Biometrics

Last updated
For the academic journal, see Biometrics (journal).Not to be confused with Biometry.

Biometrics are body measurements and calculations related to human characteristics. Biometric authentication (or realistic authentication) is used in computer science as a form of identification and access control. It is also used to identify individuals in groups that are under surveillance.

Contents

Biometric identifiers are the distinctive, measurable characteristics used to label and describe individuals. Biometric identifiers are often categorized as physiological characteristics which are related to the shape of the body. Examples include, but are not limited to fingerprint, [1] palm veins, face recognition, DNA, palm print, hand geometry, iris recognition, retina, odor/scent, voice, shape of ears and gait. Behavioral characteristics are related to the pattern of behavior of a person, including but not limited to mouse movement, [2] typing rhythm, gait, signature, behavioral profiling, and voice. Some researchers have coined the term behaviometrics to describe the latter class of biometrics. [3]

More traditional means of access control include token-based identification systems, such as a driver's license or passport, and knowledge-based identification systems, such as a password or personal identification number. Since biometric identifiers are unique to individuals, they are more reliable in verifying identity than token and knowledge-based methods; however, the collection of biometric identifiers raises privacy concerns about the ultimate use of this information.

Biometric functionality

Many different aspects of human physiology, chemistry or behavior can be used for biometric authentication. The selection of a particular biometric for use in a specific application involves a weighting of several factors. Jain et al. (1999) [4] identified seven such factors to be used when assessing the suitability of any trait for use in biometric authentication. Biometric authentication is based upon biometric recognition which is an advanced method of recognising biological and behavioural characteristics of an Individual.

Proper biometric use is very application dependent. Certain biometrics will be better than others based on the required levels of convenience and security. [5] No single biometric will meet all the requirements of every possible application. [4]

Biometric system diagram.png

The block diagram illustrates the two basic modes of a biometric system. [6] First, in verification (or authentication) mode the system performs a one-to-one comparison of a captured biometric with a specific template stored in a biometric database in order to verify the individual is the person they claim to be. Three steps are involved in the verification of a person. [7] In the first step, reference models for all the users are generated and stored in the model database. In the second step, some samples are matched with reference models to generate the genuine and impostor scores and calculate the threshold. The third step is the testing step. This process may use a smart card, username, or ID number (e.g. PIN) to indicate which template should be used for comparison. [note 1] Positive recognition is a common use of the verification mode, "where the aim is to prevent multiple people from using the same identity". [6]

Biometric Island examining facial image 2D and 3D, voice timbre, and verifying handwritten signature Biometric Island, Gdansk University of Technology 2021.jpg
Biometric Island examining facial image 2D and 3D, voice timbre, and verifying handwritten signature

Second, in identification mode the system performs a one-to-many comparison against a biometric database in an attempt to establish the identity of an unknown individual. The system will succeed in identifying the individual if the comparison of the biometric sample to a template in the database falls within a previously set threshold. Identification mode can be used either for positive recognition (so that the user does not have to provide any information about the template to be used) or for negative recognition of the person "where the system establishes whether the person is who she (implicitly or explicitly) denies to be". [6] The latter function can only be achieved through biometrics since other methods of personal recognition, such as passwords, PINs, or keys, are ineffective.

The first time an individual uses a biometric system is called enrollment. During enrollment, biometric information from an individual is captured and stored. In subsequent uses, biometric information is detected and compared with the information stored at the time of enrollment. Note that it is crucial that storage and retrieval of such systems themselves be secure if the biometric system is to be robust. The first block (sensor) is the interface between the real world and the system; it has to acquire all the necessary data. Most of the times it is an image acquisition system, but it can change according to the characteristics desired. The second block performs all the necessary pre-processing: it has to remove artifacts from the sensor, to enhance the input (e.g. removing background noise), to use some kind of normalization, etc. In the third block, necessary features are extracted. This step is an important step as the correct features need to be extracted in an optimal way. A vector of numbers or an image with particular properties is used to create a template. A template is a synthesis of the relevant characteristics extracted from the source. Elements of the biometric measurement that are not used in the comparison algorithm are discarded in the template to reduce the file size and to protect the identity of the enrollee. [8] However, depending on the scope of the biometric system, original biometric image sources may be retained, such as the PIV-cards used in the Federal Information Processing Standard Personal Identity Verification (PIV) of Federal Employees and Contractors (FIPS 201). [9]

During the enrollment phase, the template is simply stored somewhere (on a card or within a database or both). During the matching phase, the obtained template is passed to a matcher that compares it with other existing templates, estimating the distance between them using any algorithm (e.g. Hamming distance). The matching program will analyze the template with the input. This will then be output for a specified use or purpose (e.g. entrance in a restricted area), though it is a fear that the use of biometric data may face mission creep. [10] [11] Selection of biometrics in any practical application depending upon the characteristic measurements and user requirements. [7] In selecting a particular biometric, factors to consider include, performance, social acceptability, ease of circumvention and/or spoofing, robustness, population coverage, size of equipment needed and identity theft deterrence. The selection of a biometric is based on user requirements and considers sensor and device availability, computational time and reliability, cost, sensor size, and power consumption.

Multimodal biometric system

Multimodal biometric systems use multiple sensors or biometrics to overcome the limitations of unimodal biometric systems. [12] For instance iris recognition systems can be compromised by aging irises [13] and electronic fingerprint recognition can be worsened by worn-out or cut fingerprints. While unimodal biometric systems are limited by the integrity of their identifier, it is unlikely that several unimodal systems will suffer from identical limitations. Multimodal biometric systems can obtain sets of information from the same marker (i.e., multiple images of an iris, or scans of the same finger) or information from different biometrics (requiring fingerprint scans and, using voice recognition, a spoken passcode). [14] [15]

Multimodal biometric systems can fuse these unimodal systems sequentially, simultaneously, a combination thereof, or in series, which refer to sequential, parallel, hierarchical and serial integration modes, respectively. Fusion of the biometrics information can occur at different stages of a recognition system. In case of feature level fusion, the data itself or the features extracted from multiple biometrics are fused. Matching-score level fusion consolidates the scores generated by multiple classifiers pertaining to different modalities. Finally, in case of decision level fusion the final results of multiple classifiers are combined via techniques such as majority voting. Feature level fusion is believed to be more effective than the other levels of fusion because the feature set contains richer information about the input biometric data than the matching score or the output decision of a classifier. Therefore, fusion at the feature level is expected to provide better recognition results. [12]

Spoof attacks consist in submitting fake biometric traits to biometric systems, and are a major threat that can curtail their security. Multi-modal biometric systems are commonly believed to be intrinsically more robust to spoof attacks, but recent studies [16] have shown that they can be evaded by spoofing even a single biometric trait.

Performance

The discriminating powers of all biometric technologies depend on the amount of entropy they are able to encode and use in matching. [17] The following are used as performance metrics for biometric systems: [18]

History

An early cataloguing of fingerprints dates back to 1885 when Juan Vucetich started a collection of fingerprints of criminals in Argentina. [19] Josh Ellenbogen and Nitzan Lebovic argued that Biometrics originated in the identification systems of criminal activity developed by Alphonse Bertillon (1853–1914) and by Francis Galton's theory of fingerprints and physiognomy. [20] According to Lebovic, Galton's work "led to the application of mathematical models to fingerprints, phrenology, and facial characteristics", as part of "absolute identification" and "a key to both inclusion and exclusion" of populations. [21] Accordingly, "the biometric system is the absolute political weapon of our era" and a form of "soft control". [22] The theoretician David Lyon showed that during the past two decades biometric systems have penetrated the civilian market, and blurred the lines between governmental forms of control and private corporate control. [23] Kelly A. Gates identified 9/11 as the turning point for the cultural language of our present: "in the language of cultural studies, the aftermath of 9/11 was a moment of articulation, where objects or events that have no necessary connection come together and a new discourse formation is established: automated facial recognition as a homeland security technology." [24]

Adaptive biometric systems

Adaptive biometric systems aim to auto-update the templates or model to the intra-class variation of the operational data. [25] The two-fold advantages of these systems are solving the problem of limited training data and tracking the temporal variations of the input data through adaptation. Recently, adaptive biometrics have received a significant attention from the research community. This research direction is expected to gain momentum because of their key promulgated advantages. First, with an adaptive biometric system, one no longer needs to collect a large number of biometric samples during the enrollment process. Second, it is no longer necessary to enroll again or retrain the system from scratch in order to cope with the changing environment. This convenience can significantly reduce the cost of maintaining a biometric system. Despite these advantages, there are several open issues involved with these systems. For mis-classification error (false acceptance) by the biometric system, cause adaptation using impostor sample. However, continuous research efforts are directed to resolve the open issues associated to the field of adaptive biometrics. More information about adaptive biometric systems can be found in the critical review by Rattani et al.

Recent advances in emerging biometrics

In recent times, biometrics based on brain (electroencephalogram) and heart (electrocardiogram) signals have emerged. [26] [27] [28] An example is finger vein recognition, using pattern-recognition techniques, based on images of human vascular patterns. The advantage of this newer technology is that it is more fraud resistant compared to conventional biometrics like fingerprints. However, such technology is generally more cumbersome and still has issues such as lower accuracy and poor reproducibility over time.

On the portability side of biometric products, more and more vendors are embracing significantly miniaturized biometric authentication systems (BAS) thereby driving elaborate cost savings, especially for large-scale deployments.

Operator signatures

An operator signature is a biometric mode where the manner in which a person using a device or complex system is recorded as a verification template. [29] One potential use for this type of biometric signature is to distinguish among remote users of telerobotic surgery systems that utilize public networks for communication. [29]

Proposed requirement for certain public networks

John Michael (Mike) McConnell, a former vice admiral in the United States Navy, a former Director of U.S. National Intelligence, and Senior Vice President of Booz Allen Hamilton promoted the development of a future capability to require biometric authentication to access certain public networks in his keynote speech [30] at the 2009 Biometric Consortium Conference.

A basic premise in the above proposal is that the person that has uniquely authenticated themselves using biometrics with the computer is in fact also the agent performing potentially malicious actions from that computer. However, if control of the computer has been subverted, for example in which the computer is part of a botnet controlled by a hacker, then knowledge of the identity of the user at the terminal does not materially improve network security or aid law enforcement activities. [31]

Animal biometrics

Rather than tags or tattoos, biometric techniques may be used to identify individual animals: zebra stripes, blood vessel patterns in rodent ears, muzzle prints, bat wing patterns, primate facial recognition and koala spots have all been tried. [32]

Issues and concerns

Human dignity

Biometrics have been considered also instrumental to the development of state authority [33] (to put it in Foucauldian terms, of discipline and biopower [34] ). By turning the human subject into a collection of biometric parameters, biometrics would dehumanize the person, [35] infringe bodily integrity, and, ultimately, offend human dignity. [36]

In a well-known case, [37] Italian philosopher Giorgio Agamben refused to enter the United States in protest at the United States Visitor and Immigrant Status Indicator (US-VISIT) program's requirement for visitors to be fingerprinted and photographed. Agamben argued that gathering of biometric data is a form of bio-political tattooing, akin to the tattooing of Jews during the Holocaust. According to Agamben, biometrics turn the human persona into a bare body. Agamben refers to the two words used by Ancient Greeks for indicating "life", zoe, which is the life common to animals and humans, just life; and bios, which is life in the human context, with meanings and purposes. Agamben envisages the reduction to bare bodies for the whole humanity. [38] For him, a new bio-political relationship between citizens and the state is turning citizens into pure biological life (zoe) depriving them from their humanity (bios); and biometrics would herald this new world.

In Dark Matters: On the Surveillance of Blackness, surveillance scholar Simone Browne formulates a similar critique as Agamben, citing a recent study [39] relating to biometrics R&D that found that the gender classification system being researched "is inclined to classify Africans as males and Mongoloids as females." [39] Consequently, Browne argues that the conception of an objective biometric technology is difficult if such systems are subjectively designed, and are vulnerable to cause errors as described in the study above. The stark expansion of biometric technologies in both the public and private sector magnifies this concern. The increasing commodification of biometrics by the private sector adds to this danger of loss of human value. Indeed, corporations value the biometric characteristics more than the individuals value them. [40] Browne goes on to suggest that modern society should incorporate a "biometric consciousness" that "entails informed public debate around these technologies and their application, and accountability by the state and the private sector, where the ownership of and access to one's own body data and other intellectual property that is generated from one's body data must be understood as a right." [41]

Other scholars [42] have emphasized, however, that the globalized world is confronted with a huge mass of people with weak or absent civil identities. Most developing countries have weak and unreliable documents and the poorer people in these countries do not have even those unreliable documents. [43] Without certified personal identities, there is no certainty of right, no civil liberty. [44] One can claim his rights, including the right to refuse to be identified, only if he is an identifiable subject, if he has a public identity. In such a sense, biometrics could play a pivotal role in supporting and promoting respect for human dignity and fundamental rights. [45]

Privacy and discrimination

It is possible that data obtained during biometric enrollment may be used in ways for which the enrolled individual has not consented. For example, most biometric features could disclose physiological and/or pathological medical conditions (e.g., some fingerprint patterns are related to chromosomal diseases, iris patterns could reveal sex, hand vein patterns could reveal vascular diseases, most behavioral biometrics could reveal neurological diseases, etc.). [46] Moreover, second generation biometrics, notably behavioral and electro-physiologic biometrics (e.g., based on electrocardiography, electroencephalography, electromyography), could be also used for emotion detection. [47]

There are three categories of privacy concerns: [48]

  1. Unintended functional scope: The authentication goes further than authentication, such as finding a tumor.
  2. Unintended application scope: The authentication process correctly identifies the subject when the subject did not wish to be identified.
  3. Covert identification: The subject is identified without seeking identification or authentication, i.e. a subject's face is identified in a crowd.

Danger to owners of secured items

When thieves cannot get access to secure properties, there is a chance that the thieves will stalk and assault the property owner to gain access. If the item is secured with a biometric device, the damage to the owner could be irreversible, and potentially cost more than the secured property. For example, in 2005, Malaysian car thieves cut off a man's finger when attempting to steal his Mercedes-Benz S-Class. [49]

Attacks at presentation

In the context of biometric systems, presentation attacks may also be called "spoofing attacks".

As per the recent ISO/IEC 30107 standard, [50] presentation attacks are defined as "presentation to the biometric capture subsystem with the goal of interfering with the operation of the biometric system". These attacks can be either impersonation or obfuscation attacks. Impersonation attacks try to gain access by pretending to be someone else. Obfuscation attacks may, for example, try to evade face detection and face recognition systems.

Several methods have been proposed to counteract presentation attacks. [51]

Surveillance humanitarianism in times of crisis

Biometrics are employed by many aid programs in times of crisis in order to prevent fraud and ensure that resources are properly available to those in need. Humanitarian efforts are motivated by promoting the welfare of individuals in need, however the use of biometrics as a form of surveillance humanitarianism can create conflict due to varying interests of the groups involved in the particular situation. Disputes over the use of biometrics between aid programs and party officials stalls the distribution of resources to people that need help the most. In July 2019, the United Nations World Food Program and Houthi Rebels were involved in a large dispute over the use of biometrics to ensure resources are provided to the hundreds of thousands of civilians in Yemen whose lives are threatened. The refusal to cooperate with the interests of the United Nations World Food Program resulted in the suspension of food aid to the Yemen population. The use of biometrics may provide aid programs with valuable information, however its potential solutions may not be best suited for chaotic times of crisis. Conflicts that are caused by deep-rooted political problems, in which the implementation of biometrics may not provide a long-term solution. [52]

Cancelable biometrics

One advantage of passwords over biometrics is that they can be re-issued. If a token or a password is lost or stolen, it can be cancelled and replaced by a newer version. This is not naturally available in biometrics. If someone's face is compromised from a database, they cannot cancel or reissue it. If the electronic biometric identifier is stolen, it is nearly impossible to change a biometric feature. This renders the person's biometric feature questionable for future use in authentication, such as the case with the hacking of security-clearance-related background information from the Office of Personnel Management (OPM) in the United States.

Cancelable biometrics is a way in which to incorporate protection and the replacement features into biometrics to create a more secure system. It was first proposed by Ratha et al. [53]

"Cancelable biometrics refers to the intentional and systematically repeatable distortion of biometric features in order to protect sensitive user-specific data. If a cancelable feature is compromised, the distortion characteristics are changed, and the same biometrics is mapped to a new template, which is used subsequently. Cancelable biometrics is one of the major categories for biometric template protection purpose besides biometric cryptosystem." [54] In biometric cryptosystem, "the error-correcting coding techniques are employed to handle intraclass variations." [55] This ensures a high level of security but has limitations such as specific input format of only small intraclass variations.

Several methods for generating new exclusive biometrics have been proposed. The first fingerprint-based cancelable biometric system was designed and developed by Tulyakov et al. [56] Essentially, cancelable biometrics perform a distortion of the biometric image or features before matching. The variability in the distortion parameters provides the cancelable nature of the scheme. Some of the proposed techniques operate using their own recognition engines, such as Teoh et al. [57] and Savvides et al., [58] whereas other methods, such as Dabbah et al., [59] take the advantage of the advancement of the well-established biometric research for their recognition front-end to conduct recognition. Although this increases the restrictions on the protection system, it makes the cancellable templates more accessible for available biometric technologies

Proposed soft biometrics

Soft biometrics are understood as not strict biometrical recognition practices that are proposed in favour of identity cheaters and stealers.

Traits are physical, behavioral or adhered human characteristics that have been derived from the way human beings normally distinguish their peers (e.g. height, gender, hair color). They are used to complement the identity information provided by the primary biometric identifiers. Although soft biometric characteristics lack the distinctiveness and permanence to recognize an individual uniquely and reliably, and can be easily faked, they provide some evidence about the users identity that could be beneficial. In other words, despite the fact they are unable to individualize a subject, they are effective in distinguishing between people. Combinations of personal attributes like gender, race, eye color, height and other visible identification marks can be used to improve the performance of traditional biometric systems. [60] Most soft biometrics can be easily collected and are actually collected during enrollment. Two main ethical issues are raised by soft biometrics. [61] First, some of soft biometric traits are strongly cultural based; e.g., skin colors for determining ethnicity risk to support racist approaches, biometric sex recognition at the best recognizes gender from tertiary sexual characters, being unable to determine genetic and chromosomal sexes; soft biometrics for aging recognition are often deeply influenced by ageist stereotypes, etc. Second, soft biometrics have strong potential for categorizing and profiling people, so risking of supporting processes of stigmatization and exclusion. [62]

Data protection of biometric data in international law

Many countries, including the United States, are planning to share biometric data with other nations.

In testimony before the US House Appropriations Committee, Subcommittee on Homeland Security on "biometric identification" in 2009, Kathleen Kraninger and Robert A Mocny [63] commented on international cooperation and collaboration with respect to biometric data, as follows:

To ensure we can shut down terrorist networks before they ever get to the United States, we must also take the lead in driving international biometric standards. By developing compatible systems, we will be able to securely share terrorist information internationally to bolster our defenses. Just as we are improving the way we collaborate within the U.S. Government to identify and weed out terrorists and other dangerous people, we have the same obligation to work with our partners abroad to prevent terrorists from making any move undetected. Biometrics provide a new way to bring terrorists' true identities to light, stripping them of their greatest advantage—remaining unknown.

According to an article written in 2009 by S. Magnuson in the National Defense Magazine entitled "Defense Department Under Pressure to Share Biometric Data" the United States has bilateral agreements with other nations aimed at sharing biometric data. [64] To quote that article:

Miller [a consultant to the Office of Homeland Defense and America's security affairs] said the United States has bilateral agreements to share biometric data with about 25 countries. Every time a foreign leader has visited Washington during the last few years, the State Department has made sure they sign such an agreement.

Likelihood of full governmental disclosure

Certain members of the civilian community are worried about how biometric data is used but full disclosure may not be forthcoming. In particular, the Unclassified Report of the United States' Defense Science Board Task Force on Defense Biometrics states that it is wise to protect, and sometimes even to disguise, the true and total extent of national capabilities in areas related directly to the conduct of security-related activities. [65] This also potentially applies to Biometrics. It goes on to say that this is a classic feature of intelligence and military operations. In short, the goal is to preserve the security of 'sources and methods'.

Countries applying biometrics

Countries using biometrics include Australia, Brazil, Bulgaria, Canada, Cyprus, Greece, China, Gambia, Germany, India, Iraq, Ireland, Israel, Italy, Malaysia, Netherlands, New Zealand, Nigeria, Norway, Pakistan, Poland, South Africa, Saudi Arabia, Tanzania, Turkey, [66] Ukraine, United Arab Emirates, United Kingdom, United States and Venezuela.

Among low to middle income countries, roughly 1.2 billion people have already received identification through a biometric identification program. [67]

There are also numerous countries applying biometrics for voter registration and similar electoral purposes. According to the International IDEA's ICTs in Elections Database, [68] some of the countries using (2017) Biometric Voter Registration (BVR) are Armenia, Angola, Bangladesh, Bhutan, Bolivia, Brazil, Burkina Faso, Cambodia, Cameroon, Chad, Colombia, Comoros, Congo (Democratic Republic of), Costa Rica, Ivory Coast, Dominican Republic, Fiji, Gambia, Ghana, Guatemala, India, Iraq, Kenya, Lesotho, Liberia, Malawi, Mali, Mauritania, Mexico, Morocco, Mozambique, Namibia, Nepal, Nicaragua, Nigeria, Panama, Peru, Philippines, Senegal, Sierra Leone, Solomon Islands, Somaliland, Swaziland, Tanzania, Uganda, Uruguay, Venezuela, Yemen, Zambia, and Zimbabwe. [69] [70]

India's national ID program

India's national ID program called Aadhaar is the largest biometric database in the world. It is a biometrics-based digital identity assigned for a person's lifetime, verifiable [71] online instantly in the public domain, at any time, from anywhere, in a paperless way. It is designed to enable government agencies to deliver a retail public service, securely based on biometric data (fingerprint, iris scan and face photo), along with demographic data (name, age, gender, address, parent/spouse name, mobile phone number) of a person. The data is transmitted in encrypted form over the internet for authentication, aiming to free it from the limitations of physical presence of a person at a given place.

About 550 million residents have been enrolled and assigned 480 million Aadhaar national identification numbers as of 7 November 2013. [72] It aims to cover the entire population of 1.2 billion in a few years. [73] However, it is being challenged by critics over privacy concerns and possible transformation of the state into a surveillance state, or into a Banana republic. [74] [75] § The project was also met with mistrust regarding the safety of the social protection infrastructures. [76] To tackle the fear amongst the people, India's supreme court put a new ruling into action that stated that privacy from then on was seen as a fundamental right. [77] On 24 August 2017 this new law was established.

Malaysia's MyKad national ID program

The current identity card, known as MyKad, was introduced by the National Registration Department of Malaysia on 5 September 2001 with Malaysia becoming the first country in the world [78] to use an identification card that incorporates both photo identification and fingerprint biometric data on a built-in computer chip embedded in a piece of plastic.

Besides the main purpose of the card as a validation tool and proof of citizenship other than the birth certificate, MyKad also serves as a valid driver's license, an ATM card, an electronic purse, and a public key, among other applications, as part of the Malaysian Government Multipurpose Card (GMPC) initiative, [79] if the bearer chooses to activate the functions.

See also

Notes

  1. Systems can be designed to use a template stored on media like an e-Passport or smart card, rather than a remote database.

Related Research Articles

<span class="mw-page-title-main">Authentication</span> Act of proving an assertion, often the identity of a computer system user

Authentication is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicating a person or thing's identity, authentication is the process of verifying that identity. It might involve validating personal identity documents, verifying the authenticity of a website with a digital certificate, determining the age of an artifact by carbon dating, or ensuring that a product or document is not counterfeit.

<span class="mw-page-title-main">Fingerprint</span> Biometric identifier

A fingerprint is an impression left by the friction ridges of a human finger. The recovery of partial fingerprints from a crime scene is an important method of forensic science. Moisture and grease on a finger result in fingerprints on surfaces such as glass or metal. Deliberate impressions of entire fingerprints can be obtained by ink or other substances transferred from the peaks of friction ridges on the skin to a smooth surface such as paper. Fingerprint records normally contain impressions from the pad on the last joint of fingers and thumbs, though fingerprint cards also typically record portions of lower joint areas of the fingers.

<span class="mw-page-title-main">Iris recognition</span> Method of biometric identification

Iris recognition is an automated method of biometric identification that uses mathematical pattern-recognition techniques on video images of one or both of the irises of an individual's eyes, whose complex patterns are unique, stable, and can be seen from some distance. The discriminating powers of all biometric technologies depend on the amount of entropy they are able to encode and use in matching. Iris recognition is exceptional in this regard, enabling the avoidance of "collisions" even in cross-comparisons across massive populations. Its major limitation is that image acquisition from distances greater than a meter or two, or without cooperation, can be very difficult. However, the technology is in development and iris recognition can be accomplished from even up to 10 meters away or in a live camera feed.

<span class="mw-page-title-main">Facial recognition system</span> Technology capable of matching a face from an image against a database of faces

A facial recognition system is a technology potentially capable of matching a human face from a digital image or a video frame against a database of faces. Such a system is typically employed to authenticate users through ID verification services, and works by pinpointing and measuring facial features from a given image.

Speaker recognition is the identification of a person from characteristics of voices. It is used to answer the question "Who is speaking?" The term voice recognition can refer to speaker recognition or speech recognition. Speaker verification contrasts with identification, and speaker recognition differs from speaker diarisation.

Digital identity is the phrase referring to the data that computer systems use to represent external agents, which can be individuals, organizations, applications, or devices. For individuals, it involves gathering of personal data that is essential for facilitating automated access to digital services, confirming one's identity on the internet, and allowing digital systems to manage interactions between different parties. It is a component of a person's social identity in the digital realm, often referred to as their online identity.

Logical security consists of software safeguards for an organization's systems, including user identification and password access, authenticating, access rights and authority levels. These measures are to ensure that only authorized users are able to perform actions or access information in a network or a workstation. It is a subset of computer security.

Living in the intersection of cryptography and psychology, password psychology is the study of what makes passwords or cryptographic keys easy to remember or guess.

Keystroke dynamics, keystroke biometrics, typing dynamics, andtyping biometrics refer to the detailed timing information that describes each key press related event that occurs when a user types on a keyboard.

A card reader is a data input device that reads data from a card-shaped storage medium and provides the data to a computer. Card readers can acquire data from a card via a number of methods, including: optical scanning of printed text or barcodes or holes on punched cards, electrical signals from connections made or interrupted by a card's punched holes or embedded circuitry, or electronic devices that can read plastic cards embedded with either a magnetic strip, computer chip, RFID chip, or another storage medium.

Biometrics in schools refers to the use of biometric data such as fingerprints and facial recognition to identify students. This may be for daily transactions in the library or canteen or for monitoring absenteeism and behavior control. In 2002, Privacy International raised concerns that tens of thousands of UK school children were being fingerprinted by schools, often without the knowledge or consent of their parents. The supplier, Micro Librarian Systems, which uses technology similar to that used in prisons and the military, estimated that 350 schools throughout Britain were using such systems. In 2007, it was estimated that 3,500 schools are using such systems. Some schools in Belgium and the US have followed suit. Concerns have been raised by a number of groups, who suggest the harms far outweigh any putative benefits.

Private biometrics is a form of encrypted biometrics, also called privacy-preserving biometric authentication methods, in which the biometric payload is a one-way, homomorphically encrypted feature vector that is 0.05% the size of the original biometric template and can be searched with full accuracy, speed and privacy. The feature vector's homomorphic encryption allows search and match to be conducted in polynomial time on an encrypted dataset and the search result is returned as an encrypted match. One or more computing devices may use an encrypted feature vector to verify an individual person or identify an individual in a datastore without storing, sending or receiving plaintext biometric data within or between computing devices or any other entity. The purpose of private biometrics is to allow a person to be identified or authenticated while guaranteeing individual privacy and fundamental human rights by only operating on biometric data in the encrypted space. Some private biometrics including fingerprint authentication methods, face authentication methods, and identity-matching algorithms according to bodily features. Private biometrics are constantly evolving based on the changing nature of privacy needs, identity theft, and biotechnology.

<span class="mw-page-title-main">Aadhaar</span> Indian national identification number

Aadhaar is a 12-digit unique identity number that can be obtained voluntarily by all residents of India, based on their biometrics and demographic data. The data is collected by the Unique Identification Authority of India (UIDAI), a statutory authority established in January 2009 by the Government of India, under the jurisdiction of the Ministry of Electronics and Information Technology, following the provisions of the Aadhaar Act, 2016.

<span class="mw-page-title-main">Vein matching</span> Technique of biometric identification

Vein matching, also called vascular technology, is a technique of biometric identification through the analysis of the patterns of blood vessels visible from the surface of the skin. Though used by the Federal Bureau of Investigation and the Central Intelligence Agency, this method of identification is still in development and has not yet been universally adopted by crime labs as it is not considered as reliable as more established techniques, such as fingerprinting. However, it can be used in conjunction with existing forensic data in support of a conclusion.

In order to identify a person, a security system has to compare personal characteristics with a database. A scan of a person's iris, fingerprint, face, or other distinguishing feature is created, and a series of biometric points are drawn at key locations in the scan. For example, in the case of a facial scan, biometric points might be placed at the tip of each ear lobe and in the corners of both eyes. Measurements taken between all the points of a scan are compiled and result in a numerical "score". This score is unique for every individual, but it can quickly and easily be compared to any compiled scores of the facial scans in the database to determine if there is a match.

A whole new range of techniques has been developed to identify people since the 1960s from the measurement and analysis of parts of their bodies to DNA profiles. Forms of identification are used to ensure that citizens are eligible for rights to benefits and to vote without fear of impersonation while private individuals have used seals and signatures for centuries to lay claim to real and personal estate. Generally, the amount of proof of identity that is required to gain access to something is proportionate to the value of what is being sought. It is estimated that only 4% of online transactions use methods other than simple passwords. Security of systems resources generally follows a three-step process of identification, authentication and authorization. Today, a high level of trust is as critical to eCommerce transactions as it is to traditional face-to-face transactions.

<span class="mw-page-title-main">Smudge attack</span> Discerning a password via screen smudges

A smudge attack is an information extraction attack that discerns the password input of a touchscreen device such as a cell phone or tablet computer from fingerprint smudges. A team of researchers at the University of Pennsylvania were the first to investigate this type of attack in 2010. An attack occurs when an unauthorized user is in possession or is nearby the device of interest. The attacker relies on detecting the oily smudges produced and left behind by the user's fingers to find the pattern or code needed to access the device and its contents. Simple cameras, lights, fingerprint powder, and image processing software can be used to capture the fingerprint deposits created when the user unlocks their device. Under proper lighting and camera settings, the finger smudges can be easily detected, and the heaviest smudges can be used to infer the most frequent input swipes or taps from the user.

Biometrics refers to the automated recognition of individuals based on their biological and behavioral characteristics, not to be confused with statistical biometrics; which is used to analyse data in the biological sciences. Biometrics for the purposes of identification may involve DNA matching, facial recognition, fingerprints, retina and iris scanning, voice analysis, handwriting, gait, and even body odor.

<span class="mw-page-title-main">Biometric device</span> Identification and authentication device

A biometric device is a security identification and authentication device. Such devices use automated methods of verifying or recognising the identity of a living person based on a physiological or behavioral characteristic. These characteristics include fingerprints, facial images, iris and voice recognition.

Identity replacement technology is any technology that is used to cover up all or parts of a person's identity, either in real life or virtually. This can include face masks, face authentication technology, and deepfakes on the Internet that spread fake editing of videos and images. Face replacement and identity masking are used by either criminals or law-abiding citizens. Identity replacement tech, when operated on by criminals, leads to heists or robbery activities. Law-abiding citizens utilize identity replacement technology to prevent government or various entities from tracking private information such as locations, social connections, and daily behaviors.

References

  1. Cao, Liling; Ge, Wancheng (10 March 2015). "Analysis and improvement of a multi-factor biometric authentication scheme: Analysis and improvement of a MFBA scheme". Security and Communication Networks. 01 (4): 617–625. doi:10.1002/sec.1010.
  2. Villas-Boas, Antonio. "Passwords are incredibly insecure, so websites and apps are quietly tracking your mouse movements and smartphone swipes without you knowing to make sure it's really you". Business Insider. Retrieved 22 November 2021. Passwords are incredibly insecure, so websites and apps are quietly tracking your mouse movements and Android swipes without you knowing to make sure it's really you
  3. Alzubaidi, Abdulaziz; Kalita, Jugal (2016). "Authentication of Smartphone Users Using Behavioral Biometrics". IEEE Communications Surveys & Tutorials. 18 (3): 1998–2026. arXiv: 1911.04104 . doi:10.1109/comst.2016.2537748. ISSN   1553-877X. S2CID   8443300.
  4. 1 2 Jain, A. K.; Bolle, R.; Pankanti, S., eds. (1999). Biometrics: Personal Identification in Networked Society. Kluwer Academic Publications. ISBN   978-0-7923-8345-1.
  5. Bleicher, Paul (2005). "Biometrics comes of age: despite accuracy and security concerns, biometrics are gaining in popularity". Applied Clinical Trials. Applied Clinical Trials-12-01-2005. Retrieved 6 December 2019.
  6. 1 2 3 Jain, Anil K.; Ross, Arun (2008). "Introduction to Biometrics". In Jain, AK; Flynn; Ross, A (eds.). Handbook of Biometrics. Springer. pp. 1–22. ISBN   978-0-387-71040-2. Archived from the original on 9 March 2011. Community Noun project 39956.svg
  7. 1 2 3 Sahoo, Soyuj Kumar; Choubisa, Tarun; Prasanna, SR Mahadeva (1 January 2012). "Multimodal Biometric Person Authentication : A Review". IETE Technical Review. 29 (1): 54–75. doi: 10.4103/0256-4602.93139 . S2CID   62699150.
  8. "How Biometric Data is Stored". ievo Ltd. 10 December 2018. Retrieved 22 February 2020.
  9. Grother, Patrick; Salamon, Wayne; Chandramouli, Ramaswamy (July 2013). "Biometric Specifications for Personal Identity Verification" (PDF): NIST SP 800–76–2. doi: 10.6028/nist.sp.800-76-2 .{{cite journal}}: Cite journal requires |journal= (help)
  10. "Agency Information Collection Activities: Biometric Identity". Federal Register. 9 August 2018. Retrieved 22 February 2020.
  11. Taylor, Sandra (25 February 2019). "Re: DHS 2019-00001, DHS Data Privacy and Integrity Advisory Council" (PDF). Department of Homeland Security. Retrieved 20 February 2020.
  12. 1 2 Haghighat, Mohammad; Abdel-Mottaleb, Mohamed; Alhalabi, Wadee (2016). "Discriminant Correlation Analysis: Real-Time Feature Level Fusion for Multimodal Biometric Recognition". IEEE Transactions on Information Forensics and Security. 11 (9): 1984–1996. doi:10.1109/TIFS.2016.2569061. S2CID   15624506.
  13. "Questions Raised About Iris Recognition Systems". Science Daily. 12 July 2012. Archived from the original on 22 October 2012.
  14. Saylor, Michael (2012). The Mobile Wave: How Mobile Intelligence Will Change Everything. Perseus Books/Vanguard Press. p. 99. ISBN   9780306822988.
  15. Bill Flook (3 October 2013). "This is the 'biometric war' Michael Saylor was talking about". Washington Business Journal. Archived from the original on 7 October 2013.
  16. Zahid Akhtar, "Security of Multimodal Biometric Systems against Spoof Attacks" (PDF). Archived 2 April 2015 at the Wayback Machine . Department of Electrical and Electronic Engineering, University of Cagliari. Cagliari, Italy, 6 March 2012.
  17. Daugman, John (24 February 2021). "Collision Avoidance on National and Global Scales: Understanding and Using Big Biometric Entropy" (PDF). doi:10.36227/techrxiv.14061671.{{cite journal}}: Cite journal requires |journal= (help)
  18. "Characteristics of Biometric Systems". Cernet. Archived from the original on 17 October 2008.
  19. The History of Fingerprints Archived 12 March 2013 at the Wayback Machine .
  20. Josh Ellenbogen, Reasoned and Unreasoned Images: The Photography of Bertillon, Galton, and Marey (University Park, PA, 2012)
  21. Nitzan Lebovic, "Biometrics or the Power of the Radical Center", in Critical Inquiry 41:4 (Summer, 2015), 841–868.
  22. Nitzan Lebovic, "Biometrics or the Power of the Radical Center", in Critical Inquiry 41:4 (Summer, 2015), p. 853.
  23. David Lyon, Surveillance Society: Monitoring Everyday Life (Philadelphia, 2001).
  24. Kelly A. Gates, Our Biometric Future: Facial Recognition Technology and the Culture of Surveillance (New York, 2011), p. 100.
  25. A. Rattani, "Adaptive Biometric System based on Template Update Procedures", PhD thesis, University of Cagliari, Italy, 2010
  26. Palaniappan, Ramaswamy (2006). "Electroencephalogram Signals from Imagined Activities: A Novel Biometric Identifier for a Small Population". Intelligent Data Engineering and Automated Learning – IDEAL 2006. Lecture Notes in Computer Science. Vol. 4224. pp. 604–611. doi:10.1007/11875581_73. ISBN   978-3-540-45485-4.
  27. Palaniappan, R.; Krishnan, S.M. (2004). "Identifying individuals using ECG beats". 2004 International Conference on Signal Processing and Communications, 2004. SPCOM '04. pp. 569–572. doi:10.1109/SPCOM.2004.1458524. ISBN   0-7803-8674-4. S2CID   16091945.
  28. Arnau-González, Pablo; Katsigiannis, Stamos; Arevalillo-Herráez, Miguel; Ramzan, Naeem (February 2021). "BED: A new dataset for EEG-based biometrics". IEEE Internet of Things Journal. (Early Access) (15): 12219–12230. doi:10.1109/JIOT.2021.3061727. ISSN   2327-4662. S2CID   233916681.
  29. 1 2 Langston, Jennifer (8 May 2015). "Researchers hack Teleoperated Surgical Robot to Reveal Security Flaws". Scientific Computing . New Jersey. Archived from the original on 4 March 2016. Retrieved 17 May 2015.
  30. McConnell, Mike (January 2009). KeyNote Address. Biometric Consortium Conference. Tampa Convention Center, Tampa, Florida. Archived from the original on 18 February 2010. Retrieved 20 February 2010.
  31. Schneier, Bruce. "The Internet: Anonymous Forever". Archived from the original on 12 October 2011. Retrieved 1 October 2011.
  32. White, Anna (April 2019). "The High-Tech, Humane Ways Biologists Can Identify Animals". Smithsonian . Retrieved 22 March 2019.
  33. Breckenridge K. (2005). "The Biometric State: The Promise and Peril of Digital Government in the New South Africa". Journal of Southern African Studies, 31:2, 267–82
  34. Epstein C. (2007), "Guilty Bodies, Productive Bodies, Destructive Bodies: Crossing the Biometric Borders". International Political Sociology, 1:2, 149–64
  35. Pugliese J. (2010), Biometrics: Bodies, Technologies, Biopolitics. New York: Routledge
  36. French National Consultative Ethics Committee for Health and Life Sciences (2007), Opinion N° 98, "Biometrics, identifying data and human rights" Archived 23 September 2015 at the Wayback Machine
  37. Agamben, G. (2008). "No to bio-political tattooing". Communication and Critical/Cultural Studies, 5(2), 201–202. Reproduced from Le Monde (10 January 2004).
  38. Agamben G.(1998), Homo Sacer: Sovereign Power and Bare Life. Trans. Daniel Heller-Roazen. Stanford: Stanford University Press
  39. 1 2 Gao, Wei; Ai, Haizhou (2009). "Face Gender Classification on Consumer Images in a Multiethnic Environment". Advances in Biometrics. Lecture Notes in Computer Science. Vol. 5558. pp. 169–178. doi:10.1007/978-3-642-01793-3_18. ISBN   978-3-642-01792-6. S2CID   17596655. Archived from the original on 9 October 2016.
  40. Walker, Elizabeth (2015). "Biometric Boom: How the private sector Commodifies Human characteristics". Fordham Intellectual Property, Media & Entertainment Law Journal. Archived from the original on 20 January 2017. Retrieved 1 May 2017.
  41. Browne, Simone (2015). Dark Matters: On the Surveillance of Blackness. Duke University Press. p. 116.
  42. Mordini, E; Massari, S. (2008), "Body, Biometrics and Identity" Bioethics, 22, 9:488
  43. UNICEF, Birth Registration Archived 6 September 2015 at the Wayback Machine
  44. Dahan M., Gelb A. (2015) "The Role of Identification in the Post-2015 Development Agenda" Archived 20 September 2015 at the Wayback Machine – World Bank Working Paper No. 98294 08/2015;
  45. Mordini E, Rebera A (2011) "No Identification Without Representation: Constraints on the Use of Biometric Identification Systems". Review of Policy Research, 29, 1: 5–20
  46. Mordini E, Ashton H,(2012), "The Transparent Body – Medical Information, Physical Privacy and Respect for Body Integrity", in Mordini E, Tzovaras D (eds), Second Generation Biometrics: the Ethical and Social Context. Springer-Verlag: Berlin
  47. Mordini E, Tzovaras D,(2012), Second Generation Biometrics: the Ethical and Social Context. Springer-Verlag: Berlin
  48. Pfleeger, Charles; Pfleeger, Shari (2007). Security in Computing (4th ed.). Boston: Pearson Education. p. 220. ISBN   978-0-13-239077-4.
  49. Kent, Jonathan (31 March 2005). "Malaysia car thieves steal finger". BBC Online . Kuala Lumpur. Archived from the original on 20 November 2010. Retrieved 11 December 2010.
  50. "ISO/IEC 30107-1:2016". iso.org. Retrieved 23 April 2019.
  51. Marcel, Sébastien; Nixon, Mark S.; Li, Stan Z., eds. (2014). "Handbook of Biometric Anti-Spoofing". Advances in Computer Vision and Pattern Recognition. doi:10.1007/978-1-4471-6524-8. ISBN   978-1-4471-6523-1. ISSN   2191-6586. S2CID   27594864.
  52. Latonero, Mark (12 July 2019). "Opinion | Stop Surveillance Humanitarianism". The New York Times.
  53. N. K. Ratha, J. H. Connell, and R. M. Bolle, "Enhancing security and privacy in biometrics-based authentication systems", IBM Systems Journal, vol. 40, pp. 614–634, 2001.
  54. Hui, Lim; Jin, Andrew (2010). "Cancelable biometrics – Scholarpedia". Scholarpedia. 5: 9201. doi: 10.4249/scholarpedia.9201 .
  55. Feng, Y. C.; Yuen, P. C.; Jain, A. K. (1 March 2010). "A Hybrid Approach for Generating Secure and Discriminating Face Template". IEEE Transactions on Information Forensics and Security. 5 (1): 103–117. CiteSeerX   10.1.1.389.5322 . doi:10.1109/TIFS.2009.2038760. ISSN   1556-6013. S2CID   18156337.
  56. S. Tulyakov, F. Farooq, and V. Govindaraju, "Symmetric Hash Functions for Fingerprint Minutiae", Proc. Int'l Workshop Pattern Recognition for Crime Prevention, Security, and Surveillance, pp. 30–38, 2005
  57. A. B. J. Teoh, A. Goh, and D. C. L. Ngo, "Random Multispace Quantization as an Analytic Mechanism for BioHashing of Biometric and Random Identity Inputs", IEEE Transactions on Pattern Analysis and Machine Intelligence, vol. 28, pp. 1892–1901, 2006.
  58. M. Savvides, B. V. K. V. Kumar, and P. K. Khosla, "'Corefaces' – Robust Shift-Invariant PCA based Correlation Filter for Illumination Tolerant Face Recognition", presented at IEEE Computer Society Conference on Computer Vision and Pattern Recognition (CVPR'04), 2004.
  59. M. A. Dabbah, W. L. Woo, and S. S. Dlay, "Secure Authentication for Face Recognition", presented at Computational Intelligence in Image and Signal Processing, 2007. CIISP 2007. IEEE Symposium on, 2007.
  60. Ratha, N. K., J. H. Connell, and R. M. Bolle. (2001). "Enhancing security and privacy in biometrics based authentication systems". IBM Systems Journal 40(3): 614–634.
  61. Mordini E, Ashton H (2012), "The Transparent Body – Medical Information, Physical Privacy and Respect for Body Integrity'". In Mordini E, Tzovaras D (eds), Second Generation Biometrics: the Ethical and Social Context. Berlin: Springer-Verlag Archived 16 February 2018 at the Wayback Machine , 2057–83
  62. Mordini E (2013) Biometrics. In Henk A. M. J. ten Have, Bert Gordijn (eds) Handbook of Global Bioethics Berlin: Springer, 341–356
  63. "Testimony of Deputy Assistant Secretary for Policy Kathleen Kraninger, Screening Coordination, and Director Robert A. Mocny, US-VISIT, National Protection and Programs Directorate, before the House Appropriations Committee, Subcommittee on Homeland Security, 'Biometric Identification'". US Department of Homeland Security. March 2009. Archived from the original on 18 February 2010. Retrieved 20 February 2010.{{cite journal}}: Cite journal requires |journal= (help)
  64. Magnuson, S (January 2009). "Defense department under pressure to share biometric data". NationalDefenseMagazine.org. Archived from the original on 12 March 2010. Retrieved 20 February 2010.
  65. Defense Science Board (March 2007). "Chapter 17 §Recommendation 45" (PDF). On Defense Biometrics. Unclassified Report of the Defense Science Board Task Force. Washington, D.C.: Office of the Under Secretary of Defense For Acquisition, Technology, and Logistics. p. 84. Archived from the original (PDF) on 13 June 2011. Retrieved 20 February 2010.
  66. web article dated 24 February 2015 Archived 3 February 2016 at the Wayback Machine in planet biometrics entitled "Biometric voter registration launches in Tanzania" accessed 21 January 2016
  67. Gelb, Alan; Julia Clark (2013). Identification for Development: The Biometrics Revolution. The Center for Global Development. Archived from the original on 13 March 2013.
  68. "ICTs in Elections Database | International IDEA". www.idea.int. Archived from the original on 22 July 2017. Retrieved 19 July 2017.
  69. "If the EMB uses technology to collect voter registration data, is biometric data captured and used during registration? | International IDEA". www.idea.int. Archived from the original on 29 July 2017. Retrieved 19 July 2017.
  70. "Biometric Voter Registration and Voter Identification —". aceproject.org. Retrieved 19 July 2017.
  71. "Aadhaar data kept, processed only on own secure servers: UIDAI". The Economic Times. 30 August 2017. Archived from the original on 7 December 2017.
  72. "Aadhaar scheme does not violate fundamental rights, says UIDAI". Zee News. 22 October 2013. Archived from the original on 25 October 2013.
  73. "Building a Biometric National ID: Lessons for Developing Countries from India's Universal ID Program", Alan Gelb and Julia Clark, The Center for Global Development, October 2012, "Building a Biometric National ID: Lessons for Developing Countries from India's Universal ID Program". Archived from the original on 17 September 2018. Retrieved 27 February 2013.
  74. "Aadhaar FIR: "Are We Living in Banana Republic?" Asks Shatrughan Sinha". ndtv.com. Archived from the original on 3 February 2018. Retrieved 6 May 2018.
  75. "Giving Aadhaar the finger - Times of India". The Times of India. 28 January 2018. Archived from the original on 13 February 2018. Retrieved 6 May 2018.
  76. Masiero, Silvia (September 2018). "Explaining Trust in Large Biometric Infrastructures: A Critical Realist Case Study of India's Aadhaar Project". The Electronic Journal of Information Systems in Developing Countries. 84 (6): e12053. doi: 10.1002/isd2.12053 .
  77. Gemalto (1 July 2018). "Aadhar project in India: 2018 facts and trends". Gemalto. Retrieved 8 October 2018.
  78. "Malaysia's national 'MyKad' ID card succeeding through service to citizens". SecureIDNews. Retrieved 13 December 2020.
  79. "MalaysiaCentral.com - MyKad: The Government Multipurpose Card". 2 November 2010. Archived from the original on 2 November 2010. Retrieved 13 December 2020.

Further reading

Wiktionary-logo-en-v2.svg The dictionary definition of biometrics at Wiktionary

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.