Biometrics

Biometric authentication/identification exploits the fact that certain physiological or behavioral characteristics can reliably distinguish one person from another. Biometrics includes both the automatic collection and matching of these characteristics. The digital representations of these characteristics are stored in an electronic medium, and later used to confirm or discover the identity of an individual. A typical authentication process utilizing biometric technology consists of the following basic steps:

Capture the biometric samples.
Evaluate the quality of the captured biometric samples and recapture if necessary.

Process the captured biometric samples to create a biometric code. Match the biometric code with one or more previously enrolled templates, to determine if a match exists. This matching can be done as verification or identification.

Verification is a process in which a biometric code is compared with a particular, previously enrolled biometric template, stored in a database or on an ID card, in order to verify the correctness of the user’s claimed identity. The biometric template is retrieved from the database using the user’s claimed identity, or is assumed based on the user’s possession of the ID card containing the biometric template. Verification involves a one-to-one comparison between the biometric code and the biometric template. If the two match, then the claim of identity is confirmed.

Identification is a process in which a biometric code is compared with all or a subset of the biometric templates from a database, in order to find a matching template and thus identify the person who provided the biometric sample. Identification involves a one-to-many comparison. Unlike verification, the user does not provide a claimed identity, but instead is identified strictly on the basis of the biometric code matching one of the biometric templates in the database. The technique can be used for recognition or to confirm that the person being identified is not known under a different name or ID.

Enrollment is the process of entering a new biometric template and identifier into the database. It is usually entered along with other information about the individual, which links them to an organization, an account, a set of privileges, a social group, etc. Enrollment can incorporate identification to make sure that the individual is not already in the database, perhaps under another name.

Biometric techniques are subject to statistical error. Therefore, biometric systems must provide robust exception handling functions. Verification systems should be designed to minimize error costs, by providing user-friendly exception handling functionality for false rejection errors (i.e., when a valid user is rejected), and post-event analysis capability in order to handle false (impostor) acceptance situations. Identification systems should provide user-friendly interfaces allowing human operators to quickly sort out multiple matching biometric samples.

A multimodal system supports the use of multiple biometric types within a single database. This could mean the layering of biometric identifiers such that a person would need to provide two or more biometrics in order to be positively identified or simply the storing of multiple biometrics per person in the database for use in the event that the user later chooses to change the biometric identifier required for identification.

Multimodality is a characteristic of certain biometric identification/authentication systems. A multimodal system is one in which the database of captured biometric samples and its accompanying software is independent of the biometric hardware. This provides flexibility to the end user by decoupling hardware and software decisions, allowing a greater range of solutions over time at a substantially lower cost.

+ Cooperative vs. Non-Cooperative

In applications verifying the positive claim of identity, such as access control, a deceptive user cooperates with the system in an attempt to be recognized as someone s/he is not. This is therefore called a "cooperative" application. In applications verifying a negative claim to identity (for example where one’s absence from a database allows access), the deceptive user attempts to deceive the system so as not to be identified. This is called a "non-cooperative" application. Users in cooperative applications may be asked to identify themselves in some way, perhaps with a card or a PIN, thereby limiting the database search of stored templates to that of a single claimed identity. Users in non-cooperative applications cannot be relied on to identify themselves correctly, thereby requiring the search of a large portion of the database. Cooperative, but so-called "PIN-less", verification applications also require search of the entire database.

+ Overt vs. Covert

If the user is aware that a biometric identifier is being measured, the use is overt. If unaware, the use is covert. Almost all conceivable access control and non-forensic applications are overt. Forensic applications can be covert. One could argue that this second partition dominates the first in that a deceptive user cannot cooperate or non-cooperate unless the application is overt.

+ Habituated vs. Non-Habituated

Users presenting a biometric trait on a daily basis can be considered habituated after short period of time. Users who have not presented the trait recently can be considered
"non-habituated". Access control to a secure work area is generally "habituated". Access control to a sporting event is generally "non-habituated".

+ Attended vs. Non-Attended

Refers to whether the use of the biometric device during operation will be observed and guided by system management. Non-cooperative applications will generally require supervised operation, while cooperative operation may or may not. Nearly all systems supervise the enrollment process, although some do not.

+ Standard vs. Non-Standard Environment

If the application takes place indoors at standard environmental conditions, it is considered a "standard environment" application. Outdoor systems, and perhaps some unusual indoor systems, are considered "non-standard environment" applications.

+ Public vs. Private

Will the users of the system be customers of the entity in charge of system management (public) or employees of that entity (private)? Clearly attitudes toward usage of the devices, which will directly affect performance, vary depending upon the relationship between the end-users and system management owners.

+ Open vs. Closed

Will the system be required, now or in the future, to exchange data with other biometric systems run by other management? For instance, some State social service agencies want to be able to exchange biometric information with other States. If a system is to be open, data collection, compression and format standards are required.

National Biometrics Test Center Collected Works