Biometric security systlems

Index 1. Preface 2. Acknowledgements 3. Biometrics: Definition and Concept 4. Iris Identification -Concept, working, application, etc. 5. Fingerprinting System - Concept, working, application, etc. 6. Facial Recognition - Concept, working, application, etc. 7. Comparative study: Biometric Security Systems 8. Selecting a Biometric Tech, Future and Applications 9. Summary 10. Bibliography Preface Physical features, such as face, fingerprint, iris, retina, hand, or behavioral features, such as signature, voice, gait, must fulfill a certain criteria to qualify for use in recognition. They must be unique, universal, acceptable, collectable and convenient to the person, in addition, to reliability at recognition, performance and circumvention. However, most importantly, permanence is a key feature for biometrics. They must retain all the above features in particular the uniqueness unchanged, or acceptably changed, over the lifetime of the individual. On the other hand, this fundamental feature has brought biometrics to challenge a new risk. If biometric data is obtained, for example compromised from a database, by unauthorized users, the genuine owner will lose control over them forever and lose his/her identity. Previously, research was focusing on using biometrics to overcome the weakness in traditional authentication systems that use tokens, passwords or both. Weakness, such as sharing passwords, losing tokens, guessable passwords, forgetting passwords and a lot more were successfully targeted by biometric systems, although accuracy still remains a great challenge for many different biometric data. But one ordinary advantage of password does not exist in biometrics. That is re-issuing. If a token or a password is lost or stolen, they can be cancelled and replaced by a newer version i.e. reissued. On the other hand, this is not naturally available in biometrics. If someone‘s face is compromised from a database, they cannot cancel it neither reissue it. All data, including biometrics is vulnerable whether in storage or in processing state. It is relatively recently research has been undertaken to consider protection of biometric data more seriously. Cancelable biometrics is a way in which to inherit the protection and the replacement features into biometrics. It was first proposed by Ratha et al. Besides reliable accuracy performance and the replacement policy cancellable biometric has to be non-revisable in order to fulfill the aim. -1- Several methods for generating cancellable biometrics have been proposed. Essentially, cancelable biometrics performs a distortion of the biometric image or features before matching. The variability in the distortion parameters provides the cancelable nature of the scheme. Some of the proposed techniques operate using their own recognition engines, such as Teoh et al and Savvides et al, whereas other methods, such as Dabbah et al, take the advantage of the advancement of the well-established biometric research for their recognition front-end to conduct recognition. Although this increases the restrictions on the protection system, it makes the cancellable templates more accessible for available biometric technologies. In general, cancelable biometrics may be seen to represent a promising approach to address biometric security and privacy vulnerabilities. However, there are several concerns about the security of such schemes. First, there is very little work analyzing their security, except for an analysis of biohashing. Secondly, while distortion schemes should be preferably non-invertible, no detailed proposed scheme has this property. In fact, it would appear to be trivial to undistort the template given knowledge of the distortion key in most cases. Third, cancelable biometrics would appear to be difficult to implement in the untrusted scenarios for which they are proposed: if the user does not trust the owner of the biometric sensor to keep the biometric private, how can they enforce privacy on the distortion parameters used? This last concern is perhaps the most serious: the security of cancelable biometrics depends on secure management of the distortion parameters, which must be used for enrollment and made available at matching. Furthermore, such keys may not be much better protected than current passwords and PINs. In summary, cancelable biometrics offer a possible solution to certain serious security and privacy concerns of biometric technology; however, current schemes leave a number of important issues unaddressed. Research is very active in this subject, and may succeed in addressing these concerns. -2- Acknowledgments I am very thankful to my parents, the saints in our order and my religion for always inspiring me to be honest. I thank my late friend, her parents and my sister for always standing by me and showing me the right way I extend my sincere thanks to my respected teachers Mr. Neeraj Shrivastava (HOD – Dept. of CSE & IT), Mr. Surendra Yadav (Seminar – Coordinator), Mr Praveen Nagar (Guide – Seminar). The idea for giving a seminar on this subject came to me in my semester break wherein I inferred the importance and uniqueness of itself. All my matter is based on papers, thesis and books from the world wide web. My knowledge through other medias like television programs and fictional motion pictures came in very handy. -3- Biometric Security Systems Biometrics: Definition and Concept A BRIEF HISTORY OF BIOMETRICS Chinese Precursor Possibly the first known example of biometrics in practice was a form of finger printing being used in China in the 14th century, as reported by explorer Joao de Barros. He wrote that the Chinese merchants were stamping children's palm prints and footprints on paper with ink to distinguish the young children from one another. This is one of the earliest known cases of biometrics in use and is still being used today. European Origins Elsewhere in the world up until the late 1800s, identification largely relied upon "photographic memory." In the 1890s, an anthropologist and police desk clerk in Paris named Alphonse Bertillon sought to fix the problem of identifying convicted criminals and turned biometrics into a distinct field of study. He developed a method of multiple body measurements which got named after him (Bertillonage). His system was used by police authorities throughout the world, until it quickly faded when it was discovered that some people shared the same measurements and based on the measurements alone, two people could get treated as one. After the failure of Bertillonage, the police started using finger printing, which was developed by Richard Edward Henry of Scotland Yard, essentially reverting to the same methods used by the Chinese for years. Modern Times In the past three decades biometrics has moved from a single method (fingerprinting) to more than ten discreet methods. Companies involved with new methods number in the hundreds and continue to improve their methods as the technology available to them advances. Prices for the harware required continue to fall making systems more feasible for low and mid-level budgets. As -4- the industry grows however, so does the public concern over privacy issues. Laws and regulations continue to be drafted and standards are beginning to be developed. While no other biometric has yet reached the breadth of use of fingerprinting, some are beginning to be used in both legal and business areas. DEFINITION Biometrics (ancient Greek: bios ="life", metron ="measure") refers to two very different fields of study and application. The first, which is the older and is used in biological studies, including forestry, is the collection, synthesis, analysis and management of quantitative data on biological communities such as forests. Biometrics in reference to biological sciences has been studied and applied for several generations and is somewhat simply viewed as "biological statistics." More recently and incongruently, the term's meaning has been broadened to include the study of methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. Common Human biometric characteristics: -5- Classification of some biometric traits:Biometric characteristics can be divided in two main classes, as represented in figure on the right:  physiological are related to the shape of the body. The oldest traits, that have been used for more than 100 years, are fingerprints. Other examples are face recognition, hand geometry and iris recognition.  behavioral are related to the behavior of a person. The first characteristic to be used, still widely used today, is the signature. More modern approaches are the study of keystroke dynamics and of voice. Strictly speaking, voice is also a physiological trait because every person has a different pitch, but voice recognition is mainly based on the study of the way a person speaks, commonly classified as behavioral. Other biometric strategies are being developed such as those based on gait (way of walking), retina, hand veins, ear canal, facial thermogram, DNA, odor and scent and palm prints. It is possible to understand if a human characteristic can be used for biometrics in terms of the following parameters:        Universality each person should have the characteristic Uniqueness is how well the biometric separates individually from another. Permanence measures how well a biometric resists aging. Collectability ease of acquisition for measurement. Performance accuracy, speed, and robustness of technology used. Acceptability degree of approval of a technology. Circumvention ease of use of a substitute. -6- CONCEPT: The diagram above shows a simple block diagram of a biometric system. When such a system is networked together with telecommunications technology, biometric systems become telebiometric systems. The main operations a system can perform are enrollment and test. During the enrollment, biometric information from an individual is stored. During the test, biometric information is detected and compared with the stored information. Note that it is crucial that storage and retrieval of such systems themselves be secure if the biometric system is be robust. The first block (sensor) is the interface between the real world and our system; it has to acquire all the necessary data. Most of the times it is an image acquisition system, but it can change according to the characteristics desired. The second block performs all the necessary pre-processing: it has to remove artifacts from the sensor, to enhance the input (e.g. removing background noise), to use some kind of normalization, etc. In the third block features needed are extracted. This step is an important step as the correct features need to be extracted and the -7- optimal way. A vector of numbers or an image with particular properties is used to create a template. A template is a synthesis of all the characteristics extracted from the source, in the optimal size to allow for adequate identifiably. If enrollment is being performed the template is simply stored somewhere (on a card or within a database or both). If a matching phase is being performed, the obtained template is passed to a matcher that compares it with other existing templates, estimating the distance between them using any algorithm (e.g. Hamming distance). The matching program will analyze the template with the input. This will then be output for any specified use or purpose (e.g. entrance in a restricted area. ISSUES & CONCERNS As with many interesting and powerful developments of technology, there are concerns about biometrics. The biggest concern is the fact that once a fingerprint or other biometric source has been compromised it is compromised for life, because users can never change their fingerprints. A theoretical example is a debit card with a personal Identification Number (PIN) or a biometric. Some argue that if a person's biometric data is stolen it might allow someone else to access personal information or financial accounts, in which case the damage could be irreversible. However, this argument ignores a key operational factor intrinsic to all biometrics-based security solutions: biometric solutions are based on matching, at the point of transaction, the information obtained by the scan of a "live" biometric sample to a pre-stored, static "match template" created when the user originally enrolled in the security system. Most of the commercially available biometric systems address the issues of ensuring that the static enrollment sample has not been tampered with (for example, by using hash codes and encryption), so the problem is effectively limited to cases where the scanned "live" biometric data is hacked. Even then, most competently designed solutions contain anti-hacking routines. For example, the scanned "live" image is virtually never the same from scan to scan owing to the inherent plasticity of biometrics; so, ironically, a -8- "replay" attack using the stored biometric is easily detected because it is too perfect a match. The television program Myth Busters attempted to break into a commercial security door equipped with biometric authentication as well as a personal laptop so equipped. While the laptop's system proved more difficult to bypass, the advanced commercial security door with "live" sensing was fooled with a printed scan of a fingerprint after it had been licked. There is no basis to assume that the tested security door is representative of the current typical state of biometric authentication, however. With careful matching of tested biometric technologies to the particular use that is intended, biometrics provide a strong form of authentication that effectively serves a wide range of commercial and government applications. However, the clear concern is that the number of biometric samples of an individual are limited. If all samples are lost via compromise the legitimate owner will be unable to replace the old ones. Additionally, the limited number of samples means that there is a concern with secondary use of biometric data: a user who accesses two systems with the same fingerprint may allow one to masquerade is her to the other. Several solutions to this problem are actively being researched, such as Biometric Encryption and Cancelable Biometrics. BIOMETRICS & PRIVACY A concern is how a person's biometric, once collected, can be protected. Australia has therefore introduced a Biometrics Institute Privacy Code Biometrics Institute in order to protect consumer personal data beyond the current protections offered by the Australian Privacy Act. MARKETING of BIOMETRICS PRODUCTS Despite confirmed cases of defeating commercially available biometric scanners, many companies marketing biometric products (especially consumer-level -9- products such as readers built into keyboards) claim the products as replacements, rather than supplements, for passwords. Furthermore, regulations regarding advertising and manufacturing of biometric products are (as of 2006) largely nonexistent. Consumers and other end users must rely on published test data and other research that demonstrate which products meet certain performance standards and which are likely to work best under operational conditions. Given the ease with which other security measures such passwords and access tokens may be compromised, and the relative resistance of biometrics to being defeated through alteration and reverse engineering, large scale adoption of biometrics may offer significant protection against the economic and social problems associated with identity theft.  The use of fingerprints for identification in schools SOCIOLOGICAL CONCERNS As technology advances, and time goes on, more private companies and public utilities may use biometrics for safe, accurate identification. These advances are likely to raise concerns such as:  Physical - Some believe this technology can cause physical harm to an individual using the methods, or that instruments used are unsanitary. For example, there are concerns that retina scanners might not always be clean.  Personal Information - There are concerns whether our personal information taken through biometric methods can be misused, tampered with, or sold, e.g. by criminals stealing, rearranging or copying the biometric data. Also, the data obtained using biometrics can be used in unauthorized ways without the individual's consent. - 10 - DANGER TO OWNERS ITEMS When thieves cannot get access to secure properties, there is a chance that the thieves will stalk and assault the property owner to gain access. If the item is secured with a biometric device, the damage to the owner could be irreversible, and potentially cost more than the secured property. In 2005, Malaysian car thieves cut off the finger of a Mercedes-Benz S-Class owner when attempting to steal the car. - 11 - IRIS IDENTIFICATION SYSTEM Humans have traditionally identified each other by their appearance, by the sound and content of their speech, and by context. By using these parts of the body and with the help of ―BIOMETRICS‖ many security systems are being developed. We have many security systems but failed to identify the terrorist hijackers who crashed the aero planes into buildings on ‗September 11‘though they were in FBI "watch lists,‖ To over come some of the defaults of these security systems we have ―THE IRIS SECURITY SYSTEM‖. The iris is an internal organ of the eye — perhaps the only internal organ of the body that is routinely visible from outside — and its patterns are resolvable with good video cameras from distances of up to about a meter. The iris is located behind the cornea of the eye, and behind the aqueous humour, but in front of the lens. Though we have other biometric traits we go for iris technology because of its uniqueness. This is because iris patterns have a high degree of randomness in their structure. This is what makes them unique. The main principle of this system depends on the algorithm which encode the iris pattern into an abstract mathematical description called an "Iris Code," which is the bar-code like bit stream This process relies upon two-dimensional wavelets - 12 - (mathematical functions that are like restricted Fourier components, i.e. sine waves multiplied by Gaussian envelopes to give them locality) which is given as follows The result of the wavelet analysis is that any piece of an iris can be said to have a certain phase. The phase coordinates of every part of the iris are quantized to just two bit accuracy — i.e. only the identity of a quadrant of the complex plane is encoded as the representation for each small piece of structure seen in the iris. This "phase sequence" allows an iris pattern to be encoded in a total of 512 bytes worth of information. Whenever a person presents his/her eye to a camera, its Iris Code is computed within a second or less, and then this is compared with all previously enrolled Iris Codes in the relevant database to see whether any of them match. An important point is that the person does not need to assert any identity; the algorithms are powerful enough (and fast enough) to discover their identity, if they have been seen before and enrolled. The speed of database search is about 100,000 Iris Codes per second. This ability to be recognized without having first to assert an identity — e.g. by swiping a card, or by typing in a name or a PIN number — is one potential advantage of iris identification for persons who have limited use of arms or hands. This "hands-free" use of iris recognition is possible because the probability of False Matches is so low i.e. about 1/1,200,000 so that the algorithms can "afford" to search large databases exhaustively, rather than just answering a single yes/no question about a claimed identity. In many millions of Iris Code comparisons that have been done in tests by independent laboratories (e.g. the UK‘s NPL Labs), so far there has never been a single False match reported. As with almost every new technology that seeks to find its place in everyday life, iris recognition has both the potential to be a convenience enhancer (including an access enhancer), but also the potential to be an obstacle or excluder if improperly configured or installed without consultation and guidance from disabled persons. - 13 - Because it allows hands-free, automatic, rapid and reliable identification of persons, it can facilitate access for persons unable to engage in the standard mechanical transactions of access. INTRODUCTION:Humans have traditionally identified each other by their appearance, by the sound and content of their speech, and by context. If the other person is neither visible nor audible, e.g. when receiving their email, we either simply accept their asserted identity, allow it to establish itself by shared knowledge and context, or rely on - 14 - special secret knowledge such as encryption keys. With the arrival of automation, identification of persons has continued to rely largely on special possessions (magnetic or optical stripe cards) and on secrets (computer login password, or cash point PIN number).The fundamental problem with traditional methods of identification — whether between human strangers, or identification of persons by machines — took on new urgency on 11 September, 2001. Some of the terrorist hijackers who crashed the aero planes into buildings were on FBI "watch lists," but they were using false passports. With no reliable mechanism to confirm any connection between a passport (or other identity device) and its holder, 11 September was a catastrophe waiting to happen. To solve some of the problems faced by security systems and identification process a technology called "biometrics" (from biological measurement) introduced some new type of security and identification systems based on some of human parts which differ from one person to other. These could be anatomical, physiological, or even behavioral. The sounds of a person‘s voice, or they way in which they sign their name, are examples of behavioral biometrics. Their blood type or markers in their tissue or fluid samples (including DNA itself) are examples of physiological biometrics, although these would be used more typically in forensic applications rather than in real-time, live applications. Most currently used biometrics are anatomical: facial appearance, hand geometry, fingerprints, retinal vein patterns, and iris patterns. But the most efficient method is the iris recognition method. WHAT IS IRIS? The iris is an internal organ of the eye — perhaps the only internal organ of the body that is routinely visible from outside — and its patterns are resolvable with good video cameras from distances of up to about a meter. The iris is located behind the cornea of the eye, and behind the aqueous humour, but in front of the lens. Its only physiological purpose is of course to control the amount of light that - 15 - enters the eye through the pupil, by the action of its dilator and sphynctor muscles that control pupil size, but its construction from elastic connective tissue gives it a complex, fibrillous pattern. WHY IRIS ONLY? Though we have other biometric traits we go for iris technology because of its uniqueness. This is because iris patterns have a high degree of randomness in their structure. This is what makes them unique. Every biometric depends upon random variation amongst different persons in the chosen measurements, in order to guarantee that a particular pattern is unique to just one person and thus can serve as a reliable automatic identifier of them. The greater the degree of randomness, the greater the likelihood of uniqueness. This can be measured mathematically by the number of "degrees-of-freedom" in the template. This is essentially a count of the number of independent forms of variation, or the dimensions of variability, that are spanned by the biometric across different persons. For the case of iris patterns, there are about 250 degrees-of-freedom; for fingerprints it is about 35, and for faces it is about 20. A good analogy (both for the connective tissue of the iris and also for this mathematical measure!) is throwing down a plate of sticky noodles. The sticky noodles will fall into a random pattern, whose complexity (and therefore whose uniqueness) depends on how many noodles there were in the plateful. An iris pattern is a bit like a plate of 250 sticky noodles, and so the combinatorics of possible patterns that the pectinate ligament in the trabecular meshwork of the iris can form is truly astronomical. More precisely, its combinatorics is binomial — described by binomial distributions, as are the possible outcomes from tossing a coin 250 times in a row. The likelihood of getting all "heads" is 0.5 raised to the 250th power, which is roughly 10 raised to the minus 75th power. Iris Scan Technology - 16 - With new technologies the eyes are more than ―windows to your soul.‖ People are carrying with them a living key or password that will never be forgotten and will always be there. The technology is available now through work in computer vision, pattern recognition, and man-machine interface to create a reliable lock that a person‘s iris pattern will open. The randomness of iris patterns has a very high dimensionality making recognition decisions reliable with a high level of confidence. The purpose of iris recognition products is to provide real-time, high-confidence recognition of a person‘s identity through mathematical analysis of random patterns in the iris. Irises (pigmented, round, contractile membranes in the eyes) are unique in each individual. The iris is a protected internal organ whose random texture is stable and unchanging, from about one year of age until death. It is the most individually distinctive feature of the human body. No two irises are alike, not even among twins. In fact, left and right irises of one individual are not identical. The statistical probability that two irises would ever be exactly the same is estimated at 1 in 1072. Iris recognition is statistically more accurate than DNA testing. All iris recognition systems are based on the algorithms. This development allows one to read and map the rich data in a person‘s iris. This data includes rifts, pits, freckles, striations, contraction furrows, crypts, coronas, serpentine vasculature, and caliginous fibers and remains stable throughout a person‘s lifetime. WORKING: Iris recognition begins with a video picture of the eye and iris within it. A monochrome CCD is the type of camera used. The boundaries of the pupil and limbus (the outer edge of the iris) are defined, eyelid occlusion and reflections are discounted, and the image is readied for processing. Recording 240 degrees of freedom (DOF) or independent characteristics of an iris distinguish one iris from another. This information is encoded into a 512 byte-digitized record from that - 17 - glance at the camera. Typically both eyes are enrolled. The digital record can be stored in hexadecimal code in a data base like any other information. This recorded iris pattern can then be used for recognition when a live iris is presented for comparison. Eyeglasses and contact lenses, even colored contacts, do not obscure the iris so the system is able to perform through them. Enrollment in the system is usually accomplished in three minutes or less. Depending on the lens design and ambient illumination the subjects stand between 8 to 30 inches from the Optical Unit. A powerful search engine does an exhaustive search to compare the iris presented to ones encoded in the data base. A recognition decision is made in real-time, seconds, not days, hours, or minutes required by other biometrics operations. Without use of a person making a final judgment a positive recognition decision can be made with ―imposter odds‖ of 1 in 1048. Stated another way, the probability that a recognition is wrong is an extraordinarily low in this technology. Anyplace that currently relies on keys, cards, badges, documents, passwords, or PIN numbers is a possible candidate for iris recognition use. Some of these are financial transactions, e-commerce, entitlement payments, passport control, police, and forensic applications. With escalating treats of identity theft the need for accurate recognition decisions increases. Other biometrics recognition systems include fingerprinting, palm prints, hand geometry, nailbed identification, facial recognition, and retinal scan. Behavioral characteristics used for identification are signature dynamics, keyboard dynamics, and voice recognition. Iris and retina scans are the most accurate of all biometric techniques and, currently, the most costly. The entire biometrics market is projected to reach $2.6 billion by 2004. - 18 - Generating an Iris Code Now that we have Gabor wavelets, let‘s do something interesting with them. Lets start with an image of an eye and then unroll it (map it to Cartesian coordinates) so we have something like the following: What we want to do is somehow extract a set of unique features from this iris and then store them. That way if we are presented with an unknown iris, we can compare the stored features to the features in the unknown iris to see if they are the same. We‘ll call this set of features an "Iris Code." Any given iris has a unique texture that is generated through a random process before birth. Filters based on Gabor wavelets turn out to be very good at detecting patterns in images. We‘ll use a fixed frequency 1D Gabor filter to look for patterns in our unrolled image. First, we‘ll take a one pixel wide column from our unrolled image and convolve it with a 1D Gabor wavelet. Because the Gabor filter is complex, the result will have a real and imaginary part which is treated separately. We only want to store a small number of bits for each iris code, so the real and imaginary parts are each quantized. If a given value in the result vector is greater than zero, a one is stored; otherwise zero is stored. Once all the columns of the image have been filtered and quantized, we can form a new black and white - 19 - image by putting all of the columns side by side. The real and imaginary parts of this image (a matrix), the iris code, are shown here: Now that we have an iris code, we can store it in a database, file or even on a card. What happens though if we want to compare two iris codes and decide how similar they are? Comparing Iris Codes The problem of comparing iris codes arises when we want to authenticate a new user. The user‘s eye is photographed and the iris code produced from the image. It would be nice to be able to compare the new code to a database stored codes to see if this user is allowed or to see who they are. To perform this task, we‘ll attempt to measure the Hamming distance between two iris codes. The Hamming distance between any two equal length binary vectors is simply the number of bit positions in which they differ divided by the length of the vectors. This way, two identical vectors have distance 0 while two completely different vectors have distance 1. Its worth noting that on average two random vectors will differ in half their bits giving a Hamming distance of 0.5. The Hamming distance is mathematically defined in this equation: D= A? length(A) In theory, two iris codes independently generated from the same iris will be exactly the same. In reality though, this doesn‘t happen vary often for reasons such as imperfect cameras, lighting or small rotational errors. To account for these slight inconsistencies, two iris codes are compared and if the distance between them is below a certain threshold we‘ll call them a match. This is based on the idea of statistical independence. The iris is random enough such that iris codes from different eyes will be statistically independent (i.e.: have a distance larger - 20 - than the threshold) and therefore only iris codes of the same eye will fail the test of statistical independence. Empirical studies with millions of images have supported this assertion. In fact, when these studies used the threshold used in our method (.3) false positive rates fell below 1 in 10 million. Iris Recognition Results Our implementation of the iris recognition algorithm is broken up into several components, each of which has its strengths and weaknesses. The pupil recognition algorithm appears to be 98% effective in detecting the pupil center when tested against a database of 50 images. This is due to the extremely uniform black color of the pupil and strong contrast to the iris and virtual all other features in the image. Although the assumptions that the algorithm is founded break down in extreme cases, such as when there are other large black spots in the image, these cases can be detected by other means and discarded. The iris detection algorithm proved to be rather hit-or-miss. In it‘s current form, it has a 50% success rate in detecting the iris correctly within an image of the eye. This large error lies mostly in the ‘guessing‘ scheme used to make an initial prediction about the radius of the iris. This guessing scheme can be expanded to make higher precision, higher accuracy guesses at the expensive of algorithm execution speed. Also, the iris-sclera transition boundary of the eye can be more intensively processed by a multi-scale edge detection kernel (the implementation in this project uses a single-scale Haar wavelet kernel). IRIS FEATURE ENCODING BY 2-D WAVELET DEMODULATION:Each isolated iris pattern is then demodulated to extract its phase information using quadrature 2-D Gaborwavelets. This encoding process is illustrated in Fig above. It amounts to a patch-wise phase quantization of the iris pattern, by identifying in which quadrant of the complex plane each resultant phasor lies - 21 - when a given area of the iris is projected onto complex-valued 2-D Gabor wavelets: where h {Re, Im} can be regarded as a complex-valued bit whose real and imaginary parts are either 1 or 0 (sgn) depending on the sign of the 2-D integral; I (?, ?) is the raw iris image in a dimensionless polar coordinate system that is size- and translation- invariant and which corrects for pupil dilation ? and ? are the multiscale 2-D wavelet size parameters, spanning an eight-fold range from 0.15 to 1.2 mm on the iris; ? is wavelet frequency, spanning three octaves in inverse proportion to ? ; and (r0,?0 represent the polar coordinates of each region of iris for which the phasor coordinates h{Re,Im}are computed. Such a phase quadrant coding sequence is illustrated for one iris by the bit stream shown graphically in Fig above .A desirable feature of the phase code portrayed in Fig is that it is a cyclic, or gray code: in rotating between any adjacent phase quadrants, only a single bit changes, unlike a binary code in which two bits may change, making some errors arbitrarily more costly than others. Altogether, 2048 such phase bits (256 bytes) are computed for each iris, but in a major improvement over the author‘s earlier algorithms, now an equal number of masking bits are also computed to signify whether any iris region is obscured by eyelids, contains any eyelash occlusions, specular reflections, boundary artifacts of hard contact lenses, or poor signal-to-noise ratio (SNR) and thus should be ignored in the demodulation code as artifact. Only phase information is used for recognizing irises because amplitude information is not very discriminating, and it depends upon extraneous factors such as imaging contrast, illumination, and camera gain. The phase bit settings which code the sequence of projection quadrants as shown in Fig capture the information of wavelet zero-crossings, as is clear from the sign operator in (2). The extraction of phase has the further advantage that phase angles remain defined regardless of how poor the image contrast may be, as illustrated by the extremely out-of-focus image in Fig. 3. Its phase bit stream has statistical properties such as run lengths similar to those of the code for the properly focused eye image in Fig. The benefit which arises from the fact that - 22 - phase bits are set also for a poorly focused image as shown here, even if based only on random CCD thermal noise, is that different poorly focused irises never become confused with each other when their phase codes are compared. By contrast, images of different faces look increasingly alike when poorly resolved and can be confused with each other by appearance-based face recognition algorithms. Motivation: There is a strong scientific demand for the proliferation of systems, concepts and algorithms for iris recognition and identification. This is mostly because of the comparatively short time that iris recognition systems have been around. In comparison to face, fingerprint and other biometric traits there is still a great need for substantial mathematical and computer-vision research and insight into iris recognition. One evidence for this is the total lack of publicly available adequate datasets of iris images. Following the tradition of the face recognition and the face detection this is intended to be an information pool for the iris recognition community. Its goal is to provide an entry point for the starter as well as a centralized information resource to concentrate iris recognition and related scientific efforts. An iris-based biometric, on the other hand, involves analyzing features found in the colored ring of tissue that surrounds the pupil. Iris scanning, undoubtedly the less intrusive of the eye-related biometrics, uses a fairly conventional camera element and requires no close contact between the user and the reader. In addition, it has the potential for higher than average template-matching performance. Iris biometrics work with glasses in place and is one of the few devices that can work well in identification mode. Ease of use and system integration has not traditionally been strong points with iris scanning devices, but you can expect improvements in these areas as new. - 23 - Algorithm for unwrapping the iris region. The newly introduced IRISPASS-WG system is a succeeding version of the IRISPASS-S. It maintains the accurate iris recognition function of the previous model, while enhancing the user-operability with newly developed software that automatically detects the position of the human eyes. An individual‘s iris patterns can be registered or identified by simply standing in front of the identification device. The required time for authentication is about three seconds. The system enables accurate, high-speed authentication of the iris even while wearing glasses. The system consists of a system management device and registration device, both of which are located at the customer‘s control center, and identification devices, which are installed at entrances. The system allows connection to as many as 127 identification devices per system. The system management device has various functions, including iris information registration, management of individual information and authentication history, status monitoring of identification devices, and remote gate-management. The security of the entire system is also enhanced by the addition of functions to allow the iris authentication of the system administrators, who access the system management device and prevent unauthorized operations on a PC connected to the device. The identification device incorporates functions enabling identified data to work with monitoring cameras and guard systems, which allows customers to establish comprehensive security systems. Major characteristics of iris recognition: 1. The iris, being a human organ, renders forgery difficult. 2. It uses cameras to capture images of the iris, and the system does not require physical contact with the equipment, thereby freeing users from possible hygienic concerns. - 24 - 3. Since the iris pattern is more complex and random than other biometric patterns, it offers a highly precise method for individual authentication with a false-acceptance error rate of less than 1 in 1.2 million. 4. The iris pattern remains unchanged after the age of two and does not degrade over time or with the environment, therefore the initially registered data may be used throughout the individual‘s entire life. National Geographic‘s Afghan Girl Positively Identified by Iris Recognition Iridian Technologies, the leading provider of authentication software based on its exclusive, patented iris recognition technology, announced that its technology was the iris recognition technique used to positively identify the mysterious "Afghan Girl" who graced the cover of National Geographic magazine in 1985. The process of finding her and verifying her identity was by using this iris recognization technology. Iridian was asked by National Geographic to compare photographs taken in 1984 with photographs from 2002. Iridian‘s commercially available iris recognition cameras and software contain advanced security measures to detect and reject photographs. Therefore, Iridian‘s Research Lab scanned the photographic images into digital format and used development software to process the digital image, disabling the security measures normally used to detect photographs. Because the photographs were not taken with iris recognition cameras, the Research Lab had further to discount for light reflection and adjust for the quality of the image. The experts at Iridian spent several days reconfiguring their software to suit the specific needs and Iridian finally succeeded in identifying her. Despite the challenges of working with photographs, rather than live subjects, the strength of Iridian‘s core algorithms allowed for a conclusive determination that Sharbat Gula was indeed the same person as the individual who was photographed in 1984. - 25 - The match of Sharbat Gula‘s eyes to the eyes on the 1985 cover photo was irrefutable, as it was achieved a 1 in 100 million probability of a false match. Compare to other system Other biometrics recognition systems include fingerprinting, palm prints, hand geometry, nailbed identification, facial recognition, and retinal scan. Behavioral characteristics used for identification are signature dynamics, keyboard dynamics, and voice recognition. Iris and retina scans are the most accurate of all biometric techniques and, currently, the most costly. Accuracy In a comprehensive study conducted by Britain‘s National Physical Laboratory (NPL) iris recognition technology decisively outperformed six other biometrics systems – facial recognition, fingerprint, hand geometry, and vein and voice recognition. Tested to positively identify users in an office environment iris recognition technology registered a false match rate of zero in 2,735,529 comparisons and a 0.0 percent failure-to-acquire rate. Iris recognition had a false rejection rate of 0.0188, the lowest of all systems rested. Four of the other biometrics systems registered a false rejection rate of 10-25 percent. Only retina scanning comes close to the accuracy rate of iris recognition. The few system problems that have been encountered almost exclusively reflect lighting, focus, or image degradation issues. There has to be a certain degree of lighting to allow the camera to acquire the image of the iris. Unusual lighting hinders this and causes problems. Speed Iris recognition systems can cycle through 1,500,000 matches per minute, which is 20 times greater processing speed than any other biometrics systems. In reallife applications this translates into an identity decision being made in seconds. - 26 - The enrollment process is also speedily accomplished, typically in three minutes or less. Safety and Perceived Invasiveness Enrollment and use of an iris recognition system requires no contact, only cooperation of the user. That cooperation involves the enrollee being still, and looking at a certain spot. Although iris scanning is less difficult than retina scanning some subjects may still find compliance with the system annoying. The optimum distance between the user and the camera is steadily enlarging as camera resolution increases. The devices capture images of the eye from a comfortable distance without bright lights or lasers. The Iris Code is hashed and encrypted as a security measure to prevent theft. If a person feels their recognition patterns have been compromised, re-enrollment is possible an infinite number of times by using a permuted Iris Code. Iris recognition because it looks at the exterior part of the eye, unlike retinal scans that look at vascular patterns inside the eye, is not invasive. Also, there is no possibility of gathering information such as medical conditions, a possibility with retinal scans. Both irises and retinas are stable throughout a lifetime, except in the case of degenerative diseases that may affect the retina. There is no need to remove glasses or contact lenses during identification. As long as they do not obscure the iris, recognition can be made through them. Iris recognition can be hampered by partially occluded or drooping eyelids. Costs Iris scanning can increase profitability by minimizing both costs and vulnerabilities associated with password and password management. Research indicates US businesses spend an average of $200 per person a year on password management. The value proposition of implementing an iris recognition system is three-dimensional. Cost, accuracy, and ease of use are all important considerations. Recent advances in camera technology is bringing down the cost - 27 - of iris recognition. Camera prices have gone down while processing ability has gone up. The size of the camera has decreased also. With a strategic partnership with Panasonic, the costs have gone down significantly. Both iris scanning and retina scanning are at the upper end of the scale in cost compared to other biometric systems. Ease of Use Many of the users who have already encountered iris-scanning technology consider it a convenience rather than an intrusion, speeding the process of identity verification. Glasses or contact lens use does not affect it. Most eye surgeries do not change the iris. In the few, such as iridotomy and iridectomy, both associated with glaucoma, re-enrollment may be necessary. These technologies can be integrated into existing business systems easing the installation requirements. In this instance, retina scanning has an advantage over iris scanning in that retina scanning utilizes a very compact template. Retina scanning requires 96 bytes while iris scanning uses 512 bytes. A greater number of templates can be stored in a standalone device if retina scanning is employed. No contact need be made to enroll or be recognized by the system. Subsequent to enrollment users need little or no instruction to become proficient enough to perform recognition scans without a system operator present. Because of the shorter time the eye must be still to be recognized iris scanning is easier to use than retina scanning, which requires a subject to repeatedly focus on a small point for several seconds at a time. Some candidates will need assistance or instruction to enroll. Unlike other biometrics iris recognition requires no real-time human decision making to complete the recognition process. Legitimate users will never again forget their password, lose their key, or be locked out, as long as the system is functioning properly, but as with any system there will be times when things are not working. Network crashes, power outages, and hardware and software glitches are a few of the scenarios that might cause the - 28 - system to become inoperable. The backup plan may be seriously compromised because users accustomed to iris recognition may not carry the necessary identification. FUTURE: The market for iris recognition is growing rapidly. Iris scanning can be engaged in numerous pilot programs worldwide for immigration and border control, controlling access to restricted areas, and simplifying passenger travel. CONCLUSION: As with almost every new technology that seeks to find its place in everyday life, iris recognition has both the potential to be a convenience enhancer (including an access enhancer), but also the potential to be an obstacle or excluder if improperly configured or installed without consultation and guidance from disabled persons. Because it allows hands-free, automatic, rapid and reliable identification of persons, it can facilitate access for persons unable to engage in the standard mechanical transactions of access. But it must not presume universal uniformity among persons and their bodies. - 29 - FINGERPRINTING SYSTEM Technology Overview Capacitive Sensor iGuard is the 1st Fingerprint Reader Security System that uses the most advanced Solid-state, silicon-based Capacitive Fingerprint Sensor from Veridicom. The new fingerprint sensor features enhanced imaging capabilities, electrostatic discharge (ESD) performance and improved ruggedness provide superior levels of accuracy and reliability for fingerprint authentication. When a finger contacts the iGuard sensor surface, the sensor measures the capacitance at each pixel in the 300 x 300 array in the sensor's surface. - 30 - Differences in capacitance correspond to the ridges, valleys and pores that characterize a unique fingerprint. The new fingerprint sensor eliminates the limitations of optical scanners, including edge distortion, low-image resolution, scratched platens, misaligned optics and bulky size. It is also unaffected by day to day fingerprint variations such as cuts, swelling & dirt. TCP-IP Protocol Most of the security systems available in the market today, including both traditional and biometrics, use the traditional serial communications protocol, such as RS-232 & RS-485, to connect the dedicated computers for data communications. These protocols are over thirty-years old and are notorious for their slow communication speed & reliability problems, and they are not compatible with the modern communication protocol like the TCP/IP, which is the standard protocol used in the Internet. - 31 - iGuard uses the TCP/IP as the communication protocol, which enables the device to directly connect to the corporate network via the standard RJ-45 cabling, without any additional hardware or dedicated computer. directly connected iGuard to the corporate network via the standard RJ-45 cabling. Web Server The built-in Web Server based upon the Linux® platform enables all the computers in the corporate network to directly access the device via the wellknown Internet Browser, such as Microsoft Internet Explorer & Netscape Navigator. The computers are platform-independent, and different computer platform such as Apple Macintosh, Microsoft Windows & Unix machines can access the device. No additional software is required. Administration, Reporting and Access can all be done simultaneously via the built-in web server. Built-In Database Server The built-in Database Server allows authenticated computers on the network to query the information of the device, and can easily retrieve the various reports via the Internet Browser, such as the transaction logs, attendance reports, time sheets, and more. All the information is real-time information, instead of week-old or day-old data. In contrast, other systems must use dedicated computers running special proprietary software to retrieve the information, and usually dedicated HR persons are required to perform the functions. - 32 - Optional Mifare® Smart Card Function Each iGuard can optionally equipped with the renowned Philips Mifare Contactless Smart Card Reader. (MIFARE ® is an interface platform for contact-less smart cards and readers according to the ISO 14443-A Standard). With this option, users can both use the conventional fingerprint biometrics, PIN and/or the smart card for user authentication. Having a secondary statement of user identity such as a smart card or PIN dramatically improves the security of your system. The smart card can also function as an employee badge for a visible level of security within your facility. Each user will have his / her own smart card, which stores the user information including the name, company & branch cod. - 33 - - 34 - - 35 - FACIAL RECOGNITION SYSTEM How Facial Recognition Systems Work In 2001, the Tampa Police Department installed cameras equipped with facial recognition technology in their Ybor City nightlife district in an attempt to cut down on crime in the area. The system failed to do the job, and it was scrapped in 2003 due to ineffectiveness. People in the area were seen wearing masks and making obscene gestures, prohibiting the cameras from getting a clear enough shot to identify anyone. Boston's Logan Airport also ran two separate tests of facial recognition systems at its security checkpoints using volunteers. Over a three month period, the results were disappointing. According to the Electronic Privacy Information Center, the system only had a 61.4 percent accuracy rate, leading airport officials to pursue other security options. In this article, we will look at the history of facial recognition systems, the changes that are being made to enhance their capabilities and how governments and private companies use (or plan to use) them. - 36 - Humans have always had the innate ability to recognize and distinguish between faces, yet computers only recently have shown the same ability. In the mid 1960s, scientists began work on using the computer to recognize human faces. Since then, facial recognition software has come a long way. Identix, a company based in Minnesota, is one of many developers of facial recognition technology. Its software, can pick someone's face out of a crowd, extract the face from the rest of the scene and compare it to a database of stored images. In order for this software to work, it has to know how to differentiate between a basic face and the rest of the background. Facial recognition software is based on the ability to recognize a face and then measure the various features of the face. Every face has numerous, distinguishable landmarks, the different peaks and valleys that make up facial features. Face It defines these landmarks as nodal points. Each human face has approximately 80 nodal points. Some of these measured by the software are:      Distance between the eyes Width of the nose Depth of the eye sockets The shape of the cheekbones The length of the jaw line These nodal points are measured creating a numerical code, called a face print, representing the face in the database. - 37 - In the past, facial recognition software has relied on a 2D image to compare or identify another 2D image from the database. To be effective and accurate, the image captured needed to be of a face that was looking almost directly at the camera, with little variance of light or facial expression from the image in the database. This created quite a problem. In most instances the images were not taken in a controlled environment. Even the smallest changes in light or orientation could reduce the effectiveness of the system, so they couldn't be matched to any face in the database, leading to a high rate of failure. - 38 - 3D Facial Recognition A newly-emerging trend in facial recognition software uses a 3D model, which claims to provide more accuracy. Capturing a real-time 3D image of a person's facial surface, 3D facial recognition uses distinctive features of the face -where rigid tissue and bone is most apparent, such as the curves of the eye socket, nose and chin -- to identify the subject. These areas are all unique and don't change over time. Using depth and an axis of measurement that is not affected by lighting, 3D facial recognition can even be used in darkness and has the ability to recognize a subject at different view angles with the potential to recognize up to 90 degrees (a face in profile). Using the 3D software, the system goes through a series of steps to verify the identity of an individual. Detection Acquiring an image can be accomplished by digitally scanning an existing photograph (2D) or by using a video image to acquire a live picture of a subject (3D). Alignment Once it detects a face, the system determines the head's position, size and pose. As stated earlier, the subject has the potential to be recognized up to 90 degrees, while with 2D, the head must be turned at least 35 degrees toward the camera. The Vision 3D + 2D ICAO camera is used to perform enrollment, verification and identification of 3D and 2D face images. - 39 - Measurement The system then measures the curves of the face on a sub-millimeter (or microwave) scale and creates a template. Representation The system translates the template into a unique code. This coding gives each template a set of numbers to represent the features on a subject's face. - 40 - Matching If the image is 3D and the database contains 3D images, then matching will take place without any changes being made to the image. However, there is a challenge currently facing databases that are still in 2D images. 3D provides a live, moving variable subject being compared to a flat, stable image. New technology is addressing this challenge. When a 3D image is taken, different points (usually three) are identified. For example, the outside of the eye, the inside of the eye and the tip of the nose will be pulled out and measured. Once those measurements are in place, an algorithm (a step-by-step procedure) will be applied to the image to convert it to a 2D image. After conversion, the software will then compare the image with the 2D images in the database to find a potential match. Verification or Identification In verification, an image is matched to only one image in the database (1:1). For example, an image taken of a subject may be matched to an image in the Department of Motor Vehicles database to verify the subject is who he says he is. If identification is the goal, then the image is compared to all images in the database resulting in a score for each potential match (1:N). In this instance, you may take an image and compare it to a database of mug shots to identify who the subject is. Current and Future Uses of Facial Recognition Systems In the past, the primary users of facial recognition software have been law enforcement agencies, who used the system to capture random faces in crowds. Some government agencies have also been using the systems for security and to eliminate voter fraud. The U.S. government has recently begun a program called US-VISIT (United States Visitor and Immigrant Status Indicator Technology), aimed at foreign travelers gaining entry to the United States. When a foreign traveler receives his visa, he will submit fingerprints and have his photograph - 41 - taken. The fingerprints and photograph are checked against a database of known criminals and suspected terrorists. When the traveler arrives in the United States at the port of entry, those same fingerprints and photographs will be used to verify that the person who received the visa is the same person attempting to gain entry. However, there are now many more situations where the software is becoming popular. As the systems become less expensive, making their use more widespread. They are now compatible with cameras and computers that are already in use by banks and airports. The TSA is currently working on and testing out its Registered Traveler program. The program will provide speedy security screening for passengers who volunteer information and complete a security threat assessment. At the airport there will be specific lines for the Registered Traveler to go through that will move more quickly, verifying the traveler by their facial features. Other potential applications include ATM and check-cashing security. The software is able to quickly verify a customer's face. After a customer consents, the ATM or check-cashing kiosk captures a digital image of him. The FaceIt software then generates a faceprint of the photograph to protect customers against identity theft and fraudulent transactions. By using the facial recognition software, there's no need for a picture ID, bankcard or personal identification number (PIN) to - 42 - verify a customer's identity. This way businesses can prevent fraud from occurring. Time Tracking A4Vision, a creator of facial recognition software, is currently marketing a system that will keep track of employees' time and attendance. Their Web site states that it will prohibit "buddy punching," which will cut down on security risks and decreased productivity. While all the examples above work with the permission of the individual, not all systems are used with your knowledge. In the first section we mentioned that systems were used during the Super Bowl by the Tampa Police, and in Ybor City. These systems were taking pictures of all visitors without their knowledge or their permission. Opponents of the systems note that while they do provide security in some instances, it is not enough to override a sense of liberty and freedom. Many feel that privacy infringement is too great with the use of these systems, but their concerns don't end there. They also point out the risk involved with identity theft. Even facial recognition corporations admit that the more use the technology gets, the higher the likelihood of identity theft or fraud. As with many developing technologies, the incredible potential of facial recognition comes with some drawbacks, but manufacturers are striving to enhance the usability and accuracy of the systems. - 43 - Comparative study: Biometric Security Systems There are many biometric technologies to suit different types of applications. To choose the right biometric to be highly fit for the particular situation, one has to navigate through some complex vendor products and keep an eye on future developments in technology and standards. Here comes a list of biometrics : Fingerprints - A fingerprint looks at the patterns found on a fingertip. There are a variety of approaches to fingerprint verification, such as traditional police method, using pattern-matching devices, and things like moire fringe patterns and ultrasonics. This seems to be a very good choice for in-house systems. Hand geometry - This involves analyzing and measuring the shape of the hand. It might be suitable where there are more users or where user access the system infrequently. Accuracy can be very high if desired, and flexible performance tuning and configuration can accommodate a wide range of applications. Organizations are using hand geometry readers in various scenarios, including time and attendance recording. Retina - A retina-based biometric involves analyzing the layer of blood vessels situated at the back of the eye. This technique involves using a low intensity light source through an optical coupler to scan the unique patterns of the retina. Retinal scanning can be quite accurate but does require the user to look into a receptacle and focus on a given point. Iris - An iris-based biometric involves analyzing features found in the colored ring of tissue that surrounds the pupil. This uses a fairly conventional camera element and requires no close contact between the user and the reader. Further, it has the potential for higher than average template-matching performance. Face- Face recognition analyses facial characteristics. It requires a digital camera to develop a facial image of the user for authentication. Because facial scanning - 44 - needs an extra peripheral things that are not included in basic PCs, it is more of a niche market for network authentication. However, the casino industry has capitalized on this technology to create a facial database of scam artists for quick detection by security personal Signature - Signature verification analyses the way user signs his name. Signing features such as speed, velocity, and pressure are as important as the finished signature's static shape. People are used to signatures as a means of transactionrelated identity verification. Voice - Voice authentication is based on voice-to-print authentication, where complex technology transforms voice into text. Voice biometrics requires a microphone, which is available with PCs nowadays. Voice biometrics is to replace the currently used methods, such as PINs, passwords, or account names. But voice will be a complementary technique for finger-scan technology as many people see finger scanning as a higher authentication form. From the table below we can see different biometric traits and their security levels. Method Iris Recognition Coded Pattern Misidentification rate 1/1,200,000 1/1,000 Security Applications High-security facilities Universal Low-security facilities Iris pattern High Medium Fingerprinting Fingerprints Size, length and Hand Shape thickness hands Facial Recognition Outline, shape of 1/700 Low and distribution 1/100 of eyes and nose Low Low-security facilities - 45 - Shape of letters, Signature writing order, 1/100 Low Low-security facilities pen pressure Voice printing Voice characteristics 1/30 Low Telephone service - 46 - Selecting a Biometric Tech, Future and Applications There are a number of biometric technologies available at the moment. It is very critical to pick up the one which meets the user profiles, the need to interface with other systems or databases, environmental conditions, and a host of other application-specific parameters. Here comes some of the key points to be taken into account before selecting one: 1. Ease of use - some biometric devices are difficult to handle unless there is proper training. 2. Error incidence - Time and environmental conditions may affect the accuracy of biometric data. For instance, biometrics may change as an individual becomes old. Environmental conditions may either alter the biometric directly (if a finger is cut and scarred) or interfere with the data collection (background noise when using a voice biometric). 3. Accuracy - Vendors often use two different methods to rate biometric accuracy: false-acceptance rate (FAR) or false-rejection rate (FRR). Both methods focus on the system's ability to allow limited entry to authorized users. However, these measures can vary significantly depending on how one adjust the sensitivity of the mechanism that matches the biometric. There may be instances where FAR decreases and FRR increases. Thus we have to be careful to understand how the biometrics vendors arrive at quoted values of FAR and FRR. Because FAR and FRR are interdependent, we can draw a plot, which can facilitate to determine the crossover error rate (CER). The lower the CER, the more accurate the system There are some other vital ingredients to be analyzed : 1. Cost - biometrics devices and their related things, such as installation, connection, user system integration, research and test of the biometric system, system maintenance, etc. - 47 - 2. User acceptance - certain user groups reject biometric technologies on various grounds because of privacy concerns. Some application-specific requirements like security level, which can be low, moderate or high. This decision will greatly impact which biometric is most appropriate for this kind of applications. Finally organizations should consider a biometric's stability including maturity of the technology, degree of standardization, level of vendor and governmental support, market share and other support factors. Mature and standardized biometric technologies usually have stronger stability. Future Research Directions Although companies are using biometrics for authentication in a variety of situations, biometric technologies are evolving and emerging towards a large scale of use. Standards are coming out to provide a common software interface to allow sharing of biometric templates and to permit effective comparison and evaluation of different biometric technologies. One of them is the Common Biometric Exchange File Format, which defines a common means of exchanging and storing templates collected from a variety of biometric devices. Biometric assurance - confidence that a biometric can achieve the intended level of security - is another active research area. Another interesting thing to be examined is combining biometrics with smart cards and public-key infrastructure (PKI). A major problem with biometrics is how and where to store the user's template. Because the template represents the user's personal characters, its storage introduces privacy concerns. Also storing the template in a centralized database paves for attack and compromise. On the other hand, storing the template on a smart card enhances individual privacy and increased protection from attack, because individual users control their own templates. Vendors enhance security by placing more biometric functions directly on the smart card. Some vendors like Biometric Associates, have built a fingerprint sensor directly - 48 - into the smart card reader, which in turn passes the biometric to the smart card for verification. PKI uses public- and private-key cryptography for user identification and authentication. It has some advantages over biometrics as it is mathematically more secure and it can be used across the Internet. The main drawback of PKI is the management of the user's private key. To be secure, the private key must be protected from compromise and to be useful, the private key must be portable. The solution is to store the private key on a smart card and protect it with biometric. There are proposals for integrating biometrics, smart cards and PKI technology for designing Smart Access common government ID cards. On concluding, the technologies devices and products for biometrics started to appear on steady pace towards facilitating widespread use. This article gives a snapshot of the dynamics under way in this popular biometrics market. Applications: Biometric technology and its applications have existed longer than people believe. According to Ben Miller, founder and chairman of CardTech/SecurTech, biometric technologies have existed in commercially available products since 1968 (Bateman, S. 1998). The oldest ongoing general application of biometrics belongs to the University of Georgia which, in 1973, installed a hand-scanning system, the Identimat from Identimation, to restrict entry into its all-you-can-eat dining halls. The device measured the lengths of patrons fingers by scanning them with photoelectric cells (Computer Business Review, 1998). It is in the last decade that biometric applications have finally caught up with the technology that has been around for nearly 30 years. This growing impetus of biometric technology is a result of a myriad of beneficial factors for the consumer including decreased costs, increased accuracy rates, and improved hardware technology. Currently, the number of biometric applications instituted around the world is increasing. In 1996, approximately 10,000 biometric devices were in use - 49 - worldwide. Some estimate the number will grow to 50,000 by year 2000 (Brown, R. 1997). From Germany to Australia to Japan, companies have been investing in higher security measures using biometric technology. Biometric vendors feel that time and attendance is the biggest growth area for biometrics in the near future. Beyond time and attendance, computer and electronic commerce security offer the greatest promise for widespread biometric use. The Internet explosion has contributed to the growth of biometrics, but so is the trend among banking institutions to offer more home-based services to their customers (Burnell, J. 1997). Future biometric applications include, "key" replacements for home or vehicle access, replacement of physical cards for credit card purchases, personalized, intelligent switches for devices (e.g. guns), and electronic signatures for transfer of custodial property such as legal evidence (Biometric Identification, 1997). Today, fingerprint identification systems are the most popular and widely used from of biometric technology (Green, P. 1998). Because forensic applications have used fingerprints to identify people, there is a wealth of information concerning the uniqueness of fingerprint patterns (Green, P. 1998). National computerized fingerprint systems exist in several countries, the first national system having been established in Australia in 1987 (Simon, D. G. 1994). Fingerprint biometrics received a huge boost in May of 1997, when Veridicom Incorporated, a Menlo Park, California startup formed by Lucent Technologies and U.S. Venture Partners, announced the development of a stamped-sized fingerprint reader. The reader-on-a-chip, which is smaller than optical fingerprint readers, can be built into a computer keyboard or mouse, allowing verified users to gain access to a PC or notebook. Prices for this technology now reach below $100 dollars (Violino, B. 1997). - 50 - Other biometric applications are also working their way into society. The Immigration and Naturalization Service uses hand scans and voice recognition to verify the identities of some 100,000 frequent visitors to the United States. Residents of the Marshall Field Garden Apartments, a low-income housing site in Chicago, pass through a hand-geometry system to enter the building complex. Financial services giant Citibank is testing an eye-scanning system that recognizes the unique patterns found in a person's iris for possible use in automated teller machines (ATM's) (Brown, R. 1997). A Texas company, Mr. Payroll, uses face recognition technology to cash checks for customers using its automated checkcashing machines. In Massachusetts, the Lotus software company, uses hand scans in its day care center to identify parents picking up children (Moylan, M. J., 1997). Two of the more unique applications of biometric technology involve horses in Japan and a bar in Russia. The Japanese Racing Association is now identifying some 10,000 thoroughbreds by iris recognition in order to authenticate the owners of the valuable thoroughbreds. In Russia, patrons at a bar in the Ukraine reportedly can buy a drink with a personal identification number (PIN) verified by the geometry of their hand, which initiates a direct debit to their bank accounts (Stevens, T. 1998). With declining prices, escalating fraud and security breeches are social issues that are bringing biometric technology to market. For example, states are looking for ways to reduce welfare fraud and prevent drivers from obtaining multiple licenses. Colleges and universities want to control access to dormitories and other facilities. Banks are fighting to reduce ATM fraud. Credit card companies want to eliminate billions of dollars in annual losses. As well, many other businesses and institutions, such as healthcare centers and prisons, are looking to control records and regulate personnel movement (Richards, D. R. 1995). - 51 - For financial and credit institutions, biometric devices are a welcomed alternative security measure. It has been estimated that in 1995 alone, fraud accounted for a staggering $1.3 billion in losses for several leading credit card companies (Woodward, J. D. 1996). Moreover, fraud in 1996 cost U.S. Visa and MasterCard issuers $751.5 million, which does not include American Express, Dean Witter, Diners Club or retail cards (Zbar, J. D. 1997). Likewise, the Federal Bureau of Investigation (FBI) can document $1.2 billion in losses annually due to loan fraud or false statement which accounts for 35 percent of the $3.3 billion financial institutions reported as crime losses (Panczyk, T. D. 1998). According to one MasterCard spokesperson in referring to biometrics, "Ultimately, this is one of the security features we have identified as something we could add to our fraudprevention programs for credit. If you can cut that even in half with a technology like biometrics, that's a significant change." (Zbar, J. D. 1997). Much evidence supports this claim. According to Visa U.S.A., credit- and debit-card fraud has fallen for the fourth straight year, beginning in 1994. Fraud losses fell to 0.08 percent of dollar volume, or 8 cents for every $100 transacted (Panczyk, T. D. 1998). Even more astonishing is the reduction in fraud committed by people when companies have implemented a form of biometric technology. When Connecticut required welfare recipients to have their fingerprints scanned almost 25 percent of their applicants disappeared from its rolls, according to the state's Department of Social Services. Installing a similar system, Los Angeles County reported the disappearance of 8,000 names from its register, resulting in annual savings of $12 million (Computer Business Review, 1998). The application of biometric technology is limitless. Four to five years ago biometric technology was still considered too "fictional" for many. Now, these same individuals are asking where and how they can purchase biometric technology. - 52 - - 53 - Summary Authentication plays a very critical role in security-related applications like ecommerce. There are a number of methods and techniques for accomplishing this key process. In this regard, biometrics is gaining increasing attention these days. Security systems, having realized the value of biometrics, use biometrics for two basic purposes: to verify or identify users. There are a number of biometrics and different applications need different biometrics. Biometric is the most secure and convenient authentication tool. It can not be borrowed, stolen, or forgotten and forging one is practically impossible. Biometrics measure individual's unique physical or behavioral characteristics to recognize or authenticate their identity. Common physical biometrics include fingerprints, hand or palm geometry, retina, iris, and facial characteristics. Behavioral characters characteristics include signature, voice, keystroke pattern, and gait. Of this class of biometrics, technologies for signature and voice are the most developed. - 54 - Bibliography http://www.weekipedia.com http://www.howstuffworks.com http://www.signalspot.com http://www.eyenetwatch.com http://www.computer.org/tab/swec http://www.freepatentsonline.com I-Guard Security Systems catalogue - 55 -