|By Allen Martis, USA [ Published Date: September 6, 2005 ]|
Biometrics is the technology using computers to identify people according to unique biological traits, such as fingerprints, facial characteristics, retinal patterns, and behavioral characteristics such as voice. Biometrics is more accurate than other methods of security identification. Other methods of identification such as security badges, digital signatures, passwords can be stolen or lost. Biometrics allows each of us to be the password rather than having to see or hear one!
Biometric technologies are becoming the foundation of an extensive array of highly secure identification and personal verification solutions. As the level of security breaches and transaction fraud increases, the need for highly secure identification and personal verification technologies is becoming apparent.
Biometric-based solutions are able to provide for confidential financial transactions and personal data privacy. The need for biometrics can be found in federal, state and local governments, in the military, and in commercial applications. Biometric-based authentication applications include workstation, network, and domain access, single sign-on, application logon, data protection, remote access to resources, transaction security and Web security. Trust in these electronic transactions is essential to the healthy growth of the global economy. Utilized alone or integrated with other technologies such as smart cards, encryption keys and digital signatures, biometrics are set to pervade nearly all aspects of the economy and our daily lives.
The first step in any biometric system is called enrollment. This is where one or several samples of the biometric to be used is ''captured," or sensed by the capture mechanism. These samples are then passed to a processing mechanism, either a computer, or some type of embedded processor, which extracts the unique features of the sample to create a template, a mathematical or visual representation of the sample which takes up much less space than the original sample and which typically cannot be turned back into the original biometric. This template is then stored in some type of medium, whether it be on a magnetic stripe on the back of a card, or a computer's hard disk, or in a memory chip.
Authenticate / Identify
When a previously enrolled user decides to gain access to data or a facility via a biometric system, the user would present his biometric to the capture mechanism once again. The processing system would then do one or two actions, depending on the requirements of the application. If the processing system were only checking the live biometric against a single stored template, the system would be performing verification, wherein a one-to-one match is being done (authentication). If, however, the system were comparing this live biometric to a database of several previously stored templates, (most of which are not the users), the system would then be performing identification, searching through each template to see if it matches with the live biometric. This method is also known as a one-to-few or one-to-many search (identification). If, in either situation, a match was made, the person is granted access. If however, no match is made, the system denies access.
It is important to note that biometric identification works on the principle of a threshold. That is, it is nearly impossible to capture the biometric the same way every time it is used for access. Therefore, the system cannot expect a 100% match. Instead, a thresholding system is used that can be modified depending on the application.
Here is a list of biometrics to name a few that have been at least studied, and in most cases led to commercial products.
- Voice Recognition
- Face Recognition
- Iris Recognition
- Retinal Scan
Used almost exclusively in high-end security applications, the retinal scan uses a low-intensity light source and a delicate sensor to scan the pattern of blood vessels at the back of the retina, a pattern unique to each individual. Though it was known as early as the 1930s that each human eyeball had unique characteristics, it was not until 1984 that the first retinal scanner was made available for commercial use.
During a retinal scan, the user must remove glasses, stare at a specific point, and hold their head still for the 10-15 seconds it takes to complete the scan. A retinal scan is very difficult to fake because no technology exists that allows the forgery of a human retina, and the retina of a deceased person decays too fast to be used to fraudulently bypass a retinal scan.
The most popular form of biometrics employed today is of course the fingerprint, though the error rate for fingerprint identification is sometimes as high as 1 in 500. A retinal scan, on the other hand, boasts an error rate of 1 in 10,000,000. Its close cousin, the iris scan, is slightly less precise, maintaining an error rate of approximately 1 in 131,000.
Here are some myths related to biometrics:
- Biometrics is absolute security.
- You can catch a cold by touching a biometric system (fingerprint).
- Stolen body parts can be reused.
- Iris recognition uses the color of the eyes (and so, cannot work with some african people having very dark eyes).
- Twins have identical biometric traits (identical fingerprints, irises...). This is the same for clones.
Can we be absolutely certain that a biometric device will work as claimed and securely keep the bad guys out, while effortlessly letting the good guys in?
In real life, security versus convenience turns out to be pretty much a non-issue, since the combination of biometric identification plus a keypad code provides virtually unbreakable security. Here is why.
Biometric devices can be adjusted to favor security or user convenience. Think of a car alarm. When your car alarm is very sensitive, the probability of the bad guys stealing it is low. Yet the chance of your accidentally setting off the alarm is high. Reduce the sensitivity, and the number of false alarms goes down, but the chance of someone stealing your car increases.
The security requirements of a national defence contractor might demand that the device at the front door be adjusted to keep the bad guys out, for example. On the other hand, if hundreds of employees will clock in using a biometric reader at a low-security facility, you will want to adjust the unit's sensitivity to let the good guys in.
People like things that work. If the biometric does not allow employees effortless access, frustration will quickly rise and the biometric may never be accepted. Fortunately, this is extremely unlikely.