Verifying a person’s identity with biometrics is an automated process. Therefore biometrics and computers are irrevocably tied together. Biometrics is the study of identifying people by measuring their physical features or their behavior. I searched the local library database and found no books dedicated to biometrics. All my research material was downloaded off the Web. Like the Web, biometrics is a relatively new development. But, identifying people by their physical features or behavior is not new. People and animals have always identified each other by their personal features. Throughout history we have identified people by their height, skin tone, weight, hair color, mannerisms, voice, gate, and many other measurable differences. Have you ever made a statement like, I can tell that is Rachel by the she walks? We can instantly identify the person on the telephone by their individual voice pattern, if we are familiar with them. Currently, biometrics is focused in thirteen areas. They are fingerprinting, DNA, retinal scan, iris pattern, signature verification, keystroke dynamics, voice pattern, hand geometry, face recognition, ear shape, body odor, vein check, and palm prints.

The value of biometrics is that they are unique to each person. A password or personal identification number (PIN) can be forgotten, lost, or stolen. Since biometrics measures our physical or behavioral characteristics it’s always with us. The physical characteristics like palm prints, iris patterns, retinal scans, and palm prints are for the most part permanent and unchanging. The behavioral characteristics like voice patterns, keystroke dynamics, and signatures can change over time. Therefore, the "reference template must be updated each time it is used." For the most part, physical biometric systems tend to be more expensive than behavioral systems. But, both are more secure than identification numbers and smart cards. Pairing up or doubling biometrics identification methods increases security that much more.

Law enforcement agencies began the first organized study of biometrics in the late nineteenth century, when they started identifying people by their unique fingerprints. So it was that biometrics got its start in the law enforcement industry. In the early days, fingerprinting was a completely manual process. The absolute uniqueness of ones fingerprint is a highly debatable subject. Needless to say, many criminals have been convicted of crimes by unwittingly leaving their fingerprints at the scene of a crime. Law enforcement agencies like the Federal Bureau of Investigation and Scotland Yard have turned fingerprinting into a science.

With the coming of age of microprocessors and networking systems, fingerprinting has become an automated process in developed countries. Law enforcement officials have access to criminal records and fingerprints around the world. Fingerprinting is without a doubt the most popular form of biometrics. When I received my current U.S. Military identification card, my thumbprint was electronically scanned and input into Dependent Eligibility and Enrollment System (DEERS) database. Fingerprinting systems cost $3,000. 00 apiece five years ago. Two years ago they cost $500.00. Today, you can buy fingerprinting software and a scanning device for $100.00. (4)

DNA (deoxyribonucleic acid) is the chemical structure that forms chromosomes. One of America’s first introductions to DNA testing was the O. J. Simpson trial. All US Military personnel donate their blood so their DNA template can be stored. DNA verification is a very accurate biometric verification process. But, it’s time consuming and very expensive.

It’s not practical at this time for everyday public use. Plus, it’s a very intrusive and inconvenient to ask people to donate their blood. In addition, the template mapping and storage process takes too much time.

Retinal Scanning and iris pattern identification are similar as in they both are done on the human eye. They are often paired together in research material as well. But, they are different. In order to understand these two biometric processes, we must have some basic eyeball operation knowledge. The iris is the pigmented portion on the front of the eye. The iris color is the color of your eye. In the middle of the iris is the pupil, a hole that lets light waves in. The pupil controls the amount of light that refracts into the eye. When the light waves go through the pupil the image is reversed and refracted to the retina. This is the back inside portion of the eye that contains many blood vessels and light sensors. The retina sends the lights signals to the brain, where they are processed to give us sight. (7)

Retinal scanning is a process that requires the person to rest the portion of their face that surrounds the eye against a scanning device. The eye automatically orients itself to focus on and illuminated target area inside the scanner. The scanner records the blood vessel pattern of the retina. This requires subject to remove their eyeglass. It can take upwards of ten seconds for the equipment to compare the subject’s scanned retina to the stored template. Retinal scanning identification has been done in very high security areas controlled by the military, banks, and some high technology research centers.

Retinal scanning is believed to be the most reliable means of identification. Retinal scan proponents argue that fingerprints can be changed or altered by surgery or injuries to the hand. But, a person’s iris never changes and is very close to indestructible.

Amersterdam’s Sciphol International Airport is planning to incorporate retinal scanning into their security and identification processes. They are going to employ a retinal scanner built by Iridian Technologies, and the software company, Johan Enschede Securty Solutions of the Hague. The software allows an individual to store their retinal scan data on a smart card. The airport scanning system will not store their passenger’s retinal scan identification data. Instead, passengers will store their retinal scan information on their smart card. They plan on using the system to identify passengers who would normally have to go through their passport border control area. They will trial run it on volunteers from European Economic Union countries. They hope to cut the ten to thrifty minute passport control waiting time to 10 seconds. Passengers will have their retina scanned and their sample template will be compared to that stored on their special identification smart card. All airport employees and staff will carry the smart cards. They will be identified by their retina scans before entering secure areas of the airport. The trial period is scheduled to last through 2002. (6)

Iris scanning does not require direct contact with the equipment. The iris can be scanned up to one foot away. A German-based laser company, Rofin is developing iris scanning equipment. Rofin states that U.S. research teams are developing iris scanning equipment that can read irises from the side, making it possible to use the product while riding in an automobile. "Iris recognition involves 244 elements," which theoretically makes it far more accurate than fingerprinting. (4) A users’ iris scan information can take as little as 35 bytes of data. The small size of the data file also makes it an attractive process. Unlike retinal scanning, iris scanning is not affected by eyeglasses. Also unlike retinal scanning, cataracts don’t block the scan because they adhere to the eye lens, which is behind the iris.

Signature verification systems are making modest gains in bank card applications and package delivery operations. Federal Express is a major carrier that is using electronic signature tablets instead of hard copy paper. However, forgery of signatures is relatively easy, whether it’s electronic or pen on paper. Signature verification’s relatively low security level makes it a less desirable option than the high security biometric processes.

One very new and lesser known biometric system is keystroke dynamics. A company named Net Nanny has developed software that detects the user’s typing rhythms. It can be used on any device that requires the user to enter numbers or words through a keyboard. Keystroke Rhythm identification systems can be used to verify users of automated teller machines, computers, telephones, and keypad locks. Net Nanny is marketing their keystroke rhythm detection software under the name, "BioPasswordO." In my opinion, this biometric technology has potential to grow and become part of devices we use everyday. It’s easy to install and can work on any device that requires a keyboard or keypad.

Voice Verification Systems are inexpensive and easy to implement according to Voicevault, an Ireland based company and a leading provider of the technology. They claim to be able to verify someone’s identity over the telephone in less than one second. They are installing a system for the Irish Farmer’s Association that will verify the voice pattern of over five hundred farmers. If you followed the events following 11 September 2001, you may remember CNN reporting that United States intelligence picked up Usama Bin Laden’s voice over his cell phone. That was surely a case of voice recognition technology at work. As a biometrics discipline, voice recognition is a proven, relatively inexpensive, and readily available service. A large variety of telecommunications equipment manufacturers make voice verification more challenging in international and cross-boundary markets. Different types of telecommunications equipment like telephone switches, handsets, cabling, and transmission media can change the characteristics of the human voice signal in many different ways. (4)

Hand geometry biometrics uses the different sizes and shapes of hands to discriminate identities. The end-user’s hand is placed on a lighted board much like a x-ray machine. The board has 5 pegs that position the hand and fingers in reference points. Then, a digital camera photographs a high resolution picture which contains palm and side-view of the hand. Researchers are searching for more discernible features of the hand to increase it’s reliability. (5)

Facial recognition has all the earmarks of becoming another growing biometric discipline. Due in part to the horrific September 11th terrorist attacks, facial recognition received a hyper boost to develop and implement these systems. Facial recognition is non-intrusive and requires no physical contact. Facial recognition technology, like many other high-tech research projects was sponsored and guided by the Defense Advanced Research Projects Agency (DARPA). (2) DARPA works with civilian contractors to help them build and develop the best systems to satisfy DOD needs. The government plans on using facial recognition systems in airports, border checkpoints, and even welfare lines to detect fraud. This technology is expected to spread out into other areas as it’s worth is proven.

Here’s how a typical facial recognition system works. The facial recognition system is connected to a video surveillance system. "Recognition software searches the field of view of a video camera for faces." Special algorithms search for faces in a low resolution mode. When a face is found it goes into a high resolution mode. After detection, the face is aligned to determine the head’s size, position, and pose." (3) The next step is normalization, the face image is scaled and rotated so it can get registered and mapped. Features like the distance between eyes, nose measurements, eye socket depth, cheekbones, jaw lines, and chin features are mapped into a 84 byte file called the faceprint. The face must be within a 35 degree look angle to the camera for it to map the faceprint. The system must capture "14 of 22 nodal points" for it to successfully encode a faceprint. The "Facelt EyeDentity Facial Recognition System" can match faceprint at a rate of 60 million per minute. A threshold number is set between one to ten. When that threshold number is met, a positive match is registered.

The goal is to record and document all passengers and airport personnel coming and going throughout the building. The faceprints are recorded, compared to the faceprint database, or entered into the database. Matches of known criminals and terrorists are searched. Or, in the case of welfare lines, the facial features are scanned and logged for comparison to look for fraud or double dipping welfare recipients.

The following biometrics endeavors are lesser known, lesser developed, and their worthiness is still unknown. Ear shape biometrics is definitely in the under review category. As the name suggests, it identifies people by their unique ear shape, and cheek structure. It works in much of the same ways as facial recognition. Body odor is the study of identifying people by their unique body odors. Vein check biometrics seeks to identify people by their unique vein patterns on the back of their hand.

One main point that biometric system developers always make a point of explaining is the difference between identification and authentication. Identification seeks to find the identity of someone by comparing their sample template to many others that are stored on the system, or accessible by the system. Authentication and verification are the same thing. Verification is comparing someone’s sample template to the one stored in the system. They are verifying their authorization. (8)

Now that we have a good understanding of the different biometric disciplines, we need to learn how to speak biometric lingo to round out our training. The following terms are unique to biometrics. They were extracted from the Sense Holdings Incorporated on-line biometrics dictionary: (1)

uBiometric Engine: The software portion that controls and runs the biometric application.

uClaimant: A person receiving biometric sampling for verification or identification, whether they are or are not who they claim to be.

uDegree of Freedom: The amount of "statistically independent features" that a biometric systems employs to verify identities. Theoretically, higher degree of freedom numbers result in higher system accuracy.

uEnd User: A person that is being tested for identification, verification, or to give their biometric sample.

uFalse Acceptance: When a biometric system makes a mistaken identity, or mistaking accepts an impostor as a good identification. Also called a "Type II Error." The formula for predicting false acceptances is know as the False Acceptance Rate (FAR). NFA stands for the number of false acceptances. NIIA is the number of impostor identification attempts. The formula looks like this: FAR = NFA / NIIA.

uFalse Rejection: When a biometric system fails to verifiy a valid user or an enrolee. False rejection is also used when a system fails to verify an approved user. This is also called a "Type I error."

uGoats: A biometric system user whose "pattern of activity when interfacing with the system varies beyond the specified range allowed by the system." Their interface patterns vary so much that they cause false rejections.

uGenetic Penetrance: The amount of characteristics that are genetically inherited by successive generations.

uOne to Many: The same as identification because the system is comparing the end-user’s template to many stored templates.

uOne to One: The same as verification because the system is checking a end-user’s new template with the stored template to verify that they are the same.

uResponse Time: The time it takes a biometric system to verify a sample or create a template.

uThroughput Rate: The amount of end-users a system can test in a given time period.

uWavelet Transform / Scaler Quantisation (WSQ): An algorithm designed to to compress the size of biometric system templates.

Some of the biometric systems currently under development won’t get into mainstream everyday life. Some are already used everyday. Others will become household terms in the future. Since biometrics are here to stay, we might as well understand them and get accustomed to them being around.

The End

1. Unknown Author. Reference Undated. Biometric Dictionary. Available [Online]: <http://www.senseme.com/scripts/biometrics/biometricdictionary.htm> Downloaded 28 April 2002.

2. Bonsor, Kevin. Reference Undated. How Facial Recognition Systems Work. I’d recognize You Anywhere. Available [Online]: <http://www.howstuffworks.com/facial-recognition2.htm> Downloaded 27 April 2002.

3. Bonsor, Kevin. Reference Undated. How Facial Recognition Systems Work. The face Is The Thing. Available [Online]: <http://www.howstuffworks.com/facial-recognition1.htm> Downloaded 27 April 2002.

4. Unknown Author. Reference Undated. Biometrics explained. Available [Online]: <http://www.bapi.org/biometrics/explained.htm> Downloaded 26 April 2002.

5. Unknown Author. Reference Undated. Biometrics: Hand Geometry Projects. Available [Online]: <http://biometrics.cse.msu.edu/hand_proto.html> Downloaded 26 April 2002.

6. Rosenbaum, Andrew. 2 November 2002. Amsterdam Airport Adopts Retinal Scanning ID Tech. Available [Online]: <http://www.newsbytes.com/news/01/171803.html>

7. "Structure of the Eye." Microsoft Encarta 98 Encyclopedia. 1993-1997. Microsoft Corporation.

8. Unknown Author. Reference Undated. The Distinction Between Authentication and Identification. Available [Online]: <http://homepage.ntlworld.com/avanti/authnticate.htm> Downloaded 7 April 2002.

1. Biometrics is identifying people by measuring their physical features or behavior

a. Verifying identities with biometrics is and automated process

b. 13 biometric areas: (1) Fingerprinting (2) DNA (3) Retinal scan (4) iris pattern

(5) signature verification (6) keystroke dynamics (7) voice pattern

(8) hand geometry (9) face recognition (10) ear shape (11) body odor

(12) vein check (13) palm prints

2. Biometrics are unique to each person, can’t be forgotten

3. PINs can be lost, stolen, or forgotten

4. Law enforcement started fingerprinting in early 19th century, 1st biometric study

5. The advancement of microprocessors key to biometric study

6. Electronic fingerprinting equipment and software:

1997= $3,000.00, 2000= $500.00, 2002= $100.00

7. DNA testing is accurate but time consuming and expensive

8. Human eye operation

9. Retinal scanning considered the most accurate

a. Require user interface

10. Iris scanning can be done from 1 foot away

a. eye glasses don’t have to be removed

b. Amsterdam Airport testing iris scan identification to shorten 10 to 30 minute passport wait to 10 seconds

11. Signature verification is done by Federal Express

12. Voice verification system being tested on 500 plus farmers in Ireland

a. Used by U.S. Intelligence to pick up Usama Bin Laden’s cell phone conversations

13. Hand geometry future unknown

14. Facial recognition has great potential in curbing anti-terrorism and catching criminals

a. DARPA aided development

b. Template stored on 84 byte file called faceprint

15. Identification is one-to-many process

16. Verification is one-to-one process

17. Biometric terms to know

a. Biometric Engine

b. Claimant

c. Degree of Freedom

d. End User

e. False Acceptance

f. False Rejection

g. Goats

h. Genetic Penetrance

i. One to Many

j. One to One

k. Response Time

l. Throughput Rate

m. Wavelet Transform