BIOMETRICS is the measurement of biological data. The term biometrics is commonly used today to refer to the authentication of a person by analyzing physical characteristics, such as fingerprints, or behavioral characteristics, such as signatures. Since many physical and behavioral characteristics are unique to an individual, biometrics provides a more reliable system of authentication than ID cards, keys, passwords, or other traditional systems. The word biometrics comes
from two Greek words and means life measure.
Any characteristic can be used as a biometric identifier if (1) every person possesses the characteristic, (2) it varies from person to person, (3) its properties do not change considerably over time, and (4) it can be measured manually or automatically. Physical characteristics commonly used in biometric authentication include face, fingerprints, handprints, eyes, and voice. Biometric authentication can be used to control the security of computer networks, electronic commerce and banking transactions, and restricted areas in office buildings and factories. It can help prevent fraud by verifying identities of voters and holders of driver's license or visas.
In authentication, a sensor captures a digital image of the characteristic being used to verify the user's identity. A computer program extracts a pattern of distinguishing features from the digital image. Another program compares this pattern with the one representing the user that was recorded earlier and stored in the system database. If the patterns match well enough, the biometric system will conclude that the person is who he or she claims to be.
Human Genome Project, international scientific collaboration that seeks to understand the entire genetic blueprint of a human being . This genetic information is found in each cell of the body, encoded in the chemical deoxyribonucleic acid (DNA). Through a process known as sequencing, the Human Genome Project has so far identified nearly all of the estimated 31,000 genes (the basic units of heredity) in the nucleus of a human cell. The project has also mapped the location of these genes on the 23 pairs of human chromosomes, the structures containing the genes in the cell’s nucleus.
The data derived from mapping and sequencing the human genome will help scientists’ associate specific human traits and inherited diseases with particular genes at precise locations on the chromosomes. This advance will help provide an unparalleled understanding of the fundamental organization of human genes and chromosomes. Many scientists believe that the Human Genome Project has the potential to revolutionize both therapeutic and preventive medicine by providing insights into the basic biochemical processes that underlie many human diseases.
The idea of undertaking a coordinated study of the human genome arose from a series of scientific conferences held between 1985 and 1987. The Human Genome Many nations have official human genome research programs as part of this collaboration, including the United Kingdom, France, Germany, and Japan. In a separate project intended to speed up the sequencing process and commercialize the results, Celera Genomics, a privately funded biotechnology company, used a different method to assemble the sequence of the human genome. Both the public consortium and Celera Genomics completed the first phase of the project, and they each published a draft of the human genome simultaneously, although in separate journals, in February 2001.
2. Deoxyribonucleic Acid
Deoxyribonucleic Acid (DNA), genetic material of all cellular organisms and most viruses. DNA carries the information needed to direct protein synthesis and replication. Protein synthesis is the production of the proteins needed by the cell or virus for its activities and development. Replication is the process by which DNA copies itself for each descendant cell or virus, passing on the information needed for protein synthesis. In most cellular organisms, DNA is organized on chromosomes located in the nucleus of the cell.
2.1 Structure of Deoxyribonucleic Acid
A molecule of DNA consists of two chains, strands composed of a large number of chemical compounds, called nucleotides, linked together to form a chain. These chains are arranged like a ladder that has been twisted into the shape of a winding staircase, called a double helix. Each nucleotide consists of three units: a sugar molecule called deoxyribose, a phosphate group, and one of four different nitrogen-containing compounds called bases. The four bases are adenine (A), guanine (G), thymine (T), and cytosine (C). The deoxyribose molecule occupies the center position in the nucleotide, flanked by a phosphate group on one side and a base on the other. The phosphate group of each nucleotide is also linked to the deoxyribose of the adjacent nucleotide in the chain. These linked deoxyribose-phosphate subunits form the parallel side rails of the ladder. The bases face inward toward each other, forming the rungs of the ladder.
The nucleotides in one DNA strand have a specific association with the corresponding nucleotides in the other DNA strand. Because of the chemical affinity of the bases, nucleotides containing adenine are always paired with nucleotides containing thymine, and nucleotides containing cytosine are always paired with nucleotides containing guanine. The complementary bases are joined to each other by weak chemical bonds called hydrogen bonds.
In 1953 American biochemist James D. Watson and British biophysicist Francis Crick published the first description of the structure of DNA. Their model proved to be so important for the understanding of protein synthesis, DNA replication, and mutation that they were awarded the 1962 Nobel Prize for physiology or medicine for their work.
2.2 THE STRUCTURE OF DNA
The most important component of a chromosome is the single continuous molecule of DNA. This double-stranded molecule, shaped like a twisted ladder, is composed of linked chemical compounds known as nucleotides. Each nucleotide consists of three parts: a sugar known as deoxyribose, a phosphate compound, and any one of four bases—adenine, thymine, guanine, or cytosine. These parts are linked together so that the sugar and the phosphate form the two parallel sides of the DNA ladder. The bases from each side join in pairs to form the rungs of the ladder—specifically, adenine always pairs with thymine, and guanine always pairs with cytosine.
The genetic code is specified by the order of adenines, thymines, guanines, and cytosines in the DNA ladder. A particular section of the DNA ladder usually has a unique sequence of base pairs. Because a gene is merely one of these sections of the DNA ladder, it too possesses a unique sequence of base pairs, and this sequence can be used to distinguish the gene from other genes and to map its location on the chromosome.
3. HISTORY of Biometrics
People have long recognized that some personal traits are distinct to each individual and have long identified the basis of their physical characteristics. Such recognition is not limited to faces. For example, friends or relatives talking on the telephone recognize one another’s voices. Scientists know from a number of archaeological artifacts that ancient civilizations, such as those of Babylonia and China, recognized the individuality of fingerprint impressions. Even today, in countries such as India, where a large segment of the population is illiterate and cannot sign their names, thumbprint impression is considered a legal signature.
In 1882 Alphonse Bertillon, chief of the criminal identification division of the police department in Paris, France, developed a detailed method of identification based on certain bodily measurements, physical descriptions, and photographs. The Bertillon System of Anthropometric Identification gained wide acceptance before fingerprint identification superseded it.
Biometric characteristics such as signatures, fingerprints, and DNA samples have legal status throughout the world. In most countries these characteristics can be used as evidence in a court of law to establish proof of identity. Researchers have developed elaborate systems of rules, based on indexing of characteristics, for the appropriate use of these biometrics in establishing identity. These rules are used to help decide whether a pair of biometric measurements belongs to the same person and for determining whether a particular person is already included in a biometric database.
Cost of implementation is the single most important factor in the widespread adoption of biometrics. Some biometric sensors, such as microphones for speech input, are already inexpensive. Other types of sensors, such as digital cameras for facial imaging, are becoming more common. Still others, such as fingerprint sensors, remain extremely expensive. The cost of storing biometric templates and of the computing power required to process and match biometric measurements continues to decrease with advances in technology. Another factor that could affect the adoption of biometrics is the negative perception of biometrics as related to privacy. If that negative perception diminishes sufficiently, the public may accept biometrics as an effective means of privacy protection and as a means of protection from fraud.
3.1 INTRODUCTION OF BIOMATRICS
Biometrics, automatic methods for identifying a person on the basis of some biological or behavioral characteristic of the person. Many biological characteristics, such as fingerprints, and behavioral characteristics, such as voice patterns, are distinctive to each person. Therefore, biometrics is more reliable and more capable in distinguishing between a specific individual and an impostor than any technique based on an identification (ID) document or a password. The word biometrics comes from the Greek bios (life) and metrikos (measure).
In computer technology, biometrics relates to identity-confirmation and security techniques that rely on measurable, individual biological characteristics. For example, fingerprints, handprints, or voice patterns might be used to enable access to a computer, to a room, or to an electronic commerce account. In general, there are three levels of computer security schemes. Level 1 relies on something a person carries, such as an ID badge with a photograph or a computer cardkey. Level 2 relies on something a person knows, such as a password or a code number. Level 3, the highest level, relies on something that is a part of a person’s biological makeup or behavior, such as a fingerprint, a facial image, or a signature.
There are a number of simple, widely available means of personal identification, including photo ID cards and secret passwords. While these simple means of identification work most of the time, they may be compromised easily. For example, ID cards may be lost, stolen, or copied. Similarly, passwords or personal identification numbers (PINs) may be forgotten or guessed by others. However, biometric systems provide automatic personal identification on the basis of a physical or behavioral feature that is distinctive to each individual.
The concept of biometrics probably began with the human use of facial features to identify other people. Modern biometrics, however, started in the 1880s when Alphonse Bertillon, chief of the criminal identification division of the police department in Paris, France, developed a method of identification based on a number of bodily measurements (see Bertillon System). One of the most well-known biometric characteristics is the fingerprint. British scientist Sir Francis Galton proposed the use of fingerprints for identification purposes in the late 19th century. He wrote a detailed study of fingerprints in which he presented a new classification system using prints of all ten fingers, which is the basis of identification systems still in use. British police official Sir Richard Edward Henry introduced fingerprinting in the 1890s as a means of identifying criminals (see Crime Detection). Automatic fingerprint-based identification systems have been commercially available since the early 1960s. Until the 1990s these systems were used primarily by the police and in certain security applications.
3.2 DESIGN OF A BIOMETRIC SYSTEM
Automatic personal identification is the process by which a biometric system associates a particular person with a specific identity. Identification may be in the form of verification or recognition. In verification the system authenticates a claimed identity. In other words, the system verifies a claim that a person is who he or she says he or she is. In recognition the system determines the identity of a given person from a database of persons known to it. In other words, the system determines who the person is without that person specifying a name.
It is easier to design a biometric system for verification than for recognition. A verification system authenticates a person’s claimed identity by comparing the particular biometric characteristic being used for identification against biometric measurements of the claimed identity that have been previously stored in the system. For example, a thumbprint from a person claiming to be a particular individual is compared against a stored thumbprint from that particular individual. In a recognition system, the biometric characteristic being used is compared against the corresponding biometric measurements of all identities stored in the system. For example, a thumbprint from a person who wishes to enter a secured room is compared against the thumbprints of all persons who are authorized to enter the room.
A biometric system is essentially a pattern-recognition system that makes personal identification possible. It does so by establishing the authenticity of a specific biological or behavioral characteristic of the user, that is, the person who is being identified. Logically, a biometric system may be divided into two distinct units, or modules: an enrollment module and an identification module.
The enrollment module equips the system to identify a given person. During enrollment, a biometric sensor scans a characteristic of the user to acquire a digital representation of the characteristic, such as a digital image of the person’s face. A computer program known as a feature extractor then processes the digital representation to generate a more compact representation called a template. With a facial image, for example, the template of features may include the size and relative positions of the eyes, nose, and mouth. The template for each user is stored in the system’s database or recorded on a smart card, which is a small plastic card containing a microchip that can store personal data. If the template is recorded on a smart card, the card is issued to the user. To be identified as the true user, the cardholder must match the characteristic recorded on the card.
The identification module recognizes the person. During identification, the biometric sensor scans the characteristic of the person to be identified and converts it into the same digital format as the template. The sensor also inputs the resulting representation into a feature matcher, another computer program. The feature matcher compares the representation against the template. A verification system will conclude that the person is correctly identified when the scanned characteristic and the stored template for the claimed identity are the same. Otherwise it will reject the person. A recognition system will assign the user the identity associated with the correctly matched template when the scanned characteristic and a characteristic on a stored template are the same. However, if the scanned characteristic does not match any stored template, the system will reject the person.
A biometric system may not always make an accurate identification. Errors occur because variations are present in any biometric characteristic. For example, a facial image may change with a different hairstyle, the presence or absence of eyeglasses, or some cosmetic change. A biometric system can establish an identity only to a certain level of accuracy.
As an example, assume that a person is a user of a verification system and that the person claims to be “Alice,” who is already enrolled in the system. The system either will accept that the person is Alice or will reject the person as an impostor. In either case, the system may be correct or it may be incorrect. That is to say, for each type of identification, there are two possible outcomes: true or false. Therefore, the verification process has four possible outcomes: true accept, where a genuine individual is accepted; true reject, where an impostor is rejected; false accept, where an impostor is accepted; or false reject, where a genuine individual is rejected. Outcomes of true accept and true reject are correct, whereas outcomes of false accept and false reject are incorrect.
The performance of a biometric system may be characterized by assessing how frequently the system commits errors of false acceptance and false rejection. For this purpose system designers and assessors use two numbers: false acceptance rate (FAR) and false rejection rate (FRR). The FAR is the probability that the system accepts an impostor as a genuine individual. The FRR is the probability that the system rejects a genuine individual as an impostor. Ideally, a biometric system should have extremely low values for both FAR and FRR. In practice, however, a smaller FRR usually means a larger FAR, while a smaller FAR usually means a larger FRR. Biometric systems designed for high-security access applications, where concerns about break-in are great, operate at a small FAR. As a result, the number of people who are falsely rejected is greater in these systems. Biometric systems designed for police applications operate at a high FAR. In these applications, the desire to catch a criminal outweighs the inconvenience of investigating a large number of falsely identified individuals.
3.3 HOW BIOMETRIC SYSTEMS WORK
Understanding how a biometric system works requires some knowledge of which human characteristics are suitable for personal identification. An ideal biometric characteristic should be universal, unique, permanent, and collectable. A characteristic is universal when every person possesses it. A characteristic is unique when no two persons share exactly the same manifestation of the characteristic. A permanent characteristic is one that does not change and cannot be altered. A collectable characteristic is one that a sensor can easily measure.
In practice, a characteristic that satisfies all the above requirements may not always be usable for a practical biometric system. The designer of a practical biometric system must also consider other issues, such as performance, accuracy, speed, and cost. Two other issues that must be considered are acceptability—the extent to which people are willing to accept a particular biometric identifier in their daily lives—and circumvention—how easy it is to fool the system through fraud.
At the start of the 21st century a multitude of biometric techniques were either in use or under investigation. These techniques included recognition of facial features, fingerprints, hand geometry, eye structures, signatures (Graphology), and voice patterns. Deoxyribonucleic acid (DNA) is one of the most unique biometrics (see DNA fingerprinting), but the process of acquisition limits its use in many applications. To acquire DNA, a sample of hair, skin, blood, or other body tissue must be taken. Sampling such as this is likely to be an invasive process for the person being sampled, and the process is easily contaminated. Furthermore, DNA processing and matching systems require expensive computer resources.
3.3.1 Facial Recognition
The most familiar biometric technique is facial recognition. Human beings use facial recognition all the time to identify other people. As a result, in the field of biometrics, facial recognition is one of the most active areas of research. Applications of this research range from the design of systems that identify people from still-photograph images of their faces to the design of systems that recognize active and changing facial images against a cluttered background. More advanced systems can recognize a particular individual in a videotape or a movie.
Researchers base the patterns used for facial recognition on both specific and general features. The specific features include the location and shape of facial attributes such as the eyes, eyebrows, nose, lips, and chin. More generally, they employ an overall analysis of the facial image and a breakdown of the image into a number of component images. Researchers are unsure whether the face itself, without any additional information, is sufficient for the accurate recognition of one person in a large group of people. Some facial recognition systems impose restrictions on how the facial images are obtained, sometimes requiring a simple background or special lighting.
3.3.2 Fingerprint Identification
Human beings have used fingerprints for personal identification for centuries, and they have used them for criminal investigations for more than 100 years. The validity of fingerprints as a basis for personal identification is thus well established.
A fingerprint is the pattern of ridges and furrows on the surface of a fingertip. No two persons have exactly the same arrangement of patterns, and the patterns of any one individual remain unchanged throughout life. Fingerprints are so distinct that even the prints of identical twins are different. The prints on each finger of the same person are also different.
The level of detail in fingerprint images scanned into a biometric system depends on several factors. They include the amount of pressure applied to the fingertip during image scanning, the presence of any cuts or other deformities on the fingertip, and the dryness of the skin. Therefore, any unusual or prominent features on a fingertip, the endings of the fingerprint ridges, and ridge bifurcations, or branches—collectively known as minutiae—are all used in a biometric system based on fingerprint identification.
The development of solid-state sensors for fingerprint scanning may soon make the cost of incorporating a fingerprint-based biometric device affordable in many applications, such as laptop computers and cellular telephones. Consequently, researchers expect fingerprint identification to be the leading biometric technique in the near future. One problem with fingerprint technology is its acceptability in society, because fingerprints have traditionally been associated with criminal investigations and police work. Another problem is that the fingerprints of a small fraction of the population may be unsuitable for automatic identification because the prints may be deformed as a result of aging, some genetic condition, or environmental reasons
3.3.3 Hand Geometry
A variety of measurements of the human hand can be used as biometric characteristics. These include hand shape, the lengths and widths of the fingers, and the overall size of the hand. Biometric devices based on hand geometry have been installed at many locations around the world. Hand-reader systems are used at some prisons in the United States and the United Kingdom to track the movement of inmates. The United States Immigration and Naturalization Service uses hand-reader systems at several major U.S. airports for the rapid admittance of frequent foreign travelers into the United States. The hand-geometry technique is simple, relatively easy to use, and inexpensive. The main disadvantage of this technique is that it does not distinguish well between the hands of different people. In other words, the system can easily determine if a particular hand shape belongs to a specified individual but cannot reliably determine if a particular hand shape belongs to one of several individuals. Hand geometry information may vary over the lifespan of an individual, especially during childhood, when rapid growth can drastically change hand geometry. In addition, the presence of jewelry or limited dexterity as a result of arthritis may make it difficult for a system to extract correct hand geometry information. Biometric systems based on hand geometry are large in size, so they cannot be used in applications with limited space, such as laptop computers.
3.3.4 Retinal Pattern Recognition
The retina is the innermost layer of the eye. The pattern formed by veins beneath the surface of the retina is unique to each individual. This pattern is a reliable biometric characteristic.
Researchers acquire digital images of retinal patterns by projecting a low-intensity beam of visible or infrared light into a person’s eye and scanning an image of the retina. For a fixed portion of the retina to be used for identification, the person undergoing the scan must gaze into an eyepiece and focus on a predetermined spot. The amount of user cooperation required for a retinal scan makes this technique unacceptable in many applications. On the other hand, a large number of biometric devices based on retinal scans have been installed in prisons and other highly secure environments. The primary disadvantage of this biometric technique is that retinal scanners are expensive.
3.3.5 Iris-Based Identification
The iris is the colored part of the eye. It lies at the front of the eye, surrounding the pupil. Each iris is unique, and even irises of identical twins are different. The complex structure of the iris carries distinctive information that is useful for identification of individuals. Early results of research on the accuracy and speed of iris-based identification have been extremely promising. These results indicate that it is feasible to develop a large-scale recognition system using iris information. Furthermore, the iris is more readily imaged than the retina.
3.3.6 Signature Recognition
Each person has a unique style of handwriting and, therefore, a unique signature. One problem with signature recognition is that the signature of a particular individual may vary somewhat. Despite the variations, researchers have designed a few successful systems for signature-based authentication. Biometric devices based on signature verification are reasonably accurate, but not accurate enough to recognize specific individuals in a large population. However, signature verification is reliable enough to be used in place of a PIN in accessing automated teller machines (ATMs).
There are two approaches to identification based on signature verification: static and dynamic. Static signature verification uses only the geometric (shape) features of a signature, such as the degree of slant, breadth and height of letters, and space between lines, letters, and words. Dynamic signature verification uses both geometric features and dynamic features, such as the speed a person writes and the pressure of the writing implement. Dynamic verification requires a special pen. It is resistant to forgery, as it is virtually impossible for a forger to replicate both the shape of a signature and the speed and pressure with which another person signs his or her name. An inherent advantage of a signature-verification system is that the signature is already an acceptable form of personal identification. It can therefore be incorporated easily into existing business processes, such as credit card transactions.
3.3.7 Voice Recognition
Like signature, speech is mostly a behavioral characteristic. However, speech has some biological aspects that make speech characteristics similar for all people. These similarities are due to the relatively similar shape and size of individuals’ vocal tracts, mouths, nasal cavities, and lips, all of which help produce the sounds of speech. The speech of a specific individual is distinctive but may not contain sufficient information to be of value in large-scale recognition.
Voice recognition is based on either a text-dependent speech input or a text-independent speech input. A text-dependent system verifies the identity of an individual on the basis of the utterance of a fixed predetermined phrase, such as the person’s name. A text-independent system verifies the identity of a speaker regardless of what he or she says. Text-independent voice recognition is more difficult than text-dependent verification but offers more protection against fraud. Speech-based features are sensitive to factors such as background noise and the emotional and physical state of the speaker. In addition, some people are extraordinarily skilled at mimicking other people’s voices. This popular perception of the vulnerability of voice recognition may be a reason why speech-based authentication is not widely used in high-security applications.
4. CHOICE OF TECHNIQUES
All the biometric techniques discussed above have advantages and disadvantages. The choice of a particular technique depends heavily on the application. For example, access to a nuclear power plant may require a biometric system with an FAR of 0.001 percent (one impostor admitted in 100,000 attempts) and an FRR of 0.1 percent (one valid user rejected in 1,000 attempts). Current voice-recognition systems cannot provide this level of accuracy. However, in an application to provide security for a telephone account, a voice-recognition system is preferred. Such a biometric system can be easily integrated into the existing telephone system, as speech sensors are already available in telephones.
5. APPLICATIONS AND PRIVACY ISSUES
Biometrics is a rapidly evolving technology that is widely used in law-enforcement applications such as the identification of criminals and the maintenance of security in prisons. Outside of law enforcement there are many areas where biometrics can improve security and prevent fraud, such as in ATMs and driver licensing. However, there are privacy concerns for citizens in terms of how, and by whom, their biological and behavioral characteristics are monitored or used.
Many private companies and government agencies are seriously considering biometrics for adoption in a broad range of applications outside of law enforcement. It is estimated that losses due to identity fraud in welfare disbursements, credit card transactions, cellular telephone calls, and ATM withdrawals total over $6 billion every year. For this reason, various organizations are adopting automated systems for identity authentication to improve customer satisfaction, increase cost savings, and improve operating efficiency. ATMs are a good example of the need for better identity authentication. At present an ATM identifies a person as a client after the person inserts an ATM card into the machine and enters a personal identification number (PIN). This method of identification has its drawbacks. According to researchers, about one-fourth of bank customers apparently write their PIN on their ATM card, thus defeating the protection offered by a PIN when an ATM card is stolen.
Electronic commerce and electronic banking are two of the most important areas where applications of biometrics have emerged. Advances in the technology used for electronic transactions have opened these areas to biometrics. Applications include electronic fund transfers, ATM security, check cashing, credit card security, smart-card security, and online transactions.
Security for information systems and computer networks is another important area for biometric applications. Access to databases by means of remote login is another. Some experts anticipate that more and more information systems, computer networks, and World Wide Web sites will use biometrics to control access and for other security purposes.
Several leading automobile manufacturers are exploring the use of biometrics to enable an authorized driver to enter and start a car without using a key. Technologies considered for this purpose include facial recognition, fingerprint identification, and voice recognition.
Various government agencies have considered using biometrics. In benefits distribution programs such as welfare disbursement, biometrics could bring about substantial savings by deterring the same person from filing multiple claims. Personal identification based on hand geometry could permit faster processing of passengers at immigration checkpoints. Biometric-based voter registration and driver licensing could prevent fraud in those processes.
5.2 Privacy Issues
Many people perceive biometric-based technology as dehumanizing and as a threat to the privacy of individuals. As identification systems become more and more foolproof, the very process of getting identified leaves behind trails of private information. Something as simple as buying an item on the Internet generates information about where a person shops and what that person buys. With biometric-based identification systems, the issue of privacy becomes more serious because biometric characteristics may provide additional information about the medical history of an individual. For example, retinal patterns may provide information about diabetes or high blood pressure in an individual. More importantly, people fear that biometric identifiers could be used for linking personal information across different systems or databases.
Conversely, biometrics could be one of the most effective means for protecting individual privacy. For instance, a biometric-based patient information system can reliably ensure that access to medical records is available only to the patient and authorized medical personnel. Nevertheless, many people are uneasy about the use of their personal biological characteristics in corporate or government identification systems. Companies and agencies that operate biometric systems will have to assure the users of those systems that their biometric information will remain private and will be used only for the expressed purpose for which it was collected. Legislation may be necessary to ensure that such information will remain private and that leaks and misuse will be appropriately punished.