Professional Documents
Culture Documents
by craftsmen on ancient clay fragments. He then went on to study his own and his
colleagues’ fingerprints. This convinced him that each individual had unique
fingerprints. A little later, a fellow worker was arrested by the police for a
petty crime. Faulds exonerated the man by showing that the finger prints on the
crime scene did not match with those of his friend.
Thus began the journey of the most promising science of identification and
recognition: BIOMETRICS. Today, apart from fingerprints (and palm prints for that
matter), we have discovered facial recognition, DNA, retinal scanning and voice
recognition.
Later, in the nineteenth century there was a peak of interest as researchers into
criminology attempted to relate physical features and characteristics with
criminal tendencies. The results were not conclusive but the idea of measuring
individual physical characteristics seemed to stick and the parallel development
of fingerprinting became the international methodology among police forces for
identity verification.
What Is BIOMETRICS?
Biometrics can be defined as the technique of studying the physical
characteristics of a person such as fingerprints, hand geometry, eye structure
etc. to establish his or her identity. This science is primarily implemented to
identify individuals.
Why BIOMETRICS?
For obvious reasons, a fingerprint, however, is difficult to fake without the help
of the owner. It is also a lot more convenient to simply place your finger on to a
scanner instead of remembering a long and complex series of characters and their
cases. To make matters worse, they should, ideally, have no correlation
whatsoever. So essentially, for maximum security, your password should be an
alphanumeric ‘word’ that doesn’t mean anything.
The concept of Biometric verification is simple. The system has some pre-stored
data. When youapproach the system (say a fingerprint scanner), your finger is
scanned and matched with a record of fingerprints already in its database. Only
when it finds a match, access is granted. The concept might be simple, but the
process is quite ingenious.
Thus biometric devices can be explained with a 3-step procedure. They are -
A sensor takes an observation. The type of sensor and its observation depend on
the type of biometrics device used. This observation gives us a Biometric
Signature of the individual.
A matcher compares the normalized signature with the set (or sub-set) of
normalized signatures on the system's database and provides a Asimilarity score
that compares the individual's normalized signature with each signature in the
database set (or sub-set). What is then done with the similarity scores depends on
the biometric system's application.
Verification – The system verifies the claimed identity of the user by comparing
his/her biometric sample with one specific reference template, which is either
physically presented by the user or pointed to in the database. Verification can
be knowledge-based (e.g. PIN or password) or token-based (e.g. smart card). The
user says, "I am X!" and the system reply with "yes, your are X!" or "no, you are
not X!"
Identification – The system identifies the end user from his/her biometric sample
by associating it with his/her particular reference template based on a database
search among the reference templates of the entire enrolled population. The user
asks, "who am I?" and the system reply with "you are X!" or "you are not an
authorized user".
Fingerprint Scanning
Humans have fingerprints for the exact same reason that tyres have treads. It
helps in better grip and, by a bizarre twist of nature, different people have
entirely different sets of fingerprints, which enables identification. A
fingerprint is made up of ridges and valleys (lines and the gaps separating them)
and it is these ridges and valleys which are scanned to verify the authenticity of
a print. To authenticate a set of prints, a scanner needs to do two things: first,
it needs to get the image of the prints which are to be authenticated, and second,
it needs to actually go about the business of verifying them.
The most commonly used method of scanning is optical scanning. An optical scanner
has a CCD sensor (Charge Coupled Device) similar to the ones used in digital
cameras. There is an array of light sensitive diodes (photosites). When these
diodes come in contact with light, they generate an electrical signal. Every
photosite records a pixel representing the light it came in contact with. An
analogue to digital converter (ADC) system in the scanner processes the electrical
signals to generate digital representations of the image. It is not necessary that
the same kind of light falls on all diodes. So what is generated is a mix of dark
and light areas, which together make up the image. The process begins as soon as
you place your finger on the glass plate. The scanner has its own source of light
(mostly an array of LEDs) which illuminate the finger and the CCD inside takes a
picture of the finger. But it doesn’t just rush off to match it with the images in
the database. It first checks for the integrity of the image in terms of contrast,
sharpness and sheer quality. The system checks the average pixel darkness, or,
might employ a sampling technique and check the overall values in a small sample
area. If the image is too dark or too light, it is rejected.
Exposure settings are then accordingly adjusted and the print rescanned. If the
exposure level is found to be correct, it goes on to check the image definition
(sharpness of the fingerprint). It does so by analysing several straight lines
moving horizontally and vertically across the image. If the definition is good, a
line running perpendicular to the ridges will comprise alternating segments of
light and dark pixels. If this is found to be in order, the scanner proceeds to
comparing the captured fingerprint with those in the database to see if it can
find a match. Matching of prints is a fairly complex process in itself and is far
removed from the super-imposing method commonly shown in films. This is so because
smudging (due to scan surface or oily fingers) can make the same print appear
different in different photos. Also, scanning and matching the entire finger
consumes a lot of processing power. Instead, the scanners compare specific
features of the fingerprint (called minutiae). These points are generally places
where ridge lines end or bifurcation occurs. The idea is to measure the relative
positions of the minutiae; much the same way that people used to navigate in
ancient times by using relative positions of stars in the sky to get their
bearings. Depending on the algorithm, a specific number of minutiae must be
matched for the print to be accepted. Despite the various sums and checks in the
system, fingerprint scanning is not even remotely a foolproof system. If you look
around on the Internet, you will find a truckload of sites giving detailed
instructions on how to go about faking fingerprints! In fact, in a recent study at
Yokohama National University, Japan, scientists easily fooled even the latest
fingerprint systems using fake prints made out of gelatine.
Retinal Scanning
Despite being shown as the absolute cutting edge, retinal scanning is actually
rather old in the chronology of technology innovations and research on this
started way back in the 1930s. For the retina to be scanned, the user looks
through a small hole in the scanning device and focuses on a particular point for
the time period during which, a low intensity light and a CCD analyse the layer of
blood vessels at the back of the eye for matching patterns (akin to fingerprint
checking) and validate or repudiate the persons identity. This technology is still
not in the public domain (unlike fingerprint recognition, which is) and is used
only to secure highly sensitive security areas. Unlike fingerprints, there is
absolutely no known method of replicating a person’s retina and to use a dead
person’s retina is no good as it deteriorates too fast to be of any help.
Iris Scan
Iris Scan, though relating to the eye (like retinal scan) uses a completely
different method of identification. The Iris is the coloured ring surrounding the
pupil. The scan analyses the features that exist in this coloured tissue. Over 200
points can be used for comparison such as the rings, furrows and freckles. The
scan is done with a regular camera and the subject stands about a foot from the
lens (of the camera) so it is a lot more convenient. The Iris pattern is much more
unique than a fingerprint. A statistical analysis puts the probability of two
irises matching at 1 in 10 to the power 78 while the population of humans on earth
is roughly 7 billion that is 7 to the power 9.
Signature verification
Facial Recognition
While fingerprinting and retinal scanning are relatively easy to administer, since
the people going through the process are aware of it and are consenting to subject
themselves to these measures, the main application of facial recognition is in
security wherein the software is expected to pick a face out of, say, thousands of
passengers at the airport, and match it with a database of wanted criminals and
positively state whether or not that face belongs to the guilty party.
To make the computer recognise a face from a picture or a video feed is quite an
achievement in itself, but a bigger achievement is to identify clearly if the face
is that of the wanted man or not. If you look in the mirror, or at a persons face
for that matter, you will notice that every face has certain characteristics and
distinguishable features, which allow us to differentiate between two people. The
equipment used here is not really too fancy or cutting edge, and the brains for
this lie entirely in the software. The software divides the face into 80 nodes,
some of the common ones being distance between eyes, width of nose, and depth of
eye sockets, cheekbones, jaw line, and chin. The system generally needs to match
between 14-25 nodes in order to obtain a positive ID.
Now, obviously, there are a lot of people coming in and out of a place where this
system is set up (stadiums, airports etc). The real challenge is to recognise a
face instantaneously. To facilitate this, a database is created with the help of
an algorithm, which goes through the characteristics of the faces and stores them
as a string of numbers. This string is called a face print. The following are the
broad steps utilised by facial recognition software.
Face Detection: The camera pans around looking for a face. The minute it
encounters a face, it starts scanning it and proceeds to identifying the various
nodes and taking measurements if possible
Detection of Orientation: Once the face is detected, the system determines the
head’s size and position. Generally, a face needs to be around 40 degrees towards
the camera for the system to register and analyse it
Mapping: The facial image is scaled down to the level of the images in the
database and is then rotated and otherwise adjusted to match the formatting of the
images in the database.
Encoding: The algorithm then converts the face into a face print based on the pre-
defined criteria programmed into the algorithm.
Matching: This new data is then used as a filter to sort through the database of
faces at super fast speeds to come up with a match. Since it uses a variety of
nodes, simple alterations of the face will not fool it; however, twins might; so
the system is certainly not infallible.
Voice Recognition
Like fingerprints and face attributes, every person has a unique speech pattern.
Voice recognition works by first storing voice patterns and then using them as a
database to authenticate a subject. Voice recognition is often confused with
speech recognition, which is a technology that converts speech to text and the
conversion software needs to go through extensive training by the user before any
suitable and acceptable results are obtained. Voice recognition works by noting a
person’s voice (physical characteristics of the vocal tract, the harmonic and the
resonant frequencies) and converts it into an audio file which is known as a voice
print. During the creation of a voice print, the subject is asked to choose a
phrase and asked to repeat it. The phrase should be 1 to 1.5 seconds in length
since a smaller phrase provides the system with too little data, and beyond that,
too much data. Both of these conditions result in reduced accuracy. The problem
with voice recognition does not lie in its integrity since it’s near impossible to
fake a voice. The problem lies with the technology we are using to implement it
with. In the confined environs of a test lab, the technology is at par with other
biometric technologies but in the real world tests, it has to contend with
background noise, weather conditions, audio source and the like. Consider these
two scenarios:
First: First, say you need to get inside your house which is “voice-locked”;
meaning it has a voice recognition-based security system. Now, if there is a
traffic jam on the street in front of your house, horns blaring, people screaming,
the system might refuse to authenticate you due to too much background noise (try
using voice dialing in your cell phone in room full of chattering people and
you’ll understand what we are talking about). In fact, it might also fail to
authenticate you if you have a sore throat or are suffering from a old as it
alters your voice (and hence the voice print) quite considerably!
Second: Voice recognition can use any plain audio source, such as telephones, cell
phones, etc., to authenticate the user but herein lies the catch: if you use a
different phone than the type used during registration (creation of voice print in
the database), the system might not authenticate you. This happens because the
voice data that the system receives might vary, due to the use of different
quality microphones. But, despite the limitations, voice recognition does have a
lot going for it. The biggest is the cost saving as you do not need any special
equipment. Any regular microphone will suffice as an input source.
Biometrics is no longer the stuff sci-fi dreams are made of but is here in reality
and lots of products incorporate one or another form of biometric security.
Microsoft recently launched a fingerprint scanner, which is compatible with
Windows XP. This allows you to link your XP account with your fingerprint. So,
instead of entering your password (at the XP logon or at any password websites)
you just need to let it scan your fingerprints. Even laptops from manufacturers
like Fujitsu (S7010) and the Lenovo (previously IBM) T42 and the X-series tablet
PC (costing over Rs 1,00,000) incorporate built in fingerprint recognition systems
and replace the need for you to enter and remember any passwords!
India has not been left behind by the Biometric wave and we do have a few
companies dedicated to Biometrics-based product development.. The Tirupati temple
in Andhra Pradesh has deployed biometrics for crowd control and is also looking
into incorporating it as a security measure.
During the recently concluded elections in Iraq, a system known as the Biometrics
Automated Toolset (BAT) was extensively used to profile the local population. The
BAT system stores a person’s biometric data such as retina scans, fingerprints,
facial data, and links it to names. This was incredibly helpful in, firstly,
ensuring security and integrity of registration and the individual and secondly,
in avoiding duplication as even with the help of an interpreter, names can be
differently or incorrectly spelt.
A pilot project is on in the US where instead of swiping your credit card, you
simply put your thumb in the fingerprint scanner in the ATM. This gets matched to
the thumbprint in their database and the transaction is processed.
Simple, secure and hassle-free... Just what technology should be. The concerns
over biometrics are not without reason. Biometrics can certainly be a powerful
security tool to combat terrorism. In the end it is upto the people to decide
whether the price of losing their anonymity is justified in order to gain the
comfort of security
Border control - A notable example for this is the INSPASS trial in America
where travelers were issued with a card enabling them to use the strategically
based biometric terminals and bypass long immigration queues. There are other
pilot systems operating elsewhere in this respect.
Junior school areas where problems are experienced with children being
either molested or kidnapped.
Problems:
There are significant privacy and civil liberties concerns regarding the use of
devices using biometrics that must be addressed before any widespread deployment.
Briefly there are six major areas of concern:
Storage. How is the data stored, centrally or dispersed? How should scanned
data be retained?
Linking. Will the data gained from scanning be linked with other information
about spending habits, etc.? What limits should be placed on the private use (as
contrasted to government use) of such technology?
There are many views concerning potential biometric applications, some popular
examples being –
ATM machine use - Most of the leading banks are considering using biometrics
for ATM machine and as a general means of combating card fraud.
Internet transactions
Telephone transactions
Using biometric enabled mouse the content of internet can also be limited
for children.
Conclusion:
The increased need of privacy and security in our daily life has given birth to
this new area of science. These devices are here and are present around us
everywhere in the society and are here to stay for a long time to come. Indeed, it
will be interesting to watch the future impact that they will have on our day-to-
day lives ...
Biometrics is a very interesting and exciting field that has been growing
exponentially in recent years (especially 2001). The wide variety of physically
unique traits of our bodies will soon allow us to live in a very secure password-
less world.
References:
www.biometricsinfo.org
www.bioenabletech.com
www.nokey.com
www.biometrix.at
www.axistech.com
www.sjiu.org