Biometrics: Useful Terms
(definitions of terms used in biometric technology)
Biometric recognition, or biometrics, refers to the automatic identification of a person based on his or her anatomical (fingerprints, iris of the eyes) or behavioral (signature) characteristics or traits. This method of identification offers several advantages over traditional methods involving ID cards (tokens) or PIN numbers (passwords) for various reasons:
- The person to be identified is required to be physically present at the point-of-identification.
- Identification based on biometric techniques eliminates the need to remember a password or carry a card, etc.
With the increased integration of computers and the internet into our lives, it is necessary to protect sensitive and personal data.
By replacing PINs (or using biometrics in addition to PINs), biometric techniques can potentially prevent unauthorized access to ATMs, cellular phones, laptops, and computer networks.
Unlike biometric traits, PINs or passwords may be forgotten, and credentials like passports and drivers' licenses may be forged, stolen, or lost. As a result, biometric systems are being utilized to enhance security and reduce financial fraud.
Various biometric traits are being used for real-time recognition, the most popular being face, iris of the eyes, and fingerprints; however, there are biometric systems that include all of the following: retinal (eye) scans, voice, signature, and hand geometry. In some applications, more than one biometric trait is used to achieve higher security. Such systems are called multi-modal biometric systems.
The number and locations of the bifurcations and ridge endings, known as minutiae, vary from finger to finger in any particular person, and from person to person for any particular finger; for example, the ring finger on the right hand.
When a set of finger images is obtained from someone, the number of minutiae is recorded for each finger. The precise locations of the minutiae are also recorded, in the form of numerical coordinates, for each finger.
The result is a function that can be entered and stored in a computer database which can rapidly compare this result with that of anyone else in the world whose finger image has been scanned.2. An anatomical area of the body that has two branches or divisions that are forked: One example of such a bifurcation is when roots divide in a multi-rooted tooth.
Other body parts that are bifurcations include the trachea, or the windpipe, which divides into the two bronchi or branches of the trachea that go into each of the two lungs.
Fingerprint payment, based on fingerscanning, is the most common biometric payment method. Often, the system uses two-factor authentication, in which the finger scan takes the place of the card swipe and the user types in a PIN (personal ID number) as usual.
In the United States, biometric payment has gained popularity in grocery stores, gas stations, and convenience stores. In March 2006, "Pay By Touch", the leading biometric payment provider, reported that more than two million customers had enrolled in their biometric services and that "Pay By Touch" had authenticated approximately eight billion dollars in transactions.
The system of biometric payments is controversial. Traditionally, fingerprints have been associated with law enforcement. Critics of biometric payment fear that fingerprints could be made available to government agencies or law enforcement officials.
Biometric payment service providers are quick to point out that they don't keep the customer's actual fingerprint in their databases. They keep an encrypted number derived from the finger's point-to-point measurements. It is that number which is used to verify a customer's identity, not the actual fingerprint.
In the final analysis, a biometric payment system; like any system that accesses sensitive information, is only as secure as the associated databases and transactions.
Unique identifiers include fingerprints, hand geometry, earlobe geometry, retina and iris patterns, voice waves, DNA, and signatures.
The oldest form of biometric verification is fingerprinting. Historians have found examples of thumbprints being used as a means of unique identification on clay seals in ancient China.
Biometric verification has advanced considerably with the advent of computerized databases and the digitization of analog data, allowing for almost instantaneous personal identification.
An optical scanning and recognition system is used in conjunction with a matching system to enable efficient authentication for secure spaces and devices. Like other finger scanning technologies, electro-optical fingerprint recognition makes it possible to quickly and accurately compare a given fingerprint image to thousands of stored images.
Electro-optical fingerprint scanners are generally designed to be portable, easy to use, and physically rugged. The devices are becoming more widely used as an alternative to passwords for consumer electronics or as part of a two-factor authentication system where more stringent security is required.
The fingerprint is optically scanned directly from the finger and the resulting image is focused onto a small chip. The chip converts the focused image into a digital file that can be processed, stored, and compared with other fingerprint images.
The high-resolution digital images can be processed like any other scanned images, eliminating problems caused by aliasing (also called jaggies) and making it possible to quickly compare a fingerprint image with other fingerprint images in a large database.
The fluorescence of the nail, when exposed to ultraviolet (UV) light, is increased at points where data is written. Data can be read from the fingernail using a microscope while irradiating the nail with UV energy.
A pulsed laser is used, at a wavelength of 800 nanometers (nm), to write the data onto the nail. Each data bit measures approximately 0.003 millimeters (mm) in diameter.
Individual data bits are spaced 0.005 mm apart, in three layers at depths of 0.04, 0.06, and 0.08 mm within the nail.Fingernail storage has a limited life because human nails grow out. The average human fingernail is completely replaced by the body every six months, assuming the nail is clipped short at regular intervals.
Fingernail storage has been suggested as a biometric means of identification, and also for storing critical medical information for use in emergencies.
The digital image obtained by such scanning is called a "finger image". In some texts, the terms fingerprinting and fingerprint are used, but technically, these terms refer to traditional ink-and-paper processes and images.
Fingerscanning is a biometric process, because it involves the automated capture, analysis, and comparison of a specific characteristic of the human body.
There are several different ways in which an instrument can bring out the details in the pattern of raised areas (called ridges) and branches (called bifurcations) in a human finger image.
The most common methods are optical, thermal, and tactile. They work using visible light analysis, heat-emission analysis, and pressure analysis, respectively.
Biometric fingerscanning offers improvements over ink-and-paper imaging. A complete set of fingerscans for a person (10 images, including those of the thumbs) can be easily copied, distributed, and transmitted over computer networks.
In addition, computers can quickly analyze a fingerscan and compare it with thousands of other fingerscans, as well as with fingerprints obtained by traditional means and then digitally photographed and stored. This greatly speeds up the process of searching finger image records in criminal investigations.
The term is used in conjunction with security systems that identify people based on a previous recording of one or more of their body characteristics.
Live capture is used in some automatic teller machines (ATMs) to ensure that the person making the transaction is the individual to whom the magnetic ATM card belongs. One approach is iris scanning.
The subject must look in the general direction of a camera and the eyes must be uncovered. Otherwise, the transaction will not be completed. Another approach to live capture is facial recognition, which has been suggested as a way to scan crowds for suspected terrorists.
An advantage of live capture is that relevant action can be taken at the moment the data is gathered; for example, the police can be summoned if an intruder on a property is identified as a known criminal suspect by facial recognition equipment.
In contrast, so-called dead or passive capture is used primarily to gather evidence or make comparisons of samples when the subject is not physically present.
In two-factor authentication, the user provides dual means of identification, one of which is typically a physical token, such as a card, and the other of which is typically something memorized, such as a security code.
Additional authentication methods that can be used in MFA include biometric verification; such as, fingerscanning, iris recognition, facial recognition, and voice ID. In addition to these methods, smart cards and other electronic devices can be used along with the traditional user ID and password.
VeriChip, manufactured by Applied Digital Solutions, is about the size of a grain of rice. It holds an identification number, an electromagnetic coil for transmitting data, and a tuning capacitor; the components of which are enclosed inside a silicon and glass container that is compatible with human tissue.
The chip, which uses an RFID (wireless transmission) technology similar to the injectable ID chips used by animal shelters to tag pets, can be read by a proprietary scanner up to four feet away.
The VeriChip was originally intended to function in much the same way a medical alert bracelet does by giving medical personnel life-saving information about a patient's history. It is now being used for security and automated data collection, as well as medical, purposes.
An adaptation of biometrics, voice ID relies on the fact that vocal characteristics, like fingerprints and the patterns of people's irises, are unique for each individual.
The criteria that a voice ID system bases decisions on are created by the shape of the speaker's mouth and throat, rather than more variable conditions.
Because of the relative permanence of the characteristics it measures, the technology is not likely to be fooled by an attempt to disguise a voice, and is not generally affected by changes that can make a voice sound quite different to the human ear; such as, a bad cold or extreme emotion.
During enrollment for a voice authentication system, a user's voice is recorded, creating what is called a voiceprint for comparison with samples taken for user identification.
To foil attempts to fool the system with a prerecorded voice sample, people may be asked to read or repeat a list of words which they can then be requested to repeat in random combinations.
Voice ID systems have been used in a variety of security-related applications. The United States judicial system has used the technology, on a limited basis, for about ten years to ensure that prisoners incarcerated in their homes or out on temporary passes were where they were supposed to be.
Voice-based systems could potentially be used effectively in any situation where secure authentication is especially important. Banks and credit card companies are increasingly turning to voice authentication as a means of decreasing the potential for fraud and identity theft and, at the same time, cutting the costs associated with customer verification.
Voice authentication products are available from a number of vendors, including Vocent, Nuance Communications, Courion Corp., and VoiceVault.
These characteristics, which are based on the physical configuration of a speaker's mouth and throat, can be expressed as a mathematical formula.
The term applies to a vocal sample recorded for that purpose, the derived mathematical formula, and its graphical representation. Voiceprints are used in voice ID systems for user authentication.