Biometric technology

Biometric technologies are based on biometrics , measuring the unique characteristics of a single person. These can be both unique attributes that he received from birth ( DNA , fingerprints , iris ), and characteristics acquired over time or that can change with age or external influences ( handwriting , voice, or gait ).

Typically, when classifying biometric technologies, two groups of systems are distinguished by the type of biometric parameters used:

The first group of systems uses static biometric parameters: fingerprints, hand geometry, retina, etc.
The second group of systems uses dynamic parameters for identification: the dynamics of the signature or handwritten keyword, voice, etc.

The recent increased interest in this topic in the world is usually associated with the threats of intensified international terrorism . Many states plan to introduce passports with biometric data in the near future.

History

Until September 11, 2001, biometric security systems were used only to protect military secrets and the most important commercial information . After the terrorist attack that shook the whole world, the situation changed dramatically. At first, airports, large shopping centers and other crowded areas were equipped with biometric access systems. Increased demand provoked research in this area, which, in turn, led to the emergence of new devices and whole technologies. The increase in the market of biometric devices has led to an increase in the number of companies involved in them; the created competition has led to a very significant reduction in the price of biometric systems for ensuring information security ^[1] .

As part of a visa-free program, the United States has signed an agreement with 27 countries under which citizens of these states will be able to enter the United States for a period of up to 90 days without a visa with the mandatory presence of biometric documents. The program begins on October 26, 2005 . Among the states participating in the program are Australia , Austria , Belgium , Great Britain , Germany , Italy , Liechtenstein , Luxembourg , Monaco , the Netherlands , Portugal , Singapore , Finland , France , Switzerland , Sweden and Japan .

In June 2005, it was announced that by the end of the year a new passport form would be approved in Russia . And in 2007 it will be introduced into mass circulation. It will presumably include a photograph taken by laser engraving and two fingerprints.

Workflow

All biometric systems work in almost the same way. Firstly, the system remembers a sample of biometric characteristics (this is called the recording process). During recording, some biometric systems may ask you to make several samples in order to make the most accurate image of the biometric characteristics. Then the received information is processed and converted into mathematical code.

In addition, the system may ask you to perform some more actions in order to “attribute” a biometric sample to a specific person. For example, a personal identification number (PIN) is attached to a specific sample, or a smart card containing a sample is inserted into the reader. In this case, a sample of biometric characteristics is again made and compared with the presented sample.

Identification by any biometric system goes through four stages ^[2] :

Record - a physical or behavioral pattern is remembered by the system;
Isolation - unique information is taken out of the sample and a biometric sample is drawn up;
Comparison - the saved sample is compared with the presented one;
Coincidence / mismatch - the system decides whether the biometric samples match and makes a decision.

The vast majority of people believe that a computer stores a sample of a fingerprint, a person’s voice or a picture of the iris of his eye. But in reality in most modern systems this is not so. A special database stores a digital code up to 1000 bits in length, which is associated with a specific person who has the right to access. A scanner or any other device used in the system reads a specific biological parameter of a person. Then it processes the resulting image or sound, converting them into a digital code. It is this key that is compared with the contents of a special database for personal identification ^[1] .

Parameters of biometric systems

The probability of occurrence of FAR / FRR errors, that is, false pass coefficients (False Acceptance Rate - the system provides access to an unregistered user) and false access denied (False Rejection Rate - access denied to a person registered in the system). It is necessary to take into account the interconnection of these indicators: artificially reducing the level of “demanding” system (FAR), we, as a rule, reduce the percentage of FRR errors, and vice versa.

Today, all biometric technologies are probabilistic, none of them can guarantee the complete absence of FAR / FRR errors, and often this circumstance serves as the basis for not too correct criticism of biometrics ^[3] .

Practical Application

Biometric technologies are actively used in many areas related to ensuring the security of access to information and material objects, as well as in tasks of unique identification of a person.

The applications of biometric technologies are diverse: access to workplaces and network resources, information protection, providing access to certain resources and security. Doing e-business and e-government affairs is only possible after following certain procedures for identifying a person. Biometric technologies are used in the field of banking security, investing and other financial movements, as well as retail, law enforcement, health, and social services. In the near future, biometric technologies will play a major role in personal identification in many areas. Applied separately or used in conjunction with smart cards, keys and signatures, biometrics will soon be applied in all areas of the economy and private life ^[2] .

Key Terms

Unlike user authentication with passwords or unique digital keys, biometric technologies are always probabilistic , since there is always a small, sometimes extremely small chance that two people may have comparable biological characteristics. By virtue of this, biometrics defines a number of important terms:

FAR (False Acceptance Rate) is a percentage threshold that determines the probability that one person can be mistaken for another (false access coefficient) (also referred to as a “kind 2 error”). Value $1-FAR$ ${\ displaystyle 1-FAR}$ called specificity .
FRR (False Rejection Rate) - the likelihood that a person may not be recognized by the system (false access denial rate) (also referred to as a “first-order error”). Value $1-FRR$ ${\ displaystyle 1-FRR}$ called sensitivity .
Verification - comparison of two biometric templates, one to one. See also: biometric template
Identification - identification of a person’s biometric template based on a sample of other templates. That is, identification is always a one-to-many comparison.
Biometric template - biometric template. The data set is usually in a closed, binary format, prepared by a biometric system based on the analyzed characteristics. There is a CBEFF standard for structural framing of a biometric template, which is also used in BioAPI .

Technology

Fingerprints

Fingerprint identification is the most common, reliable and effective biometric technology. Due to the versatility of this technology, it can be used in almost any field and for solving any problem where reliable user identification is required. The method is based on the uniqueness of the pattern of papillary patterns on the fingers. The fingerprint obtained using a special scanner, sensor or sensor is converted into a digital code and compared with the previously entered standard. The reliability of this method of identification is the impossibility of creating an identical fingerprint.

The most advanced fingerprint identification technology is implemented by optical scanners.

Identifier Characteristics

Fingerprints of all fingers of each person are unique in the pattern of papillary lines and vary even among twins. Fingerprints do not change throughout the life of an adult, they are easily and simply presented during identification.

If one of the fingers is damaged, for identification, you can use the "backup" fingerprint (s), information about which, as a rule, is also entered into the biometric system during user registration.

ID Processing

To obtain information about fingerprints, specialized scanners are used. Three main types of fingerprint scanners are known: capacitive, rolling, optical.

Nowadays, more and more examples can be seen when a person’s fingers can replace him with a bank card. So, for example, in the London music bar 'Proud', the new FingoPay technology is being tested. This biometric payment system was invented by Sthaler Limited. The device scans veins on the finger, the location of which is unique to each person. This idea has already won fans among the customers of the institution. The chief executive officer of the company said that cinemas, supermarkets and music festivals would soon take such a step. ^[four]

Iris

Recognition technology for the iris has been developed to negate the intrusiveness of scanning the retina, which uses infrared rays or bright light. Scientists also conducted a series of studies that showed that the human retina can change over time, while the iris remains unchanged. And most importantly, it is impossible to find two absolutely identical patterns of the iris, even in twins.

To obtain an individual record of the iris of the eye, a black and white camera makes 30 entries per second. A faint light illuminates the iris, and this allows the camcorder to focus on the iris. One of the records is then digitized and stored in the database of registered users. The entire procedure takes several seconds, and it can be fully computerized with voice guidance and autofocus.

At airports, for example, the passenger’s name and flight number are compared with the image of the iris, no other data is required. The size of the created file, 512 bytes with a resolution of 640 x 480, allows you to save a large number of such files on your computer’s hard drive.

Glasses and contact lenses, even colored ones, will not affect the image acquisition process. It should also be noted that the performed eye operations, cataract removal or implantation of corneal implants do not change the characteristics of the iris, it cannot be changed or modified. A blind person can also be identified using the iris. As long as the eye has an iris, its owner can be identified.

The camera can be installed at a distance of 10 cm to 1 meter, depending on the scanning equipment. The term “scanning” can be misleading, since in the process of acquiring an image, it is not scanning, but simple photographing.

The texture of the iris resembles a network with a large number of surrounding circles and patterns that can be measured by a computer. The iris scan program uses about 260 anchor points to create a sample. For comparison, the best fingerprint identification systems use 60-70 points.

Cost has always been the biggest limiting factor before introducing the technology, but now iris identification systems are becoming more affordable for various companies. Proponents of the technology claim that recognition of the iris will soon become a common identification technology in various fields.

Methods

Previously, biometrics used the pattern of blood vessels on the retina . Recently, this recognition method has not been used, since, in addition to the biometric feature, it carries information about human health.

Hand Shape

Technology problem: even without considering the possibility of amputation , a disease such as arthritis can greatly interfere with the use of scanners.

Voice

Voice biometrics, which makes it possible to measure the voice of each person, is indispensable for remote customer service, when the main means of interaction is voice, primarily in automatic voice menus and contact centers.

Problems Solved by Voice Biometrics

Traditional methods of client authentication during remote maintenance check the client’s knowledge (for this client they are asked to enter a password or answer security questions - address, account number, mother’s maiden name, etc.) As modern security studies show, attackers can relatively easily to obtain personal data of almost any person and thus gain access, for example, to his bank account. Voice biometrics solves this problem, allowing you to verify the identity of the client rather than his knowledge with remote telephone service . When using voice biometrics, when calling the IVR or the contact center, it’s enough for the client to say a passphrase or just talk to the operator (tell about the purpose of the call) - the caller’s voice will be automatically checked - does this voice really belong to the person he claims to be?

Benefits of Voice Biometrics

no special scanners required - just a regular microphone in your phone or voice recorder
there are no special requirements for devices - any recorder (analog or digital), a mobile or landline phone (at least the 80s) can be used
simple - no special skills required

Types of Voice Biometrics

There are 2 types of voice authentication:

Text independent - a person’s personality is determined by free speech; no special words or expressions are required. For example, a person can simply read an excerpt from a poem or discuss the purpose of his call with the contact center operator.
Text - dependent - to determine a person, a person must pronounce a strictly defined phrase. Moreover, this type of voice biometrics is divided into two:
- Text-dependent authentication using a static password phrase - to verify the identity, you must pronounce the same phrase that was also used when registering a person’s voice in the system.
- Text-dependent authentication using a dynamic password phrase - to verify a person’s identity, it is proposed to pronounce a phrase consisting of a set of words spoken by that person when registering a voice in the system. The advantage of a dynamic passphrase from a static one is that each time the phrase changes, which complicates fraud using a person’s voice recording (for example, to a voice recorder).

Technology issue

Some people cannot make sounds, their voice may change due to illness and age. Кроме того, на точность аутентификации влияет шумовая обстановка вокруг человека (шумы, реверберация).

Почерк

Классическая верификация (идентификация) человека по почерку подразумевает сличение анализируемого изображения с оригиналом. Именно такую процедуру проделывает, например, оператор банка при оформлении документов. Очевидно, что точность такой процедуры, с точки зрения вероятности принятия неправильного решения (см. FAR & FRR) невысока. Кроме этого, на разброс значений вероятности принятия правильного решения оказывает и субъективный фактор.

Принципиально новые возможности верификации по почерку открываются при использовании автоматических методов анализа почерка и принятия решения. Данные методы позволяют исключить субъективный фактор и значительно снизить вероятность ошибок при принятии решения (FAR & FRR).

Одним из факторов, которые определяет преимущество автоматических методов идентификации путём анализа почерка по сравнению с классическими методами верификации, является возможность использования динамических характеристик почерка. Автоматические методы идентификации позволяют принимать решение не только путём сличения изображения верифицируемого и контрольного образца, но и путём анализа траектории и динамики начертания подписи или любого другого ключевого слова.

Standards

BioAPI
AAMVA
CBEFF
ANSI X9.84 -2002
CDSA
CJIS-RS
HA-API
ISO/IEC JTC1/SC37
XCBF [1] (недоступная ссылка) (XML Common Biometric Format) — стандарт, разработанный техническим комитетом OASIS. XCBF, определяет набор криптографических сообщений, представленных в виде XML-тегов, которые могут быть использованы для безопасного сбора, обработки и хранения биометрической информации. Совместим со спецификациями BioAPI, и стандартами X9.84 и CBEFF.

AAMVA Fingerprint Minutiae Format/National Standard for the Driver License/Identification Card DL/ID-2000 — американский стандарт на формат представления, хранения и передачи отпечатков пальцев для водительских прав . Совместим со спецификациями BioAPI и стандартом CBEFF.

CDSA/HRS (Human Recognition Services) представляет собой биометрический модуль в архитектуре Common Data Security Architecture, разработанной Intel Architecture Labs и одобренного консорциумом Open Group. CDSA — определяет набор API, представляющих собой логически связанное множество функций, охватывающих такие компоненты защиты, как шифрование, цифровые сертификаты, различные способы аутентификации пользователей, в список которых с помощью HRS добавлена и биометрия. CDSA/HRS совместим со спецификациями BioAPI и стандартом CBEFF.

ANSI/NIST-ITL 1-2000 Fingerprint Standard Revision — американский стандарт, определяющий общий формат представления и передачи данных по отпечаткам пальцев, лицу, нательным шрамам и татуировкам для использования в правоохранительных органах США.

Notes

↑ ¹ ² Биометрия — Энциклопедия безопасности
↑ ¹ ² Биометрия Архивная копия от 30 сентября 2009 на Wayback Machine
↑ Биометрия в системах контроля и управления доступом: вызовы времени и новые возможности | Секьюрити центр C&T
↑ В лондонском баре теперь можно расплачиваться… пальцем , theUK.one .

Links

[secuteck.ru-1] ¹ ² Биометрия — Энциклопедия безопасности

[autogenerated1-2] ¹ ² Биометрия Архивная копия от 30 сентября 2009 на Wayback Machine

[3] Биометрия в системах контроля и управления доступом: вызовы времени и новые возможности | Секьюрити центр C&T

[4] В лондонском баре теперь можно расплачиваться… пальцем , theUK.one .