CONTENTS

History Of Biometrics Definition Of Biometrics Need Of Biometrics Working of Biometric Process Fingerprint Recognition Retinal Scanning Iris Scan Facial Recognition Voice Recognition Biometrics For You Biometrics In India Advantages Disadvantages Conclusion

BIOMETRICS

DEFINITION OF BIOMETRICS
The term is derived from the Greek words bios which means life and metrics for measure. Biometrics can be defined as the technique of studying physical characteristics of a person such as finger prints, hard geometry, eye structure etc. to establish his or her identity. This science is primarily implemented to identify individuals.

Techniques Used In Identification

Fingerprint Scanning Retinal Scanning Iris Scanning Facial Recognition Voice Recognition

HISTORY OF BIOMETRICS
Way back to the 1880s, while in Japan, Henry Faulds studied the prints left behind by craftsmen on ancient clay fragments. He then went on to study his own and his colleagues fingerprints. This convinced him that each individual had unique fingerprints. A little later, a fellow worker was arrested by the police for a pretty crime. Faulds exonerated the man by showing that the finger prints on the crime scene did not match with those of his friends. Thus began the journey of the most promising science of identification and recognition: Biometrics. Today, apart from fingerprints, we have discovered facial recognition, DNA, retinal scanning, and voice recognition. While biometrics did not show up in practice in Western cultures until late in the 19th century, it was being used in China by at least the 14th century. An explorer and writer by the name of Joao de Barros wrote that Chinese merchants stamped childrens palm prints and footprints on paper ink. The merchants did this as a way to distinguish young children from one another.

In the West, identification relied heavily simply upon photographic memory until the French police desk clerk and anthropologist Alphonse Bertillon developed the anthropometric system (later also known as Bertillonage) in 1883. This was the first precise, scientific system that was widely used to identify criminals. It turned biometrics into a field of study. It worked by precisely measuring certain lengths and widths of the head and body, as well as recording individual markings such as tattoos and scars. Bertillons system was widely adopted in the West until the systems flaws became

apparent mainly problems with differing methods of measurement and changing measurements. After that, Western police forces turned to fingerprinting essentially the same system seen in China hundreds of years prior.

In recent years biometrics has moved from simply fingerprinting, to many different methods that use various physical and behavioral measurements. The uses of biometrics have also increased, from just identification to security systems and more.

What Is Biometrics? The term is derived from the Greek word bios which means life and metrics for measure. Biometrics can be defined as the technique of studying physical characteristics of a person such as finger prints, hard geometry, eye structure etc. to establish his or her identity. This science is primarily implemented to identify individuals.

Need Of Biometrics The use of biometrics is no longer restricted to define establishment or sensitive areas. An increased need for security has prompted even everybody office goers to install fingerprint recognition devices to boot up their laptops, thumb devices & other daily use gadgets. The question is, why? Why isnt the 16-digit password good enough? Simply because fingerprints are more secure. A password is breakable & anyone with basic

knowledge of computers can crack password using the myriad free programmes available on the Internet. But a fingerprint however is difficult to fake without the help of the owner. Secondly it is more convenient to simply place your finger on to a scanner instead of remembering a long & complex series of characters & their cases. Biometric systems have the potential to identify individuals with a very high degree of certainty. Forensic DNA evidence enjoys a particularly high degree of public trust. Substantical claims are being made is respect of this recognition technology, which has the capacity to discriminate between the individuals with identical DNA.

WORKING OF BIOMETRIC PROCESSES

The concept of biometric verification is simple. The system already has some prestored data. When you approach the system, say a fingerprint scanner, your finger is scanned & matched with a record of fingerprint already in its database. Only when it finds a match access is granted. The concept might be simple, but the process is quite ingenious.

FINGERPRINT SCANNING
Fingerprint is a unique feature to an individual. It stays with the person throughout his or her life. This makes the fingerprint the most reliable kind of personal identification because it can not be forgotter, misplaced or stoles. A fingerprint is made up of ridges and valleys (lines and gapes separating them) & it is these ridges & valleys which are scanned to verify the authenticity of a print.

The most commonly used method of scanning is optical scanning. An optical scanner has a CCD (Charge Coupled Device) sensor similar to the ones used in digital cameras. There is an array of light sensitive diodes (photosites). When these diodes come in contact with light, they generate an electrical signal. Every photosites record a pixel representing the light it came in contact with.

OPERATION AND PERFORMANCE

In a typical IT biometric system, a person registers with the system when one or more of his physical and behavioral characteristics are obtained. This information is then processed by a numerical algorithm, and entered into a database. The algorithm creates a digital representation of the obtained biometric. If the user is new to the system, he or she enrolls, which means that the digital template of the biometric is entered into the database. Each subsequent attempt to use the system, or authenticate, requires the biometric of the user to be captured again, and processed into a digital template. That template is then compared to those existing in the database to determine a match. The process of converting the acquired biometric into a digital template for comparison is completed each time the user attempts to authenticate to the system. The comparison process involves the use of a Hamming distance. This is a measurement of how similar two bit strings are. For example, two identical bit strings have a Hamming Distance of zero, while two totally dissimilar ones have a Hamming Distance of one. Thus, the Hamming distance measures the percentage of dissimilar bits out of the number of comparisons made. Ideally, when a user logs in, nearly his entire features match; then when someone else tries to log in, who does not fully match, and the system will not

allow the new person to log in. Current technologies have widely varying Equal Error Rates, varying from as low as 60% and as high as 99.9%.

Performance of a biometric measure is usually referred to in terms of the false accept rate (FAR), the false non match or reject rate (FRR), and the failure to enroll rate (FTE or FER). The FAR measures the percent of invalid users who are incorrectly accepted as genuine users, while the FRR measures the percent of valid users who are rejected as impostors. In real-world biometric systems the FAR and FRR can typically be traded off against each other by changing some parameter. One of the most common measures of realworld biometric systems is the rate at which both accept and reject errors are equal: the equal error rate (EER), also known as the cross-over error rate (CER). The lower the EER or CER, the more accurate the system is considered to be. An EER is desirable for a biometric system because it balances the sensitivity of the system.

Claimed error rates sometimes involve idiosyncratic or subjective elements. For example, one biometrics vendor set the acceptance threshold high, to minimize false accepts. In the trial, three attempts were allowed, and so a false reject was counted only if all three attempts failed. At the same time, when measuring performance biometrics (e.g. writing, speech etc.), opinions may differ on what constitutes a false reject. If a signature verification system is trained with an initial and a surname, can a false reject be legitimately claimed when it then rejects the signature incorporating a full first name? Despite these misgivings, biometric systems have the potential to identify individuals with a very high degree of certainty. Forensic DNA evidence enjoys a particularly high degree of public trust at present (ca. 2004) and substantial claims are being made in respect of iris recognition technology, which has the capacity to discriminate between individuals with identical DNA, such as monozygotic twins.

A COMPARISON OF BIOMETRICS
The figure at the right (Yun 2003) compares several biometrics with each other against seven categories: Universality describes how common a biometric is found in each individual. Uniqueness is how well the biometric separates one individual from another. Permanence measures how well a biometric resists aging. Collectability explains how easy it is to acquire a biometric for measurement. Performance indicates the accuracy, speed, and robustness of the system capturing the biometric. Acceptability indicates the degree of approval of a technology by the public in everyday life.

Circumvention is how easy it is to fool the authentication system.

Yun ranks each biometric based on the categories as being either low, medium, or high. A low ranking indicates poor performance in the evaluation criterion whereas a high ranking indicates a very good performance.

Issues and concerns As with many interesting and powerful developments of technology, excessive concern with the biometric may have the effect of eclipsing a more general critical faculty. Biometrics may become associated with severe miscarriages of justice if bedazzlement with the performance of the technology blinds us to the following possibilities. An individual could: plant DNA at the scene of the crime associate another's identity with his biometrics, thereby impersonating without arousing suspicion fool a fingerprint detector by using a piece of sticky tape with an authentic fingerprint on it

fool an iris recognition camera by showing a photo of an iris interfere with the interface between a biometric device and the host system, so that a "fail" message gets converted to a "pass".

IDENTITY THEFT AND PRIVACY ISSUES

Concerns about Identity theft through biometrics use have not been resolved. If a person's credit card number is stolen, for example, it can cause them great difficulty. If their iris scan is stolen, though, and it allows someone else to access personal information or financial accounts, the damage could be irreversible. Often, biometric technologies have been rolled out without adequate safeguards for personal information gathered about individuals. Also, the biometric solution to identity theft is only as good as the information in the database that is used for verifying identity. Problems of getting accurate and useable initial information -- witness the current troubles with the no fly list of the Dept of Homeland security. Presumably after the initial information is correctly stored, future computer error or vandalism (hacking) would prevent biometrics from being 100% foolproof against identity theft.

Though biometrics often are touted as a way to restrict criminality, privacy advocates fear biometrics may be used to diminish personal liberties of law abiding citizens as well. Developments in a huge range of new technologies besides biometrics - digital video, infrared, x-ray, wireless, global positioning satellite systems, image scanning, voice recognition, DNA, and brain wave fingerprinting provide government with new ways to

"search" individuals and collect vast databases of information on law-abiding members of the public.

SOCIOLOGICAL CONCERNS
As technology advances, and time goes on, more and more private companies and public utilities will use biometrics for safe, accurate identification. However, these advances will raise many concerns throughout society, where many may not be educated on the methods. Here are some examples of concerns society has with biometrics: Physical - Some believe this technology can cause physical harm to an individual using the methods, or that instruments used are unsanitary. For example, there are concerns that retina scanners might not always be clean. Personal Information - There are concerns whether our personal information taken through biometric methods can be misused, tampered with, or sold, e.g. by criminals stealing, rearranging or copying the biometric data. Also, the data obtained using biometrics can be used in unauthorized ways without the individual's consent. Society fears in using biometrics will continue over time. As the public becomes more educated on the practices, and the methods are being more widely used, these concerns will become more and more evident. This technology is being used at border crossings that have electronic readers that are able to read the chip in the cards and verify the information present in the card and on the passport. This method allows for the increase in efficiency and accuracy of identifying people at the border crossing. CANPASS, by Canada Customs is currently being used by

some major airports that have kiosks set up to take digital pictures of a persons eye as a means of identification.

FINGER SCAN

An analog to digital converter (ADC) system in the scanner processes the electrical signals to generate digital representations of the image. It is not necessary that the same kind of light falls on all diodes. So what is generated is a mix of dark & light areas, which together make up the image. It is not necessary that the same kind of light falls on diodes. So what is generated is a mix of dark and light areas, which together make up the image. The process begins as soon as you place your finger on the glass plate. The scanner has its own source of light (mostly an array of LEDs) which illuminate the finger & the CCD inside takes a picture of the finger. After that it checks for the integrity of the image in terms of contrast, sharpness & sheer quality.

The system checks the average pixel darkness. If the image is too dark or too light, it is rejected. Exposure settings are then accordingly adjusted and the print rescanned. If the exposure level is found to be correct, it goes on to check the sharpness of the fingerprint. It does so by analyzing severals straight lines moving horizontally & vertically across the image. If the definition is good, a line running perpendicular to ridges will comprise alternating segments of light and dark pixels. If this is found to be in order, the scanner will compare the fingerprint with those in the database. Matching of prints is a fairly complex process in itself & is far removed from the super-imposing method commonly shown in films. This is so because smudging (due to scan surface or oily fingers) can make the same print appear different photos. Also, scanning and matching the entire finger consumes a lot of processing power. An

individual can even fool a fingerprint detector by using a piece of sticky tape gelatin with an authentic fingerprint on it. Retinal Scanning Retinal scanning is rather old in the chronology of technology innovations. For the retina to be scanned, the user looks through s small hole in the scanning device and focuses on a particular point for the time period during which, a low intensity light and a CCD analyse the layer of blood vessels at the back of the eye for matching patterns and then validate the person identity. This technology is still not in public domain (unlike fingerprint recognition, which is) and is used only to secure highly sensitive security areas. Unlike fingerprints, there is absolutely no known method of replicating a persons retina.

Iris Scan Iris scans, though relating to the eye (like retinal scan) uses a completely different method of identification. The Iris scan is the colored ring surrounding the pupil. The scan analyses the features that exist in this colored tissue. Over 200 points can be used for comparison such as rings, furrows and freckles. The scan is done with a regular camera and the subject stands about a foot from the lens of the camera. The Iris pattern is much more unique than a fingerprint. A statistical analysis puts the probability of two irises matching at 1 in 10 to the power 78 while the population of humans on earth is 7 billion that is 7 to the power 9.

Facial Recognition A Facial recognition system is a computer drives application for automatically identifying a person from a digital image, it does meant by comparing selected facial features in the live image and a facial database. Fingerprinting and retinal scanning are relatively easy to administer, since the people going through the process are aware of it and are consenting to subject themselves to these measures, the main application of facial recognition is in security where the software is expected to pick a face out of, say, thousands of passengers at the airport, and match it with a database of wanted criminals and positively state whether or not that face belong to the guilty party.

FACIAL RECOGNITION

To make the computer recognize a face from a picture or a video feed is quite an achievement in itself, but the bigger achievement is to identify clearly if the face is that of wanted man or not. If you look in the mirror, or at a persons face for that manner, you will notice that every face has certain characteristics and distinguishable feature, which allows us to differentiate between two people. The facial recognition software divides the face into 80 nodes, some of common ones being distance between eyes, width of nose, and depth of eye sockets, cheekbones, jaw lines, and the chin. The system generally needs to match between 14-25 nodes in order to obtain a positive ID. Now, obviously these are a lot of people coming in and out of a place where this system is setup (stadiums, airports etc.).The real challenge is to recognize face instantaneously. To facilitate this, a database is created with the help of an algorithm, which goes through the characteristics of the faces and stores them as a string of numbers. This string is called a face print.

Following are the steps processed by the facial recognition software: Face Detection First of all the camera pans around looking for a face, as it e1ncounters a face, it starts scanning it and than proceeds to identifying the various nodes. Detection Of Orientation Once the face is detected, the system determines the size of the head and position. Generally, a face needs to be around 40 degree towards the camera for the system to register and analyse it. Mapping The facial image is scaled down to the level of the images in the database and is then rotated and otherwise adjusted to match the formatting of the images in the database. Encoding The algorithm then converts the face into a face print based on the pre-defined criteria programmed into the algorithm. Matching This new data is then used as a fitter to sort through the database of faces at a very fast speed to find a match. Since it uses a variety of nodes, simple alternations of the face will not fool it. However, twins might; so the system certainly not infallible.

Voice Recognition Like fingerprints and face attributes, every person has a unique speech pattern. Voice recognition works by first storing voice pattern and then using them as a database to authenticate a subject. Voice recognition is often confused with speech recognition, which is technology that converts speech to text and conversion software were needs to go through extensive training by the user before any suitable and acceptable result are obtained. Voice recognition works by nothing a persons voice (physical characteristics of the vocal tract, the harmonic and the resonant frequencies) and converts it into an audio file which is known as voice print.

VOICE RECOGNITION

During the creation of a voice print, the subject is asked to choose a phrase and ask it to repeat. The phrase should be 1 to 1.5 seconds in length since a smaller phrase provides the system the too little data, and beyond that, too much data. Both of these conditions result in reduced accuracy. The problem with voice recognition does not lie in

its integrity since its near impossible to fake a voice. The problem lies with the technology we are using to implement it with. In the confined environs of a test lab, the technology is at par with other biometric technology but in the real world tests, it has to contend with background noise, weather conditions, audio source and the like. Consider these two scenarios: First: First, say you need to get inside your house which is voice-locked; meaning it has voice recognition-based security system. Now, if there is a traffic jam on the street in front of your home, horns blaring, people screaming, the system might refuse to authenticate you due to too much background noise (try using voice dialing in your cell phone in room full of chattering people and youll understand what we are talking about). It might fail to authenticate you if you have a sore throat or are suffering from a cold as it alters yours voice (and hence the voice print) quite considerably! Second: Voice recognition can use any plain audio source, such as telephones, cell phones, etc., to authenticate the user but herein lies the catch: if you use a different phone than the type used during registration (creation of voice print in the database), the system might not authenticate you. But, despite the limitation, voice recognition does have a lot going for it. The biggest is cost saving as you do not need any special equipment. Any regular microphone will suffice as an input source. The added benefit is that voice recognition is the only technology that can give remote access to user and hence can have wide ranging applications from phone banking to remote login to secure servers but for that, the issues mentioned above need to be ironed out.

Biometrics For You Microsoft recently launched a fingerprint scanner, which is compatible with Window XP. This allows you to link your XP account with your fingerprint. So, instead of entering your password (at XP login or at any password website) you just need to let it scan your fingerprint. Even laptops from manufacturers like Fujitsu (S7010) and the Lenovo (previously IBM) T42 and the X-series tablet PC (costing over Rs. 1,00,000) incorporate built a fingerprint recognition systems and replace the need for you to enter and remember any password. Biometrics In India India has not been left behind by the Biometric wave and we have a few companies dedicated to Biometrics-based product development. Pune based Bio-Enable (www.bioenable.co.in) and Mumbai-based Jaypeetex (www.jaypeetex.com) have products ranging from door locks to attendance registers to car immobilizers to computer mice. The Tirupati Temple in Andhra Pradesh has deployed Biometrics for crowd control and is also looking into incorporating it as security measure.

ADVANTAGES OF BIOMETRICS
Biometric processes are mainly used for detecting criminals. Provides computer security. Cameras can be deployed on the road as in New Delhi that clicks a picture of your vehicle when you commit as officer.

DISADVANTAGES OF BIOMETRICS

Threat To Privacy The single biggest argument against Biometrics is that it is a potential threat to privacy. The concern is genuine since individuals would most certainly lose their anonymity in a biometric dependent system. Even our movements from office to work would not remain private and could be tracked easily using various security cameras deployed on the road.

CONCLUSION

The concerns over biometrics are not without reason. Biometrics can certainly be a powerful security tool to combat terrorism. In the end, it is up to the people to decide whether the price of losing their anonymity is justified in order to gain the comfort of security.