BIOMETRICS

SEMINAR REPORT

Submitted in partial fulfillment of the requirement

of the award of

BACHELOR OF TECHNOLOGY

in

ELECTRONICS ENGINEERING

of

COCHIN UNIVERSITY OF SCIENCE AND TECHNOLOGY

By

JOSIN CYRIL BABY

DEPARTMENT OF COMPUTER ENGINEERING

COLLEGE OF ENGINEERING
CHENGANNUR – 689 121

1
 1.0 INTRODUCTION
Biometrics refers to the automatic identification of a person based on
his/her physiological or behavioral characteristics such as finger scan, retina, iris, voice
scan, signature scan etc. This method of identification is preferred over traditional
methods involving passwords and PIN numbers for various reasons: the person to be
identified is required to be physically present at the point-of-identification; identification
based on biometric techniques obviates the need to remember a password or carry a
token. With the increased use of computers as vehicles of information technology, it is
necessary to restrict access to sensitive/personal data. By replacing PINs, biometric
techniques can potentially prevent unauthorized access to or fraudulent use of ATMs,
cellular phones, smart cards, desktop PCs, workstations, and computer networks.
A biometric system is essentially a pattern recognition system, which
makes a personal identification by determining the authenticity of a specific
physiological, or behavioral characteristics possessed by the user. An important issue in
designing a practical system is to determine how an individual is identified. Depending
on the context, a biometric system can be either a verification (authentication) system or
an identification system.
Biometrics is a rapidly evolving technology, which is being widely used
in forensics such as criminal identification and prison security, and has the potential to be
used in a large range of civilian application areas. Biometrics can be used to prevent
unauthorized access to ATMs, cellular phones, smart cards, desktop PCs, workstations,
and computer networks. It can be used during transactions conducted via telephone and
Internet (electronic commerce and electronic banking). In automobiles, biometrics can
replace keys with key-less entry devices

Biometrics technology allows determination and verification of one's

identity through physical characteristics. To put it simply, it turns your body into your
password. These characteristics can include face recognition, voice recognition,
finger/hand print scan, iris scans and even retina scans. Biometric systems have sensors
that pick up a physical characteristic, convert it into a digital pattern and compare it to
stored patterns for identification

2
 2. 0 IDENTIFICATION AND VERIFICATION SYSTEMS

A person’s identity can be resolved in two ways: identification and

verification. The former involves identifying a person from all biometric measurements
collected in a database and this involves a one-to-many match also referred to as a ‘cold
search’. “Do I know who you are?” Is the inherent question this process seeks to answer.
Verification involves authenticating a person’s claimed identity from his or her
previously enrolled pattern and this involves a one-to-one match. The question it seeks to
answer is, “Are you claim to be?”
2.1 VERIFICATION
Verification requires comparing a person’s fingerprint to one that pass
previously recorded in the system database. The person claiming an identity provided a
fingerprint, typically by placing a finger on an optical scanner. The computer locates the
previous fingerprint by looking up the person’s identity. This process is relatively easy
because the computer needs to compare two-fingerprint record (although most systems
use two fingerprints from each person to provide a safety factor). The verification
process is referred as a ‘closed search’ because the search field is limited. The second
question is “who is this person?” This is the identification function, which is used to
prevent duplicate application or enrollment. In this case a newly supplied fingerprint is
supplied to all others in the database. A match indicates that the person has already
enrolled/applied.
2.2 IDENTIFICATION
The identification process, also known as an ‘open search’, is much more
technically demanding. It involves many more comparisons and may require
differentiating among several database fingerprints that are similar to the objects.
2.3 BIOMETRIC SYSTEMS AND DEVICES
A biometric system is a combined hardware/software system for biometric
identification or verification. Therefore the system should be able to:
• Receive biometric samples from an enrollee or candidate
• Extract biometric featured from the sample
• Compare the sample of the candidate with stored templates from individuals

3
 • Indicate identification or verification upon the result of the previous comparison
Biometric devices have three primary components:
• One is an automated mechanism that scans and captures a digital of analog image
of a living personal characteristic
• The second handles compression of the image with the stored data.
• The third interfaces with application systems
These pieces may be configured to suit different situations. A common issue is where the
stored images reside: on a card presented by the person being verified or at host
computer. Recognition occurs when an individual’s is matched with one of a group of
stored images.
2.3 BIOMETRC ACCURACY
Biometric accuracy is the system’s ability of separating legitimate matches
from imposters. There are two important performance characteristics for biometric
systems
• False rejection is the situation when a biometric system is not able to verify the
legitimate claimed identity of an enrolled person.
• False acceptance is a situation when a biometric system wrongly verifies the
identity by comparing biometric features from not identical individuals.
• False Rejection Rate (FRR) refers to the statistical probability that the biometric
system is not able to verify the legitimate claimed identity of an enrolled person,
or fails to identify an enrolled person.
• False Acceptance Rate (FAR) refers to the statistical probability of False
Acceptance or incorrect verification. In the most common context, both False
Rejection and False Acceptance represent a security hazard.

4
 3.0 IRIS RECOGNITION

Iris recognition leverages the unique features of the human iris to provide an
unmatched identification technology. So accurate are the algorithms used in iris
recognition that the entire planet could be enrolled in an iris database with only a small
chance of false acceptance or false rejection. The technology also addresses the FTE
(failure to enroll) problems, which lessen the effectiveness of other biometrics. The
tremendous accuracy of iris recognition allows it, in many ways, to stand apart from other
biometric technologies. All iris recognition technology is based on research and patents
held by Dr. John Daugman.

3.1 The Iris

Iris recognition is based on visible (via regular and/or infrared light) qualities of
the iris. A primary visible characteristic is the trabecular meshwork (permanently formed
by the 8th month of gestation), a tissue that gives the appearance of dividing the iris in a
radial fashion. Other visible characteristics include rings, furrows, freckles, and the
corona, to cite only the more familiar. Expressed simply, iris recognition technology
converts these visible characteristics into a 512 byte IrisCode(tm), a template stored for
future verification attempts. 512 bytes is a fairly compact size for a biometric template,
but the quantity of information derived from the iris is massive. From the iris' 11mm
diameter, Dr. Daugman's algorithms provide 3.4 bits of data per square mm. This density
of information is such that each iris can be said to have 266 unique "spots", as opposed to
13-60 for traditional biometric technologies. This '266' measurement is cited in all iris
recognition literature; after allowing for the algorithm's correlative functions and for
characteristics inherent to most human eyes, Dr. Daugman concludes that 173
"independent binary degrees-of-freedom" can be extracted from his algorithm - an
exceptionally large number for a biometric.

5
3.2 The Algorithms

The first step is location of the iris by a dedicated camera no more than 3 feet
from the eye. After the camera situates the eye, the algorithm narrows in from the right
and left of the iris to locate its outer edge. This horizontal approach accounts for
obstruction caused by the eyelids. It simultaneously locates the inner edge of the iris (at
the pupil), excluding the lower 90 degrees because of inherent moisture and lighting
issues.

The monochrome camera uses both visible and infrared light, the latter
of which is located in the 700-900 nm range (this is in the lower range of IR; the
American Academy of Ophthalmology uses similar ranges in their studies of macular
cysts). Upon location of the iris, as seen above, an algorithm uses 2-D Gabor wavelets to
filter and map segments of the iris into hundreds of vectors (known here as phasors).
Understanding in detail the 2-D Gabor phasor encoders requires a degree in advanced
mathematics, but they can be summarized as follows. The wavelets of various sizes
assign values drawn from the orientation and spatial frequency of select areas, bluntly
referred to as the "what" of the sub-image, along with the position of these areas, bluntly
referred to as the "where." The "what" and "where" are used to form the IrisCode. Not
all of the iris is used: a portion of the top, as well as 45 degree of the bottom, is unused to
account for eyelids and camera-light reflections (see below). Essential to the
understanding of the technology is that it provides exceptional detail, well beyond what
any pictorial or point-based representation could provide (some filters actually span as
much as 70degree of the iris). Remember also that for future identification, the database
will not be comparing images of irises, but rather hexadecimal representations of data
returned by wavelet filtering and mapping.

6
3.3 Accuracy

The Iris Code constructed from these complex measurements provides

such a tremendous wealth of data that iris recognition offers levels of accuracy orders of
magnitude higher than other biometrics. Some statistical representations of the accuracy
follow:

• The odds of two different irises returning a 75% match (i.e. having a Hamming
Distance of 0.25): 1 in 1016
• Equal Error Rate (the point at which the likelihood of a false accept and false
reject are the same): 1 in 1.2 million
• The odds of 2 different irises returning identical Iris Codes: 1 in 1052

Other numerical derivations demonstrate the unique robustness of these algorithms. A

person's right and left eyes have a statistically insignificant increase in similarity: 0.00048
on a 0.5 mean. This serves to demonstrate the hypothesis that iris shape and
characteristics are phenotypic - not entirely determined by genetic structure. The
algorithm can also account for occlusion (blocking) of the iris: even if 2/3 of the iris were
completely obscured, accurate measure of the remaining third would result in an equal
error rate of 1 in 100,000.

Iris recognition can also account for those ongoing changes to the eye and iris,
which are defining aspects of living tissue. The pupil's expansion and contraction, a
constant process separate from its response to light, skews and stretches the iris. The
algorithm accounts for such alteration after having located the boundaries of the iris. Dr.
Daugman draws the analogy to a "homogenous rubber sheet" which, despite its
distortion, retains certain consistent qualities. Regardless of the size of the iris at any
given time, the algorithm draws on the same amount of data, and its resultant IrisCode is
stored as a 512-byte template. A question asked of all biometrics is their ability to
determine fraudulent samples. Iris recognition can account for this in several ways: the
detection of papillary (pupil) changes; reflections from the cornea; detection of contact

7
lenses atop the cornea; and use of infrared illumination to determine the state of the
sample eye tissue.

3.4 Enrollment and Identification

The entire process is very brief. The iris is normally located within 1/4 second,
the IrisCode generated within 1 second. Database search times are very swift, with
hundreds of thousands of records analyzed per second, notwithstanding some debate as to
whether a search on a truly large number of irises (tens of millions) could be conducted
as quickly as is generally claimed. At this and other points, use of the algorithm actually
runs into the limits of available technology. Processor speed is one bottleneck on
massive searches, in addition to whatever network or hardware issues may arise. Also,
the iris captures process runs into limitations of gray-scale (monochrome) imaging
technology, where the darkest shades of iris coloration are difficult to distinguish from
the pupil. The algorithm's robustness actually allows for significant variations in image
quality. The same iris may, at different times, produce IrisCodes which vary by as much
as 25% (0.25 Hamming distance from zero); this may sound like a fatal flaw, but the odds
of a randomly selected IrisCode coming within even 10% of this number are
exceptionally small.

Iris identification technology is a tremendously accurate biometric. Only retinal

scan can offer nearly the security that iris scan offers, and the interface for retina scan is
thought by many to be more challenging and intrusive. More common biometrics
provides reasonably accurate results in verification schematics, whereby the biometric
verifies a claimed identity, but they cannot be used in large-scale identification
implementations like iris recognition.

3.5 An example-Verieye

Neurotechnologija, Ltd. offers VeriEye, the system for person identification using the eye
iris image taken by a video camera. VeryEye implements new eye iris recognition
technology and are based on our original method of feature set definition. VeriEye is

8
available in the form of software development kit (SDK), and can be easily
integrated into a customer's access control or identification/verification system.

VeriEye SDK includes:

1.VeriEye dynamic link library for Windows (DLL file).

2. C source code of the example program using VeriEye DLL).
3. Software description.
4. Description of eye iliumination and positioning equipment for iris scan

VeriEye technical specifications

False rejection rate <3%

False acceptance rate < 0.0001 %

Recognition time 0.7 s

Size of one record in the database about 2 Kb

Database size unlimited

Requirements to the image quality

1. The size of iris in the scanned image must be between 200x200 and 640x480 pixels,
image resolution 200 dpi.
2. The image should be free of the bulb reflections in the iris area. However, it may
contain small reflections in the pupil area.
3. The scanned slip must contain at least 30 % of the iris area not damaged by reflections,
shadows or eyelashes.
4. The eye center must be in the slip.
5. During the eye scanning head tilt must be less than 14 degrees with respect to vertical
axis.

9
 4.0 Fingerprint verification

4.1 Introduction

FINGERSCAN is an authentication terminal, which verifies a person’s identity from their

finger image. When a user places their finger on the terminals scanner the image is
electronically read, analyzed, and compared with a previously recorded image of the
same finger, which has been stored in the FINGERSCAN database.

Users call up their finger image by keying in an identification number. This id

number does not need to be classified as it is not part of the security system it simply
retrieves the image that will be compared to the users finger scan.

FINGERSCAN contains its own database of finger images

(called templates), user privileges and authorities, and maintains a log of every
transaction and message, which it records. The system can be accessed through a laptop,
networked to a PC, or connected via a modem to a remote host computer.

4.2 The Technology Behind FINGERSCAN

FINGERSCAN is a biometrics product, which involves using some

unique biological characteristic or physical property of an individual to verify that
persons claimed identity. Biometrics-based identification replaces systems, which rely on
something a person has in their possession, such as a key or id card, or something a
person knows, such as a password or privileged information.

The imaging process is based on digital holography, using an electro-optical

scanner about the size of a thumbprint. The scanner reads three-dimensional data from
the finger such as skin undulations, and ridges and valleys, to create a unique pattern,
which is composed into a template file and recorded in the FINGERSCAN database.

The pattern is not a fingerprint and a fingerprint cannot in any way be created
from the template.

10
 A template can only be compared with a newly presented live finger image and
not with other templates. One reason for this is that the data capture process used to
create a template is random. If two templates were created one after another for the same
finger, each template would be different. This eliminates the possibility of database
matching and enhances users privacy.

4.3 System Functions

The major FINGERSCAN functions are:

Enrolment

Verification

Time zones

Door access

Template management

Enrolment

Enrolment is the process of scanning a finger to create an image, which is stored as

a template. Each time the user places his or her finger on the scanner the image is
compared to the one represented by the template to verify their identity.

A user with enrolment authority carries out enrolment at designated FINGERSCAN

units. The process takes approximately 25 seconds and the resultant template may be
stored in various places: in the unit itself, on a personal computer, in a mainframe
computer, on a smart card, and so on.

Each user enrolled is allocated a unique id number, which they use to call up their
template before scanning their finger. No id number is required where the template is
stored on a smart card.

11
Up to three fingers can be enrolled against the same id number to provide users with
more than one verification option. Ideally, one finger on each hand should be enrolled so
that if the user injures the finger they usually use for verification an alternate image is
available.

This feature also provides for multi-person control, for example, if verification
from two users is required to open a safe. In this situation FINGERSCAN can be
programmed to require up to four fingers with different id numbers to be verified before
access is granted.

Verification

Verification is carried out when a user either enters their id number, or inserts
their smart card in a smart card reader, and then immediately places their finger on the
reader platen. Verification takes about .5 of a second.

Verification for individual users can be set at various threshold levels to account
for users who may have very fine, worn, or damaged fingers. In this event reducing their
verification threshold can enhance the ease of use.

The overall system verification threshold can be lowered in situations where little
or no security is required, for example, time and attendance applications. In this situation
it may be more acceptable to give a false acceptance than a false rejection.

Time Zones

Up to thirty global or individual time zones can be defined in FINGERSCAN. Each

user can have up to two active time zones at any time. Users are allocated a default time
zone at enrolment, which can be changed by the system supervisor or from the host
computer.

12
Door Access

A door access list defines which users have access to the facilities controlled by the
FINGERSCAN unit. The list can be used in conjunction with time zones to restrict access
at certain times.

The host computer system can control and manage the door access list and the
distribution of templates to each FINGERSCAN unit.

Template Management

Templates can be stored in the FINGERSCAN unit, and/or a host computer, and/or a
smart card. Each FINGERSCAN unit has 512Kbytes of non-volatile memory, which
stores up to 300 templates. The memory can be expanded to 1.5Mbytes, which will store
more than 1100 templates.

Templates are stored with a last used date status. If the memory becomes full, the last
used templates will be held locally in the FINGERSCAN unit and the main template
database will be held in the host computer. The host will transmit templates to individual
units if the requested template is not found locally.

Templates can be deleted by a user with Manager or Supervisor status either from the
host computer or locally at each FINGERSCAN unit. Templates can be exchanged
between a FINGERSCAN unit and the host computer over fixed communications or
modem links, or locally to and from a laptop. A template created by the FINGERSCAN
unit can be used on any other unit when loaded.

4.4 Management Control

FINGERSCAN has four levels of management control:

User

A user submits a finger for verification after entering an id number

13
Enroller

An enroller has user status and can also enroll users onto the system

Supervisor

A supervisor has enroller status and can also perform initial system set up procedures, set
time zones, set alarm codes, and add and delete templates

Manager

A manager has supervisor status and can also perform a total system reset, and disable the
supervisor’s ability to change the setup

Transaction Log

A transaction log records every use of a FINGERSCAN unit, the time it was used, and the
result. The log will hold at least the last 1000 transactions and will wrap around when it
becomes full.

The transaction log cannot be erased except on a total system reset by a user with
Manager authority. Each transaction is allocated a consecutive audit number that does not
wrap around. The number will only be reset to 1 on a total system reset.

4.5 Security

FINGERSCAN provides an audit trail of the date and time a user accessed the unit, the
reason for access, and the result. With a 0.0001% probability of a false acceptance
FINGERSCAN provides a level of security, which cannot be achieved by any knowledge
or token, based system.

Template Security

Before a user can do any action on a template such as enroll, delete, or transfer, they must
first have their identity verified by FINGERSCAN in the usual way. In doing this, a

14
record is added to the transaction log. Only users with Supervisor or Manager authority
levels can access the template database.

Software Security Control

A password option in the communications setup secures the data flow to a host computer.
When the remote host initializes each FINGERSCAN unit, the host will generate and
download to the unit a unique Computer Generated Access Code (CGAC) of at least six
digits. For all subsequent communications the host will check the CGAC before starting
the session and then change the CGAC immediately prior to logging off.

A Manager or Supervisor finger verification can always override the CGAC.

This is only likely to be required if the FINGERSCAN unit is being accessed via a laptop
PC.

Hardware Security Control

The processor board in the processor unit is located inside a metal box which
can be fitted with a tamper alarm if required. The processor unit should always be located
inside the secure area in locations where FINGERSCAN is providing access or other
security control.

FINGERSCAN controls the activation of electric locks or strikes from the processor board
so the unit cannot be hot-wired from outside.

Alarms Control

FINGERSCAN can be used to monitor and control external building alarm

inputs and outputs such as door alarms, and building management functions.
FINGERSCAN will:

Send an alarm directly to a monitoring company, dialer, modem, siren, and so on, and
allow authenticated users to cancel and reset zone alarms and activate and deactivate
building services such as air conditioning and lighting.

15
 Record alarms in the FINGERSCAN transaction log.

Support a request to exit (REX) verification, which allows users to open a door from the
inside. This can be used to monitor door-forced alarms.

Door Lock Control

FINGERSCAN can directly control a door lock strike after verification of a user.

Real Time Clock

FINGERSCANs real time clock is protected by a lithium battery, and features a day-of-
week register and leap year correction

4.6 “Verifinger”-A software example

Neurotechnologija, Ltd. has developed fast, compact and reliable fingerprint

identification engine VeriFinger, intended for system integrators who need powerful
fingerprint identification algorithm for their biometric security systems. VeriFinger is
available as a software development kit (SDK) for MS Windows 9x, 2000 and NT
(current version 3.3) and Linux (current version 3.1). It can be easily integrated into a
customer's security system. VeriFinger fingerprint recognition engine, integrated with the
data management system, is used in our other product, person identification system
FingerPoint

VeriFinger SDK includes the followings components:

1. VeriFinger dynamic link library ( DLL file ) for Windows 9x/2000/NT, or library
file for Linux.
2. C source code of the example program using the library provided functions.
3. Visual Basic source code of the example program using the library provided
functions (not available in Linux version).
4. Delphi source code of the example program using the library provided functions
(not available in Linux version).

16
 5. Software description.

Access tools (DLLs) for Compaq and U.are.U fingerprint scanners and source code of the
sample programs, where VeriFinger 3.3 engine is used with these scanners, are optionally
available.

VeriFinger test results and technical specifications:

VeriFinger was tested with 2400 fingerprints, captured with four different scanners. Each
fingerprint was compared with all other fingerprints (5,760,000 comparisons). The
average test results as well as other specifications are presented below:

False rejection rate <3%

False acceptance rate < 0.001 %

Required fingerprint resolution > 250 dpi

Fingerprint processing time 0.35 second

Matching speed 5000* fingerprints/second

Size of one record in the database About 150 Bytes

Maximum database size unlimited

Program occupied array size 250 kb

17
 5.0 Voice Scan

5.1 Introduction

The speaker-specific characteristics of speech are due to differences in

physiological and behavioral aspects of the speech production system in humans. The
main physiological aspect of the human speech production system is the vocal tract
shape. The vocal tract is generally considered as the speech production organ above the
vocal folds, which consists of the following: (i) laryngeal pharynx (beneath the
epiglottis), (ii) oral pharynx (behind the tongue, between the epiglottis and velum), (iii)
oral cavity (forward of the velum and bounded by the lips, tongue, and palate), (iv) nasal
pharynx (above the velum, rear end of nasal cavity), and (v) nasal cavity (above the
palate and extending from the pharynx to the nostrils). The shaded area in figure 1 depicts
the vocal tract.

5.2 Pattern Matching

The pattern matching process involves the comparison of a given set of input
feature vectors against the speaker model for the claimed identity and computing a
matching score. For the Hidden Markov models discussed above, the matching score is
the probability that the model generated a given set of feature vectors.
5.3 A Speaker Verification System:

18
 6.0 Retina scanning

Retina scan is an exceptionally accurate biometric technology having been

established as an effective solution for every demanding authentication scenarios

Biometrics the automated measurement of a physiological or behavioral aspect of

the human body for authentification or identification is a rapidly growing industry.
Biometric solutions are used successfully in fields as varied as e-commerce, network
access. Biometrics’ ease of use, accuracy, reliability, and flexibility are quickly
establishing them as the premier authentification

An established technology where the unique patterns of the retina are scanned by
a low intensity light source via an optical coupler. Retinal scanning has proved to be quite
accurate in use but does require user to look in to a receptacle and focus on a given point.
This is not particularly convenient if you are a spectacle wearer or have some intimate
contact with the reading device. For these reasons retinal scanning has a few user
acceptance problems although the technology itself can work well.

19
 7.0 FACE RbECOGNITION

Face recognition is one of the newest technologies. Specialized recognition

software coupled with video camera allows these systems to recognize people’s faces.
There are various methods by which facial scan technology recognize peoples. All share
some commonalities, such as emphasizing those sections of the face which are less
susceptible to alteration, including the upper outlines of the eye sockets, the areas
surrounding one’s cheekbones, and the sides of the mouth. Most technologies are
resistant to moderate changes in hairstyle, as they do not utilize areas of the face located
near the hairline. All of the primary technologies are designed to be robust enough to
conduct enough to conduct 1-to –many searches, that is to locate a single face out of a
data base of thousands of faces.

Facial scan Process Flow-Sample capture, Feature extraction, template comparison, and
matching –define the process flow of facial scan technology. The following applies to
one to one verification. The sample capture will generally consist of a 20-30 second
enrollment process whereby several pictures are taken of one’s face. Ideally the series of
pictures incorporate slightly different angles and facial expressions, to allow for more
accurate searches. After enrollment distinctive features are extracted, resulting in the
creation of a template. The templates are much smaller than the image from which it is
drawn.

Authentification follows the same protocol. The user claims an identity such as a
login name or a PIN, stands or sits in front of the camera for a few seconds, and is either
verified or rejected. This comparison is based on the similarity of the newly created
“live” template against the template or templates on file. The degree of similarity
required for verification also known as the threshold can be adjusted for different
personnel, PC’s, time of day and other factors One variant of this process is the use of
facial scan technology in forensics. Biometric templates taken from static photographs of
known criminals are stored in large databases. These records are searched, 1-to-many, to
determine if the detainee is using an alias when being booked.

20
 8.0 A Multimode Biometric System

Identification based on multiple biometrics represents an emerging trend. We

introduce a multimode biometric system, which integrates face recognition, fingerprint
verification, and speaker verification in making a personal identification. This system
takes advantage of the capabilities of each individual biometric. It can be used to
overcome some of the limitations of a single biometrics. Preliminary experimental results
demonstrate that the identity established by such an integrated system is more reliable
than the identity established by a face recognition system, a fingerprint verification
system, and a speaker verification system

21
 9.0 Future Applications

There are many concerning potential biometric applications, some popular examples
being;

9.1 ATM machine use.

Most of the leading banks have been experimenting with biometrics of ATM
machines use and as general means of combining card fraud. Surprisingly, these
experiments have rarely consisted of carefully integrated devices into a common process,
as could be achieved with certain biometric devices. Previous comments in this paper
concerning user psychology come to mind here one wonder why we have not seen a more
professional and carefully considered implementation from this sector. The banks will of
course have a view concerning the level of fraud and cost of combating it via technology
solutions such as biometrics. They will also express concern about potentially alienating
customers with such as approach. However, it still surprises many in the biometric
industry that the banks and financial institutions have so far failed to embrace this
technology with any enthusiasm.

9.2 Workstation and network access.

For a long time this was an area often discussed but rarely implemented until recent
developments aw the unit price of biometric devices fall dramatically as well as several
designs aimed squarely at this application. In addition, with household names such as
Sony, Compaq, KeyTronics, Samsung and others entering the market, these devices
appear almost as a standard computer peripheral. Many are viewing this as the
application, which will provide critical mass for biometric industry and create the
transition between sci-fi device to regular systems component, thus raising public
awareness and lowering resistance to the use of biometrics in general.

22
9.3 TRAVELS AND TOURISM
There are many in this industry who have the vision of a multi application card
for travelers which, incorporating a biometric, would enable them to participate in
various frequent flyer and border controls systems as well as paying for their air ticket,
hotel rooms, hire care etc, all with one convenient token.

Technically this is eminently possible, but from a political and commercial point of view
there are many issues to resolve, not the least being who would own the card, be
responsible for administration and so on. These may not be insurmountable problems and
perhaps we may see something along these lines emerge. A notable challenge in this
respect would be packaging such an initiative in a way that would be truly attractive for
users.

9.4 INTERNET TRANSACTIONS

Many immediately of think of on line transactions as being an obvious area for

biometrics, although there are some significant issues to consider in this context.
Assuming device cost could be brought down to level whereby a biometric (and perhaps
chip card) reader could be easily incorporated into a standard build PC, we still have the
problem of authenticated enrollment and template management, although there are
several approaches one could take to that. Of course, if your credit already incorporated a
biometric this would simplify things considerably. It is interesting to note that certain
device manufactures have collaborated with key encryption providers to provide an
enhancement to their existing services. Perhaps we shall see some interesting
developments in this area in the near future.

9.5 Telephone transactions.

No doubt many telesales and call center managers have pondered the use of
biometrics. It is an attractive possibility to consider, especially for automated processes.
However, voice verification is a difficult area of biometrics, especially if one does not

23
have direct control over the tranducers, as indeed you wouldn’t when dealing with the
general public. The variability of telephone handsets coupled to the variability of line
quality and the variability of user environments presents a significant challenge to voice
verification technology, and that is before you even consider the variability in
understanding among users.
The technology can work well in controlled closed loop conditions but is extraordinarily
difficult to implement on anything approaching a large scale. Designing in the necessary
error correction and fallback procedures to automated systems in a user-friendly manner
is also not a job for the faint hearted.

Perhaps we shall see further developments, which will largely overcome these problems.
Certainly there is a commercial incentive to do so and I have no doubt that much research
is under way in this respect.

9.6 Public identity cards.

A biometric incorporated into a multi purpose public ID cards would be useful in a

number of scenarios if one could win public support for such a scheme. Unfortunately, in
this country as in others there are huge numbers of individuals who definitely do not want
to be identified. This ensures that any such proposal would quickly become a political
hot potato and a nightmare for the minister concerned. You may consider this a shame or
a good thing, depending on your point of view. From a dispassionate technology
perspective it represents something of a lost opportunity, but this is of course nothing
new. It’s interesting that certain local authorities in the UK have issued ‘citizen’ cards
with which named cardholders can receive various benefits including discounts at local
stores and on certain services. These do not seem to have seriously challenged, even
though they are in effect an ID card.

24
 10.0 Conclusion

The ultimate form of electronic verification of a person’s identity is biometrics;

using a physical attribute of the person to make a positive identification. People have
always used the brain’s innate ability to recognize a familiar face and it has long been
known that a person’s fingerprints can be used for identification. The challenge has been
to turn these into electronic processes that are inexpensive and easy to use.

Banks and others who have tested biometric-based security on their clientele,
however, say consumers overwhelmingly have a pragmatic response to the technology.
Anything that saves the information-overloaded citizen from having to remember another
password or personal identification number comes as a welcome respite

Biometrics can address most of the security needs, but at what cost? Surprisingly,
the benefits quickly outweigh the costs. Like so many technological developments,
innovative people have found new ways to implement biometric systems, so prices have
come down dramatically in the last year or two. As prices have come down, the interest
level and the knowledge about how to effectively utilize these systems have increased. So
the investment is decreasing and the recognizable benefits are increasing. Biometrics,
when properly implemented, not only increase security but also often are easier to use
and less costly to administer than the less secure alternatives. Biometrics can’t be
forgotten or left at home and they don’t have to be changed periodically like passwords.

25
REFERENCES

1. http://www.biometricgroup.com
2. http://www.neurotechnologija.com
3. http://biometrics.cse.msu.edu
4. http://www.biometricpartners.com

26