Biometrics is has been touted as the successor to the clumsy password technology that is currently the mainstay of security. It can be used for identification and authentication for any number of cases, from logging on to a computer to premise access to ultra-high safekeeping for homeland security. The technology has come a long way in the last decade.
Governmental systems have to meet certain standards and pass specific certifications. So do critical business and health care. As a result, at least until the technology is more mainstream, there will be two levels of biometric applications – ultra-secure for government, financial and health care, and secure for consumer applications.
The technology is the same, whether it is the high-end, or the consumer platform. It is the design, accuracy, and reliability of the technology that differentiates the two applications. But in both cases, biometrics has the ability to be a widely implemented security platform. The reason is that there are so many human elements that can be used as biometric markers. Unique biometric signatures can be found in body chemistry, structure, physical elements, psychology, traits, even behavior. This diversity allows biometrics to be a very effective identifier.
These signatures make biometrics very good at two things—identification and verification—which are the two most important elements in any security profile. The diversity of signature, alone or in conjunction with other markers, can be used to build a very accurate identification model. Once the model is built, the verification platform can be fine-tuned with little margin for error.
In a biometric system setting up a biometric profile takes a number of processes, each with a specific function. It is worth noting here that the premise for all systems is that they are secure, both in the storage of identifying data and the access to such data. Moreover, the general process is the same for all types of biometric technologies.
Identification starts with a base model of the desired identification element, such as a fingerprint (See Figure 1 below). The initial stage is called enrollment. This is the phase where the specific biometric information is captured, cataloged and placed into storage. Once the data has been processed, verified, and is deemed reliable, the biometric template is available for identification going forward. That part is simply comparing the captured data (fingerprint from a scanner, for example) to the stored data.
To have a high rate of success, identification uses a number of steps to get the most reliable “true” identity. Biometric scans, while highly accurate, still need a bit of verification and post-processing to make sure the image scanned is the same as the image stored. This is one of the metrics that determines high-end systems from consumer systems, for example.
Scanning will introduce artifacts—environmental data that isn’t relevant or accurate, such as dirt or other contaminants on the lens or the finger, light reflections/refractions, minute movement during the scan, or other noise. The processor needs to analyze such artifacts and remove them from the image.
Finally, the processing has to extract only the required features. In fingerprint recognition, for example, only certain characteristics are considered valid data for comparison.
The second element of biometric identification is verification. This process is where the actual authentication takes place. The system is ultimately trying to find the one-on-one match of the scanned image. The system searches for a set of possible matching templates, based on reference models, from which the matching algorithms generate a set of possible matches. These matches have a “score” that puts them into the ballpark. Then the images go through a series of “tests” where they are eliminated, one by one, until the final image is verified to be the “best” match. While the best case may seem a bit chaotic, it is really very accurate. In high-end systems, this step uses many more samples and algorithms to match the exact template.
Looking to the future, we can expect to see a lot of development happening in the biometric space. For example, with ultra-high-end systems, multimodal technology can be employed. The operational methodologies are the same but these systems use multiple sensors to capture the image. This is useful where extremely high accuracy is required, such as for identifying terrorists. This technology can overcome the limitation of unimodal systems that may not be able to recognize scarred fingerprints, for example. And for iris-type recognition, it can compensate for aging within the eye. It also can combine various biometric metrics such as fingerprint, iris, and voice, to form a more complete “image” via sequential, parallel, hierarchical, and serial integration modes. These are the systems that are used in the most critical applications.