TABLE OF CONTENTS CLICK ON THE ROMAN NUMERAL OR TOPIC TO VIEW
|
||||||||||||||||||
SENIOR SEMINAR
TABLE OF CONTENTS CLICK ON THE ROMAN NUMERAL OR TOPIC TO VIEW
|
||||||||||||||||||
What is Biometrics?
The meaning of Biometrics comes from the Greeks. The Greek hybrid of the words is bio meaning life and metry meaning to measure. The webster’s definition is the statistical measurement and analysis of biological observations and phenomena. In a more simpler terms biometrics means using the body as a password.
Biometric identification is, simply, the technique of verifying a person by a physical characteristic or personal trait. The major goal of biometric identification is to assist in providing a single computer system log-in that rarely rejects authorized users and always detects fraudulent access attempts. Such a system surpasses password and token systems because a person's body cannot be forgotten or stolen, and access is provided to the person, not a piece of plastic.
Many people would have you believe that there is a magical aspect to how biometric technologies operate. In fact, biometrics functions on a very simple principle: everyone in the world is unique, and this inherent uniqueness can be used for identity verification.
Most biometric technology systems use the same basic principles of operation. First, a person must be registered, or enrolled, on the biometric system. This enrollment is accomplished through the sampling and storage of unique biometric characteristics. The sampling is normally processed through a mathematical algorithm that converts the characteristics to a digital mathematical representation. This unique mathematical representation is referred to as a template or profile, and is used to as a basis of comparison when the registered person needs to be authenticated. Biometric technology companies typically treat these algorithms as proprietary, well-guarded secrets.
To be authenticated, a person must provide a real-time biometric measurement. This measurement is then processed using the same algorithm that was used at enrollment. The output of the live measurement is then compared to the stored template.
The system administrator can set the strictness criteria the algorithm uses to compare the live measurement and the template. The higher the percentage of match required the higher the degree of security. Authentication is granted on a match/no match basis.
(FIRST USE OF BIOMETRICS)
The first recorded use of fingerprints was by the ancient Assyrians and Chinese for the signing of legal documents. Probably the first modern study of fingerprints was made by the Czech physiologist Johannes Evangelista Purkinje, who in 1823 proposed a system of classification that attracted little attention. The use of fingerprints for identification purposes was proposed late in the 19th century by the British scientist Sir Francis Galton, who wrote a detailed study of fingerprints in which he presented a new classification system using prints of all ten fingers, which is the basis of identification systems still in use. In the 1890s the police in Bengal, India, under the British police official Sir Edward Richard Henry (1857-1930), began using fingerprints to identify criminals. As assistant commissioner of metropolitan police, Henry established the first British fingerprint files in London in 1901. Subsequently, the use of fingerprinting as a means for identifying criminals spread rapidly throughout Europe and the U.S., superseding the old Bertillon system of identification by means of body measurements.
USE OF FINGERPRINTING
Identification points consist of bifurcations, ending ridges, dots, ridges and islands. A single rolled fingerprint may have as many as 100 or more identification points that can be used for identification purposes. There is no exact size requirement as the number of points found on a fingerprint impression depends on the location of the print. As an example the area immediately surrounding a delta will probably contain more points per square millimeter than the area near the tip of the finger which tends to not have that many points.
In Image #1 we see part of a fully rolled fingerprint. Notice that the edges are cutoff so you can safely assume that this is not a fully rolled impression. If you take a look at Image #2 you can see that I have sectioned out the center portion of this impression and labeled 10 points of identification. That was not all the points found but simply the ones that could be mapped easily without cluttering up the image.
Image #2 when measured 1:1 is just over 1/4" square. If you look closely you should be able to identify 10 additional points that were not mapped with the lines. In all I counted 22 points of identification on this 1/4" square section of the impression. One thing to note here, you might be under the impression that making a fingerprint comparison is relatively easy but you should keep in mind a couple things.
First, Image #1 and Image #2 are both taken from the same image. In real life you would have impressions made at separate times and subject to different pressure distortions. Secondly, these images are relatively clean and clear where many of the actually crime scene prints are anything but clear. Last you have to consider that this is an easy comparison because you are blessed with having a core pattern and a delta when in some cases you may have a latent that could be a fingertip, palm or even foot impression.
 |
 |
| IMAGE #1 | IMAGE #2 |
Let me first of all explain the difference between identification and authentication. The identification process entails matching a physiological or behavioral characteristic of a person to an established and pre-confirmed record of that characteristic. For example, matching the image of my face to a photograph in a large number of photos in a database. Searching, in other words, to identify a person such as the rogues gallery used by the police department.
The police to identify criminals also use the fingerprint biometric. This method of searching or comparing a "new or candidate" fingerprint to many sets of fingerprints in an existing database is now being tested in welfare applications to prevent "double dipping" - the practice of fraudulently collecting more than one welfare check by pretending your someone else.
These "one-to-many" search techniques, as they are called, are being extended to other entitlement programs such as health care, and to registration systems such as voting, driver's licenses and other applications. In all cases, your fingerprint pattern, or a derivative of that pattern, is stored in a database file and the
One-to-many search strategy is an identification process.
Let me contrast that with a "one-to-one" search, used when we are accessing such things as our bank machine. Here, we want some form of control to serve as the gateway to let you and only you in, and keep all the others out. In these activities though, we are not searching a database to identify you. We are actually authenticating your eligibility to access the bank machine.
Authentication is done is through the presentation of a "token" such as a PIN, a card, or a biometric whose validity is confirmed, and thereby verifying one's eligibility to access a particular service. There is no searching and matching to a database, only the validity of the token is established, through a single one-to-one match.
Now, identification is certainly a part of the process to establish the authenticating token. However, it only occurs once at the beginning, when one applies for a particular service such as requesting a new bankcard. But once my identity has been established, and I have demonstrated that I am eligible to obtain the service in question, then from that point on, all I need to do is to authenticate (confirm/verify) that I am the same person whose identity and eligibility have already been established, and the token serves as my credential. Under such a process it will no longer be necessary to identify ourselves every time we access our bank machine. It will only be necessary to authenticate our eligibility.
The problem is that a biometric such as a fingerprint can be used as a unique surrogate of one's identity which, as a unique identifier, can be used to trace people's transactions and link massive amounts of personal data about them. If my fingerprints are stored in a database, then my transactions, whereabouts and personal information can easily be tracked. It doesn't really matter for what purpose the biometric information was assembled -- whether it was for welfare registration or bank machine access, the same point applies.
If I happen to be on welfare and innocently leave my latent fingerprints at a nightclub, which later becomes the scene of a crime, any latent prints of mine picked up could be matched to the fingerprint database compiled for welfare recipients. If I'm identified, I'll get a knock on my door and a visit by a police
officer. That is a clear infringement of my privacy. Now, one can say that the fingerprint database will be off limits to the police by virtue of legislation. That may be the case with the current government. But how can we ensure it will be the case with the next government? And that doesn't address the issue of
unauthorized access to the database. The temptation for secondary or unauthorized uses of such a database beyond its primary purpose will be very great, especially if crime, tax fraud, and terrorism increase in our society.
I want to point out that even if the actual fingerprint pattern is not stored, but only a digital template is stored which cannot be converted back to the original fingerprint pattern, you still have the same problem. If the police obtain access to a similar finger scanner, tap into the output of the camera in the scanner, and
place some digitized latent fingerprints through the system, they will generate a similar unique template within the accuracy limits of the device. They have to, otherwise the system doesn't work.
Therefore, by storing only templates, you are really no further ahead. The issue is not whether a fingerprint pattern can be reconstructed from its digital template. The issue is that both the fingerprint pattern and its corresponding digital template are unique identifiers of an individual. That pattern or template is still a unique and traceable surrogate of my real identity.
Some vendors of biometric technology are proposing that a solution is to have unique hardware and software algorithms for different organizations and government agencies so that the police cannot generate the same template.
A step in the right direction is to encrypt the digital templates stored in the database. These encrypted biometrics improve privacy protection since matching efforts could not be accomplished without access to the encryption key. In this case, key management would be the weak link. Who is going to have control over the encryption keys? With key management, as with key escrow in a security system, privacy is based on a trust model.
There is, however, a consideration, which in the long term is more consequential to privacy than the threat of tracking since we can already track someone with their PINs. That is, the ability to link or associate information from all kinds of sources to your biometric template. In effect, this will enable third parties to have access to personal profiles about you that are more complete, and potentially more damaging than the combined information that your best friend, spouse or parents have.
So you ask what can we do? I don’t think that we can stop the spread of the use of biometrics. Everyone’s privacy will be at stake and how will the government handle this. Many issues arise from this technology and the government is trying to establish guidelines as you read this. It is a very touchy subject because of your privacy. I can see many advantages and disadvantages, but I see this technology moving forward swiftly. The manufactures and government are trying to sell these as "PRIVACY" protectors.
Privacy protectors from whom?
There are many uses that biometrics is being used today and the future holds more advances. At Coca-Cola Co., hand-scanning machines recently replaced the venerable time card for many workers. In New Jersey and six other states, fingerprint scanners are now used to crack down on people claiming welfare benefits under two different names. In Cook County, Illinois, a sophisticated camera that analyzes the iris patterns of an individual's eyeball is helping ensure that the right people are released from jail. At Purdue University in Indiana, the campus credit union is installing automated teller machines with a finger scanner that will eliminate the need for plastic bankcards and personal identification numbers.
MasterCard International Inc. and Visa USA Inc., the world's two largest credit card companies, have begun to study the feasibility of using finger-scanning devices at the point of sale to verify that the card user is really the card holder. The scanners would compare fingerprints with biometric information stored on a microchip embedded in the credit card.
Walt Disney World in Orlando has started taking hand scans of people who purchase yearly passes. These visitors now must pass through a scanner when entering the park preventing them from lending their passes to other people.
The Immigration and Naturalization Service is letting a select group of travelers bypass lengthy lines at New York's John F. Kennedy International Airport and Newark international Airport by sticking their bands and special cards the service has issued into an automated turnstile. International Business Machines Corp. is working on a project called FastGate to commercialize the service, possibly having airline frequent-flier programs and businesses pay for the program.
The technology also received widespread attention at last summer’s Olympic Games Atlanta, where 65,000 athletes, coaches and officials used a hand-scanning system to enter the Olympic Village.
As future is near biometrics will be a key instrument in our society. With the use of biometrics increasing from day to day and the need to stop fraud, it seems that the future shows hope. Well there be a central database to contain the digital templates from everyone eyes, finger or voices. Will smartcards lead us into the need for the centralized database? Will there be an owner of the database and who will it be? How will the data be kept from the commercial market, the government, and the black market or from criminals?
There are many questions that have to be answered and many concerns that the public needs to know about. Will the biometric system turn into the Social Security Number of the future. Even thou the Social Security number, was a symbol of our right to work and our responsibility to pay taxes. When Social Security began in 1935, a system was needed to keep track of the earnings, and eventually the benefits, of people who worked in jobs covered under the new program. Because many people use more than one name over a lifetime or share the same name, a numerical identifier was selected.
The future of this technology is just starting to bloom. Many issues are arising from this technology and "PRIVACY" is the main concern. Even if we are told that the government will not use the data or release the data to anyone, how can that be proven? It is YOUR right as an individual and person to protect your privacy about yourself and the direction of this technology seems to spell "D-I-S-A-S-T-E-R" for everyone "PRIVACY.
ADVANTAGES / DISADVANTAGES OF BIOMETRIC SYSTEMS
Here are some of the advantages and disadvantages of fully developed biometric systems that are fairly accurate:
Retinal scans (electronic scan of the innermost layer of the eyeball's wall):
Advantages: ;Retina generally remains stable through life, ensuring accuracy. -
Disadvantages: Requires close physical contact MW scanning device; may not be generally accepted by public.
Iris recognition (recording of iris using standard video technology):
Advantages: Non-invasive procedure (close physical contact not required).
Disadvantages: Relatively expensive; requires large amount of computer storage; may not be generally accepted by public.
Finger imaging (recording of fingerprint using optical scanner):
Advantages: Widely accepted by public and law enforcement communities as reliable identification.
Disadvantages: Requires close physical contact with scanning device; residue on finger may cause recognition problems; has criminal overtones.
Hand geometry (three-dimensional recording of length, width and height of hand and fingers, using optical scanner):
Advantages: User-friendly; requires small amount of computer storage space.
Disadvantages: Isn't as unique as other biometric methods; hand injury can cause recognition problems.
Facial thermography or imaging (photograph of face converted into digital code):
Advantages: Non-invasive procedure.
Disadvantages: People who look alike can fool scanner; people can alter their appearance and facial hair can fool device.
Voice verification or recognition (acoustic signal of voice converted into digital code):
Advantages: Works well over the telephone.
Disadvantages: Requires large amount of computer storage; people's voices can change; background noises can interfere.
Signature recognition (computer record of pen/stylus speed, pressure, direction and other characteristics of signature):
Advantages: People are used to providing a signature.
Disadvantages: Poor long-term reliability; accuracy difficult to ensure.
