Biometric device

Last updated January 03, 2025

A biometric device is a security identification and authentication device. Such devices use automated methods of verifying or recognising the identity of a living person based on a physiological or behavioral characteristic. These characteristics include fingerprints, facial images, iris and voice recognition.^[1]

History
Subgroups
Uses
Workplace
Immigration
Handheld and personal devices
Present day biometric devices
Personal signature verification systems
Iris recognition system
Problems with present day biometric devices
Biometric spoofing
Accuracy
Benefits of biometric devices over traditional methods of authentication
Future
References

History

Biometric devices have been in use for thousands of years. Non-automated biometric devices have in use since 500 BC,^[2] when ancient Babylonians would sign their business transactions by pressing their fingertips into clay tablets.

Automation in biometric devices was first seen in the 1960s.^[3] The Federal Bureau of Investigation (FBI) in the 1960s, introduced the Indentimat, which started checking for fingerprints to maintain criminal records. The first systems measured the shape of the hand and the length of the fingers. Although discontinued in the 1980s, the system set a precedent for future Biometric Devices.

Subgroups

The characteristic of the human body is used to access information by the users. According to these characteristics, the sub-divided groups are

Chemical biometric devices: Analyses the segments of the DNA to grant access to the users.
Visual biometric devices: Analyses the visual features of the humans to grant access which includes iris recognition, face recognition, Finger recognition, and Retina Recognition.
Behavioral biometric devices: Analyses the Walking Ability and Signatures (velocity of sign, width of sign, pressure of sign) distinct to every human.
Olfactory biometric devices: Analyses the odor to distinguish between varied users.
Auditory biometric devices: Analyses the voice to determine the identity of a speaker for accessing control.

Uses

Workplace

Biometrics are being used to establish better and accessible records of the hour's employee's work. With the increase in "Buddy Punching"^[4] (a case where employees clocked out coworkers and fraudulently inflated their work hours) employers have looked towards new technology like fingerprint recognition to reduce such fraud. Additionally, employers are also faced with the task of proper collection of data such as entry and exit times. Biometric devices make for largely fool proof and reliable ways of enabling to collect data as employees have to be present to enter biometric details which are unique to them.

Immigration

As the demand for air travel grows and more people travel, modern-day airports have to implement technology in such a way that there are no long queues. Biometrics are being implemented in more and more airports as they enable quick recognition of passengers and hence lead to lower volume of people standing in queues. One such example is of the Dubai International Airport which plans to make immigration counters a relic of the past as they implement IRIS on the move technology (IOM) which should help the seamless departures and arrivals of passengers at the airport.^[5]

Handheld and personal devices

Fingerprint sensors can be found on mobile devices. The fingerprint sensor is used to unlock the device and authorize actions, like money and file transfers, for example. It can be used to prevent a device from being used by an unauthorized person. It is also used in attendance in number of colleges and universities.

Present day biometric devices

Personal signature verification systems

This is one of the most highly recognised^[6] and acceptable biometrics in corporate surroundings. This verification has been taken one step further by capturing the signature while taking into account many parameters revolving around this like the pressure applied while signing, the speed of the hand movement and the angle made between the surface and the pen used to make the signature. This system also has the ability to learn from users as signature styles vary for the same user. Hence by taking a sample of data, this system is able to increase its own accuracy.

Iris recognition system

Iris recognition involves the device scanning the pupil of the subject and then cross referencing that to data stored on the database. It is one of the most secure forms of authentication, as while fingerprints can be left behind on surfaces, iris prints are extremely hard to be stolen. Iris recognition is widely applied by organisations dealing with the masses, one being the Aadhaar identification carried out by the Government of India to keep records of its population. The reason for this is that iris recognition makes use of iris prints of humans, which hardly evolve during one's lifetime and are extremely stable.

Problems with present day biometric devices

Biometric spoofing

Biometric spoofing is a method of fooling^[7] a biometric identification management system, where a counterfeit mold is presented in front of the biometric scanner. This counterfeit mold emulates the unique biometric attributes of an individual so as to confuse the system between the artifact and the real biological target and gain access to sensitive data/materials.

One such high-profile case of Biometric spoofing came to the limelight when it was found that German Defence Minister, Ursula von der Leyen's fingerprint had been successfully replicated^[8] by Chaos Computer Club. The group used high quality camera lenses and shot images from 6 feet away. They used a professional finger software and mapped the contours of the Ministers thumbprint. Although progress has been made to stop spoofing. Using the principle of pulse oximetry ^[9] — the liveliness of the test subject is taken into account by measure of blood oxygenation and the heart rate. This reduces attacks like the ones mentioned above, although these methods aren't commercially applicable as costs of implementation are high. This reduces their real world application and hence makes biometrics insecure until these methods are commercially viable.

Accuracy

Accuracy is a major issue with biometric recognition. Passwords are still extremely popular, because a password is static in nature, while biometric data can be subject to change (such as one's voice becoming heavier due to puberty, or an accident to the face, which could lead to improper reading of facial scan data). When testing voice recognition as a substitute to PIN-based systems, Barclays reported^[10] that their voice recognition system is 95 percent accurate. This statistic means that many of its customers' voices might still not be recognised even when correct. This uncertainty revolving around the system could lead to slower adoption of biometric devices, continuing the reliance of traditional password-based methods.

Benefits of biometric devices over traditional methods of authentication

Biometric data cannot be lent and hacking of Biometric data is complicated^[11] hence it makes it safer to use than traditional methods of authentication like passwords which can be lent and shared. Passwords do not have the ability to judge the user but rely only on the data provided by the user, which can easily be stolen while Biometrics work on the uniqueness of each individual.
Passwords can be forgotten and recovering them can take time, whereas Biometric devices rely on biometric data which tends to be unique to a person, hence there is no risk of forgetting the authentication data. A study conducted among Yahoo! users found that at least 1.5 percent^[12] of Yahoo users forgot their passwords every month, hence this makes accessing services more lengthy for consumers as the process of recovering passwords is lengthy. These shortcomings make Biometric devices more efficient and reduces effort for the end user.

Future

Researchers are targeting the drawbacks of present-day biometric devices and developing to reduce problems like biometric spoofing and inaccurate intake of data. Technologies which are being developed are-

The United States Military Academy are developing an algorithm^[13] that allows identification through the ways each individual interacts with their own computers; this algorithm considers unique traits like typing speed, rhythm of writing and common spelling mistakes. This data allows the algorithm to create a unique profile for each user by combining their multiple behavioral and stylometric information. This can be very difficult to replicate collectively.
A recent innovation by Kenneth Okereafor^[14] and,^[15] presented an optimized and secure design of applying biometric liveness detection technique using a trait randomization approach. This novel concept potentially opens up new ways of mitigating biometric spoofing more accurately, and making impostor predictions intractable or very difficult in future biometric devices. A simulation of Kenneth Okereafor's biometric liveness detection algorithm using a 3D multi-biometric framework consisting of 15 liveness parameters from facial print, finger print and iris pattern traits resulted in a system efficiency of the 99.2% over a cardinality of 125 distinct randomization combinations. The uniqueness of Okereafor's innovation lies in the application of uncorrelated biometric trait parameters including intrinsic and involuntary biomedical properties from eye blinking pattern, pulse oxymetry, finger spectroscopy, electrocardiogram, perspiration, etc.
A group of Japanese Researchers have created a system^[16] which uses 400 sensors in a chair to identify the contours and unique pressure points of a person. This derrière authenticator, still undergoing massive improvements and modifications, is claimed to be 98% accurate and is seen to have application in anti theft device mechanisms in cars.
Inventor Lawrence F. Glaser has developed and patented technology which appears at first to be a high definition display. However, unlike displays with 2 dimensional pixel arrays, this technology incorporates pixel stacks, accomplishing a series of goals leading to the capture of a multi-biometric. It is believed to be the first man-made device which can capture 2 or more distinct biometrics from the same region of pixel stacks (forming a surface) at the same instant, allowing for the data to form a third biometric, which is a more complex pattern inclusive as to how the data aligns. An example would be to capture the finger print and the capillary pattern at precisely the same moment. Other opportunities exist with this technology, such as to capture kirlean data which assures the finger was alive during an event, or capture of bone details forming another biometric used with the others previously mentioned. The concept of stacking pixels to achieve increased functionality from less surface area is combined with the ability to emit any color from a single pixel, eliminating the need for RGB (RED GREEN BLUE) surface emissions. Lastly, the technology was tested with high power cadmium magnetics to check for distortion or other anomalies, as the inventor wanted to also embed magnetic emission and magnetic collection with this same surface technology, but without exhibiting any magnetic stripes on the surface. Devices, such as smart cards, can pass magnetic data from any orientation by automatically sensing what the user has done, and using data about where the card is when "swiped" or inserted into a reader. This technology can detect touch or read gestures at distance, without a user side camera and with no active electronics on its surface. The use of Multibiometrics hardens automated identity acquisition by a factor of 800,000,000 and will prove to be very difficult to hack or emulate.

Related Research Articles

<span class="mw-page-title-main">Authentication</span> Act of proving an assertion

Authentication is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicating a person or thing's identity, authentication is the process of verifying that identity. It might involve validating personal identity documents, verifying the authenticity of a website with a digital certificate, determining the age of an artifact by carbon dating, or ensuring that a product or document is not counterfeit.

<span class="mw-page-title-main">Fingerprint</span> Biometric identifier

A fingerprint is an impression left by the friction ridges of a human finger. The recovery of partial fingerprints from a crime scene is an important method of forensic science. Moisture and grease on a finger result in fingerprints on surfaces such as glass or metal. Deliberate impressions of entire fingerprints can be obtained by ink or other substances transferred from the peaks of friction ridges on the skin to a smooth surface such as paper. Fingerprint records normally contain impressions from the pad on the last joint of fingers and thumbs, though fingerprint cards also typically record portions of lower joint areas of the fingers.

Biometrics are body measurements and calculations related to human characteristics and features. Biometric authentication is used in computer science as a form of identification and access control. It is also used to identify individuals in groups that are under surveillance.

<span class="mw-page-title-main">Iris recognition</span> Method of biometric identification

Iris recognition is an automated method of biometric identification that uses mathematical pattern-recognition techniques on video images of one or both of the irises of an individual's eyes, whose complex patterns are unique, stable, and can be seen from some distance. The discriminating powers of all biometric technologies depend on the amount of entropy they are able to encode and use in matching. Iris recognition is exceptional in this regard, enabling the avoidance of "collisions" even in cross-comparisons across massive populations. Its major limitation is that image acquisition from distances greater than a meter or two, or without cooperation, can be very difficult. However, the technology is in development and iris recognition can be accomplished from even up to 10 meters away or in a live camera feed.

<span class="mw-page-title-main">Security token</span> Device used to gain access to restricted resource

A security token is a peripheral device used to gain access to an electronically restricted resource. The token is used in addition to, or in place of, a password. Examples of security tokens include wireless key cards used to open locked doors, a banking token used as a digital authenticator for signing in to online banking, or signing transactions such as wire transfers.

Logical security consists of software safeguards for an organization's systems, including user identification and password access, authenticating, access rights and authority levels. These measures are to ensure that only authorized users are able to perform actions or access information in a network or a workstation. It is a subset of computer security.

Hand geometry is a biometric that identifies users from the shape of their hands. Hand geometry readers measure a user's palm and fingers along many dimensions including length, width, deviation, and angle and compare those measurements to measurements stored in a file.

Living in the intersection of cryptography and psychology, password psychology is the study of what makes passwords or cryptographic keys easy to remember or guess.

A card reader is a data input device that reads data from a card-shaped storage medium and provides the data to a computer. Card readers can acquire data from a card via a number of methods, including: optical scanning of printed text or barcodes or holes on punched cards, electrical signals from connections made or interrupted by a card's punched holes or embedded circuitry, or electronic devices that can read plastic cards embedded with either a magnetic strip, computer chip, RFID chip, or another storage medium.

Password fatigue is the feeling experienced by many people who are required to remember an excessive number of passwords as part of their daily routine, such as to log in to a computer at work, undo a bicycle lock or conduct banking from an automated teller machine. The concept is also known as password chaos, or more broadly as identity chaos.

Vein matching, also called vascular technology, is a technique of biometric identification through the analysis of the patterns of blood vessels visible from the surface of the skin. Though used by the Federal Bureau of Investigation and the Central Intelligence Agency, this method of identification is still in development and has not yet been universally adopted by crime labs as it is not considered as reliable as more established techniques, such as fingerprinting. However, it can be used in conjunction with existing forensic data in support of a conclusion.

Cyber crime, or computer crime, refers to any crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target. Netcrime refers, more precisely, to criminal exploitation of the Internet. Issues surrounding this type of crime have become high-profile, particularly those surrounding hacking, copyright infringement, identity theft, child pornography, and child grooming. There are also problems of privacy when confidential information is lost or intercepted, lawfully or otherwise.

A whole new range of techniques has been developed to identify people since the 1960s from the measurement and analysis of parts of their bodies to DNA profiles. Forms of identification are used to ensure that citizens are eligible for rights to benefits and to vote without fear of impersonation while private individuals have used seals and signatures for centuries to lay claim to real and personal estate. Generally, the amount of proof of identity that is required to gain access to something is proportionate to the value of what is being sought. It is estimated that only 4% of online transactions use methods other than simple passwords. Security of systems resources generally follows a three-step process of identification, authentication and authorization. Today, a high level of trust is as critical to eCommerce transactions as it is to traditional face-to-face transactions.

A smudge attack is an information extraction attack that discerns the password input of a touchscreen device such as a smartphone or tablet computer from fingerprint smudges. A team of researchers at the University of Pennsylvania were the first to investigate this type of attack in 2010. An attack occurs when an unauthorized user is in possession or is nearby the device of interest. The attacker relies on detecting the oily smudges produced and left behind by the user's fingers to find the pattern or code needed to access the device and its contents. Simple cameras, lights, fingerprint powder, and image processing software can be used to capture the fingerprint deposits created when the user unlocks their device. Under proper lighting and camera settings, the finger smudges can be easily detected, and the heaviest smudges can be used to infer the most frequent input swipes or taps from the user.

Biometrics are used by the South African government to combat fraud and corruption and to increase the efficiency of service delivery to the public.

Touch ID is an electronic fingerprint recognition feature designed and released by Apple Inc. that allows users to unlock devices, make purchases in the various Apple digital media stores, and authenticate Apple Pay online or in apps. It can also be used to lock and unlock password-protected notes on iPhone and iPad. Touch ID was first introduced in iPhones with the iPhone 5s in 2013. In 2015, Apple introduced a faster second-generation Touch ID in the iPhone 6s; a year later in 2016, it made its laptop debut in the MacBook Pro integrated on the right side of the Touch Bar. Touch ID has been used on all iPads since the iPad Air 2 was introduced in 2014. In MacBooks, each user account can have up to three fingerprints, and a total of five fingerprints across the system. Fingerprint information is stored locally in a secure enclave on the Apple A7 and later chips, not in the cloud, a design choice intended to secure fingerprint information from users or malicious attackers.

Eye vein verification is a method of biometric authentication that applies pattern-recognition techniques to video images of the veins in a user's eyes. The complex and random patterns are unique, and modern hardware and software can detect and differentiate those patterns at some distance from the eyes.

Identity-based security is a type of security that focuses on access to digital information or services based on the authenticated identity of an entity. It ensures that the users and services of these digital resources are entitled to what they receive. The most common form of identity-based security involves the login of an account with a username and password. However, recent technology has evolved into fingerprinting or facial recognition.

Biometric tokenization is the process of substituting a stored biometric template with a non-sensitive equivalent, called a token, that lacks extrinsic or exploitable meaning or value. The process combines the biometrics with public-key cryptography to enable the use of a stored biometric template for secure or strong authentication to applications or other systems without presenting the template in its original, replicable form.

Web Authentication (WebAuthn) is a web standard published by the World Wide Web Consortium (W3C). WebAuthn is a core component of the FIDO2 Project under the guidance of the FIDO Alliance. The goal of the project is to standardize an interface for authenticating users to web-based applications and services using public-key cryptography. WebAuthn credentials that are available across multiple devices are commonly referred to as passkeys.

References

↑ Wayman, James; Jain, Anil.; Maltonie, Davide.; Maio, Dario (2005). An Introduction to Biometric Authentication Systems. Boston, MA: Springer London. pp. 1–20. ISBN 978-1-85233-596-0.
↑ Mayhew, Stephen (14 January 2015). "History of Biometrics". biometricupdate.com. Archived from the original on 14 December 2015. Retrieved 24 October 2015.
↑ Zhang, David (2013-11-11). Automated Biometrics: Technologies and Systems. Springer Science & Business Media. p. 7. ISBN 9781461545194.
↑ "What is Buddy Punching? How to Prevent it [Updated 2021]". quickbooks.intuit.com. Retrieved 2023-08-29.
↑ Basit, Abdul (20 October 2015). "Dubai Airport without immigration counters?". Khaleej Times. Retrieved 28 October 2015.
↑ M.M. Fahmy, Maged (5 November 2010). "Online handwritten signature verification system based on DWT features extraction and neural network classification". Ain Shams Engineering Journal. 1 (1): 59–70. doi: 10.1016/j.asej.2010.09.007 .
↑ Trader, John (2014-07-22). "Liveness Detection to Fight Biometric Spoofing" . Retrieved 4 November 2015.
↑ "German minister fingered as hacker 'steals' her thumbprint from a PHOTO". The Register. 29 Dec 2014. Retrieved 21 October 2015.
↑ Reddy, P.V; Kumar, A; Rahman, S; Mundra, T.S (2008). "A New Antispoofing Approach for Biometric Devices". IEEE Transactions on Biomedical Circuits and Systems. 2 (4): 328–337. CiteSeerX 10.1.1.141.6902 . doi:10.1109/tbcas.2008.2003432. PMID 23853135. S2CID 8908501.
↑ Warman, Matt (2013-05-08). "Say goodbye to the pin: voice recognition takes over at Barclays Wealth". The Telegraph. Retrieved 22 October 2015.
↑ O’Gorman, Lawrence (2003). "Comparing Passwords, Tokens, and Biometrics for User Authentication". Proceedings of the IEEE. 91 (12): 2021–2040. doi:10.1109/jproc.2003.819611. S2CID 11397126.
↑ Florencio, Dinei; Herley, Cormac (2007). "A large-scale study of web password habits". Proceedings of the 16th international conference on World Wide Web - WWW '07. p. 657. CiteSeerX 10.1.1.75.8414 . doi:10.1145/1242572.1242661. ISBN 9781595936547. S2CID 10648989.
↑ Funk, Wolfgang; Arnold, Michael; Busch, Christoph; Munde, Axel. "Evaluation of Image Compression Algorithms for Fingerprint and Face Recognition Systems" (PDF). 2005 IEEE Information Assurance Workshop.
↑ K. U. Okereafor, C. Onime and O. E. Osuagwu, "Multi-biometric Liveness Detection - A New Perspective," West African Journal of Industrial and Academic Research, vol. 16, no. 1, pp. 26 - 37, 2016 (https://www.ajol.info/index.php/wajiar/article/view/145878)
↑ K. U. Okereafor, C. Onime and O. E. Osuagwu, "Enhancing Biometric Liveness Detection Using Trait Randomization Technique," 2017 UKSim-AMSS 19th International Conference on Modelling & Simulation, University of Cambridge, Conference Proceedings, pp. 28 – 33, 2017 (http://uksim.info/uksim2017/CD/data/2735a028.pdf)
↑ Malenkovich, Serge (24 December 2012). "10 Biometric Security Codes of the Future". kaspersky.com. Retrieved 28 October 2015.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] Wayman, James; Jain, Anil.; Maltonie, Davide.; Maio, Dario (2005). An Introduction to Biometric Authentication Systems. Boston, MA: Springer London. pp. 1–20. ISBN 978-1-85233-596-0.

[2] Mayhew, Stephen (14 January 2015). "History of Biometrics". biometricupdate.com. Archived from the original on 14 December 2015. Retrieved 24 October 2015.

[3] Zhang, David (2013-11-11). Automated Biometrics: Technologies and Systems. Springer Science & Business Media. p. 7. ISBN 9781461545194.

[4] "What is Buddy Punching? How to Prevent it [Updated 2021]". quickbooks.intuit.com. Retrieved 2023-08-29.

[5] Basit, Abdul (20 October 2015). "Dubai Airport without immigration counters?". Khaleej Times. Retrieved 28 October 2015.

[6] M.M. Fahmy, Maged (5 November 2010). "Online handwritten signature verification system based on DWT features extraction and neural network classification". Ain Shams Engineering Journal. 1 (1): 59–70. doi: 10.1016/j.asej.2010.09.007 .

[7] Trader, John (2014-07-22). "Liveness Detection to Fight Biometric Spoofing" . Retrieved 4 November 2015.

[8] "German minister fingered as hacker 'steals' her thumbprint from a PHOTO". The Register. 29 Dec 2014. Retrieved 21 October 2015.

[9] Reddy, P.V; Kumar, A; Rahman, S; Mundra, T.S (2008). "A New Antispoofing Approach for Biometric Devices". IEEE Transactions on Biomedical Circuits and Systems. 2 (4): 328–337. CiteSeerX 10.1.1.141.6902 . doi:10.1109/tbcas.2008.2003432. PMID 23853135. S2CID 8908501.

[10] Warman, Matt (2013-05-08). "Say goodbye to the pin: voice recognition takes over at Barclays Wealth". The Telegraph. Retrieved 22 October 2015.

[11] O’Gorman, Lawrence (2003). "Comparing Passwords, Tokens, and Biometrics for User Authentication". Proceedings of the IEEE. 91 (12): 2021–2040. doi:10.1109/jproc.2003.819611. S2CID 11397126.

[12] Florencio, Dinei; Herley, Cormac (2007). "A large-scale study of web password habits". Proceedings of the 16th international conference on World Wide Web - WWW '07. p. 657. CiteSeerX 10.1.1.75.8414 . doi:10.1145/1242572.1242661. ISBN 9781595936547. S2CID 10648989.

[13] Funk, Wolfgang; Arnold, Michael; Busch, Christoph; Munde, Axel. "Evaluation of Image Compression Algorithms for Fingerprint and Face Recognition Systems" (PDF). 2005 IEEE Information Assurance Workshop.

[14] K. U. Okereafor, C. Onime and O. E. Osuagwu, "Multi-biometric Liveness Detection - A New Perspective," West African Journal of Industrial and Academic Research, vol. 16, no. 1, pp. 26 - 37, 2016 (https://www.ajol.info/index.php/wajiar/article/view/145878)

[15] K. U. Okereafor, C. Onime and O. E. Osuagwu, "Enhancing Biometric Liveness Detection Using Trait Randomization Technique," 2017 UKSim-AMSS 19th International Conference on Modelling & Simulation, University of Cambridge, Conference Proceedings, pp. 28 – 33, 2017 (http://uksim.info/uksim2017/CD/data/2735a028.pdf)

[16] Malenkovich, Serge (24 December 2012). "10 Biometric Security Codes of the Future". kaspersky.com. Retrieved 28 October 2015.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]

[15]

[16]