A Seminar Report+ Biometric

8/3/2019 A Seminar Report+ Biometric

1/29

A SEMINAR REPORT

ON

BIOMETRIC

Submitted by

Priyashri Mishra

Regd. No.:- 0801402059

GANDHI INSTITUTE FOR TECHNOLOGY

BIJU PATNAIK UNIVERSITY OF TECHNOLOGY

ROURKELA, ORISSA

OCTOBER 2011

Supervised by

Mr. Kailash Chandra Rout

Mr. S.K Behera


2/29

BIJU PATNAIK UNIVERSITY OF TECHNOLOGY

ROURKELA, ORISSA

BONAFIDE CERTIFICATE

This is to be certified that this seminar report BIOMETRIC isthe bonafide work of Ms. Priyashri Mishra who carried out the

seminar work under our supervision.

SIGNATURE SIGNATURE

SUPERVISOR SUPERVISOR

Senior Lecturer Senior Lecturer

ECE Department ECE Department

GANDHI INSTITUTE FOR

TECHNOLOGY

GANDHI INSTITUTE FOR

TECHNOLOGY

SIGNATURE

Mr. Kailash Chandra Rout

HEAD OF THE DEPARTMENT

ECE Department

GANDHI INSTITUTE FOR TECHNOLOGY


3/29

ACKNOWLEDGEMENT

I owe a great many thanks to a great many people who helped andsupported me to complete my seminar.

My deepest thanks to Lecturers, Mr.S.K Behera, the Guide of the seminar

and Mr.K.C Rout for guiding and correcting various documents of mine

with attention and care. They have gone through the project and have

made necessary correction as and when needed.

I would also thank my Institution and my faculty members without whom

this project would have been a distant reality. I also extend my heartfelt

thanks to my family and well wishers.


4/29

Table Of Contents

1. Abstract----------------------------------------------------------------------------- 5

2. Introduction------------------------------------------------------------------------6

3. Parameter---------------------------------------------------------------------------7

4. Design Issues-----------------------------------------------------------------------8

5. Working principle-----------------------------------------------------------------9

6. Modes-------------------------------------------------------------------------------9

7. Physiological biometric----------------------------------------------------------11

8. Behavioral biometric-------------------------------------------------------------14

9. Advantage and Disadvantage---------------------------------------------------15

10.Application------------------------------------------------------------------------18

11.Conclusion------------------------------------------------------------------------20

12.Bibliography----------------------------------------------------------------------21


5/29

ABSTRACT

Biometrics is the development of statistical and mathematical methods

applicable to data analysis problems in the biological sciences. It is a new

method of verifying authenticity. Biometrics uses biological traits or

behavioral characteristics to identify an individual. A Biometrics system is

actually a pattern recognition system that utilizes various patterns like iris

patterns, retina patterns and biological traits like fingerprints, facial

geometry, voice recognition and hand recognition etc. What makes

Biometrics really attractive is the fact that the various security codes like

the passwords and the PIN can be interchanged between people the

physiological traits cant be.The current applications of Biometric authentication are Entry control,

ATM's and Government programs. The most obvious use of biometrics for

network security is for secure workstation logons for a workstation

connected to a network. The main use of Biometric network security will

be to replace the current password system. The most popular biometric

authentication scheme employed for the last few years has been Iris

Recognition. Many companies are adding biometric authentication

features to their products. This toolkit finds use in the area of Internet

Banking.There are various pros and cons to Biometrics that ought to be considered

.The advantages mainly are the high levels of security it provides when

compared to conventional methods, the uniqueness of biometric

attributes makes them an ideal candidate authenticating users, problems

associated with passwords can be avoided and that a Biometric

characteristic cant be stolen as opposed to passwords etc. The various

disadvantages are the low acceptance rate, high costs associated with

Biometric authentication and the acquisition of the hardware and the

software, the danger of an individuals biometric data can be exploited

and there are instances especially in voice recognition where the

individual is restricted access due to a change in Biometric characteristics

due to a cold etc. So, all these disadvantages have to be worked upon to

ensure that this brilliant technology be incorporated into all the security

systems to ensure safer transactions and restricted access to them to

prevent any kind of breach of security.


6/29

INTRODUCTION

The first modern biometric device was introduced on a commercial basis

over 25 years ago when a machine that measured finger length was

installed for a time keeping application at Shearson Hamil on Wall Street.

In the ensuing years, hundreds of these hand geometry devices were

installed at high security facilities operated by Western Electric, Naval

Intelligence, the Department of Energy, and the like. There are now over

20,000 computer rooms, vaults, research labs, day care centers, blood

banks, ATMs and military installations to which access is controlled using

devices that scan an individual's unique physiological or behavioral

characteristics. Reduced prices have lead to increased awareness of

biometric technologies; this coupled with lower overall prices will certainly

bode well for this industry as we move through the new millennium.

The term BIOMETRICS is defined from the Greek words bio meaning

life and metric means to measure. Biometrics is the identification or

verification of human identity through the measurement of repeatable

physiological and behavioral characteristics.The term biometrics refers tothe emerging field of technology devoted to the identification of

individuals using biological traits or behaviors. In practice, this meanscapturing an image of a unique feature of an individual such as a

fingerprint, hand, eye or face, and comparing it with a template captured

previously. For ease of explanation this has been over-simplified, but in

essence this is how biometric technology works.

Biometrics refers to the automatic identification of a person based on

his/her physiological or behavioral characteristics. This method of

identification is preferred over traditional methods involving passwords

and PIN numbers for various reasons:

(i) The person to be identified is required to be physically present at the

point of identification.

(ii) Identification based on biometric techniques obviates the need to

remember a password or carry a token. By replacing PINs, biometric

techniques can potentially prevent unauthorized access to or fraudulent

use of A.T.Ms, Smart cards, computer networks.

(iii) PINs passwords may be forgotten, and token based methods of

identification like passwords and drivers licenses may be forged, stolen orlost. A biometric system is essentially a pattern recognition system which


7/29

makes a personal identification by determining the authenticity of a

specific physiological or behavioral characteristic possessed by the user.


8/29

PARAMETERS

Universality: each person should have the characteristic. People whoare mute or without a fingerprint will need to be accommodated in someway. Distinctiveness: any two persons should be sufficiently different interms of the characteristic. Generally, no two people have identicalcharacteristics. However, identical twins are hard to distinguish. Permanence: the characteristic should be sufficiently invariant (withrespect to the matching criterion) over a period of time. Thecharacteristics should not vary with time. A person's face, for example,may change with age. Collectability: the characteristic can be measured quantitatively. The

characteristics must be easily collectible and measurable.

However, in a practical biometric system (i.e., a system that employsbiometrics for personalrecognition), there are a number of other issues that should beconsidered, including:

Performance: which refers to the achievable recognition accuracy andspeed, the resources required to achieve the desired recognition accuracyand speed, as well as the operational and environmental factors thataffect the accuracy and speed. The method must deliver accurate results

under varied environmental circumstances.Acceptability: which indicates the extent to which people are willing toaccept the use of aparticular biometric identifier (characteristic) in their daily lives.Thegeneral public must accept the sample collection routines. Nonintrusivemethods are more acceptable. Circumvention: which reflects how easily the system can be fooledusing fraudulentmethods. The technology should be difficult to deceive.

A practical biometric system should meet the specified recognitionaccuracy, speed, and resource requirements, be harmless to the users, beaccepted by the intended population, and be sufficiently robust to variousfraudulent methods and attacks to the system.


9/29


10/29

DESIGN ISSUES

An important issue in designing a practical system is to determine how anindividual is identified and are designed by keeping two characteristics in

mind, they are:

A) PHYSIOLOGICAL: are based on a person's physical characteristics

which are assumed to be relatively unchanging such as fingerprints,

iris patterns, retina patterns, facial features, palm prints, or hand

geometry. We all use a form of physiological biometrics when we

recognize our friends and acquaintances. You know what they look

like and sound like so you are usually able to recognize them when

you see them or hear them. Turning those characteristics into

reproducible electronic data is quite an art however and no perfect

system has yet been developed that is absolutely foolproof -

although some are pretty good. Eg: face recognition, finger-print,

hand geometry, iris and retina scan, DNA, etc.

B) BEHAVIORAL: are biometric characteristics that are acquired over

time by an individual, and are at least partly based on acquired

behaviour. Behavioral characteristics tend to dominate in such

biometric systems as signature recognition and keystroke dynamics.

These traits are stored in a similar way to the physiological traits

except they are updated regularly to cope with the ever changing

patterns in the trait. These algorithms have to take into account that

the users voice might be affected by the cold or illness that they

are experiencing or that the document they are typing has to be

completed within the hour. Eg: keystroke verification, signature

verification, voice and speech recognition, etc.

Both types are relevant to different situations and circumstances.

Naturally the physiological biometrics have proved more reliable then the

behavioural as the physical traits generally stay the same all the time,

whilst the ever changing behavioural traits have more chance for error.


11/29

WORKING PRINCIPLE

Biometric devices consist of a reader or scanning device, software that

converts the gathered information into digital form, and a database that

stores the biometric data for comparison with previous records. When

converting the biometric input, the software identifies specific points of

data as match points.

The match points are processed using an algorithm into a value that can

be compared with biometric data in the database. All Biometricauthentications require comparing a registered or enrolled biometric

sample (biometric template or identifier) against a newly captured

biometric sample (for example, a fingerprint captured during a login).

MODES

A biometric system is essentially a pattern recognition system that

operates by acquiring biometric data from an individual, extracting a

feature set from the acquired data, and comparing this feature set against

the template set in the database. Depending on the application context, a

biometric system may operate either in verification mode or identification

mode:

In the verification mode, the system validates a persons identity by

comparing the captured biometric data with her own biometrictemplate(s) stored system database. In such a system, an individual who


12/29

desires to be recognized claims an identity, usually via a PIN (Personal

Identification Number), a user name, a smart card, etc., and the system

conducts a one-tonne comparison to determine whether the claim is true

or not (e.g., Does this biometric data belong to Bob?). Identity

verification is typically used forpositive recognition, where the aim is toprevent multiple people from using the same identity.

In the identification mode, the system recognizes an individual by

searching the templates of all the users in the database for a match.

Therefore, the system conducts a one-to-many comparison to establish an

individuals identity (or fails if the subject is not enrolled in the system

database) without the subject having to claim an identity (e.g., Whose

biometricdata is this?). Identification is a critical component in negative

recognition applications where the system establishes whether the person

is who she (implicitly or explicitly) denies to be. The purpose of negativerecognition is to prevent a single person from using multiple identities.

Identification may also be used in positive recognition for convenience

(the user is not required to claim an identity). While traditional methods of

personal recognition such as passwords, PINs, keys, and tokens may work

for positive recognition, negative recognition can only be established

through biometrics.

During Enrollment, as shown in the picture above, a sample of thebiometric trait is captured, processed by a computer, and stored for later

comparison. Biometric recognition can be used in Identification mode,

where the biometric system identifies a person from the entire enrolled

population by searching a database for a match based solely on the

biometric. For example, an entire database can be searched to verify a

person has not applied for entitlement benefits under two different

names. This is sometimes called one-to many matching.

A system can also be used in Verification mode, where the biometric

system authenticates a persons claimed identity from their previously


13/29

enrolled pattern. This is also called one-to-one matching. In most

computer access or network access environments, verification mode

would be used. A user enters an account, user name, or inserts a token

such as a smart card, but instead of entering a password, a simple glance

at a camera is enough to authenticate the user.


14/29

PHYSIOLOGICAL BIOMETRIC

DNA: Deoxyribo Nucleic Acid (DNA) is the one-dimensional ultimate

unique code for ones individuality - except for

the fact that identical twins have identical DNA

patterns. It is, however, currently used mostly in

the context of forensic applications for person

recognition. Three issues limit the utility of this

biometrics for other applications: (i)

contamination and sensitivity: it is easy to steal

a piece of DNA from an unsuspecting subjectthat can be subsequently abused for an ulterior

purpose; (ii) automatic real-time recognition

issues: the present technology for DNA matching requires cumbersome

chemical methods (wet processes) involving an experts skills and is not

geared for on-line non-invasive recognition; (iii) privacy issues:

information about susceptibilities of a person to certain diseases could be

gained from the DNA pattern and there is a concern that the unintended

abuse of genetic code information may result in discrimination, e.g., in

hiring practices.

Face: Face recognition is a non-intrusive method, and facial images are

probably the most common biometric characteristic used by humans to

make a personal recognition. The applications of

facial recognition range from a static, controlled

mug-shot verification to a dynamic, uncontrolled

face identification in a cluttered background (e.g.,

airport). The most popular approaches to face

recognition are based on either (i) the location and

shape of facial attributes, such as the eyes,

eyebrows, nose, lips, and chin and their spatial

relationships, or (ii) the overall (global) analysis of the face image that

represents a face as a weighted combination of a number of canonical

faces. These systems also have difficulty in recognizing a face from

images captured from two drastically different views and under different

illumination conditions. It is questionable whether the face itself, without

any contextual information, is a sufficient basis for recognizing a person

from a large number of identities with an extremely high level of

confidence. In order that a facial recognition system works well inpractice, it should automatically (i) detect whether a face is present in the


15/29

acquired image; (ii) locate the face if there is one; and (iii) recognize the

face from a general viewpoint (i.e., from any pose).

Fingerprint: Humans have used fingerprints for personal identification for

many centuries and the matching accuracy using fingerprints has been

shown to be very high. A fingerprint is the pattern of ridges and valleys on

the surface of a fingertip, the formation of which is determined during the

first seven months of fetal development. Fingerprints of identical twins are

different and so are the prints on each finger

of the same person. Multiple fingerprints of a

person provide additional information to allow

for large-scale recognition involving millions of

identities. One problem with the current

fingerprint recognition systems is that they

require a large amount of computationalresources, especially when operating in the

identification mode. Finally, fingerprints of a

small fraction of the population may be

unsuitable for automatic identification because

of genetic factors, aging, environmental, or occupational reasons (e.g.,

manual workers may have a large number of cuts and bruises on their

fingerprints that keep changing).

Hand geometry: Hand geometry recognition systems are based on anumber of measurements taken from the human hand, including itsshape, size of palm, and lengths and widths of the fingers. Commercialhand geometry-based verification systems have been installed inhundreds of locations around the world. The technique is very simple,relatively easy to use, and inexpensive. Environmental factors such as dryweather or individual anomalies such as dry skin do not appear to haveany negative effects on the verification accuracy of hand geometry-basedsystems. The geometry of the hand is not known to be very distinctiveand hand geometry-based recognition systems cannot be scaled up forsystems requiring identification of an individual from a large population.

Further, handgeometry informationmay not be invariantduring the growthperiod of children. Inaddition, anindividual's jewellery(e.g., rings) orlimitations in

dexterity (e.g., from arthritis), may pose further challenges in extractingthe correct hand geometry information. The physical size of a hand

geometry-based system is large, and it cannot be embedded in certaindevices like laptops. There are verification systems available that are


16/29

based on measurements of only a few fingers (typically, index and middle)instead of the entire hand. These devices are smaller than those used forhand geometry, but still much larger than those used in some otherbiometrics (e.g., fingerprint, face, voice).

Iris:The iris is the annular region of the eye bounded by the pupil and thesclera (white ofthe eye) on either side. The visual texture of the iris isformed during fatal development and stabilizes duringthe first two years of life. The complex iris texturecarries very distinctive information useful for personalrecognition. The accuracy and speed of currentlydeployed iris-based recognition systems is promising and point to thefeasibility of large-scale identification systems based on iris information.Each iris is distinctive and, like fingerprints, even the irises of identicaltwins are different. It is extremely difficult to surgically tamper the textureof iris. Further, it is rather easy to detect artificial irises (e.g., designercontact lenses). Although, the early iris-based recognition systemsrequired considerable user participation and were expensive, the newersystems have become more user-friendly and cost-effective.

Palmprint:The palms of the human hands contain pattern of ridges andvalleys much likethe fingerprints. The area of the palm is much larger than the area of afinger and as a result, palmprints are expected to be even moredistinctive than the fingerprints. Since palmprint

scanners need to capture a large area, they arebulkier and more expensive than the fingerprintsensors. Human palms also contain additionaldistinctive features such as principal lines andwrinkles that can be captured even with a lowerresolution scanner, which would be cheaper.Finally, when using a high resolution palmprintscanner, all the features of the palm such ashand geometry, ridge and valley features (e.g.,minutiae and singular points such as deltas), principal lines, and wrinklesmay be combined to build a highly accurate biometric system.

Retinal scan:The retinal vasculature is rich in structure and is supposed tobe acharacteristic of each individual and each eye. It is claimed to be the mostsecure biometricsince it is not easy to change or replicate the retinal vasculature. Theimage acquisitionrequires a person to peep into an eye-piece and focus on a specific spot in

the visual field so that apredetermined part of the

retinal vasculature could beimaged. The image acquisition


17/29

involves cooperation of the subject, entails contact with the eyepiece, andrequires a conscious effort on the part of the user. All these factorsadversely affect the public acceptability of retinal biometric. Retinalvasculature can reveal some medical conditions, e.g., hypertension, whichis another factor deterring the public acceptance of retinal scan based

biometrics.


18/29

BEHAVIORAL BIOMETRIC

Keystroke: It is hypothesized that each person types on a keyboard in acharacteristic way. This behavioral biometric is not expected to be uniqueto each individual but it offerssufficient discriminatory information to permit identity verification.

Keystroke dynamics is a behavioralbiometric; for some individuals, one mayexpect to observe large variations intypical typing patterns. Further, thekeystrokes of a person using a systemcould be monitored unobtrusively as that

person is keying in information.

Signature:The way a person signs hername is known to be a characteristic of

that individual. Although signatures require contact with the writinginstrument and an effort on the part of the user, they have been acceptedin government, legal, and commercial transactions as amethod of verification.Signatures are a behavioralbiometric that change over a period of time and areinfluenced by physical and emotional conditions of thesignatories. Signatures of some people varysubstantially: even successive impressions of theirsignature are significantly different. Further,professional forgers may be able to reproduce signatures that fool thesystem.

Voice: Voice is a combination of physiological and behavioral biometrics.The features ofan individuals voice are based on the shape and size of the appendages(e.g., vocal tracts,mouth, nasal cavities, and lips) that are used in the synthesis of the

sound. Thesephysiological characteristics of human speech are invariant for anindividual, but thebehavioral part of the speech of a person changes over time due to age,medical conditions

(such as common cold), emotional state, etc. Voice is alsonot very distinctive and may not be appropriate for large-scale identification. A text-dependent voice recognitionsystem is based on the utterance of a fixed predeterminedphrase. A text-independent voice recognition systemrecognizes the speaker independent of what she speaks. A

text independent system is more difficult to design than atext-dependent system but offers more protection against


19/29

fraud. A disadvantage of voice-based recognition is that speech featuresare sensitive to a number of factors such as background noise. Speakerrecognition is most appropriate in phone-based applications but the voicesignal over phone is typically degraded in quality by the microphone andthe communication channel.


20/29

ADVANTAGES AND DISADVANTAGES

Let us now examine the advantages and disadvantages of biometrics intwo groups of applications: the commercial positive recognition

applications that may work either in the verification or the identificationmodes, and the government and forensic negative recognitionapplications that require identification.

Positive Recognition in Commercial ApplicationsThe traditional technologies available to achieve a positive recognitioninclude knowledge-based methods (e.g., PINs and passwords) and token-based methods (e.g., keys and cards). Most people set their passwordsbased on words or digits that they can easily remember, such as namesand birthdays of family members, favorite movie or music stars, anddictionary words (A survey of 1,200 British office workers in year 2001found that almost half chose their own name, the name of a pet, or that ofa family member as a password; others based their passwords on thenames such as Darth Vader and Homer Simpson). Such passwords areeasy to crack by guessing or by a simple brute force dictionary attack.Although it is possible, and even advisable, to keep different passwordsfor different applications and change them frequently, most people usethe same password across different applications and never change them.If a single password is compromised, it may result in a breach in securityin many applications.

For example, a hacker may create a bogus web site that entices userswith free air miles if they were to register on the website with a loginname and password. The hacker may then try to use the same login nameand password to attack the users corporate accounts, and most likelysucceed. Longer passwords are more secure but harder to rememberwhich prompts some users to write them down in accessible locations(e.g., on a Post-it note) and hide it under the keyboard. Strongpasswords are difficult to remember and result in more Help Desk calls forforgotten or expired passwords. Cryptographic techniques such asencryption can provide very long passwords (encryption keys) that are notrequired to be remembered but that are in turn protected by simple

passwords, thus defeating their purpose. Further, a hacker needs to breakonly one password among all the employees to gain access to acompanys Intranet and thus, a single weak password compromises theoverall security of every system that the user has access to.

Thus, the security of the entire system is only as good as the weakestpassword. Finally, when a password is shared with a colleague, there is noway for the system to know who the actual user is. Similarly, there aremany problems with possession-based personal recognition. For example,keys and tokens can be shared, duplicated, lost or stolen and an attacker

may make a master key that may open many locks. It is significantlymore difficult to copy, share, and distribute biometrics with as much ease


21/29

as passwords and tokens. Biometrics cannot be lost or forgotten andonline biometrics-based recognition systems require the person to berecognized to be present at the point of recognition. It is difficult to forgebiometrics and extremely unlikely for a user to repudiate, for example,having accessed a computer network. Further, all the users of the system

have relatively equal security level and one account is no easier to breakthan any other (e.g., through social engineering methods). Biometricsintroduces incredible convenience for the users (as users are no longerrequired to remember multiple, long and complex, frequently changingpasswords) while maintaining a sufficientlyhigh degree of security.Certain commercial applications would like to operate the biometricsystem in an identification mode instead of the verification mode for theadded convenience of not requiring the users to claim an identity. Usually,speed is perceived as the biggest problem in scaling up an identificationapplication. However, the fact is that the identification accuracy scaleseven worse than the speed. Consider an identification application with10,000 users.

Negative Recognition in Government and Forensic ApplicationsIn negative recognition applications such as employee backgroundchecking and preventingterrorists from boarding airplanes, the personal recognition is required tobe performed in the identification mode. As mentioned earlier, achievingthe same accuracy in an identification system as in a verification systemis a much harder problem due to the large number of comparisons that

are required to be performed. If faces are used instead of fingerprints forthe identification (face recognition may be preferred for an airportapplication because faces can be acquired covertly), the number ofmisses and false alarms will be considerably higher, given the rather pooraccuracy of face identification systems, especially in environments withcluttered background and varying lighting conditions. Although,multimodal biometric systems can significantly improve the identificationaccuracy, exclusively relying on automatic biometric systems for negativeidentification may be unfeasible.

Traditional personal recognition tools such as passwords and PINs are not

at all useful fornegative recognition applications. While biometric systems may not yet beextremely accurate to support large-scale identification applications, theyare the only choice for negative recognition applications. Further, ifoperated in a semi-automatic mode where a human expert examines allthe alarms generated by the system for the final decision, biometricsystems can be quite effective. For example, if 100 airport security agentsare required to manually match every person at an airport against theFBIs 100 most wanted, only 5 agents may be required to take a closerlook at the 200 alarms generated daily by the biometric system. We need

to understand that in such semi-automatic applications, the biometricsystem only generates an alarm that calls for a closer (manual)


22/29

examination of the individual and an alarm does not directly translate intocatching a terrorist.

Other negative recognition applications such as background checks andforensic criminal

identification are also expected to operate in semi-automatic mode andtheir use follows a similar cost-benefit analysis. For example, in a latentsearch, an AFIS (Automatic FingerprintIdentification System) is typically used by law enforcement agencies onlyto narrow down the number of fingerprint matches to be performed by ahuman expert from a few million to a few hundred. A forensic expertalways makes the final decision. In our opinion, use of biometrics innegative recognition applications does not infringe upon the civil libertiesof individuals since if you are not in the criminal database already, therecognition system does not keep a record of you (does not rememberyou). However, appropriate legislation is required to protect the abuse ofsuch systems.


23/29

Biometric systems that operate using any single biometric characteristichave the followinglimitations:

1. Noise in sensed data: The sensed data might be noisy or distorted. Afingerprint with a scar, or a voice altered by cold are examples of noisydata. Noisy data could also be the result of defective or improperlymaintained sensors (e.g., accumulation of dirt on a fingerprint sensor) orunfavorable ambient conditions (e.g., poor illumination of a user's face ina face recognition system). Noisy biometric data may be incorrectlymatched with templates in the database resulting in a user being incorrectly rejected.2. Intra-class variations: The biometric data acquired from an individualduring authentication may be very different from the data that was usedto generate the template during enrollment, thereby affecting thematching process. This variation is typically caused by a user who is

incorrectly interacting with the sensor, or when sensor characteristics aremodified (e.g., by changing sensors - the sensor interoperability problem)during the verification phase. As another example, the varyingpsychological makeup of an individual might result in vastly differentbehavioral traits at various time instances.3. Distinctiveness: While a biometric trait is expected to vary significantlyacross individuals,there may be large inter-class similarities in the feature sets used torepresent these traits. This limitation restricts the discriminabilityprovided by the biometric trait. Golfarelli et al have shown that the

information content(number of distinguishable patterns) in two of themost commonly used representations of hand geometry and face are onlyof the order of 105 and 103, respectively. Thus, every biometric trait hassome theoretical upper bound in terms of its discrimination capability.4. Non-universality: While every user is expected to possess the biometrictrait being acquired, in reality it is possible for a subset of the users to notpossess a particular biometric. A fingerprint biometric system, forexample, may be unable to extract features from the fingerprints ofcertain individuals, due to the poor quality of the ridges. Thus, there is afailure to enroll (FTE) rate associated with using a single biometric trait. Ithas been empirically estimated that as much as 4% of the population may

have poor quality fingerprint ridges that are difficult to image with thecurrently available fingerprint sensors and result in FTE errors. den Os etal. report the FTE problem in a speaker recognition system.5. Spoof attacks: An impostor may attempt to spoof the biometric trait ofa legitimate enrolled user in order to circumvent the system. This type ofattack is especially relevant when behavioral traits such as signature andvoice are used. However, physical traits are also susceptible to spoofattacks. For example, it has been demonstrated that it is possible(although difficult and cumbersome and requires the help of a legitimateuser) to constructartificial fingers/fingerprints in a reasonable amount of time to circumventa fingerprint


24/29

verification system.


25/29

APPLICATION

The applications of biometrics can be divided into the following three maingroups:

Commercial applications such as computer network login, electronicdata security, ecommerce, Internet access, ATM,credit card, physical access control, cellularphone, PDA, medical records management,distance learning, etc. Government applications such asnational ID card, correctional facility,drivers license, social security, welfare-disbursement, border control, passportcontrol, etc. Forensic applications such as corpseidentification, criminal investigation,terrorist identification, parenthooddetermination, missing children, etc.Traditionally, commercial applications have used knowledge-basedsystems (e.g., PINs and passwords), government applications have usedtoken-based systems (e.g., ID cards and badges), and forensicapplications have relied on human experts to match biometric features.Biometric systems are being increasingly deployed in large scale civilianapplications.

ATM iris recognition.Using an iris recognition ATM, a customer simply walks up to the ATM andlooks in a sensor camera to access their accounts. The camera instantly

photographs the customers iris. If thecustomers iris data matches the record stored adatabase access is granted. At the ATM, apositive authentication can be read throughglasses, contact lenses and most sunglasses. Irisrecognition proves highly accurate, easy to useand virtually fraud proof means to verifycustomers identity.In 1999 national Bank

United in the USA installed biometricauthentication in three ATM outlets in Houston,Dallas and ft. Worth. The scheme employed an

iris recognition system created by DieBold Inc, a company specializing iniris recognition.

Internet Banking

One area where the tool kit could be used is for enhancing security forInternet banking. A bank, contracting with an ASP (application serviceprovider), could require biometric verificationfor a high-value transaction over the Internet. Avendor seeking to wire money using the


26/29

Internet would go to the bank's Web page, fill out the required informationand submit the transaction. If the transaction is for a high value, the bankwould decide it needs biometric verification and automatically send amessage to the Keyware LBV server requesting that the vendor speak apassphrase and use the fingerprint scanner.

Physical Access:Here, you can learn about application of biometricidentification to control employee access to sensitive areas ofbusiness organizations, banks, airportsand other places. Physicalaccess to homes and garages can also be controlled by thistechnology.

PC and Network Access:You will be delighted to learn about biometricapplications in controlling unauthorized access to computers andnetworks in an organization or at home. The section is of greatimportance, if you have an organization with computers andnetwork resources as its vital components.

Time and Attendance:The significance of biometric in maintainingemployee time and attendance in an organization has increasedmanifolds in past few years. You can learn about the same bynavigating to this page.

Logical Access:Biometric security plays an important role incontrolling logical access to computers, facilitated by passwords andother identification tools. Learn how this technology can avoid

information theft from your computers. Financial Security:E-commerce transactions, online

insurance purchasing and other similar activities

require advanced procedures like biometricidentification.You can learn about the same byspending time in this section.

Healthcare Industry:HIPAA compliant biometric devices are usedwidely to protect identities of users. Moreover, providing security athospital premises is one of the biometric applications you can learnhere.

Law Enforcement:Learn how police departments and other lawenforcement bodies make use of biometricidentification for catching criminals andinvestigating.

Immigration and Airports:Biometricapplications are also prospering in field ofimmigration industry and at airports to ensuresafety against terrorism and you can learn aboutit here.

Others - Laptops, PDAs, Locks


27/29

CONCLUSION

Human factors dictate the success of a biometric-based identificationsystem to a large extent. The ease and comfort in interaction with a

biometric system contribute to its acceptance. For example, if a biometricsystem is able to measure the characteristic of an individual withouttouching, such as those using face, voice, or iris, it may be perceived tobe more user-friendly and hygienic. Additionally, biometric technologiesrequiring very little cooperation or participation from the users (e.g., faceand face thermograms) may be perceived as being more convenient tousers. On the other hand, biometric characteristics that do not requireuser participation can be captured without the knowledge of the user, andthis is perceived as a threat to privacy by many individuals.The very process of recognition leaves behind trails of private information.For example, ifa person is identified each time she makes a purchase, information aboutwhere this person shops and what she buys can be simply collected andused by telemarketers to invade her privacy. The issue of privacybecomes more serious with biometric-based recognition systems becausebiometric characteristics may provide additional information about thebackground of an individual. For example, retinal patterns may providemedical information about diabetes or high blood pressure in anindividual. A health insurance company may use this information in anunethical way for economic gains by denying benefits to a persondetermined to be of high risk. More importantly, people fear that biometric

identifiers could be used for linking personal information across differentsystems or databases.

On the positive side, biometrics can be used as one of the most effectivemeans for protecting individual privacy. In fact, biometrics ensuresprivacy by safeguarding identity and integrity. For example, if a personloses a credit card and an adversary finds it, then the credit history of thisperson is compromised. To alleviate these fears, companies and agenciesthat operate biometric systems have to assure the users of these systemsthat their biometric information remains private and is used only for theexpressed purpose for which it was collected. Legislation is necessary to

ensure that such information remains private and that its misuse isappropriately punished. Most of the commercial biometric systemsavailable today do not store the sensed physical characteristics in theiroriginal form but, instead, they store a digital representation (a template)in an encrypted format.

Reliable personal recognition is critical to many business processes.Biometrics refers to automatic recognition of an individual based on herbehavioral and/or physiological characteristics. Biometric-based systemsalso have some limitations that may have adverse implications for the

security of a system. Security is a risk management strategy thatidentifies, controls, eliminates, or minimizes uncertain events that may


28/29

adversely affect system resources and information assets. There are anumber of privacy concerns raised about the use of biometrics. Asbiometric technology matures, there will be an increasing interactionamong the market, technology, and the applications. This interaction willbe influenced by the added value of the technology, user acceptance, and

the credibility of the service provider. It is too early to predict where andhow biometric technology would evolve and get embedded in whichapplications. But it is certain that biometric-based recognition will have aprofound influence on the way we conduct our daily business.


29/29

BIBLIOGRAPHY

[1] S. Prabhakar, S. Pankanti, and A. K. Jain, Biometric Recognition:

Security and PrivacyConcerns, IEEE Security and Privacy Magazine, Vol. 1, No. 2, pp. 33-42,2003.[2] D. Maltoni, D. Maio, A. K. Jain, and S. Prabhakar, Handbook ofFingerprint Recognition,Springer, NY, 2003.[3] A. K. Jain, R. Bolle, and S. Pankanti (editors), Biometrics: PersonalIdentification in NetworkedSociety, Kluwer Academic Publishers, 1999.[4] CNN World News, Schiphol Backs Eye Scan Security, March 27 2002.Available athttp://www.cnn.com/2002/WORLD/europe/03/27/schiphol.security/.[5] J. Daugman, Recognizing Persons by Their Iris Patterns, In A. K. Jain,R. Bolle, and S.Pankanti, editors, Biometrics: Personal Identification in a NetworkedSociety, pp. 103-121,Kluwer Academic Publishers, 1999.[6] L. O'Gorman, Seven Issues With Human AuthenticationTechnologies, Proc. of Workshop onAutomatic Identification Advanced Technologies (AutoID), pp. 185-186,Tarrytown, New York,

March 2002.[7] E. d. Os, H. Jongebloed, A. Stijsiger, and L. Boves, Speaker Verificationas a User-FriendlyAccess for the Visually Impaired, Proc. of the European Conference onSpeech Technology,pp. 1263-1266, Budapest, 1999.[8] A. Eriksson and P. Wretling, How Flexible is the Human Voice? A CaseStudy of Mimicry,Proc. of the European Conference on Speech Technology, pp. 1043-1046,Rhodes, 1997.[9] W. R. Harrison, Suspect Documents, Their Scientific Examination,

Nelson-Hall Publishers,1981.[10] D. A. Black, Forgery Above a Genuine Signature,Journal of CriminalLaw, Criminologyand Police Science, Vol.50, pp. 585-590, 1962.