Established in 1992. Serves as the focal point for coordinating and developing advanced biometric processing, testing, and evaluation techniques within the US Government. The Consortium is presently comprised of representatives from six executive departments of the US Government and each of the Military Services. A goal of the Consortium is to develop an independent assessment facility to evaluate and test evolving biometric devices. The National Security Agency initiated the formation of the Consortium as part of its Information Systems Security mission, with a goal to increase the availability of biometric authentication and identification to meet the needs of the Department of Defense and other Federal agencies. Towards that goal, the NSA has invested personnel resources and funds to provide organizational and administrative support to the Consortium. The Consortium has been, and continues to be, the US Government's primary source of technical information for biometric considerations.

At Disney World, biometric measurements are taken from the fingers of multi-day pass users to ensure that the pass is used by the same person from day to day.

For the use of statistics in biology, see Biostatistics.

Biometrics (ancient Greek: bios ="life", metron ="measure") is the study of automated methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits.

In information technology, biometric authentication refers to technologies that measure and analyze human physical and behavioral characteristics for authentication purposes. Examples of physical characteristics include fingerprints, eye retinas and irises, facial patterns and hand measurements, while examples of mostly behavioral characteristics include signature, gait and typing patterns. Voice is considered a mix of both physical and behavioral characteristics, but all biometric traits share physical and behavioral aspects.

History

While biometrics did not show up in practice in Western cultures until late in the 19th century, it was being used in China by at least the 14th century. An explorer and writer by the name of Joao de Barros wrote that Chinese merchants stamped children’s palm prints and footprints on paper with ink. The merchants did this as a way to distinguish young children from one another.

In the West, identification relied heavily simply upon “photographic memory” until the French police desk clerk and anthropologist Alphonse Bertillon developed the anthropometric system (later also known as Bertillonage) in 1883. This was the first precise, scientific system that was widely used to identify criminals. It turned biometrics into a field of study. It worked by precisely measuring certain lengths and widths of the head and body, as well as recording individual markings such as tattoos and scars. Bertillon’s system was widely adopted in the West until the system’s flaws became apparent – mainly problems with differing methods of measurement and changing measurements. After that, Western police forces turned to fingerprinting – essentially the same system seen in China hundreds of years prior.

In recent years biometrics has moved from simply fingerprinting, to many different methods that use various physical and behavioral measurements. The uses of biometrics have also increased, from just identification to security systems and more.

Operation and performance

In a typical IT biometric system, a person registers with the system when one or more of his physical and behavioral characteristics are obtained. This information is then processed by a numerical algorithm, and entered into a database. The algorithm creates a digital representation of the obtained biometric. If the user is new to the system, he or she enrolls, which means that the digital template of the biometric is entered into the database. Each subsequent attempt to use the system, or authenticate, requires the biometric of the user to be captured again, and processed into a digital template. That template is then compared to those existing in the database to determine a match. The process of converting the acquired biometric into a digital template for comparison is completed each time the user attempts to authenticate to the system. The comparison process involves the use of a Hamming distance. This is a measurement of how similar two bit strings are. For example, two identical bit strings have a Hamming Distance of zero, while two totally dissimilar ones have a Hamming Distance of one. Thus, the Hamming distance measures the percentage of dissimilar bits out of the number of comparisons made. Ideally, when a user logs in, nearly all of his features match; then when someone else tries to log in, who does not fully match, and the system will not allow the new person to log in. Current technologies have widely varying Equal Error Rates, varying from as low as 60% and as high as 99.9%.

Performance of a biometric measure is usually referred to in terms of the false accept rate (FAR), the false non match or reject rate (FRR), and the failure to enroll rate (FTE or FER). The FAR measures the percent of invalid users who are incorrectly accepted as genuine users, while the FRR measures the percent of valid users who are rejected as impostors.

In real-world biometric systems the FAR and FRR can typically be traded off against each other by changing some parameter. One of the most common measures of real-world biometric systems is the rate at which both accept and reject errors are equal: the equal error rate (EER), also known as the cross-over error rate (CER). The lower the EER or CER, the more accurate the system is considered to be. An EER is desirable for a biometric system because it balances the sensitivity of the system.

Claimed error rates sometimes involve idiosyncratic or subjective elements. For example, one biometrics vendor set the acceptance threshold high, to minimize false accepts. In the trial, three attempts were allowed, and so a false reject was counted only if all three attempts failed. At the same time, when measuring performance biometrics (e.g. writing, speech etc.), opinions may differ on what constitutes a false reject. If a signature verification system is trained with an initial and a surname, can a false reject be legitimately claimed when it then rejects the signature incorporating a full first name?

Despite these misgivings, biometric systems have the potential to identify individuals with a very high degree of certainty. Forensic DNA evidence enjoys a particularly high degree of public trust at present (ca. 2004) and substantial claims are being made in respect of iris recognition technology, which has the capacity to discriminate between individuals with identical DNA, such as monozygotic twins.

A Comparison of Biometrics

A Comparison of Biometrics (Yun 2003)

The figure at the right (Yun 2003) compares several biometrics with each other against seven categories:

• Universality describes how common a biometric is found in each individual.
• Uniqueness is how well the biometric separates one individual from another.
• Permanence measures how well a biometric resists aging.
• Collectability explains how easy it is to acquire a biometric for measurement.
• Performance indicates the accuracy, speed, and robustness of the system capturing the biometric.
• Acceptability indicates the degree of approval of a technology by the public in everyday life.
• Circumvention is how easy it is to fool the authentication system.

Yun ranks each biometric based on the categories as being either low, medium, or high. A low ranking indicates poor performance in the evaluation criterion whereas a high ranking indicates a very good performance.

Issues and concerns

As with many interesting and powerful developments of technology, excessive concern with the biometric may have the effect of eclipsing a more general critical faculty. Biometrics may become associated with severe miscarriages of justice if bedazzlement with the performance of the technology blinds us to the following possibilities. An individual could:

• plant DNA at the scene of the crime
• associate another's identity with his biometrics, thereby impersonating without arousing suspicion
• fool a fingerprint detector by using a piece of sticky tape with an authentic fingerprint on it
• fool an iris recognition camera by showing a photo of an iris
• interfere with the interface between a biometric device and the host system, so that a "fail" message gets converted to a "pass".

Identity theft and Privacy Issues

Concerns about Identity theft through biometrics use have not been resolved. If a person's credit card number is stolen, for example, it can cause them great difficulty. If their iris scan is stolen, though, and it allows someone else to access personal information or financial accounts, the damage could be irreversible. Often, biometric technologies have been rolled out without adequate safeguards for personal information gathered about individuals.

Also, the biometric solution to identity theft is only as good as the information in the database that is used for verifying identity. Problems of getting accurate and usuable initial information -- witness the current troubles with the No fly list of the Dept of Homeland security. Presumably after the initial information is correctly stored, future computer error or vandalism (hacking) would prevent biometrics from being 100% foolproof against idenity theft.

Though biometrics often are touted as a way to restrict criminality, privacy advocates fear biometrics may be used to diminish personal liberties of law abiding citizens as well. Developments in a huge range of new technologies besides biometrics - digital video, infrared, x-ray, wireless, global positioning satellite systems, image scanning, voice recognition, DNA, and brain wave fingerprinting - provide government with new ways to "seaarch" individuals and collect vast databases of information on law-abiding members of the public.

Sociological concerns

As technology advances, and time goes on, more and more private companies and public utilities will use biometrics for safe, accurate identification. However, these advances will raise many concerns throughout society, where many may not be educated on the methods. Here are some examples of concerns society has with biometrics:

• Physical - Some believe this technology can cause physical harm to an individual using the methods, or that instruments used are unsanitary. For example, there are concerns that retina scanners might not always be clean.

• Personal Information - There are concerns whether our personal information taken through biometric methods can be misused, tampered with, or sold, e.g. by criminals stealing, rearranging or copying the biometric data. Also, the data obtained using biometrics can be used in unauthorized ways without the individual's consent.

Society fears in using biometrics will continue over time. As the public becomes more educated on the practices, and the methods are being more widely used, these concerns will become more and more evident.

This technology is being used at border crossings that have electronic readers that are able to read the chip in the cards and verify the information present in the card and on the passport. This method allows for the increase in efficiency and accuracy of identifying people at the border crossing. CANPASS, by Canada Customs is currently being used by some major airports that have kiosks set up to take digital pictures of a person’s eye as a means of identification.

Uses and initiatives

Brazil

Since the beginning of the 20th century, Brazilian citizens have used ID cards. The decision by the Brazilian government to adopt fingerprint-based biometrics was spearheaded by Dr. Felix Pacheco at Rio de Janeiro, at that time capital of the Federative Republic. Dr. Pacheco was a friend of Dr. Juan Vucetich, who invented one of the most complete tenprint classification systems in existence. The Vucetich system was adopted not only in Brazil, but also by most of the other South American countries. The oldest and most traditional ID Institute in Brazil (Instituto de Identificação Félix Pacheco) was integrated into the civil and criminal AFIS system in 1999.

Each state in Brazil is allowed to print its own ID card, but the layout and data are the same for all of them. The ID cards printed in Rio de Janeiro are fully digitized using a 2D bar code with information which can be matched against its owner off-line. The 2D bar code encodes a color photo, a signature, two fingerprints, and other citizen data. This technology was developed in 2000 in order to enhance the safety of the Brazilian ID cards.

Canada

Canada has recently introduced biometrics in the use of passports with the help of digitized photos. The passports contain a chip that holds a picture of the person and personal information such as name and date of birth.

This technology is being used at border crossings that have electronic readers that are able to read the chip in the cards and verify the information present in the card and on the passport. This method allows for increased efficiency and accuracy of identifying people at the border crossing. CANPASS, developed by Canada Customs, is currently being used by some major airports that have kiosks set up to take digital pictures of a person’s eye as a means of identification.

United States

The United States government has become a strong advocate of biometrics with the increase in security concerns in recent years. Starting in 2005, US passports with facial (image-based) biometric data are scheduled to be produced. Privacy activists in many countries have criticized the technology's use for the potential harm to civil liberties, privacy, and the risk of identity theft. Currently, there is some apprehension in the United States (and the European Union) that the information can be "skimmed" and identify people's citizenship remotely for criminal intent, such as kidnapping. There also are technical difficulties currently delaying biometric integration into passports in the United States, the United Kingdom, and the rest of the EU. These difficulties include compatibility of reading devices, information formatting, and nature of content (e.g. the US and UK currently expect to use only image data, whereas the EU intends to use fingerprint and image data in their passport RFID biometric chip(s)).

See also

• Biometric passport
• Biometric word list
• British biometric national identity card
• Facial recognition system
• Physical anthropology
• Three-dimensional face recognition

References

Wikimedia Commons has media related to:

Category:Biometrics

• Human Recognition Systems Ltd
• A Brief History of Biometrics Retrieved March 19, 2005.
• Griaule, a vendor with a shareware fingerprint
• Ashborn, Julian. "Guide to Biometrics". Springer Professional Computing. 1st edition. 2004
• Access Control news portal Authoritative news site for for access control and for biometric systems and products
• Yun, Yau Wei. The ‘123’ of Biometric Technology, 2003. Retrieved from on November 21, 2005 from the World Wide Web: http://www.itsc.org.sg/synthesis/2002/biometric.pdf
• Department of Justice Biometrics Catalog
  
• Department of Defense Biometric Management Office