BIOMETRIC SYSTEMS

Eliminating the password nightmare….

ABSTRACT
A biometric is defined as a unique, measurable, biological characteristic or trait for
automatically recognizing or verifying the identity of a human being. Statistically
analyzing these biological characteristics has become known as the science of biometrics.
These days, biometric technologies are typically used to analyze human characteristics
for security purposes. Five of the most common physical biometric patterns analyzed for
security purposes are the fingerprint, hand, eye, face, and voice. The use of biometric
characteristics as a means of identification. In this paper we will give a brief overview of
the field of biometrics and summarize some of its advantages, disadvantages, strengths,
limitations, and related privacy concerns. We will also look at how this process has been
refined over time and how it currently works.

INDEX TERMS
Biometrics ,Why biometrics ,Working, Types, Biometrics algorithm, Requirements of the
system, Verification, Identification, Limitations.

INTRODUCTION
Humans have used body characteristics such as face, voice, gait, etc. for thousands of
years to recognize each other. Alphonse Bertillon, chief of the criminal identification
division of the police department in Paris, developed and then practiced the idea of using
a number of body measurements to identify criminals in the mid 19th century. Just as his
idea was gaining popularity, it was obscured by a far more significant and practical
discovery of the distinctiveness of the human fingerprints in the late 19th century. Soon
after this discovery, many major law enforcement departments embraced the idea of first
“booking” the fingerprints of criminals and storing it in a database (actually, a card file).
Later, the leftover (typically, fragmentary) fingerprints (commonly referred to as latents)
at the scene of crime could be “lifted” and matched with fingerprints in the database to
determine the identity of the criminals. Although biometrics emerged from its extensive
use in law enforcement to identify criminals (e.g., illegal aliens, security clearance for
employees for sensitive jobs, fatherhood determination, forensics, positive identification of
convicts and prisoners), it is being increasingly used today to establish person recognition
in a large number of
civilian applications. What biological measurements qualify to be a biometric? Any
human physiological and/or behavioral characteristic can be used as a biometric
characteristic as long as it satisfies the following requirements:
• Universality: each person should have the characteristic;
• Distinctiveness: any two persons should be sufficiently different in terms of the
characteristic;
• Permanence: the characteristic should be sufficiently invariant (with respect to the
matching criterion) over a period of time;
• Collectability: the characteristic can be measured quantitatively. However, in a
practical biometric system (i.e., a system that employs biometrics for personal
recognition)

There are a number of other issues that should be considered, including:

• Performance, which refers to the achievable recognition accuracy and speed, the
resources required to achieve the desired recognition accuracy and speed, as well
as the operational and environmental factors that affect the accuracy and speed;
• Acceptability, which indicates the extent to which people are willing to accept the
use of a particular biometric identifier (characteristic) in their daily lives;
• Circumvention, which reflects how easily the system can be fooled using
fraudulent methods.

A practical biometric system should meet the specified recognition accuracy, speed, and
resource requirements, be harmless to the users, be accepted by the intended population,
and be sufficiently robust to various fraudulent methods and attacks to the system.

WHY BIOMETRICS?

A biometric system is essentially a pattern recognition system which makes a personal

identification by determining the authenticity of a specific physiological or behavioral
characteristic possessed by the user. An important issue in designing a practical system is
to determine how an individual is identified. Depending on the context, a biometric system
can be either a verification (authentication) system or an identification system. There are
two different ways to resolve a person's identity: verification and identification.
Verification (Am I whom I claim I am?) involves confirming or denying a person's
claimed identity. In identification, one has to establish a person's identity (Who am I? ).
Each one of these approaches has its own complexities and could probably be solved best
by a certain biometric systems.

HOW DOES BIOMETRIC PROCESSES WORK?

The concept of biometric identification is simple. The system has some prestored data.
When you approach the system(say a fingerprint scanner),your finger is scanned and
matched with a record of your fingerprints already in its data base. Only when it finds a
match, access is granted. The concept might be simple but the process is quite ingenious.

Fingerprint Matching:

Among all the biometric techniques, fingerprint-based identification is the oldest method
which has been successfully used in numerous applications. Everyone is known to have
unique, immutable fingerprints. A fingerprint is made of a series of ridges and furrows on
the surface of the finger. The uniqueness of a fingerprint can be determined by the pattern
of ridges and furrows as well as the minutiae points. Minutiae points are local ridge
characteristics that occur at either a ridge bifurcation or a ridge ending.

Fingerprint matching techniques can be placed into two categories: minutae-based and
correlation based. Minutiae-based techniques first find minutiae points and then map
their relative placement on the finger. However, there are some difficulties when using
this approach. It is difficult to extract the minutiae points accurately when the fingerprint
is of low quality. Also this method does not take into account the global pattern of ridges
and furrows. The correlation-based method is able to overcome some of the difficulties of
the minutiae-based approach. However, it has some of its own shortcomings.
Correlation-based techniques require the precise location of a registration point and are
affected by image translation and rotation.
Fingerprint matching based on minutiae has problems in matching different sized
(unregistered) minutiae patterns. Local ridge structures can not be completely
characterized by minutiae. We are trying an alternate representation of fingerprints which
will capture more local information and yield a fixed length code for the fingerprint. The
matching will then hopefully become a relatively simple task of calculating the Euclidean
distance will between the two codes.

Face Retrieval:

The face retrieval problem, known as face detection, can be defined as follows: given an
arbitrary black and white, still image, find the location and size of every human face it
contains. There are many applications in which human face detection plays a very
important role: it represents the first step in a fully automatic face recognition system, it
can be used in image database indexing/searching by content, in surveillance systems and
in human-computer interfaces. It also provides insight on how to approach other pattern
recognition problems involving deformable textured objects. At the same time, it is one of
the harder problems in pattern recognition.
Hand Geometry:

This approach uses the geometric shape of the hand for authenticating a user's identity.
Authentication of identity using hand geometry is an interesting problem. Individual hand
features are not descriptive enough for identification. However, it is possible to devise a
method by combining various individual features to attain robust verification.

Hand Geometry vs Fingerprints:

Unlike fingerprints, the human hand isn't unique. One can use finger length, thickness,
and curvature for the purposes of verification but not for identification. For some kinds of
access control like immigration and border control, invasive biometrics (eg., fingerprints)
may not be desirable as they infringe on privacy. In such situations it is desirable to have
a biometric system that is sufficient for verification. As hand geometry is not distinctive,
it is the ideal choice. Furthermore, hand geometry data is easier to collect. With
fingerprint collection good frictional skin is required by imaging systems, and with retina-
based recognition systems, special lighting is necessary. Additionally, hand geometry
can be easily combined with other biometrics, namely fingerprint. One can envision a
system where fingerprints are used for (infrequent) identification and hand geometry is
used for (frequent) verification

A Multimodal Biometric System Using Fingerprint, Face, and Speech:

A biometric system which relies only on a single biometric identifier in making a personal
identification is often not able to meet the desired performance requirements.
Identification based on multiple biometrics represents an emerging trend. We introduce a
multimodal biometric system, which integrates face recognition, fingerprint verification,
and speaker verification in making a personal identification. This system takes advantage
of the capabilities of each individual biometric. It can be used to overcome some of the
limitations of a single biometrics. Preliminary experimental results demonstrate that the
identity established by such an integrated system is more reliable than the identity
established by a face recognition system, a fingerprint verification system, and a speaker
verification system.
Retina and iris scanning:

Retina scanning, the rage of the 1970s and 1980s, has fallen into disfavor in recent years.
The TV series, Mission Impossible, romanticized the use of retina scanning, but in realty,
the technology is very intrusive. Retina scanning relies on the fact that the retina pattern
of the human eye is unique from individual to individual. In fact, the retina pattern of each
eye is unique. The problem with retina scanning is that it requires a light to be shone to
the back of the eye where the retina is located. As stated, this is an intrusive type of
technology, and users are generally not receptive to it. Consequently, retina scanning
applications are often limited to military and high security applications.
Iris scanning, a relatively newer form of eye geometry technology, is significantly less
intrusive. This technology relies on the fact that the iris pattern of each eye is unique.
Because the iris is found in the front of the eye, iris scanning is relatively non-intrusive
because the iris pattern can be picked up from a distance of up to two feet away.
Examples of applications include replacing passwords for logging onto networks, security
cards for opening doors, PINs for ATMs, and the like. In essence, any time some form of
password or a key is required, iris scanning can be used instead. The cost per system is
still currently high, but like all computer applications, cost will drop drastically and
quickly.

BIOMETRIC SYSTEN ALGORITHM

A biometric system is essentially a pattern recognition system that operates by acquiring

biometric data from an individual, extracting a feature set from the acquired data, and
comparing this feature set against the template set in the database. Depending on the
application context, a biometric system may operate either in verification mode or
identification mode:
• In the verification mode, the system validates a person’s identity by comparing the
captured biometric data with her own biometric template(s) stored system
database. In such a system, an individual who desires to be recognized claims an
identity, usually via a PIN (Personal Identification Number), a user name, a smart
card, etc., and the system conducts a one-toone comparison to determine whether
the claim is true or not. Identity verification is typically used for positive
recognition, where the aim is to prevent multiple people from using the same
identity [26].
• In the identification mode, the system recognizes an individual by searching the
templates of all the users in the database for a match. Therefore, the system
conducts a one-to-many comparison to establish an individual’s identity (or fails if
the subject is not enrolled in the system database) without the subject having to
claim an identity. Identification is a critical component in negative recognition
applications where the system establishes whether the person is who she
(implicitly or explicitly) denies to be. The purpose of negative recognition is to
prevent a single person from using multiple identities [26]. Identification may also
be used in positive recognition for convenience (the user is not required to claim
an identity). While traditional methods of personal recognition such as passwords,
PINs, keys, and tokens may work for positive recognition, negative recognition can
only be established through biometrics.
The term recognition does not make a distinction between verification and identification.
The block diagrams of a verification system and an identification system are depicted in
Figure 1; user enrollment, which is common to both the tasks is also graphically
illustrated.
Figure 1. Block diagrams of enrollment, verification and identification tasks are shown using the four main
modules of
a biometric system, i.e., sensor, feature extraction, matcher, and system database.

The verification problem may be formally posed as follows: given an input feature vector
XQ (extracted from the biometric data) and a claimed identity I, determine if (I, XQ)
belongs to class w1 or w2, where w1 indicates that the claim is true (a genuine user) and w2
indicates that the claim is false (an impostor). Typically, XQ is matched against XI, the
biometric template corresponding to user I, to determine its category. Thus,
(I,XQ) ∈ (W1) ,if S(XQ,XI) ≥ t
∈ (W2), otherwise
where S is the function that measures the similarity between feature vectors XQ and XI,
and t is a predefined threshold. The value S(XQ, XI) is termed as a similarity or matching
score between the biometric measurements of the user and the claimed identity. Therefore,
every claimed identity is classified into w1 or w2 based on the variables XQ, I, XI and t, and
the function S. Note that biometric measurements (e.g., fingerprints) of the same
individual taken at different times are almost never identical. This is the reason for
introducing the threshold t. The identification problem, on the other hand, may be stated
as follows: given an input feature vector XQ, determine the identity Ik, k
∈{1,2,...N,N+1} Here I1 ,I2….IN are the identities enrolled in the system and IN+1
indicates the reject case where no suitable identity can be determined for the user. Hence,
XQ ∈ (Ik, ,if max {(XQ, X I k)} ≥t, k =1,2,3…….N,
∈ (IN+1, otherwise,
where X I k is the biometric template corresponding to identity Ik, and t is a predefined
threshold.

A biometric system is designed using the following four main modules (see Figure 1):
1. Sensor module, which captures the biometric data of an individual. An example is a
Fingerprint sensor that images the ridge and valley structure of a user’s finger.
2. Feature extraction module, in which the acquired biometric data is processed to
extract a set of salient or discriminatory features. For example, the position and
orientation of minutiae points (local ridge and valley singularities) in a fingerprint image
are extracted in the feature extraction module of a fingerprint-based biometric system.
3. Matcher module, in which the features during recognition are compared against the
stored templates to generate matching scores. For example, in the matching module of a
Fingerprint-based biometric system, the number of matching minutiae between the input
and the template fingerprint images is determined and a matching score is reported. The
matcher module also encapsulates a decision making module, in which a user's claimed
identity is confirmed (verification) or a user’s identity is established (identification) based
on the matching score.
4. System database module, which is used by the biometric system to store the biometric
templates of the enrolled users. The enrollment module is responsible for enrolling
individuals into the biometric system database. During the enrollment phase, the
biometric characteristic of an individual is first scanned by a biometric reader to produce
a digital representation (feature values) of the characteristic. The data capture during the
enrollment process may or may not be supervised by a human depending on the
application. A quality check is generally performed to ensure that the acquired sample
can be reliably processed by successive stages. In order to facilitate matching, the input
digital representation is further processed by a feature extractor to generate a compact
but expressive representation, called a template. Depending on the application, the
template may be stored in the central database of the biometric system or be recorded on
a smart card issued to the individual. Usually, multiple templates of an individual are
stored to account for variations observed in the biometric trait and the templates in the
database may be updated over time.

System requirements
The objective of the Biometric Encryption algorithm is to provide a mechanism for the
linking and subsequent retrieval of a digital key using a biometric such as a fingerprint.
This digital key can then be used as a cryptographic key. The important system
requirements that apply to a key retrieval system using a fingerprint are distortion
tolerance, discrimination and security.

• Distortion tolerance is the ability of the system to accommodate the day-to-day

distortions of the fingerprint image. These distortions are due to behavioral
changes (positioning, rotation, and deformation), as well as environmental
(ambient temperature and humidity) and physiological (moisture content)
conditions. A key retrieval system must be able to consistently produce the correct
key for the different expected versions of a legitimate user’s fingerprint.

• Discrimination is the ability of a system to distinguish between all of the system

users’ fingerprints. An attacker should produce an incorrect key when the
attacker’s fingerprint is combined with a legitimate user’s filter.
Security of the system means that neither the digital key, nor the legitimate user’s
fingerprint, can be independently extracted from any stored information.

THE APPLICATIONS OF BIOMETRIC SYSTEMS

The applications of biometrics can be divided into the following three main groups:
• Commercial applications such as computer network login, electronic data security,
ecommerce, Internet access, ATM, credit card, physical access control, cellular phone,
PDA, medical records management, distance learning, etc.
• Government applications such as national ID card, correctional facility, driver’s
license, social security, welfare-disbursement, border control, passport control, etc.
• Forensic applications such as criminal investigation, terrorist identification, parenthood
determination, missing children, etc. Traditionally, commercial applications have used
knowledge-based systems (e.g., PINs and passwords), government applications have used
token-based systems (e.g., ID cards and badges), and forensic applications have relied on
human experts to match biometric features.

a)
b) c)

d)
 e) f) g)

The examples described above: -

a) The Immigration and Naturalization Service Accelerated Service System (INSPASS),
which is installed at major airports in the U.S., is based on hand geometry verification
b) Fingerprint-based door. Used to restrict access to premises.
c) A fingerprint verification system is used for computer and network.
d) The Express Card entry kiosks fitted with hand geometry systems for security and
immigration shows technology developed by Recognition Systems, Inc. and significantly
reduces the immigration processing time.
e) A border passage system using iris recognition.
f) The Face Pass system is used in POS verification applications like ATMs, therefore,
obviating the need for PINs.
g) The Identix Touch Clock fingerprint system is used in time and attendance applications.

LIMITATIONS OF BIOMETRIC SYSTEMS

The successful installation of biometric systems in various civilian applications does not
imply that biometrics is a fully solved problem. It is clear that there is plenty of scope for
improvement in biometrics. Biometric systems that operate using any single biometric
characteristic have the following limitations:

1. Noise in sensed data: The sensed data might be noisy or distorted. A fingerprint with a
scar, or a voice altered by cold are examples of noisy data. Noisy data could also be the
result of defective or improperly maintained sensors (e.g., accumulation of dirt on a
fingerprint sensor) or poor illumination of a user's face in a face recognition system.

2. Intra-class variations: This variation is typically caused by a user who is incorrectly

interacting with the sensor or when sensor characteristics are modified during the
verification phase.

3. Distinctiveness: While a biometric trait is expected to vary significantly across

individuals, there may be large inter-class similarities in the feature sets used to represent
these traits. This limitation restricts the discriminability provided by the biometric trait.
Thus, every biometric trait has some theoretical upper bound in terms of its
discrimination capability.
4. Non-universality: While every user is expected to possess the biometric trait being
acquired, in reality it is possible for a user to not possess a particular biometric. A
fingerprint biometric system, for example, may be unable to extract features from the
fingerprints of certain individuals, due to the poor quality of the ridges. It has been
estimated that as much as 4% of the population may have poor quality fingerprint ridges
that are difficult to image with the currently available fingerprint sensor system.

5. Spoof attacks: This type of attack is especially relevant when behavioral traits such as
signature and voice are used .It has been demonstrated that it is possible to construct
artificial fingers/fingerprints in a reasonable amount of time to circumvent a fingerprint
verification system.

CONCLUSION / SUMMARY
Biometric Encryption System is an algorithm for the linking and retrieval of digital keys,
which can be used as a method for the secure management of cryptographic keys. The
cryptographic key is generated independently from the Biometric Encryption algorithm
and can be updated periodically via a re-enrollment procedure. The convenience and
security provided by Biometric Encryption will undoubtedly help to promote more
widespread use of cryptographic systems. As biometric technology matures, there will be
an increasing interaction among the market, technology, and the applications. This
interaction will be influenced by the added value of the technology, user acceptance, and
the credibility of the service provider. It is too early to predict where and how biometric
technology would evolve and get embedded in which applications. But it is certain that
biometric-based recognition will have a profound influence on the way we conduct our
daily business.

REFERENCES
1. Albert Bodo, “Method for producing a digital signature with aid of a biometric
feature”, German patent DE 42 43 908 A1, (1994).
2. J.W. Goodman, Introduction to Fourier Optics, McGraw-Hill, (1968).
3. W.B. Hahn, Jr., and K.A. Bauchert, “Optical correlation algorithm development
for the Transfer of Optical Processing to Systems (TOPS) program”, Proc. SPIE
1959, 48-54, (1993).
4. Manfred Bromba(www.bromba.com)
5. P.J. Philips, P. Grother, R. J. Micheals, D. M. Blackburn, E. Tabassi, and J. M.
Bone, “FRVT 2002: Overview and Summary”, available from
http://www.frvt.org/FRVT2002/documents.htm