Biometrics

What Is Biometrics?

Biometric technologies are defined as automated methods of identifying or authenticating the identity of a living person based on unique physiological or behavioral characteristics. Biometrics can provide very secure and convenient authentication for an individual since they cannot be stolen or forgotten and are very difficult to forge.

About

Reliable user authentication is becoming an increasingly important task in the Web-enabled world. The consequences of an insecure authentication system in a corporate or enterprise environment can be catastrophic, and may include loss of confidential information, denial of service, and compromised data integrity. The value of reliable user authentication is not limited to just computer or network access. Many other applications in everyday life also require user authentication, such as banking, e- commerce, and physical access control to computer resources, and could benefit from enhanced security. The prevailing techniques of user authentication, which involve the use of either passwords and user IDs (identifiers), or identification cards and PINs (personal identification numbers), suffer from several limitations. Passwords and PINs can be illicitly acquired by direct covert observation. Once an intruder acquires the user ID and the password, the intruder has total access to the user’s resources. In addition, there is no way to positively link the usage of the system or service to the actual user, that is, there is no protection against repudiation by the user ID owner. A problem with biometric authentication systems arises when the data associated with a biometric feature has been compromised. For authentication systems based on physical tokens such as keys and badges, a compromised token can be easily canceled and the user can be assigned a new token.

Enhanced Security

Biometric technologies are used with smart cards for ID system applications specifically due to their ability to identify people with minimal ambiguity. A biometric based ID allows for the verification of “who you claim to be”(information about the cardholder printed or stored in the card) based on “who you are” (the biometric information stored in the smart card), instead of, or possibly in addition to, checking “what you know” (such as a PIN). As shown in Figure 10.1, this increases the security of the overall ID system and improves the accuracy, speed, and control of cardholder authentication.

Face Authentication

Face recognition is one of the newest technologies. Specialized recognition software coupled with video camera allows these systems to recognize people’s faces. There are various methods by which facial scan technology recognize peoples. All share some commonalities, such as emphasizing those sections of the face which are less susceptible to alteration, including the upper outlines of the eye sockets, the areas surrounding one’s cheekbones, and the sides of the mouth. Most technologies are resistant to moderate changes in hairstyle, as they do not utilize areas of the face located near the hairline. All of the primary technologies are designed to be robust enough to conduct enough to conduct 1- to–many searches, that is to locate a single face out of a data base of thousands of faces.

The Iris

Iris recognition is based on visible (via regular and/or infrared light) qualities of the iris. A primary visible characteristic is the trabecular meshwork (permanently formed by the 8th month of gestation), a tissue that gives the appearance of dividing the iris in a radial fashion. Other visible characteristics include rings, furrows, freckles, and the corona, to cite only the more familiar. Expressed simply, iris recognition technology converts these visible characteristics into a 512 byte IrisCode(tm), a template stored for future verification attempts. 512 bytes is a fairly compact size for a biometric template, but the quantity of information derived from the iris is massive. From the iris' 11mm diameter, Dr. Daugman's algorithms provide 3.4 bits of data per square mm. This density of information is such that each iris can be said to have 266 unique "spots", as opposed to 13-60 for traditional biometric technologies.

Fingerprint Authentication

Fingerprints are a distinctive feature and remain invariant over the lifetime of a subject, except for cuts and bruises. As the first step in the authentication process, a fingerprint impression is acquired, typically using an inkless scanner. Several such scanning technologies are available. Figure 5A shows a fingerprint obtained with a scanner using an optical sensor. A typical scanner digitizes the fingerprint impression at 500 dots per inch (dpi) with 256 gray levels per pixel. The digital image of the fingerprint includes several unique features in terms of ridge bifurcations and ridge endings, collectively referred to as minutiae.

Conclusion

The ultimate form of electronic verification of a person’s identity is biometrics; using a physical attribute of the person to make a positive identification. People have always used the brain’s innate ability to recognize a familiar face and it has long been known that a person’s fingerprints can be used for identification. The challenge has been to turn these into electronic processes that are inexpensive and easy to use. Banks and others who have tested biometric-based security on their clientele, however, say consumers overwhelmingly have a pragmatic response to the technology. Anything that saves the information-overloaded citizen from having to remember another password or personal identification number comes as a welcome respite.