Unlike traditional authentication methods that rely on something you know – like a password or passphrase, or something you have – like a smart card or token, biometric applications rely on something you are: a human being with robust and distinguishable physical traits. Because a person’s unique trait (iris, retina, fingerprint, voice, etc.) cannot be lost or stolen, biometric applications, when used in conjunction with traditional user authentication mechanisms, provide higher levels of security over traditional authentication methods alone. Biometrics Demystified describes the field of biometrics as it exists today with an overview of how a typical biometric system works and how various biometric technologies provide a viable alternative to more traditional user authentication methods.
1. Biometric System Elements
Identification attempts to answer the question, “Who are you?” The Integrated Automated Fingerprint Identification System (IAFIS) established and administered by the Federal Bureau of Investigation (FBI) provides a well-known example of a biometric identification system. With IAFIS, the FBI maintains the largest collection of fingerprint records at over 40 million ten print records.
1.1.1 Positive versus Negative Identification
Positive identification systems attempt to match a user’s biometric template with a match template stored in a database of enrollment data. In these systems, the user will claim an identity by providing a name or a PIN before submitting their biometric sample. Positive identification prevents multiple users from claiming a single identity. Biometric systems deployed for positive identification include hand geometry, finger scan, voice recognition, iris scan, retinal scan, and facial scan. In contrast, negative identification systems ensure that a user’s biometric data is not present in a given database, thus preventing a single user from enrolling more than once. In this scenario, no reliable non-biometric alternatives exist. Welfare centers offer one example where a user could benefit from enrolling more than once to gain multiple benefits under different names. Only two biometric systems are currently deployed for negative identification, namely finger scan and retinal scan.
In contrast to identification, verification, or one-to-one matching, attempts to pair a user’s biometric sample against his or her enrollment data. In this mode, the user first claims their identity by entering a password, user ID, voice command, or other form of identification before processing the biometric sample. Verification begs the question, “Are you who you claim to be?” For the most part, any biometric authentication system provides a good example of a verification system where users must identify themselves to the system and then verify that identity through a given biometric sample. In general, verification systems (one-to-one) are faster and more accurate than identification (one-to-many) systems and require less computational power.
By relying on a user’s physical characteristics, biometric authentication attempts to match a user’s unique physical trait against a newly captured biometric sample of that user’s trait. By definition, enrollment describes the process by which a user’s biometric sample is initially acquired, processed, and stored in the form of a biometric template. Depending on the system, a user may be required to present their biometric sample several times to achieve a successful enrollment. Aside from the template creation, a system administrator creates a username or password associated with the user upon enrollment. Enrollment effort can vary between biometric systems. Often more than two attempts are required for fingerprint and voice systems where obtaining a good quality enrollment image can be heavily dependent on user behavior and familiarity
Though both processes are similar, a distinction is made between presentation and enrollment, where presentation describes the process by which a user returns to a biometric application they have previously enrolled in and provides a biometric sample to the acquisition device. The presentation process can last as little as one second or more than a minute, depending on the specific biometric technology deployed.
1.5 Data Collection
Data collection begins with the measurement of a user’s biometric characteristic (fingerprint, iris image, voice print, etc.). At this stage, an assumption is made that the user’s biometric characteristic remains distinctive and repeatable over time. The presentation of the user’s biometric characteristic to the biometric sensor introduces a behavior aspect to the biometric process. The output from the sensor, which relies on the input from the user, derives itself from three factors:
- The biometric measurement;
- The way the measurement is presented by the user;
- The technical characteristic of the sensor.
Changes to any one of these three factors can negatively affect both the distinctiveness and the repeatability of the measurement, thus degrading the overall accuracy.
1.6 Data Storage
The data storage subsystem can vary as much as the biometric application itself. Depending on the nature of the biometric authentication function, (comparing one-to-one biometric samples versus comparing one-to-many), the data storage function might reside on a smart card or in a central database. In most cases, the data storage functions remains the same, involving the storage of a single or multiple users’ templates. Another function entails the storage of raw biometric data, or “images,” which allows the biometric system to reconstruct corrupted templates from a user’s biometric data before the data enters the signal processing subsystem. The storage of raw data allows the system vendor to make changes to the system data without the need to re-collect or “re-enroll” data from all users.
A biometric acquisition device in the form of a fingerprint reader or an iris scanner, for instance, attempts to capture an accurate image of the user’s biometric sample. A second process converts the raw biometric into a small data file called a template. Some important characteristics of templates include:
- Templates consist of a vendor’s mathematical representation of a user’s biometric sample derived from feature extractions of the user’s sample.
- Templates are proprietary to each vendor and each biometric technology. There is no common biometric template format; therefore, a template created in one vendor’s system cannot be used with another vendor’s system. Since November, 2001, the International Committee for Information Technology Standards Technical Committee M1 has worked to establish common file formats and application program interfaces that address these template concerns.
- No two templates are alike, even when created from the same biometric sample. For example, two successive placements of a user’s finger generates entirely different templates.
- Template sizes vary from less than 9 bytes for voice print to more than 1000 bytes for a facial image.
- Templates can be stored in a local PC, a remote network server, smart card, or in the acquisition device itself.
- Biometric data describing a user’s fingerprint or hand geometry, for example, cannot be reconstructed from biometric templates since the templates themselves consist of distinct features drawn from a biometric sample.
- Enrollment templates stored in a one-to-many database may suffer from data corruption issues over time.
1.7.1 Match Template versus Enrollment Template
An important distinction exists between enrollment templates and match templates. An enrollment template is created when a user first submits their biometric sample. This enrollment template is then stored for future biometric template comparisons. In contrast, a match template is created during subsequent identification or verification attempts, where the match template is compared to the original enrollment template, and generally discarded after the comparison takes place.
1.8 Signal Processing
The signal processing subsystem performs its function in four phases: segmentation, feature extraction, quality control, and pattern matching.
Segmentation describes the process of removing unnecessary background information from the raw extracted data. One example would be distortion in a voice channel; another example would be distortions produced by shadows or lighting affects for a facial scanning system.
1.8.2 Feature Extraction
With feature extraction, the signal processing must retrieve an accurate biometric pattern from the data and sensor characteristics as well as noise and signal loss imposed by the transmission process. Given a quality image of the biometric pattern, the signal processing system preserves the distinct and repeatable data points while discarding data points deemed non-distinctive or redundant. Consider speech authentication, for example, where a voice verification engine might focus solely on the frequency relationship of vowels that depend on the speaker’s pronunciation and not on the word itself. Think of feature extraction as non-reversible compression. In other words, the original biometric sample cannot be reconstructed from the extracted biometric features.
1.8.3 Quality Control
Quality control involves a determination about whether or not the signal received from the data collection system before, during, or after feature extraction arrives with acceptable quality. If the system determines the signal quality is insufficient, then the system will request a new sample from the data collection system. This partially explains why biometric users may be asked to enroll their biometric characteristic more than once, potentially invoking a failure-to-enroll error. Subsequent sections of this report explore the concept of enrollment in more detail. For now, understand that enrollment refers to storing a user’s biometric sample, or “template,” in a portable or centralized database.
1.8.4 Pattern Matching
The pattern matching process compares the user’s presented biometric feature (that has undergone the data collection, feature extraction, and quality control processes) with the user’s “previously enrolled” biometric feature stored in a database.
1.9 Biometric Matching
The concept of biometric matching speaks to the heart of biometric authentication and the accuracy associated with biometric technologies. Biometric authentication deals in degrees of certainty and does not offer a 100% guarantee that a user’s biometric template will match a stored template in a given database. Instead, biometrics rely on a three step process built upon a given biometric product’s standards for scoring, threshold, and decision. In this process, a user’s biometric template is assigned a specific value or score, which the biometric system compares to a pre-determined threshold setting used to decide whether the user’s template should be accepted or rejected.
By definition, the threshold represents a predefined number established by a system administrator for the purpose of establishing the necessary degree of correlation needed for the system to render a match/no match decision. If the user’s template score exceeds the threshold, it “passes,” and the system responds with a match. The converse implies that the user’s template score “fails,” prompting the system to render a no match decision. As with scoring, thresholds vary widely depending on the user’s security requirements and the specific biometric system deployed.
A decision simply represents the result of the comparison between the score and the threshold. In addition to match and no match decisions, some biometric systems can also register an inconclusive decision based upon the system’s inability to match a user’s verification template with a poorly enrolled template.
Since no industry standardized scale exists to identify a uniform scoring methodology, vendors utilize their own proprietary scoring methodology to process templates and generate numeric values that can range from 10 to 100 or –1 to 1. Recall that no two templates are exactly the same. This partially explains why no biometric system can render a match/no match decision with 100% certainty.
The decision subsystem implements a predetermined system policy that dictates specific threshold criteria used to base a match / no-match decision, which ultimately leads to an accept/reject decision for the user. The system policy should strive for a balance between stringent security settings and user-friendliness. In other words, a decision subsystem programmed to 99% accuracy might correctly reject 99% of all unauthorized users but also fail to accept a large percentage of legitimate, authorized users. The converse is also true where a loosely defined decision will make the biometric system easy to use but also grant access for an unacceptable percentage of unauthorized users.
Some biometric systems collect biometric data at one location and store the data at another. This scenario requires a transmission channel to facilitate the information exchange. With large amounts of data involved, (i.e., a large number of users and/or large file sizes), data compression techniques may be required to conserve bandwidth and storage space. The process of compression and expansion can lead to quality degradation in the restored signal, depending on the nature of the biometric sample and the compression technique deployed.