|
|
|
|
Table of
contents |
Biometric technologies for secure access
Biometrics is the science and technology for determining the identity of an individual by measuring the person’s physiological or behavioural characteristics. Biometric technology can be used to verify that someone is indeed the one who he claims to be. Authentication, i.e. matching a claimed identity with a real identity, together with confidentiality, integrity and availability are the main security related objectives in the information technology context. There exist three ways to authenticate a person’s identity. The first is based on knowledge, i.e. knowing something that no one else knows, such as a pass-phrase, or a PIN (personal identification number). The second is based on possession, i.e. having something that no one else has, such as a key, or a smart card. In both cases an artificial mapping of an identity to a generated code or an issued card is temporarily achieved. The third way to authenticate a person’s identity is to evaluate a person’s characteristics, such as body attributes or behaviour, i.e. being someone. In the first two cases the risk exists that a person may disclose (code) or loose (card) the security token, while in the third case the security credentials are permanently “attached” to the person. In many cases a combination of the different ways of authentication is used. For example using a smart card usually also requires a PIN code to be entered somewhere. History of biometrics The first evidence of the use of fingerprints for authentication can be dated back to the time of the early ancient Assyria (about 1900 BC – 1600 BC). Pottery was marked with the potter’s fingerprint. In China during the Tang dynasty (618-906) fingerprints were used to sign contracts. Biometrics did not emerge in western cultures until late in the 19th century. The first proposals to use the fingerprint in criminal investigation are dated from 1858. Alphonse Bertillon, a French law enforcement officer and anthropologist, developed an anthropometric system in 1883, which laid the basis for the mass introduction of biometrics use in law enforcement around the world in the beginning of the 20th century. The technology of biometric systems In information technology, biometrics refer to technologies for measuring and analyzing human physiological characteristics such as fingerprints, eye retinas and irises, voice patterns, facial patterns, and hand measurements for authentication purposes. Behavioural characteristics that can be measured include signature recognition, gait recognition, speaker recognition, as well as typing (rhythm) pattern recognition. A biometric system measures a person’s biometric data and compares them with pre-registered reference data in order to first identify a person and finally to verify his identity. In a typical system a person registers with the system when one or more of his characteristics are obtained by means of a suitable sensor, processed by an algorithm, and stored in a database. This registration process is called enrolment. Nobody is perfect The main technological challenge in biometrics today is the accuracy performance of the biometric system. All human characteristics are subject to change over time and due to temporal conditions. For example, the image of a face may change because of aging; the voice may change during a cold. Also a hand signature never looks the same. The measured biometric data never match 100 percent the reference data. The decision for a “match” or “non match” is thus never concluded on a perfect “equal”, but rather depends on the performance parameters of the biometric system. The biometric characteristics are never tested on equality, but only on sufficient resemblance. This means that biometric systems can only identify and verify someone’s identity with a certain probability. The performance of biometric systems is typically measured in terms of the false accept rate (FAR), the false non-match or reject rate (FRR) and the failure to enrol rate (FER). In real-world biometric systems the FAR and FRR can be traded off against each other by changing some parameters. One of the most common measures of biometric systems is the rate at the setting at which both accept and reject errors are equal, known as the equal error rate (EER). The lower the EER, the more accurate the system is considered to be. Future in biometrics Despite these deficiencies, biometric systems have the potential to identify individuals with a very high degree of certainty. Currently, the state of the art in forensic DNA evidence enjoys a particularly high degree of trust. The current assumption is that only identical twins have identical DNA. It remains to be seen how practical it could be to use DNA for authentication purposes in information technology. However, substantial claims are being made that iris recognition technology has the capacity to discriminate even between individuals with identical DNA. Please send us your comments on this article. |
