bio metrics whitepaper

8/8/2019 Bio Metrics Whitepaper

1/69

Public

Whitepaper

Biometrics

Smart Cards

Identity Cards

Security Printing

Consulting

5001 Aarau, January 30, 2005/Biometrics Whitepaper.doc

Trb AGHintere Bahnhofstrasse 125001 AarauSwitzerlandPhone +41 62 832 00 00Fax +41 62 832 01 00www.trueb.comISO 9001 certified


2/69

White Paper - Biometrics 2/69Public

Table of contents

1 INTRODUCTION.........................................................................................................61.1 Physiological or Behavioral ........................................................................................................... 61.2 Verification vs Identification ......................................................................................................... 61.2.1 Identification (1:N, one-to-many, recognition) ...................................................................................71.2.2 Verification (1:1, matching, authentication) ....................................................................................... 71.3 Applications ....................................................................................................................................71.4 Biometrics technologies................................................................................................................. 71.5 How it works ..................................................................................................................................81.5.1 Enrollment.........................................................................................................................................81.5.2 Submission ........................................................................................................................................81.5.3 Acquisition device..............................................................................................................................81.5.4 Biometric sample...............................................................................................................................91.5.5 Feature extraction..............................................................................................................................91.5.6 Template ...........................................................................................................................................91.6 Biometric decision-making...........................................................................................................101.6.1 Matching.........................................................................................................................................101.6.2 Score...............................................................................................................................................101.6.3 Threshold ........................................................................................................................................101.6.4 Decision...........................................................................................................................................111.7 Benefits..........................................................................................................................................111.7.1 For employers..................................................................................................................................111.7.2 For employees .................................................................................................................................111.7.3 For consumers .................................................................................................................................111.7.4 For retailers (online and point-of-sale).............................................................................................. 111.7.5 For public sector usage....................................................................................................................121.8 Are Biometric Systems Difficult to Use?.....................................................................................121.8.1 Fingerprint.......................................................................................................................................121.8.2 Facial recognition ............................................................................................................................ 121.8.3 Voice recognition ............................................................................................................................121.8.4 Iris-scan...........................................................................................................................................121.8.5 Retina-scan......................................................................................................................................121.8.6 Hand geometry ...............................................................................................................................121.8.7 Signature-scan.................................................................................................................................121.8.8 Keystroke-scan ................................................................................................................................131.9 Security of biometrics template..................................................................................................131.10 What Factors Cause Biometric Systems to Fail?.........................................................................131.10.1 Fingerprint.......................................................................................................................................131.10.2 Voice recognition ............................................................................................................................131.10.3 Facial recognition ............................................................................................................................ 141.10.4 Iris-scan...........................................................................................................................................141.10.5 Retina-scan......................................................................................................................................141.10.6 Hand geometry ...............................................................................................................................141.10.7 Signature-scan.................................................................................................................................141.11 Application design........................................................................................................................152 FINGERPRINT RECOGNITION.......................................................................................182.1 What is Fingerprint Scanning? .................................................................................................... 18TRBAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TR BAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TR BAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRB AGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRB AGSWITZ

PUBLIC January 30, 2005 copyright by Trb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland


3/69


2.2 Practical Applications for Fingerprint Scanning.........................................................................182.3 Accuracy and Integrity ................................................................................................................. 182.3.1 Fingerprint Matching.......................................................................................................................192.3.2 Fingerprint Classification.................................................................................................................. 192.3.3

Fingerprint Image Enhancement ...................................................................................................... 20

2.4 Prerequisites for common usage of biometrics .........................................................................202.4.1 Convenience First ............................................................................................................................202.4.2 Simple Truths ..................................................................................................................................212.4.3 Emerging Standards ........................................................................................................................212.4.4 Cost ................................................................................................................................................212.4.5 Complete Solutions .........................................................................................................................212.4.6 Measurable Usefulness ....................................................................................................................212.5 Biometric vs. Non-Biometric Fingerprinting...............................................................................222.6 Fingerprint Market Size ............................................................................................................... 232.7 Fingerprint Growth Drivers and Enablers .................................................................................. 232.8 Fingerprint Growth Inhibitors ..................................................................................................... 242.9 Applications ..................................................................................................................................242.10 Fingerprint Feature Extraction .................................................................................................... 242.11 Fingerprint Form Factors..............................................................................................................262.11.1 Desktop peripherals.........................................................................................................................262.11.2 Embedded desktop solutions...........................................................................................................262.11.3 Embedded physical access solutions ................................................................................................ 272.11.4 Embedded wireless handheld solutions............................................................................................272.12 Types of scanners: Optical - Silicon - Ultrasound.......................................................................272.13 Fingerprint Matching ................................................................................................................... 282.14 Fingerprint Classification............................................................................................................. 302.15 Fingerprint Image Enhancement.................................................................................................313 FACE RECOGNITION .................................................................................................323.1 Important questions on face recognition...................................................................................323.1.1 How is facial recognition technology currently being used?.............................................................323.1.2 How well does facial recognition work? ..........................................................................................323.1.3 What is the government's previous experience with facial recognition?........................................... 333.1.4 Should we deploy face-recognition in airports to prevent terrorism?................................................333.1.5 Should we use the technology in other public places?.....................................................................333.1.6 How does facial recognition technology threaten privacy?...............................................................343.1.7 The bottom line: how do we decide whether to install facial recognition systems?..........................343.2 Why Face Recognition?................................................................................................................343.3 Facial Recognition: How it Works ............................................................................................... 353.4 Image Quality ...............................................................................................................................353.5 Facial Scan Process Flow .............................................................................................................. 353.6 Verification vs. Identification ......................................................................................................363.7 Primary Facial Recognition Technologies...................................................................................363.8 Facial Recognition Applications .................................................................................................. 373.9 Facial Recognition Market ........................................................................................................... 384 IRIS RECOGNITION ...................................................................................................39TRBAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TR BAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TR BAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRB AGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRB AGSWITZ



4/69


4.1 Benefits of Using Iris Technology ...............................................................................................404.2 Technology Comparison .............................................................................................................. 404.3 Iris-Scan: How it Works ................................................................................................................ 404.3.1 The Iris.............................................................................................................................................414.3.2 IrisCodeTM......................................................................................................................................414.3.3 Iris Acquisition .................................................................................................................................414.4 Iris-Scan Issues ..............................................................................................................................414.5 Iris-Scan Applications ...................................................................................................................424.6 Iris-Scan Market Size .................................................................................................................... 435 SIGNATURE RECOGNITION ........................................................................................445.1 Signature-Scan: How It Works .................................................................................................... 445.2 Signature-Scan: Strengths and Weaknesses .............................................................................. 455.3 Typical Signature-Scan Applications...........................................................................................455.4 Signature-Scan Market Size.........................................................................................................455.5 Difference between Biometric and digital signatures ..............................................................466 VOICE RECOGNITION................................................................................................486.1 Voice Recognition: How it Works ...............................................................................................486.2 Voice Recognition: Strengths and Weaknesses.........................................................................486.3 Voice Recognition Applications...................................................................................................496.4

Voice Recognition Market Size....................................................................................................49

6.5 Voice Verification in Telephone Banking ...................................................................................496.5.1 The Problem....................................................................................................................................506.5.2 The Solution? Voice Verification ...................................................................................................... 506.6 Details............................................................................................................................................516.7 Choice of features ........................................................................................................................536.8 Speaker Modeling ........................................................................................................................536.9 Pattern Matching..........................................................................................................................547 HAND GEOMETRY ..................................................................................................557.1 Applications for Hand Scanning..................................................................................................557.2 Combining Biometric Methods....................................................................................................557.3 How it Works................................................................................................................................557.4 Hand Geometry Strengths and Weaknesses..............................................................................567.4.1 Strengths.........................................................................................................................................567.4.2 Weaknesses.....................................................................................................................................577.5 Enhanced Biometric Technology .................................................................................................577.6 Highest User Acceptance ............................................................................................................. 587.7 Applications ..................................................................................................................................587.8 Hand Geometry Market Size ....................................................................................................... 59

TRBAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TR BAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TR BAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRB AGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRBAGSWITZERLAND TRB AGSWITZ



5/69


8 AFIS ....................................................................................................................608.1 AFIS Applications..........................................................................................................................608.2 AFIS Market Size...........................................................................................................................609 MULTIMODAL BIOMETRICS .......................................................................................619.1 Integrating Faces and Fingerprints for Personal Identification................................................ 619.2 A Multimodal Biometric System Using Fingerprint, Face, and Speech.................................... 6110 2D BARCODE.........................................................................................................6310.1 Datastrip Card Readers ................................................................................................................ 6310.2 Datastrip Applications..................................................................................................................6311 SMART CARD BIOMETRICS ........................................................................................6512 ORGANIZATIONS AND RESOURCES.............................................................................6813 DISCLAIMER...........................................................................................................69




6/69


1 Introduction

Biometrics are automated methods of recognizing a person based on a physiological or behavioral

characteristic. Among the features measured are; face, fingerprints, hand geometry, handwriting,iris, retinal, vein, and voice. Biometric technologies are becoming the foundation of an extensivearray of highly secure identification and personal verification solutions. As the level of securitybreaches and transaction fraud increases, the need for highly secure identification and personalverification technologies is becoming apparent.

Biometric-based solutions are able to provide for confidential financial transactions and personal dataprivacy. The need for biometrics can be found in federal, state and local governments, in the military,and in commercial applications. Enterprise-wide network security infrastructures, government IDs,secure electronic banking, investing and other financial transactions, retail sales, law enforcement,and health and social services are already benefiting from these technologies.

Biometric-based authentication applications include workstation, network, and domain access, singlesign-on, application logon, data protection, remote access to resources, transaction security and Websecurity. Trust in these electronic transactions is essential to the healthy growth of the globaleconomy. Utilized alone or integrated with other technologies such as smart cards, encryption keysand digital signatures, biometrics are set to pervade nearly all aspects of the economy and our dailylives. Utilizing biometrics for personal authentication is becoming convenient and considerably moreaccurate than current methods (such as the utilization of passwords or PINs). This is becausebiometrics links the event to a particular individual (a password or token may be used by someoneother than the authorized user), is convenient (nothing to carry or remember), accurate (it providesfor positive authentication), can provide an audit trail and is becoming socially acceptable andinexpensive.

1.1 Physiological or Behavioral

To elaborate on this definition, physiological biometrics are based on measurements and dataderived from direct measurement of a part of the human body. Fingerprint, iris-scan, retina-scan,hand geometry, and facial recognition are leading physiological biometrics.

Behavioral characteristics are based on an action taken by a person. Behavioral biometrics, in turn,are based on measurements and data derived from an action, and indirectly measure characteristicsof the human body. Voice recognition, keystroke-scan, and signature-scan are leading behavioralbiometric technologies. One of the defining characteristics of a behavioral biometric is theincorporation of time as a metric the measured behavior has a beginning, middle and end.

1.2 Verification vs Identification

A biometric system is essentially a pattern recognition system which makes a personal identificationby determining the authenticity of a specific physiological or behavioral characteristic possessed bythe user. An important issue in designing a practical system is to determine how an individual isidentified. Depending on the context, a biometric system can be either a verification (authentication)system or an identification system.

There are two different ways to resolve a person's identity: verification and identification. Verification(Am I whom I claim I am?) involves confirming or denying a person's claimed identity. Inidentification, one has to establish a person's identity (Who am I?). Each one of these approaches hasit's own complexities and could probably be solved best by a certain biometric system.

In day-to-day life most people with whom you do business verify your identity. You claim to besomeone (your claimed identity) and then provide proof to back up your claim. For encounters with

friends and family, there is no need to claim an identity. Instead, those familiar to you identify you,determining your identity upon seeing your face or hearing your voice.




7/69


These two examples illustrate the difference between the two primary uses of biometrics:identification and verification.

1.2.1 Identification (1:N, one-to-many, recognition)

The process of determining a persons identity by performing matches against multiple biometrictemplates. Identification systems are designed to determine identity based solely on biometricinformation. There are two types of identification systems: positive identification and negativeidentification. Positive identification systems are designed to find a match for a users biometricinformation in a database of biometric information.

Positive identification answers the Who am I?, although the response is not necessarily a name itcould be an employee ID or another unique identifier. A typical positive identification system wouldbe a prison release program where users do not enter an ID number or use a card, but simply look ata iris capture device and are identified from an inmate database. Negative identification systemssearch databases in the same fashion, comparing one template against many, but are designed toensure that a person is not present in a database. This prevents people from enrolling twice in asystem, and is often used in large-scale public benefits programs in which users enroll multiple times

to gain benefits under different names.Not all identification systems are based on determining a username or ID. Some systems are designeddetermine if a user is a member of a particular category. For instance, an airport may have adatabase of known terrorists with no knowledge of their actual identities. In this case the systemwould return a match, but no knowledge of the persons identity is involved.

1.2.2 Verification (1:1, matching, authentication)

The process of establishing the validity of a claimed identity by comparing a verification template toan enrollment template. Verification requires that an identity be claimed, after which the individualsenrollment template is located and compared with the verification template. Verification answers thequestion, Am I who I claim to be? Some verification systems perform very limited searches against

multiple enrollee records. For example, a user with three enrolled fingerprint templates may be ableto place any of the three fingers to verify, and the system performs 1:1 matches against the usersenrolled templates until a match is found. One-to-few. There is a middle ground betweenidentification and verification referred to as one-to-few (1:few). This type of application involvesidentification of a user from a very small database of enrollees. While there is no exact number thatdifferentiates a 1:N from a 1:few system, any system involving a search of more than 500 records islikely to be classified as 1:N. A typical use of a 1:few system would be access control to sensitiverooms at a 50-employee company, where users place their finger on a device and are located from asmall database.

1.3 Applications

Biometrics is a rapidly evolving technology which is being widely used in forensics such as criminalidentification and prison security, and has the potential to be used in a large range of civilianapplication areas. Biometrics can be used to prevent unauthorized access to ATMs, cellular phones,smart cards, desktop PCs, workstations, and computer networks. It can be used during transactionsconducted via telephone and internet (electronic commerce and electronic banking). In automobiles,biometrics can replace keys with key-less entry devices.

1.4 Biometrics technologies

The primary biometric disciplines include the following:

Fingerprint (optical, silicon, ultrasound, touch less)

Facial recognition (optical and thermal)

Voice recognition (not to be confused with speech recognition)




8/69


Iris-scan

Retina-scan

Hand geometry

Signature-scan

Keystroke-scan Palm-scan (forensic use only)

Disciplines with reduced commercial viability or in exploratory stages include:

DNA

Ear shape

Odor (human scent)

Vein-scan (in back of hand or beneath palm)

Finger geometry (shape and structure of finger or fingers)

Nailbed identification (ridges in fingernails)

Gait recognition (manner of walking)

1.5 How it works

Biometric systems convert data derived from behavioral or physiological characteristics intotemplates, which are used for subsequent matching. This is a multi-stage process whose stages aredescribed below.

1.5.1 Enrollment

The process whereby a users initial biometric sample or samples are collected, assessed, processed,and stored for ongoing use in a biometric system. Enrollment takes place in both 1:1 and 1:Nsystems. If users are experiencing problems with a biometric system, they may need to re-enroll to

gather higher quality data.

1.5.2 Submission

The process whereby a user provides behavioral or physiological data in the form of biometricsamples to a biometric system. A submission may require looking in the direction of a camera orplacing a finger on a platen. Depending on the biometric system, a user may have to removeeyeglasses, remain still for a number of seconds, or recite a pass phrase in order to provide abiometric sample.

1.5.3 Acquisition device

The hardware used to acquire biometric samples. The following acquisition devices are associatedwith each biometric technology:

Technology Acquisition Device

Fingerprint Desktop peripheral, PCMCIA card, mouse, chip or reader embedded in keyboard

Voice recognition Microphone, telephone

Facial recognition Video camera, PC camera, single-image camera

Iris-scan Infrared-enabled video camera, PC camera

Retina-scan Proprietary desktop or wall-mountable unit

Hand geometry Proprietary wall-mounted unit

Signature-scan Signature tablet, motion-sensitive stylus

Keystroke-scan Keyboard or keypad

Table 1: Acquisition Devices depending on biometrics




9/69


1.5.4 Biometric sample

The identifiable, unprocessed image or recording of a physiological or behavioral characteristic,acquired during submission, used to generate biometric templates. Also referred to as biometricdata. The following sample types are associated with each biometric technology:

Technology Biometric Sample

Fingerprint Fingerprint image

Voice recognition Voice recording

Facial recognition Facial Image

Iris-scan Iris Image

Retina-scan Retina Image

Hand geometry 3-D image of top and sides of hand and fingers

Signature-scan Image of signature and record of related dynamics measurements

Keystroke-scan Recording of characters typed and record of related dynamics measurements

Table 2: Biometric samples depending on technology

1.5.5 Feature extraction

The automated process of locating and encoding distinctive characteristics from a biometric samplein order to generate a template. The feature extraction process may include various degrees of imageor sample processing in order to locate a sufficient amount of accurate data. For example, voicerecognition technologies can filter out certain frequencies and patterns, and fingerprint technologiescan thin the ridges present in a fingerprint image to the width of a single pixel. Furthermore, if thesample provided is inadequate to perform feature extraction, the biometric system will generallyinstruct the user to provide another sample, often with some type of advice or feedback.

The manner in which biometric systems extract features is a closely guarded secret, and varies fromvendor to vendor. Common physiological and behavioral characteristics used in feature extractioninclude the following:

Technology Feature Extracted

Fingerprint Location and direction of ridge endings and bifurcations on fingerprint

Voice recognition Frequency, cadence and duration of vocal pattern

Facial recognition Relative position and shape of nose, position of cheekbones

Iris-scan Furrows and striations in iris

Retina-scan Blood vessel patterns on retina

Hand-scan Height and width of bones and joints in hands and fingers

Signature-scan Speed, stroke order, pressure, and appearance of signature

Keystroke-scan Keyed sequence, duration between characters

Table 3: Feature extraction depending on technology

1.5.6 Template

A comparatively small but highly distinctive file derived from the features of a users biometric sampleor samples, used to perform biometric matches. A template is created after a biometric algorithmlocates features in a biometric sample. The concept of the template is one of biometric technologysdefining elements, although not all biometric systems use templates to perform biometric matching:some voice recognition system utilize the original sample to perform a comparison.

Depending on when they are generated, templates can be referred to as enrollment templates orverification templates. Enrollment templates are created upon the users initial interaction with abiometric system, and are stored for usage in future biometric comparisons. Verification templatesare generated during subsequent verification attempts, compared to the stored template, andgenerally discarded after the comparison. Multiple samples may be used to generate an enrollment

template facial recognition, for example, will utilize several facial images to generate an enrollmenttemplate. Verification templates are normally derived from a single sample a template derived froma single facial image can be compared to the enrollment template to determine the degree ofsimilarity.




10/69


Just as the feature extraction process is a closely held secret, the manner in which information isorganized and stored in the template is proprietary to biometric vendors. Biometric templates are notinteroperable a template generated in vendor As fingerprint system cannot be compared to atemplate generated in vendor Bs fingerprint system.

1.6 Biometric decision-making

Biometric decision-making is frequently misunderstood. For the vast majority of technologies andsystems, there is no such thing as a 100% match, though systems can provide a very high degree ofcertainty. The biometric decision-making process is comprised of various components, as indicatedbelow.

1.6.1 Matching

The comparison of biometric templates to determine their degree of similarity or correlation. A matchattempt results in a score that, in most systems, is compared against a threshold. If the score exceeds

the threshold, the result is a match; if the score falls below the threshold, the result is a non-match.Biometric comparisons take place when proprietary algorithms process biometric templates. Thesealgorithms manipulate the data contained in the template in order to make valid comparisons,accounting for variations in placement, background noise, etc. Without the vendor algorithm, thereis no way to compare biometric templates comparing the bits which comprise the templates doesnot indicate if they came from the same user. The bits must be processed by the vendor as aprecondition of comparison.

The matching process involves the comparison of the match template, created upon samplesubmission, with the reference template(s) already on file. In 1:1 verification systems, there isgenerally a single match template matched against a reference template. In 1:N identificationsystems, the single match template can be matched against dozens, thousands, even millions ofreference templates.

In most systems, reference and match templates should never be identical. An identical match is anindicator that some sort of fraud is taking place, such as the resubmission of an intercepted orotherwise compromised template.

1.6.2 Score

A number indicating the degree of similarity or correlation of a biometric match. Traditionalverification methods passwords, PINs, keys, and tokens - are binary, offering only a strict yes/noresponse. This is not the case with most biometric systems. Nearly all biometric systems are based onmatching algorithms that generate a score subsequent to a match attempt. This score represents thedegree of correlation between the match template and the reference template. There is no standardscale used for biometric scoring: for some vendors a scale of 1-100 might be used, others might use

a scale of 1 to 1; some vendors may use a logarithmic scale and others a linear scale. Regardless ofthe scale employed, this verification score is compared to the systems threshold to determine howsuccessful a verification attempt has been.

Incidentally, many systems return a score during enrollment, referred to as an enrollment score orquality score. This score refers to how successful the extraction process was at finding distinctivefeatures in the biometric sample. If the sample was rich in information, there will likely be a highenrollment score. This score is not used in the matching process, but might be used to determinewhether a user can enroll successfully. A low quality score may indicate that the user cannot bereliable verified.

1.6.3 Threshold

A predefined number, often controlled by a biometric system administrator, which establishes thedegree of correlation necessary for a comparison to be deemed a match. If the score resulting fromtemplate comparison exceeds the threshold, the templates are a match (though the templatesthemselves are not identical).




11/69


When a biometric system is set to low security, the threshold for a successful match is more forgivingthan when a system is set to high security.

1.6.4 Decision

The result of the comparison between the score and the threshold. The decisions a biometric systemcan make include match, non-match, and inconclusive, although varying degrees of strong matchesand non-matches are possible. Depending on the type of biometric system deployed, a match mightgrant access to resources, a non-match might limit access to resources, while inconclusive mayprompt the user to provide another sample.

One of the most interesting facts about most biometric technologies is that unique biometrictemplates are generated every time a user interacts with a biometric system. As an example, twoimmediately successive placements of a finger on a biometric device generate entirely differenttemplates. These templates, when processed by a vendors algorithm, are recognizable as being fromthe same person, but are not identical. In theory, a user could place the same finger on a biometricdevice for years and never generate an identical template.

Therefore, for most technologies, there is simply no such thing as a 100% match. This is not to implythat the systems are not secure biometric systems may be able to verify identify with error rates ofless than 1/100,000 or 1/1,000,000. However, claims of 100% accuracy are misleading and are notreflective of the technologys basic operation.

1.7 Benefits

1.7.1 For employers

Reduced costs password maintenance

Reduced costs no buddy punching

Increased security no shared or compromised passwords Increased security deter and detect fraudulent account access

Increased security no badge sharing in secure areas

Competitive advantage familiarity with advanced technology

1.7.2 For employees

Convenience no passwords to remember or reset

Convenience faster login

Security confidential files can be stored securely

Non-repudiation biometrically transactions difficult to refute

1.7.3 For consumers

Convenience no passwords to remember or reset

Security personal files, including emails, can be secured

Security online purchases safer when enabled by biometric

Privacy ability to transact anonymously

1.7.4 For retailers (online and point-of-sale)

Reduced costs biometric users less likely to commit fraud

Competitive advantage first to offer secure transaction method

Security account access much more secure than via password




12/69


1.7.5 For public sector usage

Reduced costs strongest way to detect and deter benefits fraud

Increased trust reduced entitlement abuse

1.8 Are Biometric Systems Difficult to Use?

Biometrics are much easier to use than one might expect. Here is a brief technology-by-technologysummary of how one interacts with biometric systems.

1.8.1 Fingerprint

When prompted, the user gently places his or her finger on a postage-stamp sized optical or siliconsurface. This surface, known as a platen, is built into a peripheral device, mouse, keyboard, orPCMCIA card. The user generally must hold the finger in place for 1-2 seconds, during whichautomated comparison and matching takes place. After a successful match, the user has access toprograms, files, or resources. Typical verification time from system ready prompt: 2-3 seconds.

1.8.2 Facial recognition

User faces the camera, preferably positioned within 24 inches of the face. Generally, the system willlocate ones face very quickly and perform matches against the claimed identity. In some situations,the user may need to alter his facial aspect slightly to be verified. Typical verification time fromsystem ready prompt: 3-4 seconds.

1.8.3 Voice recognition

User positions him or herself near the acquisition device (microphone, telephone). At the prompt,user either recites enrollment pass phrase or repeats pass phrase given by the system. Typical

verification time from system ready prompt: 4-6 seconds.

1.8.4 Iris-scan

User positions him or herself near the acquisition device (peripheral or standalone camera). Usercenters eye on device so he or she can see the eyes reflection. Depending on the device, the user isbetween 2-18 inches away. Capture and verification are nearly immediate. Typical verification timefrom system ready prompt: 3-5 seconds.

1.8.5 Retina-scan

User looks into a small opening on a desktop or wall-mounted device. User holds head very still,looking at a small green light located within the device. Typical verification time from system

ready prompt: 10-12 seconds.

1.8.6 Hand geometry

User places hand, palm-down, on an 8 x 10 metal surface with five guidance pegs. Pegs ensure thatfingers are placed properly, ensure correct hand position. Typical verification time from systemready prompt: 2-3 seconds.

1.8.7 Signature-scan

User positions himself to sign on tablet (if applicable). When prompted, user signs name in tabletscapture area. Typical verification time from system ready prompt: 4-6 seconds.




13/69


1.8.8 Keystroke-scan

User types his or her password or pass phrase. Typical verification time from system ready prompt:2-3 seconds.

1.9 Security of biometrics template

If my template is compromised, does that mean that I can never use the biometric again?

Not in a well-designed system. If a criminal steals or guesses your password, it is very easy to have itchanged. There is a fear, however, that if a criminal gets hold of a biometric template, the damage isirreparable - there is no way to change that part of your body. Although templates are oftenencrypted when in transit and storage in order to protect against such an occurrence, what happensif a template is compromised?

The answer depends on how well a biometric system is designed. If a system allows a template to beinserted into the verification process without ensuring that this template came from an actualplacement, a compromised template can pose a problem. However, a well-designed system will

ensure that the information it is analyzing is not a recording but is in fact a new sample.One way to assure that a new template is being submitted is to seed the request for a sample. Thisinvolves the biometric system sending an encrypted random number (known as a seed) to thebiometric sensor. This number can be encrypted such that only the sensor itself can decrypt themessage. When returning the biometric template, the sensor also sends the seed number back(encrypted). This ensures that the template being sent was created immediately after the request forthe template (as opposed to an old template that has been recorded and played back).

The size of a template varies by technology and vendor. It varies from 9 bytes to as much a 2kb.Fingerprint template is normally about 500Bytes in size. Templates can be stored in databases orfiles.

1.10 What Factors Cause Biometric Systems to Fail?

Biometric system performance varies according to sample quality and the environment in which thesample is being submitted. While it is not possible to definitely state if a biometric submission will besuccessful, it is possible to locate factors that can reduce affect system performance.

The IBG Strike System details, technology-by-technology, aspects that work against a successfulverification. Some of these strikes are listed below.

1.10.1 Fingerprint

Cold finger

Dry/oily finger High or low humidity

Angle of placement

Pressure of placement

Location of finger on platen (poorly placed core)

Cuts to fingerprint

Manual activity that would mar or affect fingerprints (construction, gardening)

1.10.2 Voice recognition

Cold or illness that affects voice

Different enrollment and verification capture devices Different enrollment and verification environments (inside vs. outside)

Speaking softly




14/69


Variation in background noise

Poor placement of microphone / capture device

Quality of capture device

1.10.3 Facial recognition Change in facial hair

Change in hairstyle

Lighting conditions

Adding/removing hat

Adding/removing glasses

Change in weight

Change in facial aspect (angle at which facial image is captured)

Too much or too little movement

Quality of capture device

Change between enrollment and verification cameras (quality and placement) Loud clothing that can distract face location

1.10.4 Iris-scan

Too much movement of head or eye

Glasses

Colored contacts

1.10.5 Retina-scan

Too much movement of head or eye

Glasses

1.10.6 Hand geometry

Jewelry

Change in weight

Bandages

Swelling of joints

1.10.7 Signature-scan

Signing too quickly

Different signing positions (e.g., sitting vs. standing)In addition, for many systems, an additional strike occurs when a long period of time has elapsedsince enrollment or since ones last verification. If significant time has elapsed since enrollment,physiological changes can complicate verification. If time has elapsed since a users last verification,the user may have forgotten how he or she enrolled, and may place a finger differently or recite apass phrase with different intonation. For the most part, a single strike will probably not materiallyaffect the performance of a given system. However, as you have more and more strikes for a givensubmission, your chances of a successful verification diminish.

These strikes do not include inherent characteristics such as age, ethnicity, or gender, which can alsoaffect system accuracy. The performance of many biometric systems varies for specific populations.




15/69


1.11 Application design

As in all good application designs, it is the business process requirements which should drive thedesign - not the other way around. Similarly the specific type of biometric chosen, i.e., fingerprints,iris codes, hand geometry etc. should reflect the application requirements - the application shouldnot be a slave to an individual biometric methodology.

A successful application development and deployment scenario may follow a path something like thefollowing;

Identify the business and operational requirements clearly, together with any current problemsand the effect they are having on the situation.

Develop and agree a suitable business process which has the potential to significantly improveon the current situation, given the current state of technology.

Quantify the operational logistics such as (in an access control context) number of people, timeprofile / distribution of transactions, type of entry point, target transaction time, environmentalconsiderations, availability and profile of system operators and so on.

Analyse existing situation and processes in order to identify legacy requirements and systeminteraction - it may be necessary to retain or assure compatibility with certain existing processes.

Design a system architecture which accounts for all of the above whilst remaining open forfuture development and enhancement.

Design an operating methodology and user interface which satisfies the above requirements inan intuitive and attractive manner.

Choose the appropriate front end technology accordingly (i.e., biometric / biometric and chipcard etc.) ensuring that the biometric methodology is the most suitable for this application.

Interface the biometric / token technology with your system.

Thoroughly test and document the system in house before demonstrating the system to theclient and agreeing and documenting any design changes.

Develop and schedule an operator training programme together with the provision of system

manuals as necessary. Install and commission the system having surveyed the site and noted relevant conditions and

with due consideration to existing systems.

Hand over the system after ensuring that operators have a comprehensive understanding of thefunctionality and that all operating data is present and correct.

In the above example, you will notice that the final choice of a biometric came relatively far down thelist. We should only be considering this parameter once we have fully understood the businessrequirement and the potential benefit that adopting a biometric system might bring.

In defining the specification required, we should concern ourselves with perceived ease of use,acceptable transaction time, contingency measures for errors, where the biometric template shouldbe stored, enrolment procedures and logistics and general compatibility and connectivity issues.

We should also understand the distinction between verification and identification. In short,verification is a straightforward one to one check whereby we are comparing a live biometric samplewith a single stored template with a simple match or no match result. Identification is a differentkettle of fish entirely as we may be seeking to compare a live biometric sample with hundreds,thousands or conceivably even millions of stored templates. The probability of errors multiplies withthe number of templates in the database. Currently, there is really only one commercially availableproduct which offers the promise of practical identification from a large database of templates. Forthe majority of applications we are probably going to be concerned with biometric verification..




16/69


We must also consider where the biometric template (the individual reference derived from taking abiometric sample or series of samples) will be stored. It may be that the template is stored on a tokensuch as a chip card and input into the system by the user prior to verification. This would certainlyallow for a large user base as well as a degree of portability between systems and would provide forautomatic updating of templates if appropriate. Alternatively, we may decide to keep the templates

on a central database and call them from either a card swipe or PIN input for comparison. Thisdecision will naturally have an impact on system hardware and configuration - if we are maintaininga central database we had better be sure about our system host and it's communication with thebiometric readers, not to mention the usual database maintenance and backup requirements.

Whilst we are on the subject of hardware, it is worth stressing the importance of understanding thecabling and line termination requirements of different communication protocols. Lack of attention todetail in this area can often result in temperamental performance and perceived intermittent faultswhich can be difficult to trace subsequently. Whilst this may seem like stating the obvious, it issurprising how often otherwise well designed systems are tripped over by poor installation practice.

You will have noticed that we have got a long way into this paper without trundling out the usualmarketing promises about biometrics or contemplating the old chestnuts of false accepts / falserejects etc. This is deliberate - one can concentrate too much on the theoretical individual deviceperformance issues. The performance we should concern ourselves with is that of the entire system,not individual components. In the real world, theoretical performance may be influenced greatly byother less quantitative parameters. For example, a badly sited reader which is difficult for individualsto use comfortably will almost certainly result in increased false rejects, even though the system maybe functioning properly. Similarly, a lack of training or understanding among both systemadministrators and regular users will play havoc with your anticipated performance. The operationalprocesses coupled to the perception and attitude of the user are as much of a performance criterionas biometric hardware specifications. These elements, coupled with overall system design andcomponent performance combine to produce the Total System Performance (TSP). It is the TSP thatwe should have uppermost in our minds throughout the development and implementation of theentire project.

To put this into perspective, it would seem rather pointless to have lengthy discussions about the

inclined valve angle on a one litre petrol engine which we are fitting into a three ton vehicle - weshould be asking about power to weight ratios and what sort of engine we need to propel thisvehicle at the required speed. The same is true of our biometric system. We must consider the systemas a whole, together with our business related objectives for implementing such a system.

So far, we have discussed some of the issues inherent in a typical systems supplier / client situation.In certain cases, the end user (or retained systems house) may wish to buy in the componenttechnology on an OEM basis and develop their own custom application according to preciserequirements. In the early days of biometrics this would have been quite difficult with many of theproprietary products available. These days life is a lot easier for the application development team asseveral of the leading device manufacturers have taken the trouble to make available a SoftwareDevelopment Kit (SDK) for use with their product. This usually takes the form of a set of DLL's whichthe developer may call from his application in order to access various functions of the device. This

allows the developer to concentrate on the user interface and program logic without having to gettoo involved with the low level coding detail.

This is certainly a step forward and is to be welcomed. However, it is a little device specific in thesense that if you decided later on to use a different front end biometric device, then you would needto rewrite your application accordingly. This may be acceptable in some instances, but what if youwish to use more than one type of biometric device on your system? This is not unreasonable. Youmay wish to use a dual biometric for high security reasons, or to use different biometrics in differentareas for environmental reasons. This can complicate matters somewhat. It would be nice perhaps ifthere were a universally accepted biometric Application Programming Interface (API) whichdevelopers could use in order to mix biometric methodologies within a single system. In fact, therehas been much work undertaken in this context and by the time you read this paper at least onesuch API should be freely available. The question is, will the biometric manufacturers be happy tocomply with and support such an initiative? I hope that they will, but suspect that this may take awhile to become embedded in biometric culture.




17/69


What of the future? The is no doubt that biometric technology is mature and eminently useableacross a wide variety of advanced personal ID related applications. Both the systems integrator andthe end user have a wider choice than ever of front end biometric components and it is easier than ithas ever been to integrate these components into bespoke systems. Individual unit cost is stillrelatively high for biometric products, but this too is changing and several manufacturers are

introducing lower cost OEM modules to the market place.In short, if you have an operational problem that biometrics might solve there is no reason to sit onthe fence any longer - biometrics are alive and well and available off the shelf at a location near you!




18/69


2 Fingerprint recognition

Among all the biometric techniques, fingerprint-based identification is the oldest method which has

been successfully used in numerous applications. Everyone is known to have unique, immutablefingerprints. A fingerprint is made of a series of ridges and furrows on the surface of the finger. Theuniqueness of a fingerprint can be determined by the pattern of ridges and furrows as well as theminutiae points. Minutiae points are local ridge characteristics that occur at either a ridge bifurcationor a ridge ending.

2.1 What is Fingerprint Scanning?

Fingerprint scanning is the acquisition and recognition of a persons fingerprint characteristics foridentification purposes. This allows the recognition of a person through quantifiable physiologicalcharacteristics that verify the identity of an individual.

There are basically two different types of finger-scanning technology that make this possible. One is an optical method, which starts with a visual image of a finger.

The other uses a semiconductor-generated electric field to image a finger.

There are a range of ways to identify fingerprints. They include traditional police methods ofmatching minutiae, straight pattern matching, moir fringe patterns and ultrasonics.

2.2 Practical Applications for Fingerprint Scanning

There are a greater variety of fingerprint devices available than any other biometric. Fingerprintrecognition is the front-runner for mass-market biometric-ID systems.

Fingerprint scanning has a high accuracy rate when users are sufficiently educated. Fingerprintauthentication is a good choice for in-house systems where enough training can be provided to usersand where the device is operated in a controlled environment. The small size of the fingerprintscanner, ease of integration - can be easily adapted to keyboards, and most significantly the relativelylow costs make it an affordable, simple choice for workplace access security.

Plans to integrate fingerprint scanning technology into laptops using biometric technology include asingle chip using more than 16,000 location elements to map a fingerprint of the living cells that laybelow the top layers of dead skin. Therefore, the reading is still detectable if the finger has calluses,is damaged, worn, soiled, moist, dry or otherwise hard-to-read finger surfaces--a common obstacle.This subsurface capability eliminates any attainment or detection failures.

2.3 Accuracy and Integrity

With any security system, users will wonder, can fingerprint recognition system be beaten? In mostcases, false negatives (a failure to recognize a legitimate user) are more likely than false positives.Overcoming a fingerprint system by presenting it with a "false or fake" fingerprint is likely to be adifficult deed. However, such scenarios will be tried, and the sensors on the market use a variety ofmeans to circumvent them. For instance, someone may attempt to use latent print residue on thesensor just after a legitimate user accesses the system. At the other end of the scale, there is thegruesome possibility of presenting a finger to the system that is no longer connected to its owner.Therefore, sensors attempt to determine whether a finger is live, and not made of latex (or worse).Detectors for temperature, blood-oxygen level, pulse, blood flow, humidity, or skin conductivitywould be integrated.




19/69


Unfortunately, no technology is perfect--false positives and spoiled readings do occur from time totime. But for those craving to break free from the albatross that the password has become as both asecurity and time-management issue fingerprint scanners are worth looking into. It is estimated that40 percent of helpdesk calls are password related. Whether incorporated into the keyboard ormouse, or used as a standalone device, scanners are more affordable than ever, allow encryption of

files keyed to a fingerprint, and can, perhaps most importantly, help minimize stress over that stolenlaptop.

2.3.1 Fingerprint Matching

Among all the biometric techniques, fingerprint-based identification is the oldest method which hasbeen successfully used in numerous applications. Everyone is known to have unique, immutablefingerprints. A fingerprint is made of a series of ridges and furrows on the surface of the finger. Theuniqueness of a fingerprint can be determined by the pattern of ridges and furrows as well as theminutiae points. Minutiae points are local ridge characteristics that occur at either a ridge bifurcationor a ridge ending.

Fingerprint matching techniques can be placed into two categories: minutae-based and correlation

based. Minutiae-based techniques first find minutiae points and then map their relative placementon the finger. However, there are some difficulties when using this approach. It is difficult to extractthe minutiae points accurately when the fingerprint is of low quality. Also this method does not takeinto account the global pattern of ridges and furrows. The correlation-based method is able toovercome some of the difficulties of the minutiae-based approach. However, it has some of its ownshortcomings. Correlation-based techniques require the precise location of a registration point andare affected by image translation and rotation.

Fingerprint matching based on minutiae has problems in matching different sized (unregistered)minutiae patterns. Local ridge structures can not be completely characterized by minutiae. We aretrying an alternate representation of fingerprints which will capture more local information and yielda fixed length code for the fingerprint. The matching will then hopefully become a relatively simpletask of calculating the Euclidean distance will between the two codes.

We are developing algorithms which are more robust to noise in fingerprint images and deliverincreased accuracy in real-time. A commercial fingerprint-based authentication system requires a verylow False Reject Rate (FAR) for a given False Accept Rate (FAR). This is very difficult to achieve withany one technique. We are investigating methods to pool evidence from various matchingtechniques to increase the overall accuracy of the system. In a real application, the sensor, theacquisition system and the variation in performance of the system over time is very critical. We arealso field testing our system on a limited number of users to evaluate the system performance over aperiod of time.

2.3.2 Fingerprint Classification

Large volumes of fingerprints are collected and stored everyday in a wide range of applicationsincluding forensics, access control, and driver license registration. An automatic recognition ofpeople based on fingerprints requires that the input fingerprint be matched with a large number offingerprints in a database (FBI database contains approximately 70 million fingerprints!). To reducethe search time and computational complexity, it is desirable to classify these fingerprints in anaccurate and consistent manner so that the input fingerprint is required to be matched only with asubset of the fingerprints in the database.

Fingerprint classification is a technique to assign a fingerprint into one of the several pre-specifiedtypes already established in the literature which can provide an indexing mechanism. Fingerprintclassification can be viewed as a coarse level matching of the fingerprints. An input fingerprint is firstmatched at a coarse level to one of the pre-specified types and then, at a finer level, it is comparedto the subset of the database containing that type of fingerprints only.




20/69


We have developed an algorithm to classify fingerprints into five classes, namely, whorl, right loop,left loop, arch, and tented arch. The algorithm separates the number of ridges present in fourdirections (0 degree, 45 degree, 90 degree, and 135 degree) by filtering the central part of afingerprint with a bank of Gabor filters. This information is quantized to generate a FingerCodewhich is used for classification. Our classification is based on a two-stage classifier which uses a K-

nearest neighbor classifier in the first stage and a set of neural networks in the second stage.The classifier is tested on 4,000 images in the NIST-4 database. For the five-class problem,classification accuracy of 90% is achieved. For the four-class problem (arch and tented archcombined into one class), we are able to achieve a classification accuracy of 94.8%. By incorporatinga reject option, the classification accuracy can be increased to 96% for the five-class classificationand to 97.8% for the four-class classification when 30.8% of the images are rejected.

2.3.3 Fingerprint Image Enhancement

A critical step in automatic fingerprint matching is to automatically and reliably extract minutiae fromthe input fingerprint images. However, the performance of a minutiae extraction algorithm reliesheavily on the quality of the input fingerprint images. In order to ensure that the performance of anautomatic fingerprint identification/verification system will be robust with respect to the quality ofthe fingerprint images, it is essential to incorporate a fingerprint enhancement algorithm in theminutiae extraction module.

We have developed a fast fingerprint enhancement algorithm, which can adaptively improve theclarity of ridge and furrow structures of input fingerprint images based on the estimated local ridgeorientation and frequency. We have evaluated the performance of the image enhancementalgorithm using the goodness index of the extracted minutiae and the accuracy of an onlinefingerprint verification system. Experimental results show that incorporating the enhancementalgorithms improves both the goodness index and the verification accuracy.

2.4 Prerequisites for common usage of biometrics

It has been more than 15 years since the introduction of commercial fingerprint authenticationsystems. Yet they are just now gaining broad acceptance. We should not be surprised. Manytechnologies required several years before the right combination of factors allowed them to becomeubiquitous. If one looks back to laptop computers, cell phones, fax machines, pagers, laser printersand countless other everyday devices, one will realize most had long gestation periods. Biometrics isnow at the acceptance crossroads. What will propel them into common usage?

2.4.1 Convenience First

There is the reason end-users should use fingerprint authentication in the IT world, i.e. security, andthere is the reason they WILL use it, convenience. The simple fact is that passwords don't work verywell. They are "nocost" to establish, but very expensive to maintain. Just ask the help desk manager

in a major corporation. More than 50 percent of all help desk calls are related to passwords3&Mac218;4 lost, forgotten or otherwise useless. Count all the passwords you use everyday andoften have to change once a month. Password administration is a nightmare for MIS managers andusers. Fingerprint authentication eliminates the problem, and the headaches.

Other authentication mechanisms such as tokens, smart cards, etc. require you to carry something.This is better than a password, but easier to lose. Think about losing your credit card or driver'slicense. Losing your corporate network access card could be a lot worse. Information is valuable andharder to track than money.

Fingerprints can also act as a simple, trusted and convenient user-interface to a well thought outsecurity architecture. The two components need each other to provide truly effective security. A userauthenticated via fingerprints can take advantage of a solid security system with minimal education.




21/69


2.4.2 Simple Truths

Users don't trust what they don't understand. Most IT security concepts are incomprehensible to thecommon user. Explaining public and private keys, key recovery systems and digital certificates isbeyond the skills of even experienced MIS professionals. Most users have no concept of encryption

algorithms and their implementations, nor do they want to understand. Users want simple, trustedsecurity.

Simple, as in put your finger down. It does not take a security professional to realize that 10passwords on sticky notes attached to your monitor are poor security. Most breaches of securityrequire doing the obvious, and are often done by insiders.

Trusted, as in having stood the test of time. Fingerprints have been used for identification for over100 years. They are the standard without question. In addition to signatures, fingerprints are the onlyother form of identification that have a legal standing. A key issue of trust is privacy. The best way tomaintain that is to store a template of unique fingerprint characteristics instead of the entire print.This is sufficient for one-to-one or one-to-many matching and eliminates the need for a database ofsearchable fingerprints.

2.4.3 Emerging Standards

IT professionals insist upon standards, multiple sources of supply and endorsement by industryleaders. It's beginning to happen, but to think that a small biometrics company can set an industrystandard is ludicrous. Yet many have tried.

Any CIO or MIS manager would not bet his job or company on a proprietary solution from a smallbiometrics company. These people want choice and standards to provide multiple sources of supplyand fair competition among vendors. The one exception to this rule is when there has been a majorcatastrophe, such as a significant loss of money. However, it is tough to build a sustainable businesschasing disasters.

Standards need to be set by the IT industry leaders such as Intel, Microsoft, Phoenix Technologiesand the top 10 computer companies. In the last year, many of these large organizations have banded

together to begin the process of standardization. This is the first sign of an industry maturing.

2.4.4 Cost

Just as in the early days of desktop computers when a system cost more than $10,000, only a fewpeople had systems. Now when they cost less than $1,000, everybody has one. This same "order ofmagnitude" cost breakthrough has recently occurred with fingerprint technology. What cost $1,000two years ago is now available for less than $100. Cost alone is not the answer, but it is a necessarycomponent of broad market acceptance of this technology.

2.4.5 Complete Solutions

Lots of companies talk about "complete solutions," but what does this mean? It does not mean acustom, proprietary combination of fingerprint sensor, matching software and application software -point products and closed solutions are not acceptable. It does mean an open architecture where thesensor, matching algorithm and applications are interchangeable and leverageable. Veridicom'sOpenTouch architecture embraces this tenet and lets the user choose.

2.4.6 Measurable Usefulness

Being able to accurately gauge the usefulness of a fingerprint authentication solution is veryimportant. This technology saves money in password administration, user up-time and user support.More importantly fingerprint authentication allows you to do more with a computer. Now, remotesecure network access is possible. Electronic commerce makes sense when the authentication istrusted. It is a fact that 75 percent of all Internet users are uncomfortable transmitting their credit

card information over the public network. Imagine if this was never an issue. Fingerprintauthentication is an enabling technology for trusted e-commerce.




22/69


All the signs are in the market for the acceptance of fingerprint authentication as a simple, trusted,convenient method of personal authentication. Industry leaders are validating the technologythrough standards initiatives. Cost and performance breakthroughs have transformed fingerprintbiometrics from an interesting technology to an easy to implement authentication solution. Industrytrends such as electronic commerce and remote computing exacerbate the need for better

authentication. Most importantly, users understand and accept the concept. Passwords and tokensare universally disliked. You can't get much simpler than a fingerprint.

2.5 Biometric vs. Non-Biometric Fingerprinting

The aura of criminality that accompanies the term "fingerprint" has not significantly impeded theacceptance of fingerprint technology, because the two authentication methods are very different.Fingerprinting, as the name suggests, is the acquisition and storage of the image of the fingerprint.Fingerprinting was for decades the common ink-and-roll procedure, used when booking suspects orconducting criminal investigations. More advanced optical or non-contact fingerprinting systems(known as live-scan), which normally utilize prints from several fingers, are currently the standard for

forensic usage. They require 250kb per finger for a high-quality image. Fingerprint technology alsoacquires the fingerprint, but doesn't store the f

bio metrics whitepaper

Documents