Biometrics (ancient Greek: bios ="life", metron
="measure") is the study of automated methods for uniquely recognizing
humans based upon one or more intrinsic physical or behavioral traits.
In information technology, biometric authentication refers to technologies that measure and analyze human physical and behavioral characteristics for authentication purposes. Examples of physical characteristics include fingerprints, eye retinas and irises, facial patterns and hand measurements, while examples of mostly behavioral characteristics include signature, gait and typing patterns. Voice
is considered a mix of both physical and behavioural characteristics.
However, it can be argued that all biometric traits share physical and
While biometrics did not show up in practice in Western cultures
until late in the 19th century, it was being used in China by at least
the 14th century. An explorer and writer by the name of Joao de Barros
wrote that Chinese merchants stamped childrens palm prints and
footprints on paper with ink. The merchants did this as a way to
distinguish young children from one another.
In the West, identification relied heavily simply upon photographic memory until the French police desk clerk and anthropologist Alphonse Bertillon developed the anthropometric system (later also known as Bertillonage)
in 1883. This was the first precise, scientific system that was widely
used to identify criminals. It turned biometrics into a field of study.
It worked by precisely measuring certain lengths and widths of the head
and body, as well as recording individual markings such as tattoos and scars.
Bertillons system was widely adopted in the West until the systems
flaws became apparent mainly problems with differing methods of
measurement and changing measurements. After that, Western police
forces turned to fingerprinting essentially the same system seen in China hundreds of years prior.
In recent years biometrics has moved from simply fingerprinting, to
many different methods that use various physical and behavioral
measurements. The uses of biometrics have also increased, from just
identification to verification as used in security systems and more.
Operation and performance
In a typical IT biometric system, a person registers with the system
when one or more of his physical and behavioral characteristics are
obtained. This information is then processed by a numerical algorithm,
and entered into a database. The algorithm creates a digital
representation of the obtained biometric. If the user is new to the
system, he or she enrolls, which means that the digital template of the
biometric is entered into the database. Each subsequent attempt to use
the system, or authenticate, requires the biometric of the user to be
captured again, and processed into a digital template. That template is
then compared to those existing in the database to determine a match.
The process of converting the acquired biometric into a digital
template for comparison is completed each time the user attempts to
authenticate to the system. The comparison process involves the use of
a Hamming distance. This is a measurement of how similar two bit strings
are. For example, two identical bit strings have a Hamming Distance of
zero, while two totally dissimilar ones have a Hamming Distance of one.
Thus, the Hamming distance measures the percentage of dissimilar bits
out of the number of comparisons made. Ideally, when a user logs in,
nearly all of his features match; then when someone else tries to log
in, who does not fully match, and the system will not allow the new
person to log in. Current technologies have widely varying Equal Error Rates, varying from as low as 60% and as high as 99.9%.
Performance of a biometric measure is usually referred to in terms
of the false accept rate (FAR), the false non match or reject rate
(FRR), and the failure to enroll rate (FTE or FER). The FAR measures
the percent of invalid users who are incorrectly accepted as genuine
users, while the FRR measures the percent of valid users who are
rejected as impostors.
In real-world biometric systems the FAR and FRR can typically be
traded off against each other by changing some parameter. One of the
most common measures of real-world biometric systems is the rate at
which both accept and reject errors are equal: the equal error rate
(EER), also known as the cross-over error rate (CER). The lower the EER
or CER, the more accurate the system is considered to be.
Claimed error rates sometimes involve idiosyncratic or subjective
elements. For example, one biometrics vendor set the acceptance
threshold high, to minimize false accepts. In the trial, three attempts
were allowed, and so a false reject was counted only if all three
attempts failed. At the same time, when measuring performance
biometrics (e.g. writing, speech etc.), opinions may differ on what
constitutes a false reject. If a signature verification system is
trained with an initial and a surname, can a false reject be
legitimately claimed when it then rejects the signature incorporating a
full first name?
Despite these misgivings, biometric systems have the potential to
identify individuals with a very high degree of certainty. Forensic DNA
evidence enjoys a particularly high degree of public trust at present
(ca. 2004) and substantial claims are being made in respect of iris
recognition technology, which has the capacity to discriminate between
individuals with identical DNA, such as monozygotic twins.
A comparison of biometrics
A Comparison of Biometrics (Yun 2003)
The figure at the right (Yun 2003) compares several biometrics with each other against seven categories:
Universality describes how common a biometric is found in each individual.
Uniqueness is how well the biometric separates one individual from another.
Permanence measures how well a biometric resists aging.
Collectability explains how easy it is to acquire a biometric for measurement.
Performance indicates the accuracy, speed, and robustness of the system capturing the biometric.
Acceptability indicates the degree of approval of a technology by the public in everyday life.
Circumvention is how easy it is to fool the authentication system.
Yun ranks each biometric based on the categories as being either
low, medium, or high. A low ranking indicates poor performance in the
evaluation criterion whereas a high ranking indicates a very good
Issues and concerns
As with many interesting and powerful developments of technology,
excessive concern with the biometric may have the effect of eclipsing a
more general critical faculty. Biometrics may become associated with
severe miscarriages of justice if bedazzlement with the performance of
the technology blinds us to the following possibilities. An individual
plant DNA at the scene of the crime
associate another's identity with his biometrics, thereby impersonating without arousing suspicion
interfere with the interface between a biometric device and the
host system, so that a "fail" message gets converted to a "pass".
Identity theft and privacy issues
Concerns about Identity theft through biometrics use have not been
resolved. If a person's credit card number is stolen, for example, it
can cause them great difficulty. If their iris scan is stolen, though,
and it allows someone else to access personal information or financial
accounts, the damage could be irreversible. Often, biometric
technologies have been rolled out without adequate safeguards for
personal information gathered about individuals.
Also, the biometric solution to identity theft is only as good as
the information in the database that is used for verifying identity.
Problems of getting accurate and usuable initial information -- witness
the current troubles with the No fly list of the Dept of Homeland security.
Presumably after the initial information is correctly stored, future
computer error or vandalism (hacking) would prevent biometrics from
being 100% foolproof against idenity theft.
As technology advances, and time goes on, more and more private
companies and public utilities will use biometrics for safe, accurate
identification. However, these advances will raise many concerns
throughout society, where many may not be educated on the methods. Here
are some examples of concerns society has with biometrics:
Physical - Some believe this technology can cause physical harm to
an individual using the methods, or that instruments used are
unsanitary. For example, there are concerns that retina scanners might
not always be clean.
Personal Information - There are concerns whether our personal
information taken through biometric methods can be misused, tampered
with, or sold, e.g. by criminals stealing, rearranging or copying the
biometric data. Also, the data obtained using biometrics can be used in
unauthorized ways without the individual's consent.
Society fears in using biometrics will continue over time. As the
public becomes more educated on the practices, and the methods are
being more widely used, these concerns will become more and more
Uses and initiatives
Since the beginning of the 20th century, Brazilian
citizens have used ID cards. The decision by the Brazilian government
to adopt fingerprint-based biometrics was spearheaded by Dr. Felix Pacheco at Rio de Janeiro, at that time capital of the Federative Republic. Dr. Pacheco was a friend of Dr. Juan Vucetich,
who invented one of the most complete tenprint classification systems
in existence. The Vucetich system was adopted not only in Brazil, but
also by most of the other South American countries. The oldest and most
traditional ID Institute in Brazil (Instituto de Identificaç Féx
Pacheco) was integrated into the civil and criminal AFIS system in 1999.
Each state in Brazil is allowed to print its own ID card, but the
layout and data are the same for all of them. The ID cards printed in
Rio de Janeiro are fully digitized using a 2D bar code with information
which can be matched against its owner off-line. The 2D bar code
encodes a color photo, a signature, two fingerprints, and other citizen
data. This technology was developed in 2000 in order to enhance the
safety of the Brazilian ID cards.
Canada has recently introduced biometrics in the use of passports
with the help of digitized photos. The passports contain a chip that
holds a picture of the person and personal information such as name and
date of birth.
This technology is being used at border crossings that have
electronic readers that are able to read the chip in the cards and
verify the information present in the card and on the passport. This
method allows for increased efficiency and accuracy of identifying
people at the border crossing. CANPASS, developed by Canada Customs, is
currently being used by some major airports that have kiosks set up to
take digital pictures of a persons eye as a means of identification.
The United States government has become a strong advocate of
biometrics with the increase in security concerns in recent years.
Starting in 2005, US passports with facial (image-based) biometric data
were scheduled to be produced. Privacy activists in many countries have
criticized the technology's use for the potential harm to civil
liberties, privacy, and the risk of identity theft. Currently, there is
some apprehension in the United States (and the European Union) that
the information can be "skimmed" and identify people's citizenship
remotely for criminal intent, such as kidnapping. There also are
technical difficulties currently delaying biometric integration into
passports in the United States, the United Kingdom, and the rest of the
EU. These difficulties include compatibility of reading devices,
information formatting, and nature of content (e.g. the US and UK
currently expect to use only image data, whereas the EU intends to use
fingerprint and image data in their passport RFID biometric chip(s)).
Biometric Digest newsletter. Published monthly with weekly updates.
64 issues per year. Primary source of news y information, vendors,
case studies, calendar of events for expositions y conferences,
financial reports, names in the news and more. http://www.mydocsonline.com/pub/wrogers/26Mar.pdf