rate) - the frequency of rejections relative to people who should be correctly verified. When an authorized user is rejected he/she must represent his/her biometric characteristic to the system. Note that a false rejection does not mean necessarily an error of the system; for example, in the case of a fingerprint-based system, a incorrect positioning of the finger on the sensor or dirtiness can produce false rejections.
- FAR (False Acceptance Rate) - the frequency of fraudulent accesses due to impostors claiming a false identity.
False Accept Rate & False Reject Rate
Due to the statistical nature of the false acceptance rate, a large number of fraud attempts have to be undertaken to get statistical reliable results. The fraud trial can be successful or unsuccessful. The probability for success (FAR(n)) against a certain enrolled person n is measured:
Number of successful fraud attempts against a person (or feature) n
Number of all fraud attempts against a person (or feature) n
FAR against a certain enrolled personThese values are more reliable with more independent attempts per person/feature. The overall FAR for N participants is defined as the average of FAR(n):
overall FAR for N participants
Analogically, false rejection rates FRR(n) and FRR is defined in a similar way
Number of rejected verification attempts for a qualified person (or feature) n
Number of all verification attempts for a qualified person (or feature) n
FRR against a certain enrolled person
Overall FRR for N participants
A biometric system test usually starts by determining the similarities of different biometric features and a saved reference feature. After many measurements, one receives a histogram or distribution for authorized users and another for unauthorized users showing the frequency of matches per similarity rating.
Taking the Levenshtein distance between two strings as a measure of similarity, we will consider normal distribution graphs for both authorized und unauthorized users. As Levenshtein distance becomes smaller with increasing similarity of the two strings, the mean of normal distribution for authorized users is smaller than the the mean of normal distribution for unauthorized users. In other words, the normal distribution curve for authorized users is on the left side of the normal distribution curve for un authorized users, as shown in Figure 2.2.1.
The area under the curve that represents normal distribution for authorized users is marked with green color. The area under the curve that represents normal distribution for unauthorized users is marked with red color. The area where the curves overlap is marked with mixture of these two color.
Normal distributions for authorized und unauthorized users
In an ideal case, the two distribution graphs should overlap as little as possible. The measurements of biometric features as well as the features themselves are subject to statistical fluctuations. Therefore, every biometric recognition system has a built-in acceptance threshold. Given FAR and FRR values always belong to the same threshold value.
When setting a certain similarity rating as a threshold for determination of authorized versus non authorized users, the False Acceptance Rate (FAR) is the number of non authorized users whose Levenshtein distance happens to fall bellow the threshold compared to all attempts. On the other hand, a False Rejection Rate (FRR) is the number of authorized users whose Levenshtein distance happens to fall above this threshold compared to all attempts.
FAR and FRR on normal distributions graphs
We see that FAR and FRR are dependant on the adjustable adopted threshold. If we increase the value of threshold, the proportion FAR will increase, while FRR will decrease. When we decrease the value of threshold, the proportion FAR will decrease, while FRR increases.
FAR - FRR Diagram
The intersection point of these two graphs has coordinates (threshold for the EER, EER), where ERR is Equal Error Rate.
The following table shows typical parameters of some biometric systems (2002-2005)
State of art of biometric recognition systems
|Face||n.a.||1%||10%||37437||Varied lighting, indoor/outdoor||FRVT (2002)|
|Fingerprint||n.a.||1%||0.1%||25000||US Government operational data||FpVTE (2003)|
|Fingerprint||2%||2%||2%||100||Rotation and exaggerated skin distortion||FVC (2004)|
|Hand geometry||1%||2%||0.1%||129||With rings and improper placement||(2005)|
|Iris||< 1%||0.94%||0.99%||1224||Indoor environment||ITIRT (2005)|
|Iris||0.01%||0.0001%||0.2%||132||Best conditions||NIST (2005)|
|Keystrokes||1.8%||7%||0.1%||15||During 6 months period||(2005)|
|Voice||6%||2%||10%||310||Text independent, multilingual||NIST (2004)|
One simple but artificial way to judge a system is by EER, but not all the authors provided it. Moreover, there are two particular values of FAR and FRR to show how one parameter can change depending on the other. For fingerprint there are two different results, the one from 2003 is older but it was performed on a huge set of people, while in 2004 far fewer people were involved but stricter conditions have been applied.
For iris, both references belong to the same year, but one was performed on more people, the other one is the result of a competition between several universities so, even if the sample is much smaller, it could reflect better the state of art of the field.