Biometrics is the automated use of physiological or behavioural characteristics to determine or verify identity. Physiological means some part of the human body like the fingerprint, the iris etc. Behavioral are actions done by humans. Verification is where the user presents his biometric data claiming to be someone and the computer checks to see whether he is right or not. In identification, the person just enters his biometric data, and the computer tells him who he is.
Biometrics are used for physical or logical access. In physical access, the person is allowed to enter some place, a department, bank vaults etc. In logical access, a person is allowed to access data online, use a network and so on.
Steps in biometric matching
- A new user first presents his biometric data the first time he uses the system. This is called enrollment. A template is created from the data he presents. A template is a small file derived from the distinctive features of a user’s data. It is usually stored as a binary file.
- The template is stored in the database.
- To be verified or identified, the user presents his data, which is converted into a template.
- The enrollment template and the current template are compared.
- The result of the comparison is given as a score or confidence level and is compared to a threshold.
- If the score exceeds the threshold, it’s a match, or if it is less, it’s not.
The threshold depends on the security level of the organization. If it is a highly secured place, the threshold will be higher, if it is not, the threshold is lower. Templates created each time you present your biometric data are never the same, so there is never an exact match, hence the need of a threshold. Algorithms used for creating templates, extracting distinctive features from the data are all proprietary, hence they are different for each vendor.
For any biometric used, we need:
- An acquisition device,
- A device that processes the image,
- A device that creates a template,
- A place to store the template and
- A device that matches the templates.
We can have standalone devices that do this or a peripheral device attached to a PC, where the PC does the template creation, and matching and storing, or we may additionally have a server that stores results for auditing purposes, or does the matching and storage too.
This is the most common biometric in use. The user presents his fingerprint, which is unique for each person, and awaits a match, if it matches, access is granted.
Devices- Finger scan uses a platen to capture the image of the fingerprint. It may come as a peripheral or a standalone device. A platen is part of a module. A module is a PCB(printed circuit board) plus the platen and a connector to connect to another device such as a PC.The image of the print should be at least 300 dpi so that the features can be extracted properly.
After the image is acquired, it is processed and turned into a black and white image, and the ridges are thinned so that they are properly isolated. From this black and white image, the distinctive features called minutiae are captured. Minutiae are features like ridges, deltas, cores, islands, and bifurcations. These minutiae are then converted into templates and stored.
Finger scans may not be very effective for dark skinned people as it becomes hard to isolate the minutiae. And finger prints may change over time due to scratches, burns and other injuries. Some people may have faint fingerprints due to wear and tear. Normally an oil is present on the fingertips, that helps in better imaging. Cold weathers may dry this oil up, and hence the user must press more firmly or rub his finger on the opposite palm for a better image.
The user does not necessarily have to sit in front of a camera to have his picture taken. His image may be captured while he is on the move by a CCTV. This may lead to unclear images, and pictures of the face at different angles, making face scan unreliable in high-security areas. Also, different expressions and new additions like beards may render this biometric inaccurate. The picture should be at least 100*100 pixels (area)for effective use and there should be proper lighting on the face.
After the image is taken, it is converted into black and white and features that tend to change over a period of time are removed. In most cases, only the centre of the face is used for capturing the unique features. These features include the bone structure of the face, the eyebrow ridges, the cheek bones, the distance of eyes from the centre, the shape of lips etc. These features are then converted into templates for storage and matching.
To overcome the highly dynamic aspects of the face like expressions, software like Eigenface captures the face and creates different images that the face could possibly take.
Compared to other biometrics, face scan is less reliable.
The iris is the coloured part of the eye. Each iris, even for a single individual, differs, making it a very reliable biometric. Irides (plural) have a pattern, called the trabecular meshwork, which moves in a radial fashion from the pupil. These patterns are used to uniquely identify a person. These patterns do not change over time unless there is some injury to the eye.
Iris scan devices need to be specialised because they use infrared illumination to map the details of the iris. In a kiosk system, the user should stand at a distance of 2 to 3 feet, from the camera. The camera then searches for eye shapes and takes the image. For a physical access device, the user has to centre his eye on a 1*1 inch mirror, from a distance of about 3 inches.
After the cameras locate the eye, an algorithm runs from left to right to search for iris borders. It then locates the inner edge of the iris at the pupil. This may be challenging in dark eyed people.
Iris scan algorithms map segments of the iris into hundreds of independent vectors. The characteristics derived are:
- the orientation and spatial frequency of the unique feature(means what the unique feature is and how many times it occurs(spatial frequency)) and
- the position where it occurs.
Templates in iris scan are stored in hexadecimal format.
After fingerprints, hand scans are most widely used. A single device is used to capture, process and match the image. A 3D image of the hand is taken. The user has to put his hand on a metal plate, into pegs and the camera overhead takes the picture side to side. Unique features taken into account are the shape of the hand, the height, and width of the hand and fingers, the distance between the joints and the bone structure. There are 90 such features that are used. The nails are not taken into account as they change regularly.
Hand scans are basically used for attendance purposes.
Voice scan, as opposed to speech recognition, does not take into account what we speak, but how we speak. The user is supposed to say a particular phrase only, using a normal telephonic device like a telephone or cell phone or a microphone may be used. The voice sample is converted from analogue to digital and is then stored. Care should be taken that there is no background noise.
Processing requires the elimination of gaps at the beginning and end of the voice sample and filtering out nonspoken frequencies.
Voice scan uses many features that are not detectable by the human ear. The pitch of the voice, the intensity, the spectrum of speech, formant frequencies, linear prediction coefficients, spectrograms and nasal coarticulation(Himesh Reshammiya) are taken into account.
The basic advantage of voice scan is that it does not require any new technology to capture the biometric data.
Retina scan uses the unique pattern of the blood vessels in the retina. The retina is the posterior part of the eye. Retina scan is a very advanced biometric, therefore used in highly secured areas like government departments and military establishments.
To give a retinal image, the user has to stand quite close to the camera and look unblinkingly into the camera. The device then emits a green light that moves in a tight circle, capturing the retinal image. The blood vessel pattern does not change over time. An onset of conditions like glaucoma or cataracts may not allow the user to present his data.
A signature scan is a behavioural biometric and does not take into account how accurately the signature matches the enrolled one. Rather it takes into account how the signature is done. Pens and electronic tablets are used to capture the metrics of the signature. These metrics include the pressure with which one signs, the time taken to sign, the stroke order, pressure on each stroke, pressure with which the pen is held, the time the pen is down and up, the speed with which one signs and the size of the signature. It is impossible for an imposter to copy each of these characteristics. Care should also be taken so that the way the signature is entered is always the same. Example if a person stands and signs, the metrics of that signature is quite different from the signature he makes while sitting.
AFIS (Automated Fingerprint Identification System)
AFIS was used much before the before biometrics came into widespread use. It has been used basically by governmental agencies and crime investigation organizations to identify a person by running a fingerprint through a database of fingerprints. Unlike the fingerscan, the environment while enrolling in AFIS is very controlled. Instead of a slap of the finger, the print is taken from the finger from nail to nail. This helps in identifying a person even if a fragment of the fingerprint is available. The device used is also very advanced, and unlike finger scans, even a manual image of the fingerprint is stored. Another difference is that a person is required to enrol all 10 fingers, as opposed to a single finger of one’s choice. Thus the database of an AFIS runs into billions of entries.
To quicken a search in the database, we require GBs of RAM. Also, attempts should be made to group data, like grouping fingerprints of females separately from males. This allows for faster search returns. In a case of no match, a fingerprint expert is called in to manually identify the print.