BIOIDENTIFICATION Frequently Asked Questions Last Change: 2008-04-25
Biometrics	Deutsch English   Biometrics Fingerprint

(1) General: Biometrics is the science of measuring physical properties of living beings.

(2) ISO/IEC: Biometrics is the automated recognition of individuals based on their behavioral and biological characteristics.

By measuring an individual's suitable behavioral and biological characteristics in a recognition inquiry and comparing these data with the biometric reference data which had been stored during a learning procedure, the identity of a specific user is determined.

A biometric characteristic is biological or behavioural property of an individual that can be measured and from which distinguishing, repeatable biometric features can be extracted for the purpose of automated recognition of individuals. Example: face.

A biometric sample is an analog or digital representation of biometric characteristics prior to biometric feature extraction process and obtained from a biometric capture device or biometric capture subsystem. Example: electronic face photograph.

A biometric sample usually is delievred from a sensor, the main component of a biometric capture device. Generally, the biometric sample, often called raw data, comprises more information than is necessary for recognition. In many cases, the biometric sample is a direct image of the biometric characteristic such as a photograph.

Biometric features are information extracted from biometric samples which can be used for comparison with a biometric reference. Example: characteristic measures extracted from a face photograph such as eye distance or nose size etc.

The aim of the extraction of biometric features from a biometric sample is to remove any superfluous information which does not contribute to biometric recognition. This enables a fast comparison, an improved biometric performance, and may have privacy advantages.

A biometric reference comprises one or more stored biometric samples, biometric templates, or biometric models attributed to a biometric data subject which can be used for comparison.

Stored biometric features are called a biometric template. A biometric model is a stored function (dependent on the biometric data subject) generated from biometric features which is applied to the biometric features of a recognition biometric sample during a comparison to give a comparison result.

A biometric template is a special case of a biometric reference, where biometric features have been stored for the purpose of a comparison. (The comparison is done during the recognition process between the stored biometric template and the actual biometric features which have been extracted from the biometric data coming from the biometric capture device resp. sensor.)

To be able to recognize a person by their biometric characteristics and the derived biometric features, first a learning phase must take place. The procedure is called enrolment and comprehends the creation of an enrolment data record of the biometric data subject (the person to be enroled) and to store it in a biometric enrolment database. The enrolment data record comprises one or multiple biometric references and arbitray non-biometric data such as a name or a personnel number.

How does biometric recognition work?

For the purpose of recognition, the biometric data subject (the person to be recognized) presents his or her biometric characteristic to the biometric capture device which generates a recognition biometric sample from it. From the recognition biometric sample the biometric feature extraction creates biometric features which are compared with one or multiple biometric templates from the biometric enrolment database. Due to the statistical nature of biometric samples there is generally no exact match possible. For that reason, the decision process will only assign the biometric data subject to a biometric template and confirm recognition if the comparison score exceeds an adjustable threshold.

What are the requirements for a biometric characteristic?

In the development of biometric identification systems, physical and behavioral characteristics for recognition are required

• which dispose of biometric features which are as unique as possible, i.e., which do not reappear at any other person: Uniqueness
• which occur in as many people as possible: Universality
• whose biometric features don't change over time: Permanence
• which are measurable with simple technical instruments: Measurability
• which are easy and comfortable to measure: User friendliness

Biometric characteristics develop:

• through genetics: genotypic
• through random variations in the early phases of an embryo's development: randotypic (often called phenotypic)
• or through training: behavioral

As a rule, all three factors contribute to a biometric characteristic's development, although to varying degrees.  The following table rates the relative importance of each factor (o is small, ooo is large):

*Randotypic patterns often show genotypic traits in their overall structure.  These genotypic traits may disappear with increasing refinement (e.g., development of branches on a tree).

**Most implementations react to learn effects to various degrees, and therefore don't have a negligible behavioral contribution.

Even though the type of developmental factor does not solely determine a biometric characteristic's usefulness, there are a few things to take into account:

• pure genotypic characteristics can't differentiate between monozygotic (identical) twins or clones
• purely behavioral characteristics are, by definition, easiest to imitate
• behavioral characteristics are strongly affected by external influences and the disposition of the user
• normally for identification purposes, randotypic contributions are essential due to their necessity for creating absolute uniqueness

The following must be considered:

• Even monozygotic twins have obviously differing randotypic characteristics.
• As a rule of thumb, random variations do NOT follow bodily symmetry.  For example, the right and left iris have different details, and are not mirror symmetrical to each other.

Reasons for variation over time:

• Growth
• Wear and tear
• Aging
• Dirt and grime
• Injury and subsequent regeneration
• etc.

Biometric characteristics, which are minimally affected by such variation are preferred.  The degree to which this is possible is shown in the following table.  Easily changed effects such as dirt and quickly healing injuries such as an abrasion, are not taken into consideration.

Prior to comparing the relative worth of different biometric characteristics, we must define the appropriate criteria to be used.  For these purposes, we will use four categories:

• Comfort: duration of verification and the ease of use
• Accuracy: minimal error rates  (clarity, consistency, measurability)
• Availability: the portion of a potential user group who can use biometrics for technical recognition purposes (universal, measurable)
• Costs: essentially due to the biometric capture device incl. sensors.

Note that some of the following ratings are based on current versions (status: March 2000) which could change drastically with new solutions.

As one can see, determining an 'optimal' biometric characteristic is hardly possible.  For biometric characteristics ranking high in accuracy, fingerprints currently have the lowest costs.  The iris rates high in all categories, unfortunately including cost.  If the costs would sink significantly, the iris would be ideal. DNA loses points in accuracy, because it can't differentiate between monozygotic twins today.

Here we define authentication as the process of determining the identity of a person and confirming his or her authenticity.

In multi-user systems, authentication regularly accomplishes an identification and a verification. The identification part confirms that the identity, usually given by a unique identifier such as a user name, is known to the system. If identification was successful, in a next step the identity is verified using a verifier such as something like a secret, shared between the person to be authenticated and the authenticating system.

Usually, identifiers are considered as public whereas verifiers are secrets like a key pattern or a password.

Authentication often is combined with authorization. Authorization is the process of assigning certain rights or permissions to a person.

Authentication may take advantage of biometrics by using a biometric characteristic as identifier or as verifier. When using biometrics as an identifier, uniqueness (very low FAR) is an essential requirement especially for large user numbers. When using biometrics as a verifier, the biometric characteristic may be either viewed as a secret or as public. In the latter case, it is essential that a fake detection is provided against mechanical copies of the biometric characteristic.

Biometrics "Who I am"

Biometrics uses nature's oldest system to identify people -- via unforgettable and unchanging physical characteristics.  From time immemorial, humans have had to perform recognition tasks themselves.  Today, technology is advanced enough to assist us or even relieve us of recognition tasks.

Secret Knowledge "What I know"

Here authentication takes the form of secret PINs and passwords, which the user has to keep track of. The person to be authenticated has to share the secret knowledge with the authenticator. Previously, this was the simplest method of authentication for machines. Secret knowledge can be applied also where several persons have to be authenticated in a simple way without distinction.

Personal Possession "What I have"

Examples for authentication are having a key, ID card, passport (with or without a chip), or more generally a token, which allows entrance, for example, into a private room. Essential for this method is the existence of secret features which are to be shared between token and the authenticator (or at least the inability to get the token copied combined with a copy detection).

Combination Systems

For security reasons, often two or all three of the above methods are combined, e.g., a bank card with a PIN. Only combined systems are able to fulfill the requirements of "strong" authentication.

Advancing automation and the development of new technological systems, such as the internet and cellular phones, have led users to more frequent use of technical means rather than human beings in receiving authentication.  Personal identification has taken the form of secret passwords and PINs.  Everyday examples requiring a password include the ATM, the cellular phone, or internet access on a personal computer. In order that a password cannot be guessed, it should be as long as possible, not appear in a dictionary, and include special symbols such as +, -, %, or #.  Moreover, for security purposes, a password should never be written down, never be given to another person, and should be changed at least every three months.  When one considers that many people today need up to 30 passwords, most of which are rarely used, and that the expense and annoyance of a forgotten password is enormous, it is clear that users are forced to sacrifice security due to memory limitations.  While the password is very machine friendly, it is far from user-friendly.

There is a solution that returns to the ways of nature.  In order to identify an individual, humans differentiate between physical characteristics such as facial structure or sound of the voice.  Biometrics, as the science of measuring and compiling distinguishing physical characteristics, now recognizes many further features as ideal for the definite identification of even an identical twin.  Examples include a fingerprint, the iris, and vein structure.  In order to perform recognition tasks at the level of the human brain (assuming that the brain would only use one single biometric charactreistic), 100 million computations per second are required.  Only recently have standard PCs reached this speed, and at the same time, the sensors required to measure characteristics are becoming cheaper and cheaper.  Therefore, the time has come to complement the password with a more user friendly solution - biometric authentication.

In a biometric identification, the recognition biometric features are compared to many or all biometric references stored in the system.

In a biometric verification, the recognition biometric features are only compared to one biometric reference stored in the system.

If a system has only one saved biometric reference, identification is similar to verification. Otherwise, biometric verification is a limit case of biometric identification.

What are the advantages of biometric verification over biometric identification?

1. Biometric verification is much faster than biometric identification when the number of biometric references is very high.
2. Biometric verification shows a better biometric performance than biometric identification when the number of biometric references is very high.

In a positive identification the user is interested to be identified, in the negative case the user tries to avoid successful identification. For example, the thief is not interested in being identified by comparing the latent prints from the scene of crime with his fingerprints. This is a negative identification. If I am authorized to get access to my office, I am strongly interested to be identified, e.g., by iris recognition. This is a positive identification.

The main impact of positive versus negative identification regards user cooperation. In the negative case the user is not willing to cooperate (even if he is "innocent") at the stage of feature acquisition. Therefore, a negative identification often needs observation. Even the sensor may be affected by the type of identification: For example, negative fingerprint identification needs full size sensors and ten-print treatment at least for the enrolment process.

Fighting Crime

• Comparing evidence from a crime scene with previously or subsequently recorded biometric data
• Examples:  fingerprint, DNA

Security

• Authentication for computer, network, and physical access and rights management
• Example: logon to PCs by user name and smartcard

Comfort

• Identifying a person and changing personal settings accordingly
• For example, setting the seat, mirrors, etc. in a multi-user car by facial recognition

ISO/IEC JTC1 SC 37 (world)

DIN NI-37 (Germany)

At the moment, biometric standardization is still in progress. Finalized projects with IS status (International Standard) are shown in bold. Among the topics treated at ISO SC 37 are (status 2008-03-28):
 

Working number	Titel
19784-1	Biometric Application Programming Interface Part 1: The BioAPI Specification
19784-2	Biometric Application Programming Interface Part 2: Biometric Archive Function Provider Interface
19784-3	Biometric Application Programming Interface Part 3: BioAPI Lite
19784-4	Biometric Application Programming Interface Part 4: Biometric Sensor Function Provider Interface.
19785-1	Common Biometric Exchange Framework Format - Part 1: Data Element Specification
19785-2	Common Biometric Exchange Framework Format - Part 2: Procedures for the operation of the biometric registration authority
19785-3	Common Biometric Exchange Framework Format - Part 3: Patron Format Specification
19785-4	Common Biometric Exchange Framework Format - Part 4: Security Block Format Specification
19794-1	Biometric data interchange formats Part 1: Framework
19794-2	Biometric data interchange formats Part 2: Finger Minutiae Data
19794-3	Biometric data interchange formats Part 3: Finger Pattern Spectral Data
19794-4	Biometric data interchange formats Part 4: Finger Image Data
19794-5	Biometric data interchange formats Part 5: Face Image Data
19794-6	Biometric data interchange formats Part 6: Iris Image Data
19794-7	Biometric data interchange formats Part 7: Signature/Sign Time Series Data
19794-8	Biometric data interchange formats Part 8: Finger Pattern Skeletal Data
19794-9	Biometric data interchange formats Part 9: Vascular Biometric Image Data
19794-10	Biometric data interchange formats Part 10: Hand Geometry Silhouette Data
19794-11	Biometric data interchange formats Part 11: Signature/Sign Processed Dynamic Data
19794-12	Biometric data interchange formats Part 12: Face Identity Data
19794-13	Biometric data interchange formats Part 13: Voice Data
19794-14	Biometric data interchange formats Part 14: DNA Data
19795-1	Biometric Performance Testing and Reporting - Part 1: Principles and Framework
19795-2	Biometric Performance Testing and Reporting - Part 2: Testing Methodologies for Technology and Scenario Testing
19795-3	Biometric Performance Testing and Reporting - Part 3: Modality-Specific Testing
19795-4	Biometric Performance Testing and Reporting - Part 4: Interoperability Performance Testing
19795-5	Biometric Performance Testing and Reporting - Part 5: Scenario Evaluation of Biometric Access Control Systems
19795-6	Biometric Performance Testing and Reporting - Part 6: Testing Methodologies for Operational Evaluation
24708	Biometric Interworking Protocol (BIP)
24709-1	BioAPI Conformance Testing – Part 1: Methods and Procedures
24709-2	BioAPI Conformance Testing – Part 2: Test Assertions for Biometric Service Providers
24709-3	BioAPI Conformance Testing – Part 3: Test Assertions for BioAPI Frameworks
24709-4	BioAPI Conformance Testing – Part 4: Test Assertions for Biometric Applications
24713-1	Biometric Profiles for Interoperability and Data Interchange - Part 1: Overview of biometric systems and biometric profiles
24713-2	Biometric Profiles for Interoperability and Data Interchange - Part 2: Physical Access Control for Employees at Airports
24713-3	Biometric Profiles for Interoperability and Data Interchange - Part 3: Biometric-Based Verification and Identification of Seafarers
24714-1	Technical Report on Cross-Jurisdictional and Societal Aspects of Implementation of Biometric Technologies - Part 1: Guide to the Accessibility, Privacy, and Health and Safety Issues in the Deployment of Biometric Systems for Commercial Application
24714-2	Technical Report on Cross-Jurisdictional and Societal Aspects of Implementation of Biometric Technologies - Part 2: Practical Application to Specific Contexts
24722	Technical Report on Multi-Modal and Other Multi-Biometric Fusion
24741	Technical Report For a Biometric Tutorial
24779	Pictograms, Icons and Symbols for use with Biometric Systems
29109-1	Conformance Testing Methodology for Biometric Data Interchange Records as defined in ISO/IEC 19794 Biometric Data Interchange Format Standard - Part 1: Generalized Conformance Testing Methodology
29109-2	Conformance Testing Methodology for Biometric Data Interchange Records as defined in ISO/IEC 19794 Biometric Data Interchange Format Standard - Part 2: Finger Minutiae Data
29109-4	Conformance Testing Methodology for Biometric Data Interchange Records as defined in ISO/IEC 19794 Biometric Data Interchange Format Standard - Part 4: Finger Image Data
29109-5	Conformance Testing Methodology for Biometric Data Interchange Records as defined in ISO/IEC 19794 Biometric Data Interchange Format Standard - Part 5: Face Image Data
29109-6	Conformance Testing Methodology for Biometric Data Interchange Records as defined in ISO/IEC 1979