Scientists have developed the technology to study the different designs of the nature. The science, which deals with study of these designs, is called as biomimetics. The word biomimetics came from the Greek word bios, which means life, and mimesis, which means imitations. It is claimed that biomimetics will replace molecular biology to become the most challenging and important biological science of the 21st century. Biomimetics is mimicking biological systems either in form, function, or both. The bio mimics goal is to find benign and sustainable ways to meet the needs for food. Materials, medicine and energy. By beginning to learn from nature biomimetics are finding out that, in all her activities nature creates conditions conductive to life. The biomimetics open the door to new ways of ?seeing?, and then to new ways of ?doing?. This paper deals with biomimetics with examples. This also deals with the importance of biomimetics and how we can improve the design by using biomimetics.


Download the full seminar report

Download

if the above page link is not working then use this

Biometrics literally means "life measurement." Biometrics is the science and technology of measuring and statistically analyzing biological data. In information technology, biometrics usually refers to technologies for measuring and analyzing human body characteristics such as fingerprints, eye retinas and irises, voice patterns, facial patterns, and hand measurements, especially for authenticating someone. Often seen in science-fiction action adventure movies, face pattern matchers and body scanners may emerge as replacements for computer passwords So, Biometric systems can be defined as "automated methods of verifying or recognizing the identity of a living person based on a physiological or behavior characteristic".

Automated methods By this we mean that the analysis of the data is done by a computer with little or no human intervention. Traditional fingerprint matching and showing your drivers license or other forms of photo ID when proving your identity are examples of such systems.
Verification and recognition This sets forth the two principal applications of biometric systems. Verification is where the user lays claim to an identity and the system decides whether they are who they say they are. It's analogous to a challenge/response protocol; the system challenges the user to prove their identity, and they respond by providing the biometric to do so. Recognition is where the user presents the biometric, and the system scans a database and determines the identity of the user automatically.

Living person This points out the need to prevent attacks where copy of the biometric of an authorized user is presented. Biometric systems should also prevent unauthorized users from gaining access when they are in possession of the body part of an authorized user necessary for the measurement.

Physiological and behavioral characteristics This defines the two main classes of biometrics. Physiological characteristics are physical traits, like fingerprint or retina that are direct parts of the body. Behavioral characteristics are those that are based upon what we do, such as voiceprint and typing patterns. While physiological traits are usually more stabile than behavioral traits, systems using them are typically more intrusive and more expensive to implement

BIOMETRIC SYSTEMS
Eliminating the password nightmare¦.
ABSTRACT
A biometric is defined as a unique, measurable, biological characteristic or trait for automatically recognizing or verifying the identity of a human being. Statistically analyzing these biological characteristics has become known as the science of biometrics. These days, biometric technologies are typically used to analyze human characteristics for security purposes. Five of the most common physical biometric patterns analyzed for security purposes are the fingerprint, hand, eye, face, and voice. The use of biometric characteristics as a means of identification. In this paper we will give a brief overview of the field of biometrics and summarize some of its advantages, disadvantages, strengths, limitations, and related privacy concerns. We will also look at how this process has been refined over time and how it currently works.
INDEX TERMS
Biometrics ,Why biometrics ,Working, Types, Biometrics algorithm, Requirements of the system, Verification, Identification, Limitations.
INTRODUCTION
Humans have used body characteristics such as face, voice, gait, etc. for thousands of years to recognize each other. Alphonse Bertillon, chief of the criminal identification division of the police department in Paris, developed and then practiced the idea of using a number of body measurements to identify criminals in the mid 19th century. Just as his idea was gaining popularity, it was obscured by a far more significant and practical discovery of the distinctiveness of the human fingerprints in the late 19th century. Soon after this discovery, many major law enforcement departments embraced the idea of first booking the fingerprints of criminals and storing it in a database (actually, a card file). Later, the leftover (typically, fragmentary) fingerprints (commonly referred to as latents) at the scene of crime could be lifted and matched with fingerprints in the database to determine the identity of the criminals. Although biometrics emerged from its extensive use in law enforcement to identify criminals (e.g., illegal aliens, security clearance for employees for sensitive jobs, fatherhood determination, forensics, positive identification of convicts and prisoners), it is being increasingly used today to establish person recognition in a large number of
civilian applications. What biological measurements qualify to be a biometric Any human physiological and/or behavioral characteristic can be used as a biometric characteristic as long as it satisfies the following requirements:
¢ Universality: each person should have the characteristic;
¢ Distinctiveness: any two persons should be sufficiently different in terms of the characteristic;
¢ Permanence: the characteristic should be sufficiently invariant (with respect to the matching criterion) over a period of time;
¢ Collectability: the characteristic can be measured quantitatively. However, in a practical biometric system (i.e., a system that employs biometrics for personal recognition)
There are a number of other issues that should be considered, including:
¢ Performance, which refers to the achievable recognition accuracy and speed, the resources required to achieve the desired recognition accuracy and speed, as well as the operational and environmental factors that affect the accuracy and speed;
¢ Acceptability, which indicates the extent to which people are willing to accept the use of a particular biometric identifier (characteristic) in their daily lives;
¢ Circumvention, which reflects how easily the system can be fooled using fraudulent methods.
A practical biometric system should meet the specified recognition accuracy, speed, and resource requirements, be harmless to the users, be accepted by the intended population, and be sufficiently robust to various fraudulent methods and attacks to the system.
WHY BIOMETRICS
A biometric system is essentially a pattern recognition system which makes a personal identification by determining the authenticity of a specific physiological or behavioral characteristic possessed by the user. An important issue in designing a practical system is to determine how an individual is identified. Depending on the context, a biometric system can be either a verification (authentication) system or an identification system. There are two different ways to resolve a person's identity: verification and identification. Verification (Am I whom I claim I am) involves confirming or denying a person's claimed identity. In identification, one has to establish a person's identity (Who am I ). Each one of these approaches has its own complexities and could probably be solved best by a certain biometric systems.
HOW DOES BIOMETRIC PROCESSES WORK
The concept of biometric identification is simple. The system has some prestored data. When you approach the system(say a fingerprint scanner),your finger is scanned and matched with a record of your fingerprints already in its data base. Only when it finds a match, access is granted. The concept might be simple but the process is quite ingenious.
Fingerprint Matching:
Among all the biometric techniques, fingerprint-based identification is the oldest method which has been successfully used in numerous applications. Everyone is known to have unique, immutable fingerprints. A fingerprint is made of a series of ridges and furrows on the surface of the finger. The uniqueness of a fingerprint can be determined by the pattern of ridges and furrows as well as the minutiae points. Minutiae points are local ridge characteristics that occur at either a ridge bifurcation or a ridge ending.
Fingerprint matching techniques can be placed into two categories: minutae-based and correlation based. Minutiae-based techniques first find minutiae points and then map their relative placement on the finger. However, there are some difficulties when using this approach. It is difficult to extract the minutiae points accurately when the fingerprint is of low quality. Also this method does not take into account the global pattern of ridges and furrows. The correlation-based method is able to overcome some of the difficulties of the minutiae-based approach. However, it has some of its own shortcomings. Correlation-based techniques require the precise location of a registration point and are affected by image translation and rotation.

Fingerprint matching based on minutiae has problems in matching different sized (unregistered) minutiae patterns. Local ridge structures can not be completely characterized by minutiae. We are trying an alternate representation of fingerprints which will capture more local information and yield a fixed length code for the fingerprint. The matching will then hopefully become a relatively simple task of calculating the Euclidean distance will between the two codes.
Face Retrieval:
The face retrieval problem, known as face detection, can be defined as follows: given an arbitrary black and white, still image, find the location and size of every human face it contains. There are many applications in which human face detection plays a very important role: it represents the first step in a fully automatic face recognition system, it can be used in image database indexing/searching by content, in surveillance systems and in human-computer interfaces. It also provides insight on how to approach other pattern recognition problems involving deformable textured objects. At the same time, it is one of the harder problems in pattern recognition.
Hand Geometry:
This approach uses the geometric shape of the hand for authenticating a user's identity. Authentication of identity using hand geometry is an interesting problem. Individual hand features are not descriptive enough for identification. However, it is possible to devise a method by combining various individual features to attain robust verification.
Hand Geometry vs Fingerprints:
Unlike fingerprints, the human hand isn't unique. One can use finger length, thickness, and curvature for the purposes of verification but not for identification. For some kinds of access control like immigration and border control, invasive biometrics (eg., fingerprints) may not be desirable as they infringe on privacy. In such situations it is desirable to have a biometric system that is sufficient for verification. As hand geometry is not distinctive, it is the ideal choice. Furthermore, hand geometry data is easier to collect. With fingerprint collection good frictional skin is required by imaging systems, and with retina-based recognition systems, special lighting is necessary. Additionally, hand geometry can be easily combined with other biometrics, namely fingerprint. One can envision a system where fingerprints are used for (infrequent) identification and hand geometry is used for (frequent) verification
A Multimodal Biometric System Using Fingerprint, Face, and Speech:
A biometric system which relies only on a single biometric identifier in making a personal identification is often not able to meet the desired performance requirements. Identification based on multiple biometrics represents an emerging trend. We introduce a multimodal biometric system, which integrates face recognition, fingerprint verification, and speaker verification in making a personal identification. This system takes advantage of the capabilities of each individual biometric. It can be used to overcome some of the limitations of a single biometrics. Preliminary experimental results demonstrate that the identity established by such an integrated system is more reliable than the identity established by a face recognition system, a fingerprint verification system, and a speaker verification system.
Retina and iris scanning:
Retina scanning, the rage of the 1970s and 1980s, has fallen into disfavor in recent years. The TV series, Mission Impossible, romanticized the use of retina scanning, but in realty, the technology is very intrusive. Retina scanning relies on the fact that the retina pattern of the human eye is unique from individual to individual. In fact, the retina pattern of each eye is unique. The problem with retina scanning is that it requires a light to be shone to the back of the eye where the retina is located. As stated, this is an intrusive type of technology, and users are generally not receptive to it. Consequently, retina scanning applications are often limited to military and high security applications.
Iris scanning, a relatively newer form of eye geometry technology, is significantly less intrusive. This technology relies on the fact that the iris pattern of each eye is unique. Because the iris is found in the front of the eye, iris scanning is relatively non-intrusive because the iris pattern can be picked up from a distance of up to two feet away. Examples of applications include replacing passwords for logging onto networks, security cards for opening doors, PINs for ATMs, and the like. In essence, any time some form of password or a key is required, iris scanning can be used instead. The cost per system is still currently high, but like all computer applications, cost will drop drastically and quickly.
BIOMETRIC SYSTEN ALGORITHM
A biometric system is essentially a pattern recognition system that operates by acquiring biometric data from an individual, extracting a feature set from the acquired data, and comparing this feature set against the template set in the database. Depending on the application context, a biometric system may operate either in verification mode or identification mode:
¢ In the verification mode, the system validates a person™s identity by comparing the captured biometric data with her own biometric template(s) stored system database. In such a system, an individual who desires to be recognized claims an identity, usually via a PIN (Personal Identification Number), a user name, a smart card, etc., and the system conducts a one-toone comparison to determine whether the claim is true or not. Identity verification is typically used for positive recognition, where the aim is to prevent multiple people from using the same identity [26].
¢ In the identification mode, the system recognizes an individual by searching the templates of all the users in the database for a match. Therefore, the system conducts a one-to-many comparison to establish an individual™s identity (or fails if the subject is not enrolled in the system database) without the subject having to claim an identity. Identification is a critical component in negative recognition applications where the system establishes whether the person is who she (implicitly or explicitly) denies to be. The purpose of negative recognition is to prevent a single person from using multiple identities [26]. Identification may also be used in positive recognition for convenience (the user is not required to claim an identity). While traditional methods of personal recognition such as passwords, PINs, keys, and tokens may work for positive recognition, negative recognition can only be established through biometrics.
The term recognition does not make a distinction between verification and identification. The block diagrams of a verification system and an identification system are depicted in Figure 1; user enrollment, which is common to both the tasks is also graphically illustrated.
Figure 1. Block diagrams of enrollment, verification and identification tasks are shown using the four main modules of
a biometric system, i.e., sensor, feature extraction, matcher, and system database.
The verification problem may be formally posed as follows: given an input feature vector
XQ (extracted from the biometric data) and a claimed identity I, determine if (I, XQ) belongs to class w1 or w2, where w1 indicates that the claim is true (a genuine user) and w2 indicates that the claim is false (an impostor). Typically, XQ is matched against XI, the biometric template corresponding to user I, to determine its category. Thus,
(I,XQ) (W1) ,if S(XQ,XI) = t
(W2), otherwise
where S is the function that measures the similarity between feature vectors XQ and XI, and t is a predefined threshold. The value S(XQ, XI) is termed as a similarity or matching score between the biometric measurements of the user and the claimed identity. Therefore, every claimed identity is classified into w1 or w2 based on the variables XQ, I, XI and t, and the function S. Note that biometric measurements (e.g., fingerprints) of the same individual taken at different times are almost never identical. This is the reason for introducing the threshold t. The identification problem, on the other hand, may be stated as follows: given an input feature vector XQ, determine the identity Ik, k {1,2,...N,N+1} Here I1 ,I2¦.IN are the identities enrolled in the system and IN+1 indicates the reject case where no suitable identity can be determined for the user. Hence,
XQ (Ik, ,if max {(XQ, X I k)} =t, k =1,2,3¦¦.N,
(IN+1, otherwise,
where X I k is the biometric template corresponding to identity Ik, and t is a predefined threshold.
A biometric system is designed using the following four main modules (see Figure 1):
1. Sensor module, which captures the biometric data of an individual. An example is a
Fingerprint sensor that images the ridge and valley structure of a userâ„¢s finger.
2. Feature extraction module, in which the acquired biometric data is processed to extract a set of salient or discriminatory features. For example, the position and orientation of minutiae points (local ridge and valley singularities) in a fingerprint image are extracted in the feature extraction module of a fingerprint-based biometric system.
3. Matcher module, in which the features during recognition are compared against the stored templates to generate matching scores. For example, in the matching module of a
Fingerprint-based biometric system, the number of matching minutiae between the input and the template fingerprint images is determined and a matching score is reported. The matcher module also encapsulates a decision making module, in which a user's claimed identity is confirmed (verification) or a userâ„¢s identity is established (identification) based on the matching score.
4. System database module, which is used by the biometric system to store the biometric
templates of the enrolled users. The enrollment module is responsible for enrolling individuals into the biometric system database. During the enrollment phase, the biometric characteristic of an individual is first scanned by a biometric reader to produce a digital representation (feature values) of the characteristic. The data capture during the enrollment process may or may not be supervised by a human depending on the application. A quality check is generally performed to ensure that the acquired sample can be reliably processed by successive stages. In order to facilitate matching, the input digital representation is further processed by a feature extractor to generate a compact but expressive representation, called a template. Depending on the application, the template may be stored in the central database of the biometric system or be recorded on a smart card issued to the individual. Usually, multiple templates of an individual are stored to account for variations observed in the biometric trait and the templates in the database may be updated over time.
System requirements
The objective of the Biometric Encryption algorithm is to provide a mechanism for the linking and subsequent retrieval of a digital key using a biometric such as a fingerprint. This digital key can then be used as a cryptographic key. The important system requirements that apply to a key retrieval system using a fingerprint are distortion tolerance, discrimination and security.
¢ Distortion tolerance is the ability of the system to accommodate the day-to-day distortions of the fingerprint image. These distortions are due to behavioral changes (positioning, rotation, and deformation), as well as environmental (ambient temperature and humidity) and physiological (moisture content) conditions. A key retrieval system must be able to consistently produce the correct key for the different expected versions of a legitimate user™s fingerprint.
¢ Discrimination is the ability of a system to distinguish between all of the system users™ fingerprints. An attacker should produce an incorrect key when the attacker™s fingerprint is combined with a legitimate user™s filter.
Security of the system means that neither the digital key, nor the legitimate userâ„¢s fingerprint, can be independently extracted from any stored information.
THE APPLICATIONS OF BIOMETRIC SYSTEMS
The applications of biometrics can be divided into the following three main groups:
¢ Commercial applications such as computer network login, electronic data security, ecommerce, Internet access, ATM, credit card, physical access control, cellular phone, PDA, medical records management, distance learning, etc.
¢ Government applications such as national ID card, correctional facility, driver™s license, social security, welfare-disbursement, border control, passport control, etc.
¢ Forensic applications such as criminal investigation, terrorist identification, parenthood determination, missing children, etc. Traditionally, commercial applications have used knowledge-based systems (e.g., PINs and passwords), government applications have used token-based systems (e.g., ID cards and badges), and forensic applications have relied on human experts to match biometric features.
a) b) c)

d)

e) f) g)

The examples described above: -
a) The Immigration and Naturalization Service Accelerated Service System (INSPASS), which is installed at major airports in the U.S., is based on hand geometry verification
b) Fingerprint-based door. Used to restrict access to premises.
c) A fingerprint verification system is used for computer and network.
d) The Express Card entry kiosks fitted with hand geometry systems for security and immigration shows technology developed by Recognition Systems, Inc. and significantly reduces the immigration processing time.
e) A border passage system using iris recognition.
f) The Face Pass system is used in POS verification applications like ATMs, therefore, obviating the need for PINs.
g) The Identix Touch Clock fingerprint system is used in time and attendance applications.
LIMITATIONS OF BIOMETRIC SYSTEMS
The successful installation of biometric systems in various civilian applications does not imply that biometrics is a fully solved problem. It is clear that there is plenty of scope for improvement in biometrics. Biometric systems that operate using any single biometric characteristic have the following limitations:
1. Noise in sensed data: The sensed data might be noisy or distorted. A fingerprint with a scar, or a voice altered by cold are examples of noisy data. Noisy data could also be the result of defective or improperly maintained sensors (e.g., accumulation of dirt on a fingerprint sensor) or poor illumination of a user's face in a face recognition system.
2. Intra-class variations: This variation is typically caused by a user who is incorrectly interacting with the sensor or when sensor characteristics are modified during the verification phase.
3. Distinctiveness: While a biometric trait is expected to vary significantly across individuals, there may be large inter-class similarities in the feature sets used to represent these traits. This limitation restricts the discriminability provided by the biometric trait. Thus, every biometric trait has some theoretical upper bound in terms of its discrimination capability.
4. Non-universality: While every user is expected to possess the biometric trait being acquired, in reality it is possible for a user to not possess a particular biometric. A fingerprint biometric system, for example, may be unable to extract features from the fingerprints of certain individuals, due to the poor quality of the ridges. It has been estimated that as much as 4% of the population may have poor quality fingerprint ridges that are difficult to image with the currently available fingerprint sensor system.
5. Spoof attacks: This type of attack is especially relevant when behavioral traits such as signature and voice are used .It has been demonstrated that it is possible to construct artificial fingers/fingerprints in a reasonable amount of time to circumvent a fingerprint verification system.
CONCLUSION / SUMMARY
Biometric Encryption System is an algorithm for the linking and retrieval of digital keys, which can be used as a method for the secure management of cryptographic keys. The cryptographic key is generated independently from the Biometric Encryption algorithm and can be updated periodically via a re-enrollment procedure. The convenience and security provided by Biometric Encryption will undoubtedly help to promote more widespread use of cryptographic systems. As biometric technology matures, there will be an increasing interaction among the market, technology, and the applications. This interaction will be influenced by the added value of the technology, user acceptance, and the credibility of the service provider. It is too early to predict where and how biometric technology would evolve and get embedded in which applications. But it is certain that biometric-based recognition will have a profound influence on the way we conduct our daily business.
REFERENCES
1. Albert Bodo, Method for producing a digital signature with aid of a biometric feature, German patent DE 42 43 908 A1, (1994).
2. J.W. Goodman, Introduction to Fourier Optics, McGraw-Hill, (1968).
3. W.B. Hahn, Jr., and K.A. Bauchert, Optical correlation algorithm development for the Transfer of Optical Processing to Systems (TOPS) program, Proc. SPIE 1959, 48-54, (1993).
4. Manfred Bromba(bromba.com)
5. P.J. Philips, P. Grother, R. J. Micheals, D. M. Blackburn, E. Tabassi, and J. M. Bone, FRVT 2002: Overview and Summary, available from http://frvtFRVT2002/documents.htm

and read related article of BIOMETRICS

http://studentbank.in/report-biometrics--3483
http://studentbank.in/report-biometrics-...t-and-iris
http://studentbank.in/report-ear-biometrics
http://studentbank.in/report-dental-biometrics
http://studentbank.in/report-iris-biomet...tification
http://studentbank.in/report-biometrics-and-finger-scan

---

INTRODUCTION
Biometrics (Greek: bios ="life", metron ="measure") is the study of methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. Biometric Authentication - the automatic identification of living individuals by using their physiological and behavioral characteristics; "negative identification can only be accomplished through biometric identification"; "if a pin or password is lost or forgotten it can be changed and reissued but a biometric identification cannot" . The fields of involvement of Biometric Analysis are as follows:- DNA\Genetic Fingerprinting - Biometric identification obtained by examining a person's unique sequence of DNA base pairs; often used for evidence in criminal law cases. Automatic face recognition, face recognition, facial recognition - Biometric identification by scanning a person's face and matching it against a library of known faces; "they used face recognition to spot known terrorists". Fingerprint - Biometric identification from a print made by an impression of the ridges in the skin of a finger; often used as evidence in criminal investigations Finger scan, finger scanning - Biometric identification by automatically scanning a person's fingerprints electronically Iris scanning - Biometric identification by scanning the iris of the eye; "the structure of the iris is very distinctive" Signature recognition - biometric identification by automatically scanning a person's signature and matching it electronically against a library of known signatures Retinal scanning - biometric identification by scanning the retina of the eye; "identification by retinal scanning is complicated by eye movements" Voiceprint - biometric identification by electronically recording and graphically representing a person's voice; "voiceprints are uniquely characteristic of individual speakers" Identification - evidence of identity; something that identifies a person or thing 1 In information technology, biometric authentication refers to technologies that measure and analyzes human physical and behavioural characteristics for authentication purposes. Examples of physical (or physiological or biometric) characteristics include fingerprints, eye retinas and irises, facial patterns and hand measurements, while examples of mostly behavioural characteristics include signature, gait and typing patterns. All behavioral biometric characteristics have a physiological component, and, to a lesser degree, physical biometric characteristics have a behavioral element. Some researchers, have coined the term behaviometrics for behavioral biometrics such as typing rhythm or mouse gestures where the analysis can be done continuously without interrupting or interfering with user activities.

Operation and Performance
In a typical IT biometric system, a person registers with the system when one or more of
his physical and behavioural characteristics are obtained. This information is then
processed by a numerical algorithm, and entered into a database. The algorithm creates a
digital representation of the obtained biometric. If the user is new to the system, he or she
enrolls, which means that the digital template of the biometric is entered into the
database. Each subsequent attempt to use the system, or authenticate, requires the
biometric of the user to be captured again, and processed into a digital template. That
template is then compared to those existing in the database to determine a match. The
process of converting the acquired biometric into a digital template for comparison is
completed each time the user attempts to authenticate to the system. The comparison
process involves the use of a Hamming distance. This is a measurement of how similar
two bit strings are. For example, two identical bit strings have a Hamming Distance of
zero, while two totally dissimilar ones have a Hamming Distance of one. Thus, the
Hamming distance measures the percentage of dissimilar bits out of the number of
comparisons made. Ideally, when a user logs in, nearly his entire features match; then
when someone else tries to log in, who does not fully match, and the system will not
allow the new person to log in. Current technologies have widely varying Equal Error
Rates, varying from as low as 60% and as high as 99.9%.
Performance of a biometric measure is usually referred to in terms of the false accept rate
(FAR), the false non match or reject rate (FRR), and the failure to enroll rate (FTE or
FER). The FAR measures the percent of invalid users who are incorrectly accepted as
genuine users, while the FRR measures the percent of valid users who are rejected as
impostors.
In real-world biometric systems the FAR and FRR can typically be traded off against
each other by changing some parameter. One of the most common measures of real-
world biometric systems is the rate at which both accept and reject errors are equal: the
equal error rate (EER), also known as the cross-over error rate (CER). The lower the EER
or CER, the more accurate the system is considered to be.
2
Stated error rates sometimes involve idiosyncratic or subjective elements. For example,
one biometrics vendor set the acceptance threshold high, to minimize false accepts. In the
trial, three attempts were allowed, and so a false reject was counted only if all three
attempts failed. At the same time, when measuring performance biometrics (e.g. writing,
speech etc.), opinions may differ on what constitutes a false reject. If a signature
verification system is trained with an initial and a surname, can a false reject be
legitimately claimed when it then rejects the signature incorporating a full first name?
Despite these misgivings, biometric systems have the potential to identify individuals
with a very high degree of certainty. Forensic DNA evidence enjoys a particularly high
degree of public trust at present (ca. 2004) and substantial claims are being made in
respect of iris recognition technology, which has the capacity to discriminate between
individuals with identical DNA, such as monozygotic twins.
Issues and concerns
As with many interesting and powerful developments of technology, there are concerns
about biometrics. The biggest concern is the fact that once a fingerprint or other
biometric source has been compromised it is compromised for life, because users can
never change their fingerprints. Theoretically, a stolen biometric can haunt a victim for
decades.
Identity theft and privacy issues
Concerns about Identity theft through biometrics have not been resolved. If a person's
credit card number is stolen, for example, it can cause them great difficulty since this
information can be used in situations where the security system requires only "single-
factor" authentication; i.e., just knowing the credit card number and its expiration date
can sometimes be enough to use a stolen credit card successfully. Two-factor security
solutions require something you know plus something you have; for example, a debit
card and a personal Identification Number (PIN) or a biometric. Some argue that if a
person's biometric data is stolen it might allow someone else to access personal
information or financial accounts, in which case the damage could be irreversible. But
this argument ignores a key operational factor intrinsic to all biometrics-based security
solutions; biometric solutions are based on matching, at the point of transaction, the
information obtained by the scan of a "live" biometric sample to a prestored, static
"match template" created when the user originally enrolled in the security system. Most
of the commercially-available biometric systems address the issues of ensuring that the
static enrollment sample has not been tampered with (i.e., using hash codes and
encryption), so the problem is effectively limited to cases where the scanned "live"
biometric data is hacked. Even then, most competently-designed solutions contain anti-
hacking routines. For example, the scanned "live" image is virtually never the same from
scan-to-scan owing to the inherent plasticity of biometrics; ironically, a "replay" attack
using the stored biometric is easily detected because it is too perfect a match.
3
Marketing of biometric products
Despite confirmed cases of defeating commercially available biometric scanners, many
companies marketing biometric products (especially consumer level products such as
readers built into keyboards) still claim the products as replacements, rather than
suppliments, of passwords. Furthermore, regulations regarding advertising and
manufacturing of biometric products are (as of 2006) largely non-existent. Given the low
security, consumer level products are most likely to be bought and used by most people,
the end result can theoretically lead to large scale economical and social problems
associated with biometric identity theft.
Sociological concerns
As technology advances, and time goes on, more and more private companies and public
utilities will use biometrics for safe, accurate identification. However, these advances will
raise many concerns throughout society, where many may not be educated on the
methods. Here are some examples of concerns society has with biometrics:
Physical - Some believe this technology can cause physical harm to an individual
using the methods, or that instruments used are unsanitary. For example, there are
concerns that retina scanners might not always be clean.
Personal Information - There are concerns whether our personal information taken
through biometric methods can be misused, tampered with, or sold, e.g. by
criminals stealing, rearranging or copying the biometric data. Also, the data
obtained using biometrics can be used in unauthorized ways without the
individual's consent.
Danger to owners of secured items
When thieves cannot get to secure properties, there is a chance that thieves will stalk and
assault property owner to gain access. If the item is secured with biometric device, the
damage to the owner can become irreversible, and potentially cost more than the secured
properties. In 2005, Malaysian car thieves cut off the finger of a Mercedes-Benz S-Class
owner when attempting to steal the car.
4
Uses and initiatives
Biometrics being a wide field of application is being used in several different ways in
different countries since the Ethical, Logical, Social Issues vary from country to country.
The description of biometric analysis for some countries in which it is applied oftenly for
various purposes.
Brazil
Since the beginning of the 20th century, Brazilian citizens have used ID cards. The
decision by the Brazilian government to adopt fingerprint-based biometrics was
spearheaded by Dr. Felix Pacheco at Rio de Janeiro, at that time capital of the Federative
Republic. Dr. Pacheco was a friend of Dr. Juan Vucetich, who invented one of the most
complete tenprint classification systems in existence. The Vucetich system was adopted
not only in Brazil, but also by most of the other South American countries. The oldest
and most traditional ID Institute in Brazil (Instituto de Identificação Félix Pacheco) was
integrated at DETRAN [3] (Brazilian equivalent to DMV) into the civil and criminal
AFIS system in 1999.
Each state in Brazil is allowed to print its own ID card, but the layout and data are the
same for all of them. The ID cards printed in Rio de Janeiro are fully digitized using a 2D
bar code with information which can be matched against its owner off-line. The 2D bar
code encodes a color photo, a signature, two fingerprints, and other citizen data. This
technology was developed in 2000 in order to enhance the safety of the Brazilian ID
cards.
At the end of 2005, the Brazilian government started the development of its new passport.
The soon to be released new passport will include several security features. Brazilian
citizens will have their signature, photo, and 10 rolled fingerprints collected during
passport requests. All of the data is planned to be stored in ICAO E-passport standard.
This allows for contactless electronic reading of the passport content and Citizens ID
verification since fingerprint templates and token facial images will be available for
automatic recognition. The project is expected to go into operation phase by the second
semester of 2006.
United States
The United States government has become a strong advocate of biometrics with the
increase in security concerns in recent years, since September 11, 2001. Starting in 2005,
US passports with facial (image-based) biometric data were scheduled to be produced.
Privacy activists in many countries have criticized the technology's use for the potential
harm to civil liberties, privacy, and the risk of identity theft. Currently, there is some
apprehension in the United States (and the European Union) that the information can be
"skimmed" and identify people's citizenship remotely for criminal intent, such as
kidnapping. There also are technical difficulties currently delaying biometric integration
into passports in the United States, the United Kingdom, and the rest of the EU.
5
These difficulties include compatibility of reading devices, information formatting, and
nature of content (e.g. the US currently expect to use only image data, whereas the EU
intends to use fingerprint and image data in their passport RFID biometric chip(s)).
The speech made by President Bush on May 15, 2006, live from the Oval Office, was
very clear: from now on, anyone willing to go legally in the United States in order to
work there will be card-indexed and will have to communicate his fingerprints while
entering the country. Many foreigners will have to subject themselves to these
procedures, formerly only imposed to criminals and to spies, not to immigrants and
visitors, and even less to citizens.
"A key part of that system [for verifying documents and work eligibility of aliens] should
be a new identification card for every legal foreign worker. This card should use
biometric technology, such as digital fingerprints, to make it tamper-proof." President
George W Bush (Addresses on Immigration Reform, May 15, 2006)
The US Department of Defense (DoD) Common Access Card, is an ID card issued to all
US Service personnel and contractors on US Military sites. This card contains biometric
data and digitized photographs. It also has laser-etched photographs and holograms to
add security and reduce the risk of falsification. There have been over 10 million of these
cards issued.
According to Jim Wayman, director of the National Biometric Test Center at San Jose
State University, Walt Disney World is the nation's largest single commercial application
of biometrics. However, the US Visit program will very soon surpass Mickey's kingdom
for biometrics deployment.
Germany
The biometrics market in Germany will experience enormous growth until 2009. The
market size will increase from approximately 12 million ‚¬ (2004) to 377 million ‚¬
(2009). The federal government will be a major contributor to this development. In
particular, the biometric procedures of fingerprint and facial recognition can profit from
the government project . In May 2005 the German Upper House of Parliament approved
the implementation of the ePass, a passport issued to all German citizens which contain
biometric technology. The ePass has been in circulation since November 2005, and
contains a chip that initially will hold a digital photo of the holder's face. Starting in
March 2007, fingerprints also will be stored on the chips “ one from each hand. A third
biometric identifier “ iris scans “ could be added at a later stage. An increase in the
prevalence of biometric technology in Germany is an effort to not only keep citizens safe
within German borders but also to comply with the current US deadline for visa-waiver
countries to introduce biometric passports. In addition to producing biometric passports
for German citizens, the German government has put in place new requirements for
visitors for apply for visas within the country. Only applicants for long-term visas,
which allow more than three months' residence, will be affected by the planned biometric
6
registration program. The new work visas will also include fingerprinting, iris scanning,
and digital photos.
Germany is also one of the first countries to implement biometric technology at the
Olympic Games to protect German athletes. The Olympic Games is always a
diplomatically tense affair and previous events have been rocked by terrorist attacks -
most notably when Germany last held the Games in Munich in 1972 and 11 Israeli
athletes were killed.
Biometric technology was first used at the Olympic Summer Games in Athens, Greece in
2004. On registering with the scheme, accredited visitors will receive an ID card
containing their fingerprint biometrics data that will enable them to access the 'German
House'. Accredited visitors will include athletes, coaching staff, team management and
members of the media.
7
Identity theft and privacy issues
Concerns about Identity theft through biometrics have not been resolved. If a person's
credit card number is stolen, for example, it can cause them great difficulty since this
information can be used in situations where the security system requires only "single-
factor" authentication; i.e., just knowing the credit card number and its expiration date
can sometimes be enough to use a stolen credit card successfully. Two-factor security
solutions require something you know plus something you have; for example, a debit
card and a personal Identification Number (PIN) or a biometric. Some argue that if a
person's biometric data is stolen it might allow someone else to access personal
information or financial accounts, in which case the damage could be irreversible. But
this argument ignores a key operational factor intrinsic to all biometrics-based security
solutions; biometric solutions are based on matching, at the point of transaction, the
information obtained by the scan of a "live" biometric sample to a prestored, static
"match template" created when the user originally enrolled in the security system. Most
of the commercially-available biometric systems address the issues of ensuring that the
static enrollment sample has not been tampered with (i.e., using hash codes and
encryption), so the problem is effectively limited to cases where the scanned "live"
biometric data is hacked. Even then, most competently-designed solutions contain anti-
hacking routines. For example, the scanned "live" image is virtually never the same from
scan-to-scan owing to the inherent plasticity of biometrics; ironically, a "replay" attack
using the stored biometric is easily detected because it is too perfect a match.
The television program Mythbusters attempted to break into a commercial security door
equipped with biometric authentication as well as a personal laptop so equipped. While
the laptop's system proved more difficult to bypass, the advanced commercial security
door with "live" sensing was fooled with a printed scan of a fingerprint after it had been
licked. Assuming the tested security door is representative of the current typical state of
biometric authentication, that it was so easily bypassed suggests biometrics may not yet
be reliable as a strong form of authentication.
8
Facial recognition system
A facial recognition system is a computer-driven application for automatically
identifying a person from a digital image. It does that by comparing selected facial
features in the live image and a facial database.
It is typically used for security systems and can be compared to other biometrics such as
fingerprint or eye iris recognition systems.
Popular recognition algorithms include eigenface, fisherface, the Hidden Markov model,
and the neuronal motivated Dynamic Link Matching. A newly emerging trend, claimed to
achieve previously unseen accuracies, is three-dimensional face recognition. Another
emerging trend uses the visual details of the skin, as captured in standard digital or
scanned images. Tests on the FERET database, the widely used industry benchmark,
showed that this approach is substantially more reliable than previous algorithms.
9
Uses of Face Recognition System
In addition to being used for security systems, authorities have found a number of other
applications for facial recognition systems.
At Super Bowl XXXV in January 2000, police in Tampa Bay, Florida, used FaceIt to
search for potential criminals and terrorists in attendance at the event.(it found 19 people
with pending arrest warrants)
In the 2000 presidential election, the Mexican government employed facial recognition
software to prevent voter fraud. Some individuals had been registering to vote under
several different names, in an attempt to place multiple votes. By comparing new facial
images to those already in the voter database, authorities were able to reduce duplicate
registrations. Similar technologies are being used in the United States to prevent people
from obtaining fake identification cards and driverâ„¢s licenses.
There are also a number of potential uses for facial recognition that are currently being
developed. For example, the technology could be used as a security measure at ATMâ„¢s;
instead of using a bank card or personal identification number, the ATM would capture
an image of your face, and compare it to your photo in the bank database to confirm your
identity. This same concept could also be applied to computers; by using a webcam to
capture a digital image of yourself, your face could replace your password as a means to
log-in.
Criticisms of the Face recognition System
Efficacy
Critics of the technology complain that the London Borough of Newham scheme has, as
of 2004, never recognised a single criminal, despite several criminals in the system's
database living in the Borough and the system having been running for several years.
"Not once, as far as the police know, has Newham's automatic facial recognition system
spotted a live target." This information seems to conflict with that given by Identix's press
release of April 2001, where they claim the system was credited with a 34% reduction in
crime - which better explains why the system was then rolled out to Birmingham also.
An experiment by the local police department in Tampa, Florida, had similarly
disappointing results.
"Camera technology designed to spot potential terrorists by their facial characteristics at
airports failed its first major test at Boston's Logan Airport"
10
Privacy concerns
Despite the potential benefits of this technology, many citizens are concerned that their
privacy will be invaded. Some fear that it could lead to a total surveillance society,
with the government and other authorities having the ability to know where you are, and
what you are doing, at all times.
Early developments
Pioneers of Automated Facial Recognition include: Woody Bledsoe, Helen Chan Wolf,
and Charles Bisson.
During 1964 and 1965, Bledsoe, along with Helen Chan and Charles Bisson, worked on
using the computer to recognize human faces (Bledsoe 1966a, 1966b; Bledsoe and Chan
1965). He was proud of this work, but because the funding was provided by an unnamed
intelligence agency that did not allow much publicity, little of the work was published.
Given a large database of images (in effect, a book of mug shots) and a photograph, the
problem was to select from the database a small set of records such that one of the image
records matched the photograph. The success of the method could be measured in terms
of the ratio of the answer list to the number of records in the database. Bledsoe (1966a)
described the following difficulties:
This recognition problem is made difficult by the great variability in head rotation and
tilt, lighting intensity and angle, facial expression, aging, etc. Some other attempts at
facial recognition by machine have allowed for little or no variability in these quantities.
Yet the method of correlation (or pattern matching) of unprocessed optical data, which is
often used by some researchers, is certain to fail in cases where the variability is great. In
particular, the correlation is very low between two pictures of the same person with two
different head rotations.
This project was labeled man-machine because the human extracted the coordinates of a
set of features from the photographs, which were then used by the computer for
recognition. Using a graphics tablet (GRAFACON or RAND TABLET), the operator
would extract the coordinates of features such as the center of pupils, the inside corner of
eyes, the outside corner of eyes, point of widows peak, and so on. From these
coordinates, a list of 20 distances, such as width of mouth and width of eyes, pupil to
pupil, were computed. These operators could process about 40 pictures an hour. When
building the database, the name of the person in the photograph was associated with the
list of computed distances and stored in the computer. In the recognition phase, the set of
distances was compared with the corresponding distance for each photograph, yielding a
distance between the photograph and the database record. The closest records are
returned.
11
This brief description is an oversimplification that fails in general because it is unlikely
that any two pictures would match in head rotation, lean, tilt, and scale (distance from the
camera). Thus, each set of distances is normalized to represent the face in a frontal
orientation. To accomplish this normalization, the program first tries to determine the tilt,
the lean, and the rotation. Then, using these angles, the computer undoes the effect of
these transformations on the computed distances. To compute these angles, the computer
must know the three-dimensional geometry of the head. Because the actual heads were
unavailable, Bledsoe (1964) used a standard head derived from measurements on seven
heads.
After Bledsoe left PRI in 1966, this work was continued at the Stanford Research
Institute, primarily by Peter Hart. In experiments performed on a database of over 2000
photographs, the computer consistently outperformed humans when presented with the
same recognition tasks (Bledsoe 1968). Peter Hart (1996) enthusiastically recalled the
project with the exclamation, "It really worked!"
12
Comparative study
Among the different biometric techniques facial recognition may not be the most reliable
and efficient but its great advantage is that it does not require aid from the test subject.
Properly designed systems installed in airports, multiplexes, and other public places can
detect presence of criminals among the crowd. Other biometrics like fingerprints, iris,
and speech recognition cannot perform this kind of mass scanning. However, questions
have been raised on the effectiveness of facial recognition software in cases of railway
and airport security.
Three-dimensional face recognition
Three-dimensional face recognition (3D face recognition) is a modality of facial
recognition methods in which the three-dimensional geometry of the human face is used.
It has been shown that 3D face recognition methods can achieve significantly higher
accuracy than their 2D counterparts, rivaling fingerprint recognition.
3D face recognition achieves better accuracy than its 2D counterpart by measuring
geometry of rigid features on the face.[citation needed] This avoids such pitfalls of 2D
face recognition algorithms as change in lighting, different facial expressions, make-up
and head orientation. Another approach is to use the 3D model to improve accuracy of
traditional image based recognition by transforming the head into a known view.
The main technological limitation of 3D face recognition methods is the acquisition of
3D images, which usually requires a range camera. This is also a reason why 3D face
recognition methods have emerged significantly later (in the late 1980s) than 2D
methods. Recently commercial solutions have implemented depth perception by
projecting a grid onto the face and integrating video capture of it into a high resolution
3D model. This allows for good recognition accuracy with low cost off-the-shelf
components.
Currently, 3D face recognition is still an open research field, though several vendors
already offer commercial solutions.
13
Iris recognition
Iris recognition is a method of biometric authentication that uses pattern recognition
techniques based on high-resolution images of the irides of an individual's eyes. Not to be
confused with another less prevalent ocular-based technology, retina scanning, iris
recognition uses camera technology, and subtle IR illumination to reduce specular
reflection from the convex cornea to create images of the detail-rich, intricate structures
of the iris. These unique structures converted into digital templates, provide mathematical
representations of the iris that yield unambiguous positive identification of an individual.
Iris recognition efficacy is rarely impeded by glasses or contact lenses. Iris technology
has the smallest outlier (those who cannot use/enroll) group of all biometric technologies.
The only biometric authentication technology designed for use in a one-to many search
environment, a key advantage of iris recognition is its stablity, or template longevity as,
barring trauma, a single enrollment can last a lifetime.
Breakthrough work to create the iris recognition algorithms required for image
acquisition and one-to-many matching was pioneered by John G. Daugman, Ph.D, OBE
(University of Cambridge Computer Laboratory), who holds key patents on the method.
These were utilized to effectively debut commercialization of the technology in
conjunction with an early version of the IrisAccess system designed and manufactured by
Korea's LG Electronics. Daugman's algorithms are the basis of almost all currently (as of
2006) commercially deployed iris-recognition systems. It has a so far unmatched
practical false-accept rate of zero; that is there is no known pair of images of two
different irises that the Daughman algorithm in its deployed configuration mistakenly
identifies as the same. (In tests where the matching thresholds are “ for better
comparability “ changed from their default settings to allow a false-accept rate in the
region, the IrisCode false-reject rates are comparable to the most accurate single-finger
fingerprint matchers.
14
Operating principle
An iris-recognition algorithm first has to identify the approximately concentric circular
outer boundaries of the iris and the pupil in a photo of an eye. The set of pixels covering
only the iris is then transformed into a bit pattern that preserves the information that is
essential for a statistically meaningful comparison between two iris images. The
mathematical methods used resemble those of modern lossy compression algorithms for
photographic images. In the case of Daugman's algorithms, a Gabor wavelet transform is
used in order to extract the spatial frequency range that contains a good best signal-to-
noise ratio considering the focus quality of available cameras. The result are a set of
complex numbers that carry local amplitude and phase information for the iris image. In
Daugman's algorithms, all amplitude information is discarded, and the resulting 2048 bits
that represent an iris consist only of the complex sign bits of the Gabor-domain
representation of the iris image. Discarding the amplitude information ensures that the
template remains largely unaffected by changes in illumination and virtually negligibly
by iris color, which contributes significantly to the long-term stability of the biometric
template. To authenticate via identification (one-to many template matching) or
verification (one-to one template matching) a template created by imaging the iris, is
compared to a stored value template in a database. If the Hamming Distance is below the
decision threshold, a positive identification has effectively been made.
15
A practical problem of iris recognition is that the iris is usually partially covered by eye
lids and eye lashes. In order to reduce the false-reject risk in such cases, additional
algorithms are needed to identify the locations of eye lids and eye lashes, and exclude the
bits in the resulting code from the comparison operation.
Advantages
The iris of the eye has been described as the ideal part of the human body for biometric
identification for several reasons:
It organ that is against damage and wear by a highly
transparent and sensitive membrane (the cornea). This distinguishes it from fingerprints,
which can be difficult to recognize after years of certain types of manual labor.
The iris is mostly flat and its geometric configuration is only controlled by two
complementary muscles (the sphincter pupillae and dilator pupillae), which control the
diameter of the pupil. This makes the iris shape far more predictable than, for instance,
that of the face.
The iris has a fine texture that “ like fingerprints “ is determined randomly during
embryonic gestation. Even genetically identical individuals have completely independent
iris textures, whereas DNA (genetic "fingerprinting") is not unique for the about 1.5% of
the human population who have a genetically identical monozygotic twin.
An iris scan is similar to taking a photograph and can be performed from about 10 cm to
a few meters away. There is no need for the person to be identified to touch any
equipment that has recently been touched by a stranger, thereby eliminating an objection
that has been raised in some cultures against finger-print scanners, where a finger has to
touch a surface, or retinal scanning, where the eye can be brought very close to a lens
(like looking into a microscope lens).
Some argue that a focused digital photograph with an iris diameter of about 200 pixels
contains much more long-term stable information than a fingerprint.
The only currently commercially deployed iris recognition algorithm, John Daugman's
IrisCode, has an unprecedented false match rate (better than 10-11). Not a single false
match has ever been reported for this algorithm, which has already been used to cross-
compare more than 200 billion combinations of iris pairs as part of the immigration
procedures in the United Arab Emirates.
While there are some medical and surgical procedures that can affect the colour and
overall shape of the iris, the fine texture remains remarkably stable over many decades.
Some iris identification have succeeded over a period of about 30 years.
16
]Disadvantages
Iris scanning is a relatively new technology and is incompatible with the very substantial
investment that the law enforcement and immigration authorities of some countries have
already made into finger-print recognition.
Iris recognition is very difficult to perform at a distance larger than a few meters and if
the person to be identified is not cooperating by holding the head still and looking into
the camera.
As with other photographic biometric technologies, iris recognition is susceptible to poor
image quality, with associated failure to enroll rates. [4]
As with other identification infrastructure (national residents databases, ID cards, etc.),
civil rights activists have voiced concerns that iris-recognition technology might help
governments to track individuals beyond their will.
Security considerations
Like with most other biometric identification technology, a still not satisfactorily solved
problem with iris recognition is the problem of "live tissue verification". The reliability of
any biometric identification depends on ensuring that the signal acquired and compared
has actually been recorded from a live body part of the person to be identified, and is not
a manufactured template. Many commercially available iris recognition systems are
easily fooled by presenting a high-quality photograph of a face instead of a real face,
which makes such devices unsuitable for unsupervised applications, such as door access-
control systems. The problem of live tissue verification is less of a concern in supervised
applications (e.g., immigration control), where a human operator supervises the process
of taking the picture.
Methods that have been suggested to provide some defence against the use of fake eyes
and irises include:
Changing ambient lighting during the identification (switching on a bright lamp), such
that the pupillary reflex can be verified and the iris image be recorded at several different
pupil diameters
Analysing the 2D spatial frequency spectrum of the iris image for the peaks caused by the
printer dither patterns found on commercially available fake-iris contact lenses
Analysing the temporal frequency spectrum of the image for the peaks caused by
computer displays
Using spectral analysis instead of merely monochromatic cameras to distinguish iris
tissue from other material
Observing the characteristic natural movement of an eyeball (measuring nystagmus,
tracking eye while text is read, etc.)
Testing for retinal retro-reflection (red-eye effect)
Testing for reflections from the eye's four optical surfaces (front and back of both cornea
and lens) to verify their presence, position and shape
Using 3D imaging (e.g., stereo cameras) to verify the position and shape of the iris
relative to other eye features
17
A 2004 report by the German Federal Office for Information Security noted that none of
the iris-recognition systems commercially available at the time implemented any live-
tissue verification technology. Like any pattern-recognition technology, live-tissue
verifiers will have their own false-reject probability and will therefore further reduce the
overall probability that a legitimate user is accepted by the sensor.
Deployed applications
A U.S. Marine Corps Sergeant uses an iris scanner to positively identify a member of the
Baghdaddi city council prior to a meeting with local tribal figureheads, sheiks,
community leaders and U.S. service members. One of three biometric identification
technologies internationally standardized by ICAO for use in future passports (the other
two are fingerprint and face recognition)
At Schiphol Airport, Netherlands, iris recognition has permitted passport free
immigration since 2001
United Arab Emirates border control at all 17 air, land and seas ports since 2001
UK's IRIS - Iris Recognition Immigration System
Used to verify the recognition of the "Afghan Girl" (Sharbat Gula) by National
Geographic photographer Steve McCurry.
In several Canadian airports, as part of the CANPASS Air program that facilitates entry
into Canada for pre-approved, low-risk air travellers.
Iris recognition in fiction
Steven Spielberg's 2002 science fiction film Minority Report depicts a society in which
what appears to be a form of iris recognition has become daily practice. A main character
has an eye transplant in order to change his identity.
18
Retinal scan
A retinal scan is a biometric technique that uses the unique patterns on a person's retina to
identify them.
The human retina is stable from birth to death, making it the most accurate biometric to
measure. It has been possible to take a retina scan since the 1930s, when research
suggested that each individual had unique retina patterns. The research was validated and
we know that the blood vessels at the back of the eye have a unique pattern, from eye to
eye and person to person. A retinal scan involves the use of a low-intensity light source
and coupler that are used to read the blood vessel patterns, producing very accurate
biometric data. It has the highest crossover accuracy of any of the biometric collectors,
estimated to be in the order of 1:10,000,000.
Development of the technology has taken longer than expected and for many years the
process of taking a retinal scan was measured in tens of seconds. New technology is
capable of capturing a retinal scan in less than 1 second.
Some biometric identifiers, like fingerprints, can be fooled. This is not the case with a
retina scan. The retina of a deceased person quickly decays and cannot be used to deceive
a retinal scan. It is for this reason that retina scan technology is used for high end access
control security applications.
As of 2006, some parts of the American Department of Energy were using retinal
scanners for identification purposes.
19
DNA Fingerprinting and its Applications in Biometric
Analysis.
The chemical structure of everyone's DNA is the same. The only difference between
people (or any animal) is the order of the base pairs. There are so many millions of base
pairs in each person's DNA that every person has a different sequence.
Using these sequences, every person could be identified solely by the sequence of their
base pairs. However, because there are so many millions of base pairs, the task would be
very time-consuming. Instead, scientists are able to use a shorter method, because of
repeating patterns in DNA.
These patterns do not, however, give an individual "fingerprint," but they are able to
determine whether two DNA samples are from the same person, related people, or non-
related people. Scientists use a small number of sequences of DNA that are known to
vary among individuals a great deal, and analyze those to get a certain probability of a
match.
How is DNA Fingerprinting done?
Every strand of DNA has pieces that contain genetic information which informs an
organism's development (exons) and pieces that, apparently, supply no relevant genetic
information at all (introns). Although the introns may seem useless, it has been found that
they contain repeated sequences of base pairs. These sequences, called Variable Number
Tandem Repeats (VNTRs), can contain anywhere from twenty to one hundred base pairs.
Every human being has some VNTRs. To determine if a person has a particular VNTR, a
Southern Blot is performed, and then the Southern Blot is probed, through a hybridization
reaction, with a radioactive version of the VNTR in question. The pattern which results
from this process is what is often referred to as a DNA fingerprint.
A given person's VNTRs come from the genetic information donated by his or her
parents; he or she could have VNTRs inherited from his or her mother or father, or a
combination, but never a VNTR either of his or her parents do not have. Shown below
are the VNTR patterns for Mrs. Nguyen [blue], Mr. Nguyen [yellow], and their four
children: D1 (the Nguyens' biological daughter), D2 (Mr. Nguyen's step-daughter, child
of Mrs. Nguyen and her former husband [red]), S1 (the Nguyens' biological son), and S2
(the Nguyens' adopted son, not biologically related [his parents are light and dark green]).
20
Because VNTR patterns are inherited genetically, a given person's VNTR pattern is more
or less unique. The more VNTR probes used to analyze a person's VNTR pattern, the
more distinctive and individualized that pattern, or DNA fingerprint, will be.
21
Some Concerns on the Measurement for Biometric Analysis
and Applications
Some concerns of measurement for biometric analysis and synthesis are investigated.
This research tries to reexamine the nature of the basic definition of measurement of
distance between two objects or image patterns, which is essential for comparing the
similarity of patterns. According to a recent International Workshop on Biometric
Technologies: Modeling and Simulation at University of Calgary, Canada
[Yanushkevich et al., Eds. (2004)], biometric refers to the studies of analysis, synthesis,
modeling and simulation of human behavior by computers, including mainly recognition
of hand printed words, machines printed characters, handwriting, fingerprint, signature,
facial expression, speech, voice, emotion and iris etc.The key idea is the measurement
that defines the similarity between different input data that can be represented by image
data. This paper deals with the very fundamental phenomena of measurement of these
studies and analysis. Preliminary findings and observations show that the concepts of
segmentation and disambiguation are extremely important, which have been long
ignored. Even while computer and information professionals and researchers have spent
much effort , energy, and time, trying very hard and diligently to develop methods that
may reach as high as 99.9999 % accuracy rate for character and symbol recognition, a
poorly or ill considered pre-designed board poster or input pattern could easily
destroy its effectiveness and lower the overall performance accurate rate to less than
50%. The more data it handles, the worse the results. Its overall performance accuracy
rate will be proportionally decreasing.
Overview (Introduction)
We first briefly review what's happening in biometric research and their
results. According to [Int. biometric group (2003)], a majority of biometric
studies fall into the categories of fingerprint, facial and symbol analysis and
recognition, about 74%. It can be shown in the Fig. 3.1.
Inverse methods in analysis examples are shown in [Plamondon and
Srihari (2000)], [Popel (2006)], [Yanushkevich et al.(2005)] (Fig. 3.2):
(a) Modeling, or tampering (e.g. signature forgery in the task of signature recognition)
22
23
(b) Voice synthesis (telecommunication services), and
© Facial image synthesis (animation, \talking heads").
There are also some developments of generating synthetic biometric data, using computer
graphics, computational geometry methodologies, with applications to the following
fields, which are being implemented successfully [Jain et al. (2005)], [Jain and Uludag
(2003)], [Ma et al. (2005)], [Ratha et al. (2001)], ?? [Zhang et al. (2004)], [Zhang et al.
(2001)]:
(a) Collecting large databases for testing the robustness of identification
systems,
(b) Training personnel on a system that deploys simulation of biometric
data,
© Cancelable biometrics,
(d) Biometric Data Hiding, and
(e) Biometric Encryption.
Further, according to a most recent book regarding advanced aspects of biometrics
Handbook of Multibiometrics [Ross et al. (2006)], consistent advances in biometrics help
to address problems that plague traditional human recognition methods and offer
significant promise for applications in security as well as general convenience. In
particular, newly evolving systems can measure multiple physiological or behavioral
traits and thereby increase overall reliability that much more. Multimodal Biometrics
provides an accessible, focused examination of the science and technology behind
multimodal human recognition systems, as well as their ramifications for security
systems and other areas of application. After clearly introducing multibiometric systems,
it demonstrates the noteworthy advantages of these systems over their traditional and
unimodal counterparts. In addition, the work describes the various scenarios possible
when consolidating evidence from multiple biometric systems and examines multimodal
system design and methods for computing user-specific parameters. In another book
about general biometrics systems which was published by Springer [Wayman et
al.(2005)], which provides an overview of the principles and methods needed to build
reliable biometric systems. It covers 3 main topics: key biometric technologies, testing
and management issues, and the legal and system considerations of biometric systems for
personal verification/identification. It focuses on the four most widely used technologies -
speech, fingerprint, iris and face recognition. It includes: (a) In-depth coverage of the
technical and practical obstacles which are often neglected by application developers and
system integrators and which result in shortfalls between expected and actual
performance,
(b) Detailed guidelines on biometric system evaluation, and
© Protocols and benchmarks which will allow developers to compare
performance and track system improvements.
The book of Biometric Systems - Technology, Design and Performance Evaluation is
intended as a reference book for anyone involved in the design, management or
implementation of biometric systems.
According to a recent paper regarding metric learning for text documentation analysis
and understanding [Lebanon (2006)], many algorithms in machine learning rely on being
given a good distance metric over the input space. Rather than using a default metric such
as the Euclidean metric, it is desirable to obtain a metric based on the provided data. We
24
consider the problem of learning a Riemannian metric associated with a given
differentiable manifold and a set of points. Their approach to the problem involves
choosing a metric from a parametric family that is based on maximizing the inverse
volume of a given data set of points. From a statistical perspective, it is related to
maximum likelihood under a model that assigns probabilities inversely proportional to
the Riemannian volume element. We discuss in detail learning a metric on the
multinomial simplex where the metric candidates are pull-back metrics of the Fisher
information under a Lie group of transformations. When applied to text document
classification the resulting geodesic distance resemble, but outperform, the
tfidf cosine similarity measure.
In the literature, there is another recent book regarding some guidance to biometrics
published in 2004 [Bolle et al. (2004)]. This complete, technical guide offers some rather
detailed descriptions and analysis of the principles, methods, technologies, and core ideas
used in biometric April 10, 2006 22:48 WSPC/Book Trim Size for 9in x 6in
Main_WorldSc_IPR_SAB Some Concerns on the Measurement for Biometric 21
authentication systems. It explains the definition and measurement of performance and
examines the factors involved in choosing between different biometrics. It also delves
into practical applications and covers a number of topics critical for successful system
integration. These include recognition accuracy, total cost of ownership, acquisition and
processing speed, intrinsic and system security, privacy and legal requirements, and
user acceptance. From above investigations, it can be seen that most recent development
and applications largely rely on the fundamental definition of pattern matching, which in
turn depends on the measurement of distances between two input images. It has been
observed that the concept of ambiguity plays a very important fundamental roles of all
these distance measurement and image pattern processing in both learning (analysis) and
recognition (synthesis), which is also the most difficult obstacles of essentially all
recognition problems in the real daily life. Therefore in the next section, we are going to
discuss these problems and how input images (patterns) can and should be disambiguated
in dealing with real life problem applications.
25
Biometrics perspectives for IT Sector
IT security biometrics is the study on person recognition methods based on the sensing of
a personâ„¢s biological characteristics, measuring of the captured or scanned biometric
characteristics (raw data and sensor system calibration data), computing of biometric
signatures and biometric templates, and verifying and identifying against biometric
templates and (hashed) biometric signatures with regard to the mathematical definitions
of metrics and metric spaces. The (hashed) biometric signatures are used for
authentication purposes against and identification and surveillance purposes by IT
systems within ICT infrastructures.
Privacy : Privacy is everyoneâ„¢s fundamental human right, which is documented in the
Universal Declaration of Human Rights by the General Assembly of the United Nations
[16]. In this paper a definition of privacy by Westin from is used: Privacy is the claim of
individuals, groups and institutions to determine for themselves, when, how and to what
extent information about them is communicated to others. Fischer-Hfubner formulates
in [14] basic privacy principles, which summarize the most essential privacy
requirements. Concerning the analysis of risks for privacy in biometric IT systems, the
discussion focusses on the privacy principles of purpose binding and necessity of data
collection. The principle of purpose binding limits the subsequent use of personal data to
the specified purposes. The principle of necessity of data collection means to avoid or at
least to minimize personal data within an ICT system.
A biometric authentication system is defined as a set of hardware components, processes,
algorithms, data structures, and databases fulfilling internal and/or external
communication between the elements for the purpose of biometric authentication.
A threat to biometric authentication technology is the potential of a circumstance
or an action that causes loss of security, degradation of the technologyâ„¢s reliability
or performance, or the harm to a personâ„¢s privacy. The vulnerability of biometric
authentication technology is a flaw or weakness that makes it possible for a threat to
biometric authentication technology to occur.
A security risk of biometric authentication technology is an expectation of loss
expressed as the probability that a specific threat to biometric authentication technology
will be exploited against a specific vulnerability of biometric authentication technology
with potentially hazardous consequences and effects.
Biometric
enrollment
is
the
process
of
training
personâ„¢s
biometric(characteristics|patterns) into a biometric person recognition system and storing
of the biometric data in a biometric database. Biometric authentication is the process of
verifying a personâ„¢s claimed identity by comparison of a computed biometric signature
from the personâ„¢s biometric (characteristics|patterns) against a stored biometric template.
Biometric derollment is the process of detraining a personâ„¢s biometric
(characteristics|patterns) from a biometric person recognition system and
removal of the biometric data from a biometric database.
26
In the broader sense a biometric(enrollment | authentication | derollment) algorithm is an
algorithm for the enrollment, authentication, or derollment of a personâ„¢s biometric
characteristics against a biometric (authentication|identification system or abortion
of an attempt. In the narrower sense a biometric algorithm is a biometric signal
processing algorithm used within (en|de)rollment and authentication.
A biometric signature is a (binary coded representation of biometric characteristics
for (distributed) computing systems. A biometric template is a biometric signature
(class|cluster) representing a set of biometric signatures. Biometric signatures/templates
can be hashed which results in hashed biometric signatures templates.
Biometric Databases.
A biometric database is a database which holds data about biometric characteristics,
biometric signatures, and personal data. A biometric database which subsumes biometric
characteristics (raw data and calibration data), biometric signatures, personal data, and
a rule-based access control mechanism is defined to be a complete biometric database. A
partial biometric database represents a subset of a complete biometric database.
Biometric Communication Channels. A threat for biometric authentication via insecure
networks is given by replay attacks. A concept of a technical solution for this problem is
presented in Figure 2 by using an active sensor system with an emitter for security
information, which is controlled over a control channel by a biometric authentication
server. The biometric raw data with the added security information is captured and
transferred to the server over the data channel. The server accepts received biometric raw
data, if the expected and valid security information is included. The cryptographic
secured control and data channels, the active sensor system and security information
enhanced biometric raw data are defined together as secure biometric communication
channels.
27
By studying security risks of biometric authentication methods, researchers come to more
secure and reliable prototypical research solutions like presented for instance with
multimodal biometric methods (biometric fusion techniques) by Hong and Jain in and
with multifactor multimodal biometric authentication methods by Br¨omme in Based on
adapted fault trees for security analyses, introduced by Schneier in as attack trees, a
general attack tree for different types of biometric methods can be constructed showing a
security risk analysis in a qualitative way (Figure 4).
28
Some other Applications of Biometric Analysis
In addition to its extensive use in forensic sciences, biometrics technology is rapidly
being adopted in a wide variety of security applications such as electronic and physical
access control, electronic commerce, digital rights management, background checking,
homeland security, and defense. Security systems demand high accuracy, high
throughput, and low cost from their biometric sub-systems. Although biometric systems
have made great strides especially over recent years, there is continued need for vigorous
research to solve many outstanding challenging problems. The goal of this special issue
is to document the current state-of-the-art, the latest breakthroughs achieved by the
scientists working in the area of biometric recognition, and to identify future promising
research areas. We invite original contributions that provide novel solutions to
challenging problems. Submitted papers can address theoretical or practical aspects of the
progress and directions in biometrics research. Topics of interest include, but are not
limited to:
Estimation of biometric individuality (information content).
Statistical performance evaluation.
Temporal interclass and intraclass variability in biometric characteristics.
Verification and identification systems; tracking, indexing, and classification.
Biometric cryptosystems; template protection; privacy protecting techniques;
liveness detection.
Multimodal biometrics; information fusion.
A biometric passport is a combined paper and electronic identity document that uses
biometrics to authenticate the citizenship of travelers. The passport's critical information
is stored on a tiny RFID computer chip, much like information stored on smartcards. Like
some smartcards, the passport book design calls for an embedded contactless chip that is
able to hold digital signature data to ensure the integrity of the passport and the biometric
data.
Norwegian biometric passport
29
The current staged biometrics for this type of identification system is facial recognition,
fingerprint recognition, and iris scans. The International Civil Aviation Organization
defines the biometric standards to be used in passports. ICAO does not currently have
plans to use retinal scanning. Only the digital image (usually in jpeg format) of each
biometric feature is actually stored in the chip. The biometric algorithm is computed
outside of the passport chip by electronic border control systems (e-borders). To store
biometric data on the contactless chip, it includes a minimum of 32 kilobytes of
EEPROM storage memory, and runs on an interface in accordance with the ISO 14443
international standard, amongst others. These standards ensure interoperability between
the different countries and the different manufacturers of the passport books.
Symbol for biometric passports, usually printed on the cover of the passports.
30
CONCLUSION
This paper presents a systematic approach for a holistic security risk analysis of biometric
authentication technology based on the high-level component & process model for
integrated security risk analysis of biometric authentication technology also proposed
here. The processes and components used within this model are developed together with
a terminology for biometric authentication technology for the research field of IT security
biometrics, which is comprehensively presented here for the first time.
Current approaches for risk analysis of biometric authentication technology are limited to
enrollment and identification/ verification processes with biometric algorithms mainly
considered as black-boxes, only.
By using the biometric authentication risk matrices introduced here it is shown that more
than seven thousand single possible risk effect classes can be identified, which should be
examined for an overall holistic security risk analysis of biometric authentication
technology.
With the systematic discovery of such a large amount of possible risk effect classes in
this paper, it can be concluded that current biometric authentication technology contains
inherent holistic security risks, which are not systematically explored. For this reason, the
specific risk analysis approach presented here has a strong advantage in comparison with
other evaluation and risk analysis approaches in this area. More generally speaking, the
presented approach is a significant contribution on the way to the possible development
of more (holistic) secure biometric authentication technology.
31
REFRENCES
answers.com
biotech.com
ccs .neu.edu
articles from TIMES OF INDIA

Now-a-days we are facing majority of crimes related to security issues and these arise due to the leakage of passwords or illegal authentication. At one end, there is a continuous and tremendous improvement in the lifestyle of Humans while at the other end; the technological crimes are increasing rapidly. As there is a problem, there must be a solution. The need for a compromising technology which can be adopted is highly imperative. Technologies capable of identifying each person uniquely need to be developed. The only powerful solution for the problem of illegal authentication is Biometrics.
This paper provides an overall idea of Biometrics , the typical Biometric Model, an overview of the Biometric techniques and focuses mainly on Keystroke Biometrics which is easy to implement and can provide fool proof security based on the effectiveness of the algorithm.