Biometrics

Biometrics are automated methods of recognizing a person based on physiological or behavioral characteristics. Examples include: fingerprints, hand geometry, retina or iris scans, facial recognition, voice patterns, and signature verification.

Biometric devices can be explained with a three-step procedure:

1. A sensor takes an observation. The type of sensor and its observation depend on the type of biometric device used. This observation gives us a 'biometric signature' of the individual.
2. A computer algorithm normalizes the biometric signature so that it is in the same format (size, resolution, etc.) as the signatures on the system's database. The normalization of the biometric signature gives us a 'Normalized Signature' of the individual.
3. A matcher compares the normalized signature with the set (or sub-set) of normalized signatures on the system's database and provides a 'similarity score' that compares the individual's normalized signature with each signature in the database set (or sub-set). What is then done with the similarity scores depends on the biometric system's application.
   

• Electronic Privacy Information Center (EPIC) Biometrics Page
  
  
• Biometrics in healthcare report from the International Biometrics Group

NIST Study Finds Fingerprint Matching Systems Highly Accurate

July 6, 2004 -- Computerized systems that automatically match fingerprints have become so sophisticated that the best of them are accurate more than 99 percent of the time, according to the most comprehensive known study of the systems ever conducted. Computer scientists at the National Institute of Standards and Technology (NIST) tested 34 commercially available systems provided by 18 companies from around the world.

The test used operational fingerprints from a variety of U.S. and state government sources. A total of 48,105 sets of fingerprints from 25,309 people, with a total of 393,370 distinct fingerprint images, were used to enable thorough testing.

The most accurate systems were from NEC of Japan, SAGEM of France and Cogent of the United States. The performance of these three systems was comparable. The performance varied depending on how many fingerprints from a given individual were being matched. The best system was accurate 98.6 percent of the time on single-finger tests, 99.6 percent of the time on two-finger tests, and 99.9 percent of the time for tests involving four or more fingers. These accuracies were obtained for a false positive rate of 0.01 percent.

NIST is publishing a series of reports on the testing that includes a comprehensive analysis of the results. The first of these reports is available at http://fpvte.nist.gov.

NIST's evaluation of commercial fingerprint matching, identification and verification systems produced a number of conclusions:

1. Of the systems tested, NEC, SAGEM, and Cogent produced the most accurate results
2. These systems performed consistently well over a variety of image types and data sources
3. These systems produced matching accuracy results that were substantially different than the rest of the systems
4. The variables that had the largest effect on system accuracy were the number of fingers used and fingerprint quality:
   • Additional fingers greatly improve accuracy
   • Poor quality fingerprints greatly reduce accuracy
5. Capture devices alone do not determine fingerprint quality
6. Accuracy can vary dramatically based on the type of data:
   • Accuracy on controlled data was significantly higher than accuracy on operational data
   • A biometric evaluation that only uses a single type of data is limited in how it can measure or compare systems
7. Incorrect mating information is a pervasive problem for operational systems as well as evaluations, and limits the effective system accuracy
8. With current technology, the most accurate fingerprint systems are far more accurate than the most accurate face recognition systems

Articles

Raise Your Hand for Biometric Security by Juan Carlos Perez, Computerworld, July 25, 2006
A Michigan community hospital had a drug problem: Rogue employees were stealing the narcotics. Solving the problem meant moving far beyond the usual PIN-and-passcard options.

Corporate America Slow to Adopt Biometric Technologies by Jaikumar Vijayan, Computerworld, August 6, 2004
Despite the much-touted benefits of technologies such as fingerprint, voice, iris and facial recognition systems, private companies have been slow to deploy them mainly because of cost, reliability and standards concerns. Providence Health System in Seattle is one example of a private-sector company that has given biometrics a pass, at least for now.

Report: Time is Ripe for Biometrics Federal Computer Week, June 23, 2003

• Sensing the future of security
• A moving target
• Scents and sensibility
• Comparison of biometric technologies
• Biometrics get cheaper, smaller
• Airports opt for iris, facial ID technology
• Legislation spurs biometrics at the borders

Special Report: Technology vs. Civil Liberties? Government's Use of Biometrics Security Technology Worries Some Privacy Activists
by David McGuire, WashingtonPost.com, September 25, 2002
Technology that identifies people by their immutable physical characteristics continues to generate tremendous interest among lawmakers and executives seeking to seal porous borders and protect against terrorist attacks. But some activists warn that increasing reliance on biometric devices is a serious threat to the privacy of innocent Americans.

NIST Identifies Good and Bad Points of Biometrics by William Jackson, Government Computer News, 08/26/02
The National Institute of Standards and Technology is busy wrapping up an evaluation of biometric technology for Congress, as mandated by the USA Patriot Act of 2001. The act calls for biometric identifiers on noncitizens ' travel documents by October 2004, and "it's going to happen whether you like it or not," said Charlie Wilson, manager of the Imaging Group in the NIST IT Lab's Information Access Division.

From SANS NewsBites, 31 May 2002: Biometric Technologies Don't Stand Up to Testing
A number of recent tests of biometric security technologies have underscored their weaknesses. A pilot face recognition system at Palm Beach (FL) International Airport had an accuracy rate of less that 50%; airport authorities decided against making the technology a part of their security procedure. A German technology magazine's tests of facial recognition systems and fingerprint readers showed the technologies were easily fooled. And finally, a Japanese engineering professor demonstrated techniques to create phony fingerprints that fool fingerprint readers.

Go to TOP