Fundamentals of Biometric System DesignHardware and software Biometric data are generated by humans...

Fundamentals of Biometric System

Design

by S. N. Yanushkevich

Chapter 1

Introduction

Biometric sensor

Biometric sensor

Computer

platform

Biometric sensor

Biometric sensor

• Verification: Am I whom I claim to be?

• Identification: Who am I?

• Verification and identification

• Positive recognition

• Negative recognition

• Leading biometric technologies

• Biometric systems

• Applications

• Historical perspectives

• Advanced topics

• Further reading

• Problems

S.N. Yanushkevich, Fundamentals of Biometric Systems Design 2

Preface

Biometric is understood as a measurable physiological and/orbehavioral trait that can be captured and compared with an-other instance at the time of verification. Biometric data is un-processed or raw biometric data. This data cannot be used toperform biometric matches. Biometric system do not store bio-metric data. The process by which a user’s biometric data isinitially acquired, assessed, processed, and stored in the form ofa template is called enrollment.

Biometrics is the science of the measurement of unique human characteristics, bothphysical and behavioral. Biometric technology refers to any technique that reliably usesmeasurable physiological or behavioral characteristics to distinguish one person fromanother. The roots of biometric technology go back a long way, about several thousandsof years.

This lecture is the base for the implementation issue of biometric technology. Wefollow a three phase scheme: biometric data acquisition, biometric techniques, and com-puting platform, that is:

Biometric data︸︷︷︸

From sensors

−→ Biometric techniques︸︷︷︸

Interdisciplinary methodology

−→ Computing platform︸︷︷︸

Hardware and software

Biometric data are generated by humans and can be analyzed by biometric systemin various bands (visible light, infrared, and acoustic). The purpose of this analysis canbe defined as the identification of person, illness diagnostic (recognition), behavior staterecognition, and human-machine interface design.

Common physiological biometric traits include, for instance,

◮ Fingerprints,

◮ Retina,

◮ Iris,

◮ Facial images, and

◮ Hand geometry.

Whereas, common behavioral biometric traits include, in particular, signature, gait,voice recordings, and keystroke rhythms. A biometric system should meet the specifiedrecognition accuracy, speed, and resource requirements, be harmless to the users, be


accepted by the intended population, and be sufficiently robust to various fraudulentmethods and attacks to the system. Biometric system is an application-specific computersystem. Application-specific techniques (pattern recognition methods, algorithms, andprograms) are implemented using efficiency organized hardware platform. Biometricdata are characterized by the following features:

◮ Universality,

◮ Distinctiveness,

◮ Permanency,

◮ Contestability,

◮ Reliability, and

◮ Acceptability.

Biometric system operates as follows:

Acquiring biometric data︸︷︷︸

From an individual

−→ Processing︸︷︷︸

From the acquired data

−→ Comparing against the templates︸︷︷︸

From the database

Essentials of this lecture

• Multidisciplinary methodology and techniques of the biometric system design. Thelecture outlines the consequences of adopting various design platforms such as dis-tributed systems, fault tolerant systems, parallel computer architecture, mobile sys-tems, and portable systems and devices. Biometric system design is appear relevantto these platforms but within the constraints of specific-area applications (security,attack-tolerance, etc.).

• Self-study. This lecture provides a (future) designer of a biometric system with necessarybackground information.

• Use as reference. A designer faced with newly developed technologies needs to consultthe research literature and other more specialized texts; the many references providedcan aid such a search.

Dr. S. Yanushkevich


Introduction to Biometric System Design

Information necessitating a change of design will be conveyedto the designer after - and only after - the plans are complete.

Murphy’s Law (First Law of Revision)a

a 2009 Calendar by A. Bloch, Andrews McMeelPublishing, Kansas City

Biometrics is the science of the measurement of unique human characteristics, bothphysical and behavioral. The word “biometrics” is a combination of the Greek words bioand metric. When combined, it means “life measurement”. Biometric technology refersto any technique that reliably uses measurable physiological or behavioral characteristicsto distinguish one person from another. Common physiological biometric traits include,for instance, fingerprints, retina, iris, facial images, hand geometry. Whereas, commonbehavioral biometric traits include, in particular, signature, gait, voice recordings, andkeystroke rhythms. This lecture focuses on the role of biometric information in state-of-the-art biometric systems.

1 Biometric system as an application-specific computer system

Biometric system is an application-specific computer system. The design of a biometricsystem is considered as an efficient implementation of application-specific techniques(methods, algorithms, and programs) using some computing platform (Fig. 1).

Application-specific software platform

Application-specific hardware platform

Application-specific I/O interfaces

Biometric techniques

Computer

platform

Application-specific techniques

Fig. 1: Biometric system is an application-specific computer system consisting of thespecific-purpose programs and computing platform.


The key components of biometric system are:

Component 1: Biometric data sensors. Generation of biometric data in the formof signals such as visual, acoustic, and other electromagnetic spectrum signals (Fig.2)is a nature of humans.

1 µm 1 mm 1 m 1 km

Visible light

Infra red

Voice

Fig. 2: Generation of biometric data.

This data can be used for various purposes, such as illness diagnostic and recog-nition, behavior state recognition, human-machine interface design, and identifica-tion. In this lecture, the goal of manipulation of biometric data is the identificationof persons. Biometric data used for person identification must satisfy various crite-ria discussed in this chapter. Additional constraints are applied to biometric dataat the state of implementation.

Component 2: Techniques for manipulation of biometric data include various al-gorithms for filtering, transforms, and pattern recognition. Also decision-makingalgorithms are used at various phases of biometric data manipulation.

Component 3: Hardware platform for the implementation of these techniques. Of-ten the application-specific instruction-set processors are used as a hardware plat-form for biometric devices and systems. The instruction set of these processorsis tailored to benefit a specific (biometric) application. This specialization of thecore provides a tradeoff between the flexibility of a general purpose CPU and theperformance of application-specific instruction-set processors.

Applications-specific systems, such as biometric systems, have constraints on latency;that is, for the system to work, the specific-purpose programs must be completed withinsome time constraint. A specialized digital signal processor (DSP) for digital signalprocessing is a typical example of an application-specific design using special architecture.Another examples of applications-specific systems are high definition digital TV systems,encryption and decryption, private property protection, automobile control systems, andpersonal assistances.


Advanced methodologies for designing application-specific computer systems are Ap-plication - Specific Integrated Circuits (ASIC) and System-on-Chip (SoC).

A typical platform design flow is given in Fig. 4. The design begins with the explo-ration of the biometric application requirements (the first phase). Requirements such asexecution time, resource utilization, power dissipation, etc., are derived and their mutualdependencies specified. Information about appearance of special functions and functionsequences calling for hardware acceleration is also needed.

Biometric system can have different configurations. These configurations can becharacterized as centralized and distributed architectural designs.

Example 1: (Biometric system configurations.)In Fig. 3, the dis-tributed biometric system is shown.

Biometric sensor

Computer

platform

Biometric sensor

Computer

platform

Biometric sensor

Computer

platform

Biometric sensor

Computer

platform

Biometric sensor

Biometric sensor

Computer

platform

Biometric sensor

Biometric sensor

(a) (b)

Fig. 3: Example of configuration of biometric systems: distributed architecture (a) andcentralized architecture (star-like configuration) (b).

2 Biometric data specification

Any human physiological and/or behavioral characteristic can be used as a biometricdata as long as it satisfies the following requirements1:

1 A. Jain, R. Bolle, and S. Pankanti, Eds., Biometrics: Personal Identification in a Networked Society,Kluwer, 1999


Requirements to biometric data

Requirement 1: Universal (every person should have that characteristic),

Requirement 2: Unique (no two people should be exactly the same in terms of

that characteristic)

Requirement 3: Permanent (invariant with time)

Requirement 4: Collectable (can be measured quantitatively)

Requirement 5: Reliable (must be safe and operate at a satisfactory

performance level)

Requirement 6: Acceptable (non-invasive and socially tolerable).

In a biometric system, that is, a computer system that employs biometrics for personalrecognition, there is a number of other issues that should be considered, in particular:

◮ Performance, which refers to the achievable recognition accuracy and speed, the char-acteristics of required resources, as well as the operational and environmental fac-tors;

◮ Acceptability, which refers to the extent to which people are willing to accept the useof a particular biometric identifier (characteristic) in their daily lives.

In addition, the characteristic called a circumvention introduces the behavior of abiometric system for particular scenarios: how easily the system can be fooled usingfraudulent methods.

3 Application-specific techniques for biometric data manipulation

Techniques for manipulation of biometric data include various algorithms such as filter-ing, convolution, Fourier transforms, and pattern classification and recognition. Decision-making techniques are applied in most simple form, such as threshold, at the lowest level.Sophisticated algorithms for decision making under uncertainty are used at the highestlevels of the system such as human-machine interface. In this section, we consider theverification and identification.

3.1 Verification and identification

An application-specific techniques biometric system is essentially a pattern recognitionsystem that operates by acquiring biometric data from an individual, extracting a feature


Characterization of:

• Deployed biometric system

• Deployed terminals

Application

domain exploration

1

• Computational complexity estimation

• Functional block specification

Functional

block selection

2

• Scheduling tasks

• Deriving communication constraints

• Communication protocols

Communication

network design

3

• Physical characterization

• Communication network

• Optimization

• Verification

• Algorithm implementation

Floor

planning

4

Re-design if needed

Re-design if needed

Re-design if needed

Fig. 4: Platform-based design flow.


set from the acquired data, and comparing this feature set against the template set inthe database. Identification and verification (also known as authentication) are bothused to declare the identity of a user. Depending on the application context, a biometricsystem may operate either in verification mode or identification mode.

Before a system is able to verify/identify the specific biometrics of a person, thesystem requires something to compare it with. Therefore, a profile, or template, contain-ing the biometric properties, is stored in the system. Recording the characteristics of aperson is called enrollment.

As a user, you can be identified or verified on the basis of:

◮ Something you know, for example, a password or a PIN.

◮ Something you hold, for example, a credit card, a key, or a passport.

◮ Something you are (biometrics), for example, a fingerprint or iris patterns

Using something you know and hold are two easy identification/verification solutionswidely used today. Using something you know only requires memorization of somedata (passwords, etc.), but can, on the other hand, be easily overheard, seen, or evenguessed. An item you hold can be stolen and later on used or copied. Using biometricsmight, at first, seem to overcome these problems, since fingerprints, iris patterns, etc.are part of your body and thus are not easily misplaced, stolen, forged, or shared.This report might, however, give you some new insight about this subject. One wayto increase security in an identification/verification system is to combine two or moredifferent identification/verification methods.

Depending on the application context, a biometric system may operate either in:

◮ Verification mode or

◮ Identification mode.

3.2 Verification: Am I whom I claim to be?

In the verification mode, the system validates a persons identity by comparing the cap-tured biometric data with his or her own biometric template(s) stored in the systemdatabase. In such a system, an individual who desires to be recognized claims an iden-tity, usually via a personal identification number (PIN), a user name, or a smart card,and the system conducts a one-to-one comparison to determine whether the claim is trueor not (Am I whom I claim to be?)

Identity verification is typically used for positive recognition, where the aim is toprevent multiple people from using the same identity. Let:

◮ Input feature vector XQ extracted from the biometric data,


◮ I be a claimed identity,

◮ w1 be the class that indicates that the claim is true (a genuine user),

◮ w2 be the class that indicates that the claim is false (an impostor),

◮ S(XQ,XI) be the function that measures the similarity between feature vectors XQ

and XI ,

◮ t is a predefined threshold.

The verification problem is formulated as follows: Given XQ, determine if (I,XQ)belongs to class w1 or w2. The verification problem can be described in the form

Verification (I,XQ) ∈

Class w1, if S(XQ,XI) ≥ t

Class w2, otherwise(1)

Typically, XQ is matched against XI , the biometric template corresponding to userI, in order to determine its category. The value S(XQ,XI) is termed as a similarity ormatching score between the biometric measurements of the user and the claimed identity.Therefore, every claimed identity is classified into w1 or w2 based on the variablesXQ,XI ,I, and t, and the function S. Note that biometric measurements of the same individualtaken at different times are almost never identical. This is the reason for introducing thethreshold t.

3.3 Identification: Who am I?

In the identification mode, the system recognizes an individual by searching the templatesof all the users in the database for a match. Therefore, the system conducts a one-to-many comparison to establish an individuals identity (or fails if the subject is not enrolledin the system database) without the subject having to claim an identity (Who am I?)Let:

◮ Ik, k ∈ 1, 2, . . . , N,N + 1 be the identity. Suppose that I1, I2, . . . , IN are the identitiesenrolled in the system and IN+1indicates the reject case where no suitable identitycan be determined for the user.

◮ XIk be the biometric template corresponding to identity Ik, and t is a predefinedthreshold.

The identification problem is formulated as follows: given an input feature vectorXQ, determine the identity Ik, k ∈ 1, 2, . . . , N,N + 1. This can be described in theform


Identification IQ ∈

Ik, if maxk

S(XQ,XIk) ≥ t

IN+1, otherwise

(2)

Identification is a critical component in both positive and negative recognition appli-cations.

4 Person identification: “Positive” and “Negative”

Positive and negative recognition

The purpose of positive recognition is to prevent multiple people from using the sameidentity. The purpose of negative recognition is to prevent a single person from usingmultiple identities.

There is actually nothing in your voice, hand shape or any biometric measure to tellthe computer your name, age or citizenship, or to establish your eligibility to vote. Ex-ternal documents (passport, birth certificate, naturalization papers) or your good wordestablishing these facts must be supplied at the time you initially present yourself to thebiometric system for enrollment. At this initial session, your biometric characteristic,such as an eye scan, is recorded and linked to this externally-supplied personal informa-tion. At future sessions, the computer links you to the previously supplied informationusing the same physical characteristic. Even if the biometric system works perfectly, thepersonal data in the computer, such as your voting eligibility, is only as reliable as theoriginal source documentation supplied.

Once the computer knows your claimed identity, it can usually recognize you wheneveryou present the required biometric characteristic. No biometric identification system,however, works perfectly. Problems are generally caused by changes in the physicalcharacteristic.

Example 2: (Physical characteristic changes.) Even fingerprintschange as cuts, cracks and dryness in the skin come and go.

It is far more likely that the computer will not recognize your enrollment charac-teristic than link you to the characteristic of someone else, but both types of errors dooccur. To minimize the possibility that you will be linked to another record, positiveidentification systems ask you to identify yourself. Your biometric characteristic isthen compared to the characteristic stored at the time you enrolled. Biometric measures


are always fuzzy to some extent, changing over time and circumstance of collection. Ifthe submitted and stored biometric measures are “close enough”, it is assumed that youare indeed the person enrolled under the identity you claimed. If the presented and en-rolled characteristics are not “close enough”, you will generally be allowed to try again.If multiple attempts are allowed, the number of users falsely rejected can be under 1%,although there are always some people chronically unable to use any system who must begiven alternate means of identification. The possibility that an impostor will be judged“close enough”, even given multiple attempts, is usually less than one in ten.

Example 3: (Multiple attempts.) The threat of being caught in9 out of 10 attempts is enough to deter most impostors, partic-ularly if penalties for fraud are involved.

Positive identification using biometrics can be made totally voluntary

(Fig. 5). People not wishing to use the system can instead supply the source documentsto human examiners each time they access the system.

Many biometric methods have been used in public systems for positive identification:hand and finger geometry, iris and retinal scanning, voice and face recognition, andfingerprinting.

There is a another way some biometric systems can be used: negative identifica-

tion. In these applications, found in driver licensing and social service eligibility systemswhere multiple enrollments are illegal, the user claims not to be enrolled. Apartfrom the “honor” system, where each persons word is accepted, there are no alternativesto biometrics for negative identification.

During enrollment, the system must compare the presented characteristic to all char-acteristics in the database to verify that no match exists. Because of the ongoing changesin everyones body, errors can occur in the direction of failing to recognize an existingenrollment, perhaps at a rate of a few percent. But again, only the most determinedfraudster, unconcerned about penalties, would take on a system weighted against him/herwith these odds. False matches of a submitted biometric measure to one connected toanother person in the database are extremely rare and can always be resolved by thepeople operating the system.

Negative identification applications cannot be made voluntary. Each per-son wishing to establish an identity in the system must present the required biometricmeasure. If this were not so, fraudsters could establish multiple enrollments simply bydeclining to use the biometric system. On the other hand, negative identification can beaccomplished perfectly well without linkage to any external information, such as nameor age. This information is not directly necessary to prove you are not already knownto the system, although it may be helpful if identification errors occur.


Positive identification Negative identification

To prove I am someone known to

the system

To prove I am not someone known

to the system

Comparison of submitted sample

to single claimed template

Comparison of submitted sample

to all enrolled templates

Alternative identification

methods existNo alternative methods exist

Can be voluntary Must be mandatory for all

Biometric measures linked to

personal information (name,

age, citizenship) only through

external source documents.

Linkage to personal information

not required.

Fig. 5: Positive and negative identification using biometrics. and corresponding tech-nologies demonstrated in public systems.

While traditional methods of personal recognition such as passwords, PINs, keys, andtokens may work for positive recognition, negative recognition can only be establishedthrough biometrics.

In positive identification systems, a false match is called a false acceptance, and a falsenon-match is called a false rejection. In negative identification systems, the terminologyis reversed. Regardless of whether a system is for positive or negative identification, falseacceptances allow for fraud and false rejection. Those are inconvenient and require ex-ception handling. The false rejection rate is immediately measurable from user demandsfor exception handling. Instances of false acceptance are almost never reported. Theperceived rate, however, must be kept low enough to maintain deterrence.


5 Biometric data

Any human physiological and/or behavioral measurements represent some biometricdata. Although many types of data the human body carries or generates various types ofdata in different spectral bands, not all biometric data are deployed in biometric systems.

Example 4: (Future generation of biometric systems.) Brain ac-tivity can be considered as generation of biometric data. Thisdata can be extracted using monitoring brain activity (for ex-ample, EEG techniques) and is useful for the brain-machine in-terface design. But these data cannot be used in biometric sys-tem design for two main reasons: (a) high cost of acquisitionequipment and processing techniques and, (b) insufficiency ofstudy performed on the data that proves its feasibility for hu-mans identification. By the same reason, DNA-based systemsare considered as a future generation of biometric systems.

Hence, there are various constraints for using biometric data in biometric systemdesign. These constrains can be introduced in the form of the requirements to biometricdata.

5.1 Six basic requirements to biometric data

Biometric data can be used as a biometric characteristic for human identification, if itdoes satisfy the following key requirements:

Requirement 1: Permanence. The biometric data should be sufficiently invariant overa period of time.

Requirement 2: Distinctiveness. Any two persons should be sufficiently different interms of the characteristic.

Requirement 3: Collectability. The biometric data can be measured quantitatively.

These three key requirements are considered while choosing the type of biometricdata application for a particular.

Example 5: (Requirements to biometric data.) An exampleof permanent biometric data is fingerprint and iris; the non-permanent data include face (because of aging, disguise), andvoice (aging, illness). The requirements of distinctiveness andcollectability of biometric data are concerned assessing the avail-able techniques and tools.


In addition, the following three requirements to biometric data must be satisfied whiledeveloping and implementing various algorithms for biometric data manipulation:

Requirement 4: Acceptability which indicates the extent to which people are willingto accept the use of their particular biometric identifiers (characteristics) in theirdaily lives

Requirement 5: Performance. It refers to the achievable accuracy and speed using thereasonable computing resources, as well as the operational and environmental fac-tors that affect the accuracy and speed. If biometric data do not satisfy thisrequirements, for example, the cost of computing resources is not acceptable toachieve desired accuracy and performance parameters, this data is considered asunacceptable for biometric system design.

Requirement 6: Circumvention. It reflects how easily the system can be fooled usingfraudulent methods. That is, biometric data and system for its manipulation mustbe sufficiently robust to various attacks on system. If biometric data do not satisfythese requirements, that is, the fraudulent techniques can be easy developed, thesebiometric data are considered as unacceptable for biometric system design. Al-ternative solution is to use multiple biometric data, for example, fingerprints andfacial images.

Moreover, techniques for biometric data extraction must be harmless to the usersand be accepted by the intended population.

Example 6: (Biometric data chart.) Consider various types ofdata and how they satisfy the above requirements. This analysisresults are presented in Summary 1, 2, and 3 and the chart inFig. 6. For example, the row “Summary 1” includes three typesof biometric data that satisfy all six requirements.

5.2 Properties of biometric data

There is a number of additional properties of biometric data, such as distorted data,intra-class variations, distinctiveness, and nonuniversality.

Distortion in sensed data. The sensed data might be noisy or internationally distorted.A fingerprint with a scar or a voice altered by cold are examples of noisy data. Noisy datacould also be the result of defective or improperly maintained sensors (e.g., accumulationof dirt on a fingerprint sensor) or unfavorable ambient conditions (for example, poor


R e q u i r e m e n t

B i o m e t r i c t y p e

1 2 3 4 5 6 7 8 9 10

1 Permanence √ √ √ √ √

2 Distinctiveness √ √ √ √ √ √ √ √ √ √ 3 Collectability √ √ √ √ √ √ √ √ √ √ 4 Acceptability √ √ √ √ 5 Performance √ √ √ √ √ √

6 Circumvention √ √ √

Summary 1

Summary 2

Summary 3

Fig. 6: Biometric data chart (Example 6).

illumination of a user‘s face in a face recognition system). Noisy biometric data may beincorrectly matched with templates in the database resulting in a user being incorrectlyrejected.

Intra-class variations. The biometric data acquired from an individual during authenti-cation may be very different from the data that was used to generate the template duringenrollment, thereby affecting the matching process. This variation is typically caused bya user who is incorrectly interacting with the sensor or when sensor characteristics aremodified (for example, by changing the sensor interoperability) during the verificationphase. As another example, the varying psychological makeup of an individual mightresult in vastly different behavioral traits at various time instances.

Distinctiveness. While a biometric trait is expected to vary significantly across individ-uals, there may be large inter-class similarities in the feature sets used to represent thesetraits. This limitation restricts the discriminability provided by the biometric trait.

Example 7: (Distinctiveness.) The information content (numberof distinguishable patterns) in two of the most commonly usedrepresentations of hand geometry and face are only of the order of105 and 103, respectively∗. Thus, every biometric trait has sometheoretical upper bound in terms of its discrimination capability.∗ See, for example, M. Golfarelli, D. Maio, and D. Maltoni, “On the error-

reject tradeoff in biometric verification systems,” IEEE Transactions on

Pattern Analysis and Machine Intelligence, vol. 19, pp. 786-796, July 1997.


Non-universality. While every user is expected to possess the biometric trait beingacquired, in reality it is possible for a subset of the users not to possess a particularbiometric.

Example 8: (Non-universality.) A fingerprint biometric systemmay be unable to extract features from the fingerprints of certainindividuals, due to the poor quality of the ridges.

Attacking the biometric identifiers. An impostor may attempt to spoof the biometrictrait of a legitimately enrolled user in order to circumvent the system. This type ofattack is especially relevant when behavioral traits such as signature and voice are used.However, physical traits are also susceptible to spoof attacks.

Example 9: (Attacking biometric identifiers.) It has been demon-strated that it is possible (although difficult and cumbersome andrequires the help of a legitimate user) to construct artificial fin-gers/fingerprints in a reasonable amount of time to circumventa fingerprint verification system.

The term spoofing is often used to indicate a security attack where an attacker (even alegitimate user of a system), runs a program with a false login screen and the unsuspectinguser provides password and ID to an attacker. Several scenarios are possible in thissituation, which depend on the attacker’s strategy.

Example 10: (Spoofing.) The attacker can, after memorizing thepassword and ID, allow the user to enter the system. The at-tacker can later re-enter the system using the stolen passwordand ID. Or, the attacker can refuse to allow the user to continuestating, with a fake error message, that the system cannot allowaccess at this time. At this point in time, the fake control screenseizes, and the user is logged off. The attacker, at a later pointin time, logs onto the screen using the falsely obtained user IDand password. This is spoofing.

Intellectual property protection. One of the ways of protection the intellectual propertyrights using biometric data is known as a watermarking.


Example 11: (Watermarking.) Watermarking is defined as amechanism for embedding specific data into host data. Thisspecific data must satisfy a number of requirements, in partic-ular: author (source, the used tools, technique, etc.) identifi-cation, and being difficult to detect and remove. The goal ofwatermarking is to protect the intellectual property rights of thedata. In certain applications, such as integrated circuit printedboards, as well as some documents, biometric data is used as awatermark.

6 Leading biometric technologies

Some of the more traditional uses of physiological and behavioral characteristics aregiven in Fig. 7. Today biometric systems can achieve the following error rates:

Error rates of some biometric systems

◮ Fingerprint identification system: of 1 in 105 using a single fingerprint,

◮ Iris identification system: of 1 in 106 using a single iris,

◮ Facial identification system: of 1 in 103 using a single face appearance.

In order to uniquely identify one person in a population, for example, of 50 million, afingerprint system should use at least four fingers per person, and an iris system shoulduse both eyes. Facial biometrics could not provide a sufficient accuracy of identifica-tion of this population. However, facial identification system can be used in one-to-onecomparison as an aid to identity checking, for example, for passport holders.

The applicability of a specific biometric technique depends heavily on the require-ments of the application domain. No single technique can outperform all the others inall operational environments. In this sense, each biometric technique is admissible, andthere is no optimal biometric characteristic.

Example 12: (Comparison.) It is well known that both thefingerprint-based and iris-based techniques are more accuratethan the voice-based technique. However, in a telebanking ap-plication, the voice-based technique may be preferred, since itcan be integrated seamlessly into the existing telephone system.

Advantages and disadvantages of biometrics are discussed in Section 10, “Furtherstudy”.


LEADING BIOMETRIC TECHNOLOGIES

Facial recognition attempts to identify a subject based on facial characteristics (eye socketposition, space between cheekbones, etc.).

Fingerprint recognition systems rely on the biometric device’s ability to distinguish theimpressions of ridges and valleys made by an individual’s finger.

Hand geometry solutions take more than 90 dimensional measurements to record an accuratespatial representation of an individual’s hand. The geometry of the hand is not known tobe very distinctive and may not be invariant during the growth period of children. Thephysical size of a hand geometry-based system is large, and it cannot be embedded incertain devices like laptops.

Palmprint recognition is based on the palms of the human hands that contain pattern ofridges and valleys (like the fingerprints) and additional distinctive features such as principallines and wrinkles. When using a high-resolution palmprint scanner, all the features ofthe palm such as hand geometry, ridge and valley features, principal lines, and wrinklesmay be combined to build a highly accurate biometric system.

Iris scanning/recognition uses a camera mounted between three and 10 feet away fromthe person to take a high definition photograph of the individual’s eyes. It then analyzesof two-three hundreds different points of data from the trabecular meshwork of the iris.

Retina scanning/recognition involves an electronic scan of the retina, the innermost layerof the wall of the eyeball.

Signature dynamics/recognition not only compares the signature itself, but also markschanges in speed, pressure and timing that occur during signing.

Keystroke dynamic techniques measure dwell time (the length of time a person holds downeach key) as well as flight time (the time it takes to move between keys). Taken over thecourse of several login sessions, these two metrics produce a measurement of rhythm toeach user.

Voice/speaker recognition techniques digitize a profile of a person’s speech into a templatevoiceprint and stores it as a table of binary numbers. During authentication, the spokenpassphrase is compared to the previously stored template.

Gait recognition is defined as the identification of a person through the pattern produced bywalking. Gait has particular advantages over other biometrics: it can be used at a distance,uses no additional skills on the part of the subject, and may be performed without thesubject’s awareness or active participation. Gait is not supposed to be very distinctive,but is sufficiently discriminatory to allow verification in some low-security applications.

Ear recognition attempts to identify a subject based on the shape of the ear and the structureof the cartilegenous tissue of the pinna. Ears are characterized by a stable structure thatis preserved from birth well into old age. The features of an ear are not expected to bevery distinctive in establishing the identity of an individual.

Fig. 7: Leading biometric technologies.


7 Applications

As mention in Section 3, there are two basic applications of biometric technology:

◮ Verify if I am someone enrolled in the system (called a positive identification)

◮ Verify if I am not someone enrolled in the system (called a negative identifi-cation).

Recall that for positive identification, the user will generally claim an identity bygiving a name or an ID number, then submit a biometric measure. That measure iscompared to the previously submitted measure to verify that the current user is theone enrolled under the claimed identity. The purpose of positive identification is toprevent multiple users from claiming a single identity. There are numerous non-biometricalternatives in such applications, such as ID cards, PINs and passwords. Consequently,use of biometrics for positive identification can be made voluntary, and those not wishingto use biometrics can verify identity in other ways.

Example 13: (Immigration and naturalization service.) The U.S.Immigration and Naturalization Service Passenger AcceleratedService System (INSPASS), in use at airports, is an example ofvoluntary, positive-identification biometric system.

In negative identification, a user claims not to be previously enrolled in the systemand submits a biometric measure, which is compared to all others in the database. Ifa match is not found, the user’s claim of non-enrollment is verified. The purpose ofnegative identification is to prevent claims of multiple identities by a single user. Thereare no reliable non-biometric alternatives in such applications. The use of biometrics innegative identification applications must be mandatory.

Example 14: (Driver’s licensing.) Biometric identification fordriver’s licensing in many U.S. states and welfare eligibility ver-ification in several states are examples of mandatory, negative-identification biometric systems.

Some biometric systems use both positive and negative identification.The problem of identification of Internet voters is one of both positive and nega-

tive identification. Negative identification would be required if we wished to preventmultiple registrations of the same person. Positive identification would be required toidentify the person casting the vote as the registered voter.


Negative identification must be mandatory for all voters. In the case ofInternet voting, multiple Internet registrations could be prevented by the mandatorybiometric identification of all Internet voters at registration. This would not requiremandatory identification of non-Internet voters if we were willing to allow for the pos-sibility of fraud through both Internet and paper registration of the same voter underdifferent identities.

Internet registration with the submission of a biometric identifier could not be se-curely done over the Internet, but would require “in person” registration and the col-lection of the biometric identifier by trained and trusted persons. This identifier wouldbe placed in a database under the control of the jurisdiction. Upon verification that theregistering voter is not already in the database, a voter ID number, code or PIN couldbe issued. Biometric identification and specialized hardware at the time of voting wouldnot be required for negative identification.

Positive identification by Internet voters using biometrics would require that bio-metric measures be previously registered “in person” with the jurisdiction and wouldrequire standardized biometric collection hardware and software on the computer usedfor voting. Positive biometric identification might be used on a voluntary

basis to replace other types of PIN or password identification. An added problem is theoccasional failure of all biometric techniques to recognize properly registered users.

Example 15: (Security system ID cards and Internet voting.)The State of Connecticut Social Service and Philippine SocialSecurity System ID cards, for instance, require negative identi-fication for issuance, but store fingerprint templates on the cardfor later positive identification applications.In 1999, the State of California created an Internet Voting TaskForce to study the possibility of casting votes over the Internet.The task force found that one of the obstacles to Internet votingwould be the identification of the person casting the vote.

7.1 Privacy issues

A biometric sensor takes a signal from a user which is transformed by a computer insome proprietary way to a template. A template is a collection of numbers (a vector)deemed to be adequately different between individuals and adequately stable over timefor a single individual. Generally, the original image is discarded, and only the templateis stored by the system. In almost all cases, the original image cannot be recreated fromthe template.

Nothing inherent in a biometric system can identify a person by name, citizenship,age or race. If a system must know any of these items, they must be established through


external means, such as birth certificates and drivers licenses. Consequently, use ofbiometrics to establish “real” identities is only as reliable as the source documentation.

Example 16: (Applications of biometrics.) Biometric systemscannot be used to establish that social service recipients are el-igible for benefits beyond showing that they have not claimedmultiple identities (negative identification) or have not falselyclaimed the identity of a true beneficiary (positive identifica-tion).

Because a biometric system cannot know who you really are, use of biometrics tosupport anonymous transactions becomes real possibility for applications, such as bank-ing.

Example 17: (Biometrics to support anonymous transactions.)(a) A credit card could carry one of your biometric measuresinstead of your name. (b) Images cannot generally be recon-structed from templates (which are just a series of numbers),system administrators cannot generally obtain any informationabout users in any humanly recognizable form.

Consequently, biometric identification technology is, at worst, neutral with regard toprivacy.

7.2 Choosing biometrics for business case

All security systems require the expenditure of time, energy and money. Biometric sys-tems are certainly no different in this regard. They are not free in any sense. Manyfailed biometric efforts do so, not because of deficiencies in the technology, but becausethe business case was not sufficient in the first place to justify the required expenditures.Fascination with the technology is not a sufficient business case. For positive identifica-tion applications, alternatives to biometrics exist that might be faster, cheaper and moreseamlessly integrated into existing systems.

The most successful biometric implementations are those that replace existing sys-tems deemed too expensive or problematic to the administrators, or too cumbersome tothe users. Other alternatives exist in these situations, but biometric identification hasproved faster, cheaper and easier for all concerned.

Other successful implementations occur when the system management has carefullyassessed the alternatives and is prepared to do the work necessary to make the systemseffective. In Fig. 8, we cite the summary on business case consideration, prepared at theNIST (National Institutes for Standards), USA.


Preparing the business case∗

◮ Alternatives to biometric identification exist in positive ID

applications.

◮ All security systems, even biometrics, require time, money and energy

to set up and run. In addition to set-up and operational costs,

system throughput rates must be carefully considered. Enrollment

sessions for all users is almost always required.

◮ Not all people will be able to use any biometric system successfully

every time. This implies that backup systems for exception handling

will always be required.

◮ Studies of user attitudes regularly show user acceptance of biometric

technology to well exceed 90%. Nonetheless, there will always be a

very few people who object to any new technology.

◮ Hardware/software integration will prove to be the hardest task.

Biometric technologies are not ‘‘plug and play". Even ideal

technologies will fail if the devices cannot talk to the database

or open the gate. System integration may require changes in other

pieces of hardware not considered at first glance to be part of the

biometric technology.

◮ Know the history and track record of the technology vendor.

Commercial products and vendors are in a continual flux. The

technology you invest in today may not have vendor support next

year.

◮ The addition of biometrics, or substitution for another component,

will inevitably lead to a change in your business processes.

Beyond the software/hardware integration is the most daunting

problem of integrating the use of biometrics into the existing

processes.

If the finished business system is not more efficient than the alternatives,

the use of biometrics will be seen as a mistake.

∗James L. Wayman, Editor, National biometric test center collected works

1997-2000, NIST Institute, p. 280

Fig. 8: Preparing the business case.


8 Summary of biometrics technologies

A biometric system should meet the specified recognition accuracy, speed, and resourcerequirements, be harmless to the users, be accepted by the intended population, and besufficiently robust to various fraudulent methods and attacks to the system. The keyaspects of this introduction to biometric system design are as follows:

(a) Verification and identification (also known as authentication) are both usedto declare the identity of a user.

(b) Biometric system is an application-specific computer system. Application-specifictechniques (pattern recognition methods, algorithms, and programs) are imple-mented using efficiency organized hardware platform.

(c) Biometric data are characterized by the universality, unique, permanency, con-testability, reliability, and acceptability. Biometric system operates by acquiringbiometric data from an individual, extracting a feature set from the acquired data,and comparing this feature set against the template set in the database.

The main conclusions of this lecture are as follows:

◮ In a verification (authentication) system, the individual to be identified has toclaim his/her identity (Am I whom I claim to be?), and this template is thencompared to the individual’s biometric characteristics. The system conducts one-to-one comparisons to establish the identity of the individual.

◮ In an identification system, an individual is recognized by comparing his/her tem-plate with an entire database of templates to find a match. The system conductsone-to-many comparisons to establish the identity of the individual. The personto be identified does not have to claim an identity (Who am I? ).

◮ Identity verification is typically used for positive recognition, where the aim is toprevent multiple people from using the same identity.

◮ Identification is a critical component in negative recognition applications wherethe system establishes whether the person is who he/she (implicitly or explicitly)denies to be. The purpose of negative recognition is to prevent a single personfrom using multiple identities.

◮ Biometrics enable a prospective approach to support anonymous transactions. Thisis because a biometric system cannot know who you really are.


9 Historical perspective

1880: Alphonse Bertillon, chief of the criminal identification division of the police department inParis, developed and then practiced the idea of using a number of body measurements toidentify criminals, in particular, the potential of the human ear for personal identification.Ears have played a significant role in forensic science for many years, especially in theUnited States, where an ear classification system based on manual measurements hasbeen developed by Iannarelli, and has been in use for more than 40 years, although thesafety of ear-print evidence has recently been challenged in the Courts.

1888: Francis Galton proposed a formal method of classifying faces (“Personal identificationand description”, in Nature, June 21, 1888, pp. 173–177). He proposed collecting fa-cial profiles as curves, finding their norm, and then classifying other profiles by theirdeviations from the norm. The classification was to be multi-modal, i.e. resulting in avector of (hopefully) independent measures that could be compared with other vectorsin a database.

Early 1970s: Automated systems for fingerprint recognition have been made commercially avail-able.

10 Further study

Advanced topics of biometrics

The successful installation of a biometric systems in various applications does not imply that itfully solves the problem of individual identification. There is plenty of scope for improvementin biometrics. Researchers are currently addressing issues related to reducing error rates, aswell as looking for ways to enhance the usability of biometric systems.

Topic 1: Fundamentals. An introduction to biometrics can be found in papers by Jain et.al. [32] and collection of papers edited by Jain et al. [33, 35]. State-of-the-art trends inbiometrics are discussed in the book by Zhang [95]. The Guide to Biometrics by Bolle etal. [8] provides the reader with practical aspects and recommendation on developmentof biometric devices and systems. The authors of [92] introduced their vision on theproblem of identity assurance in biometrics.

Data fusion is aimed at improvement of the reliability of biometric devices and sys-tems and is of special interest in today’s biometrics. Clark and Yuille [17] introducedtechniques for data fusion for sensory systems. Prabhakar and Jain [63] proposed analgorithm for decision-level fusion in fingerprint verification. Details of error rates ofsome biometric systems can be found in [8, 16, 19, 32, 34, 42].

Fundamentals of image processing can be found in [26]. Practical MATLAB implemen-tation useful in synthesis of biometric data can be found in [27].


Topic 2: Artificial intelligence support of decision making in biometric systems. Incollection of papers [35], the biometric techniques based on artificial intelligence paradigmare introduced.

Topic 3: Security. Chirillo and Blaul [16] introduced the fundamentals of implementationof biometric security. Jain and Uludag [36] introduced the concept of hiding biometricdata. Ratha et al. [66] introduced the technique for enhancing security and privacy inbiometrics-based authentication systems based on the concept of cancellable biometricsdata.

Topic 4: Testing, standards, and synthetic benchmarks. Testing of biometric devicesand systems is considered in [45, 46, 47]. Matsumoto et al. Studies on the impactof gummy fingers on fingerprint systems are known too. Tilton [81] discussed variousapproaches to biometric standards development. Wayman [86] introduces the Federalbiometric technology legislation.

Topic 5: Signature and keystroke dynamic analysis and synthesis. Modeling of skilledforgers was the focus of many studies. In particular, in 1977 Nagel and Rosenfeld [54] pro-posed an algorithm for detection of freehand forgeries. Ammar [1] analyzed the progressin this area. Brault and Plamondon [9] studied a modelling of dynamic signature forgery.Rhee et al. [68] proposed an algorithm for on-line signature verification and skilled forg-eries modeling. A comprehensive survey on modeling, on-line, and off-line handwritingrecognition can be found in a paper by Plamondon and Srihari [62]. Fundamentals ofhandwriting identification can be found in the book by Huber and Headrick [31]. Com-prehensive references to various aspects of signature-based identification system designare included in [43, 55]. Bergadano et al. [4] reported results on application of keystrokedynamics technique. A keystroke-based authentication algorithm has been described byObaidat and Sadoun [58].

Topic 6: Iris and retina. Various aspects of iris-based identification have been developed,in particular, in [18, 19, 87, 88]. A paper by Hill [30] is useful for design of retina-based identification devises. Each iris has a unique and complex patterns such thateven a person’s right and left iris patterns are completely different. The iris is stablethroughout one’s life. As with the iris, the retina forms a unique patterns that begins todecay quickly after death.

Topic 7: Fingerprint analysis and synthesis. A paper by Bery [5] introduces the his-tory of fingerprinting. The experience of fingerprint system design reflect the way thatfingerprints have been matched manually over the years by seeking to identify minutiaefeatures and their relative position within the print. These days, automatic fingerprintidentification (AFIS) computer matching system drastically reduce the time needed toscan very large databases of fingerprints and produce potential matches.

Cappelli et al. [12, 13, 14] developed an effective and robust algorithm for generation of


synthetic fingerprints. Various techniques of fingerprint identification have been studiedin [25, 42, 52, 53, 65, 85].

Topic 8: Facial analysis and synthesis. Blanz and Vetter [7] have developed a morphablemodel for the synthesis of 3D faces. Plenty of techniques that are useful in synthesis andanalysis of facial expressions have been proposed in [10, 15, 22, 39, 72, 82, 94]. A facialthermogram uses an infrared camera to scan a person’s face. Plastic surgery does notchange a thermogram. Time does not alter a thermogram. However, alcohol and drugconsumption can radically change a person’s thermogram.

Topic 9: Voice verification and speech synthesis. Voice verification is one of the earlybiometric examples as commercially available products. The principle behind voice verifi-cation is that the physical construction of an individual’s vocal chords, vocal tract, palate,teeth, sinuses, and tissue within the mouth will affect the dynamic of speech. Speech syn-thesis is, perhaps, the oldest among biometric automated synthesis techniques, and has avast variety of techniques and implementations. Current trends in design of speech-basedbiometric systems are discussed by Reynolds [67].

Topic 10: Ear. Unlike faces, ears do not change shape with different expressions or age.Hair is not a problem because infrared band can be used. An introduction to this typeof biometrics can be found in the overview by Burge and Burger [11]. Force field modelfor ear biometrics have been developed by Hurley [29].

Topic 11: Hand geometry is defined as a surface area of the hand or fingers and corre-sponded measures (length, width, and thickness). Zunkel [97] introduced an algorithmfor hand geometry based authentication. This direction is studied by Zhang [95], Sanchezet al. [70], and Kumar et al. [40].

Topic 12: Palmprint. The inner surface of the hand from the wrist to the root of fingersis called the palm. Palmprint is represented on the surface by topological combinationof three types of lines: flexure lines, papillary ridges, and tension lines. Automaticpalmprint authentication techniques have been developed by Zhang [96], Han et al. [28],Duta et al. [21], Kumar et al. [40], and Shu et al. [75]. The concept of an eigenspace wasused by Zhang [96] in modeling of palprints using eigenpalms (a palprint in the trainingset was represented by an eigenvector).

Topic 13: Intellectual property protection. In [36], the security of the biometric databased on encryption have been analyzed. The idea was to apply an encryption to thebiometric templates. Pankanti and Yeung [61] proposed an algorithm for verificationwatermarks based on fingerprint recognition technique. Wolfgang and Delp [89, 90] an-alyzed image watermarking with biometric data and trends in this direction. Uludag etal. [83] have discussed so-called biometric cryptosystems which are traditional cryptosys-tems with biometric components. This paper can be recommended as an introductionto biometric cryptosystems. Lach et al. [41] proposed an watermarking algorithm using


fingerprints for field programmable gate arrays (FPGA). Yu et al. [93] investigated arobust watermarking technique for 3D facial models based on a triangular mesh. In thisapproach, watermark information is embedded into a 3D facial image by perturbing thedistance between the vertices of the model to the center of the model. Bas et al. [3]developed a so-called content based method of watermarking and demonstrated usefulproperties in design of robust watermarking algorithms. Shieh et al. [73] used an evolu-tionary strategy (a genetic algorithm) to optimize a watermarked image in the spectraldomain with respect to two criteria: quality and robustness2

Topic 14: Convergent technologies refers to the synergy of various rapidly progressingdirections of science and technology, in particular, nanoscience and nanotechnology,biotechnology and biomedicine, and biometric technology. Convergent technologies arefields where synthetic data play a crucial role, particularly, in human-machine interfaces.The idea is to measure and simulate processes observed at the neuron level. The brain-machine interfaces provide the interaction with the neural system, that is a non-muscularcommunication and control channel for conveying messages and commands to an externalworld.

There are several effects which can be measured to evaluate neuron activity, in particular,cardiovascular and electrophysiological effects. A brain-machine technology might bebased on monitoring brain activity using the following measurement techniques:

◮ EEG,◮ Magnetoencephalography,◮ Position emission tomography,◮ Functional magnetic resonance imaging, and◮ Video imaging.

These techniques can be used in the brain-machine interfaces. However, there are severalconstraints to the above techniques. For example, because the basic phenomena measuredby position emission tomography, functional magnetic resonance imaging, and visual-based methods is blood flow change, it is difficult to achieve real-time communication.Review on brain-machine technology can be found in Wolpaw et al. paper [91]. Detailsof experimental studies can be found, in particular, in the papers by Millan [49, 50], andKostov and Polak [38]. Converging technologies for improving human performance havebeen discussed in [69]. Oliver et al. [60] developed an algorithm for facial expressionrecognition based on face and lip movement. Sproat [76] proposed a multilingual text-to-speech synthesis algorithm.

Topic 15: Advantages and disadvantages of biometrics. Advantages and disadvantagesof biometrics can be examined with respect to two groups of applications:

2 Robust watermarks should survive various attacks, for example, attacks in the spectral domain (low-pass and/or median filtering, adding white noise, etc.), or attacks in the spatial domain by topologicaldistortions (affine transforms, re-meshing, local deformations, cropping, etc.).


◮ The commercial positive recognition applications; they may work either in the verifi-cation or the identification modes, and

◮ Forensic negative recognition applications; they require identification.

The traditional technologies for a positive recognition include PINs and passwords, aswell as token-based methods (keys and cards). People tend to set their passwords thatthey can easily remember, such as names and birthdays of family members, favoriteevents or music stars. Such passwords are easy to guess or social engineering or even asimple brute force attack can be used instead. Although it is advisable, to keep differentpasswords for different applications and change them frequently. However, many peopleuse the same password across different applications and never change them. If such apassword is compromised, it may result in a security breach in many applications.

Example. Keys and tokens can be stolen, duplicated, or lost. An attacker may also make a“master” key that may open many locks. It is significantly more difficult to copy, share,and distribute biometrics. Biometrics cannot be lost or forgotten.

When a biometric system is required to be operated in an identification mode insteadof the verification mode, for the added convenience of not requiring the users to claiman identity, the speed is considered as the biggest problem while the number of usersof an identification application increases. However, the identification accuracy can alsobecome problematic.

Example. Consider an identification application with 10 000 users. A fast fingerprint matchingalgorithm and special purpose hardware capable of making an identification in a fewseconds while having 10% of false acceptance. This implies that an impostor has achance of gaining access to the system by simply using all of the ten fingers on his/hertwo hands.

Therefore, while small- to medium-scale commercial applications (a few hundred users)may still use single biometric identification, building a highly accurate identificationsystem for large scale applications requires using to be a multimodal biometric system.

Example. A system may combine face and fingerprint of a person or fingerprints from multiplefingers of a person for recognition.

Negative recognition is used in government and forensic applications, in particular, foremployee background checking and preventing terrorists from boarding airplanes, thepersonal recognition is required to be performed in the identification mode. Achievingthe same accuracy in an identification system as in a verification system is a much harderproblem due to the large number of comparisons that are required to be performed. Forexample,

Although multimodal biometric systems can significantly improve the identification accu-racy, exclusively relying on automatic biometric systems for negative identification maybe unfeasible. For example, face recognition may be preferred for an airport application


because faces can be acquired covertly. However, the number of misses and false alarmswill be considerably higher than in fingerprint recognition, given the rather poor accu-racy of face identification systems, especially in environments with complex backgroundand varying lighting conditions.

While biometric systems may not yet be extremely accurate to support large-scale iden-tification applications, they are the only choice for negative recognition applications.Recognition tools such as passwords and PINs are not at all useful for negative recogni-tion applications. In the latter, a semi-automatic mode where a human operator exam-ines all the alarms generated by the biometric system for the final decision, can be quiteeffective.

Example. An automatic fingerprint identification system (AFIS) is typically used by lawenforcement agencies only to narrow down the number of fingerprint matches to beperformed by a human expert from a few million to a few hundred. The forensic expertsalways make the final decision. Use of biometrics in negative recognition applicationsdoes not infringe upon the civil liberties of individuals since: the recognition system doesnot keep a record of persons who are not in the criminal database already. Nevertheless,appropriate legislation is required to protect the abuse of such systems.

References

[1] Ammar M. Progress in verification of skillfully simulated handwritten signatures. PatternRecognition and Artificial Intelligence, 5:337–351, 1993.

[2] Anbar M., Gratt B. M., and Hong D. Thermology and facial telethermology. Part I.History and technical review. Dentomaxillofacial Radiology, 27(2):61–67, 1998.

[3] Bas P., Chassery J-M., and Macq B. Image watermarking: an evolution to content basedapproaches. Pattern Recognition, 35:545–561, 2002.

[4] Bergadano F., Gunetti D., and Picardi C. User authentication through keystroke dy-namics. ACM Trans. Information and System Security, 5(4):367–397, 2002.

[5] Bery J. The history and development of fingerprinting. In Lee H. C. and Gaensslen R.E., Eds. Advances in Fingerprint Technology, pp. 1–38, CRC Press, Boca Raton, FL,1994.

[6] Bharadwaj P. and Carin L. Infrared-image classification using hidden Markov trees.IEEE Trans. Pattern Analysis and Machine Intelligance, 24(10):1394–1398, 2002.

[7] Blanz V. and Vetter T. A morphable model for the synthesis of 3D faces, In RockwoodA, Ed., Computer Graphics Proceedings, pp. 187–194, Addison Wesley Longman, Boston,1999.


[8] Bolle R., Connell J., Pankanti S., et al. Guide to Biometrics. Springer, Heidelberg, 2004.

[9] Brault J. J. and Plamondon R. A complexity measure of handwritten curves: modellingof dynamic signature forgery. IEEE Trans. Systems, Man and Cybernetics, 23:400–413,1993.

[10] Brunelli R. and Poggio T. Face recognition: features versus templates. IEEE Trans.Pattern Analysis and Machine Intelligence, 15(10):1042–1052, 1993.

[11] Burge M. and Burger W. Ear biometrics. In Jain A, Bolle R, and Pankanti S, Eds., Bio-metrics, Personal Identification in Networked Society, pp. 273–285, Kluwer, Dordrecht,1999.

[12] Cappelli R., Lumini A., Maio D., and Maltoni D. Fingerprint classification by directionalimage partitioning. IEEE Trans. Pattern Analysis and Machine Intelligence, 21(5):402–421, 1997.

[13] Cappelli R. Synthetic fingerprint generation. In Maltoni D, Maio D, Jain AK, PrabhakarS, Eds., Handbook of Fingerprint Recognition, pp. 203–232, Springer, Heidelberg, 2003.

[14] Cappelli R., Maio D., and Maltoni D. Synthetic fingerprint-database generation. In Proc.16th Int. Conf. Pattern Recognition, vol. 3, pp. 744–747, Canada, 2002.

[15] Chellappa R., Wilson C. L., and Sirohey S. Human and machine recognition of faces: asurvey. Proceedings of the IEEE, 83(5):705–740, 1995.

[16] Chirillo J. and Blaul S. Implementing Biometric Security, John Wiley & Sons, NewYork, 2003.

[17] Clark J. and Yuille A. Data Fusion for Sensory Information Processing Systems. Kluwer,Dordrecht, 1990.

[18] Cui J., Wang Y., Huang J., Tan T., Sun Z., and Ma L. An iris image synthesis methodbased on PCA and super-resolution, In Proc. Int. Conf. . Pattern Recognition, 2004.

[19] Daugman J. Recognizing persons by their iris pattern. In Jain A. K., Bolle R. M.,and Pankanti S., Eds., Biometrics: Personal Identification in Networked Society, pp.103–122. Kluwer, Boston, MA, 1999.

[20] Duc B., Fisher S., and Bigun J. Face authentication with Gabor information on de-formable graphs. IEEE Trans. Image Processing, 8(4):504–516, 1999.

[21] Duta N., Jain A. K., and Mardia K. V. Matching of palmprints, Pattern RecognitionLetters, 23(4):477–485, 2001.


[22] Fua P. and Miccio C. Animated heads from ordinary images: a least-squares approach,Computer Vision and Image Understanding, 75(3):247–259, 1999.

[23] Fujimasa I., Chinzei T., and Saito I. Converting far infrared image information to otherphysiological data. IEEE Engineering in Medicine and Biology Magazine, 19:71–76,May/June 2000.

[24] Gaussorgues G. Infrared Thermography. In Microwave Technology Series 5, Chapmanand Hall, London, 1994.

[25] Germain R. S., Califano A., and Coville S. Fingerprint matching using transformationparameter clustering. IEEE Computational Science and Engineering, pp. 42–49, Oct.-Dec. 1997.

[26] Gonzalez R. C., Woods R. E., and Eddins S. L. Digital Image Processing Using MATLAB.Pearson, Prentice Hall, 2004.

[27] Hamamoto Y. A Gabor filter-based method for identification. In Jain LC, Halici U,Hayashi I, Lee SB, and Tsutsui S, Eds., Intelligent Biometric Techniques in Fingerprintand Face Recognition, pp. 137–151, CRC Press, Boca Raton, FL, 1999.

[28] Han C. C., Chen H. L., Lin C. L., and Fan K. C. Personal authentication using palm-printfeatures. Pattern Recognition, 36(2):371–381, 2003.

[29] Hurley D. Force Field Feature Extraction for Ear Biometrics, In: Image Pattern Recog-nition: Synthesis and Analysis in Biometrics, S. N. Yanushkevich, P. S. P. Wang, M.L.Gavrilova, and S. N. Srihari, Eds., M. S. Nixon, Consulting Ed., World Scientific, 2007,pp. 183–205.

[30] Hill R. Retina identification. In Jain A. K., Bolle R. M., and Pankanti S., Eds., Bio-metrics: Personal Identification in Networked Society, pp. 123–142, Kluwer, Dordrecht,1999.

[31] Huber R. A. and Headrick A. Handwriting Identification: Facts and Fundamentals. CRCPress, Boca Raton, FL, 1999.

[32] Jain A. K., Ross A., and Prabhakar S. An introduction to biometric recognition, IEEETransa. Circuit and Systems for Video Technology, 14(1):4–20, 2004.

[33] Jain A., Pankanti S., and Bolle R., Eds., Biometrics: Personal Identification in Net-worked Society, Kluwer, Dordrecht, 1999.

[34] Jain A. K., Hong L., and Bolle R. M. On-line fingerprint verfication. IEEE Trans.Pattern Analysis and Machine Intelligence, 19(04):302–313, 1997.


[35] Jain L. C, Halici U., Hayashi I., Lee S. B., and Tsutsui S., Eds., Intelligent BiometricTechniques in Fingerprint and Face Recognition, CRC Press, Boca Raton, FL, 1999.

[36] Jain A. K. and Uludag U. Hiding biometric data. IEEE Trans. Pattern Analysis andMachine Intelligence, 25(11):1494–1498, 2003.

[37] Keyserlingk J., Ahlgren P., Yu E., et al. Functional infrared imaging of the breast. IEEEEngineering in Medicine and Biology Magazine, 19:30–41, May/June 2000.

[38] Kostov A. and Polak M. Parallel man-mashine training in development of EEG-basedcursor control. IEEE Trans. Rehabilitation Engineering, 8:203–204, 2000.

[39] Kumar V. P., Oren M., Osuna E., and Poggio T. Real time analysis and tracking ofmouths for expression recognition. In Proceedings DARPA98, pp. 151–155, 1998.

[40] Kumar A., Wong D. C. M., Shen H. C., and Jain A. Personal verification using palmprintand hand geometry biometric. Lecture Notes in Computer Science, vol. 2688, pp. 668–678, 2003.

[41] Lach J., Mangione-Smith W. H., and Potkonjak M. Fingerprinting techniques for field-programmable gate array intellectual property protection. IEEE Trans. Computer AidedDesign of Integrated Circuits and Systems, 20(10):1253–1261, 2001.

[42] Lee H. C. and Gaensslen R. E, Eds., Advances in Fingerprint Technology. CRC Press,Boca Raton, FL, 1994.

[43] Lee L. L, Berger T., and Aviczer E. Reliable on-line human signature verification systems.IEEE Trans. Pattern Analysis and Machine Intelligence, 18(6):643–647, 1996.

[44] Luo Q., Nioka S., and Chance B. Functional near-infrared image. In B. Chance and R.Alfano, Eds., Optical Tomography and Spectroscopy of Tissue: Theory, Instrumentation,Model, and Human Studies, Proceedings SPIE, 2979:84–93, 1997.

[45] Maio D., Maltoni D., Cappelli R., et al. FVC2000: fingerprint verification competition.IEEE Trans. Pattern Analysis and Machine Intelligence, 24(3):402–412, 2002.

[46] Mansfield T., Kelly G., Chandler D., and Kane G. Biometric product testing final report.Issue 1.0. National Physical Laboratory of UK, 2001.

[47] Mansfield A. and Wayman J. Best practice standards for testing and reporting onbiometric device performance. National Physical Laboratory of UK, 2002.

[48] Matsumoto H., Yamada K., and Hoshino S. Impact of artificial gummy fingers on fin-gerprint systems, In Proceedings SPIE, Optical Security and Counterfeit DeterrenceTechniques IV, 4677:275–289, 2002.


[49] Millan J. R. Adaptive brain interfaces. Communication of the ACM, 46:74–80, 2003.

[50] Millan J. R. Brain-computer interfaces. In Arbib M. A., Ed., Handbook of Brain Theoryand Neural Networks, pp. 178–181, MIT Press, Cambridge, Massachusetts, 2002.

[51] Hutton M. D., Rose J., Grossman J. P., and Corneil D. G. Characterization and pa-rameterized generation of synthetic combinational benchmark circuits. IEEE Trans.Computer-Aided Design of Integrated Circuits and Systems, 1999.

[52] Moayer B. and Fu K. S. A synatactic approach to fingerprint pattern recognition. PatternRecognition, vol. 7, pp. 1–23, 1975.

[53] Moayer B. and Fu K. S. A tree system approach for fingerprint pattern recognition.IEEE Trans. Computers, 25(3):262–274, 1976.

[54] Nagel R. N. and Rosenfeld A. Computer detection of freehand forgeries. IEEE Trans.Computers, 26(9):895–905, 1977.

[55] Nalwa V. S. Automatic on-line signature verification. Proceedings of the IEEE, 85(2):215–239, 1997.

[56] Nanavati S., Thieme M., and Nanavati R. Biometrics. Identity Verification in a Net-worked World. John Wiley & Sons, New York, 2002.

[57] Nashed M. Z. and Scherzer O., Eds., Inverse Problems, Image Analysis, and MedicalImaging. American Mathematical Society, Providence, Rhode Island, 2002.

[58] Obaidat M. S. and Sadoun B. Keystroke dynamics based authentication. In Jain A. K.,Bolle R. M., and Pankanti S., Eds., Biometrics: Personal Identification in NetworkedSociety, pp. 218–229, Kluwer, Boston, MA, 1999.

[59] Oliveira C., Kaestner C., Bortolozzi F., and Sabourin R. Generation of signatures bydeformation, In Proceedings of the BSDIA97, pp. 283–298, Curitiba, Brazil, 1997.

[60] Oliver N., Pentland A. P., and Berard F. LAFTER: a real-time face and lips trackerwith facial expression recognition, Pattern Recognition, 33(8):1369–1382, 2000.

[61] Pankanti S. and Yeung M. M. Verification watermarks on fingerprint recognition andretrieval, In Proceedings SPIE 3657:66–78, 1999.

[62] Plamondon R. and Srihari S. N. On-line and off-line handwriting recognition: a com-prehensive survey. IEEE Trans. Pattern Analysis and Machine Intelligence, 22:63–84,2000.

[63] Prabhakar S. and Jain A. K. Decision-level fusion in fingerprint verification. PatternRecognition, 35(4):861–874, 2002.


[64] Prokoski F. J. and Riedel R. B. Infrared identification of faces and body parts. In JainA., Bolle R., and Pankanti S., Eds., Biometrics: Personal Identification in NetworkedSociety, Kluwer, Dordrecht, 1999, pp. 191–212.

[65] Ratha N. K., Karu K., Chen S., and Jain A. K. A real-time matching system for largefingerprint database. IEEE Trans. Pattern Analysis and Machine Intelligence, 18(8):799–813, 1996.

[66] Ratha N., Connell J., and Bolle R. Enhancing security and privacy in biometrics-basedauthentication systems. IBM Systems Journal, 40(3):614–634, 2001.

[67] Reynolds D. A. Automatic speaker recognition: current approaches and future trends.In Proceedings of the IEEE AutoID2002, pp. 103–108, Tarrytown, NY, 2002.

[68] Rhee T. H., Cho S. J., and Kim J. H. On-line signature verification using model-guidedsegmentation and discriminative feature selection for skilled forgeries. In Proc. 6th Int.Conf. on Document Analysis and Recognition, pp. 645–649, 2001.

[69] Roco M. C. and Bainbridge W. S., Eds., Converging Technologies for Improving Hu-man Performance: Nanotechnology, Biotechnology, Information Technology and Cogni-tive Science. Kluwer, Dordrecht, 2003.

[70] Sanchez-Reillo R., Sanchez-Avilla C., and Gonzalez-Marcos A. Biometric identificationthrough hand geometry measurements. IEEE Trans. Pattern Analysis and MachineIntelligence, 22(10):1168–1171, 2000.

[71] Sekanina L. and Ruzicka R., Easily testable image operators: the class of circuits whereevolution beats engineers. In Lohn J, Zebulum R., Steincamp J., et al. Eds. Proc. 2003NASA/DoD Conf. Evolvable Hardware, Chicago, IL, pp. 135–144, IEEE Computer Press,2003.

[72] Senior A. A combintation fingerprint classifier. IEEE Trans. Pattern Analysis andMachine Intelligence, 23(10):1165–1174, 2001.

[73] Shieh C. S., Huang H. C., Wang F. H., and Pan J. S. Genetic watermarking based ontransform-domain techniques. Pattern Recognition, 37:555–565, 2004.

[74] Shmerko V., Perkowski M., Rogers W., Dueck G., and Yanushkevich S. Bio-technologiesin computing: the promises and the reality. In Proc. Int. Conf. Computational Intelli-gence Multimedia Applications, pp. 396–409, Australia, 1998.

[75] Shu W., Rong G., and Bian Z. Automatic palmprint verification, Int. J. of Image andGraphics, 1(1):135–151, 2001.

[76] Sproat R. W. Multilingual Text-to-Speech Synthesis: The Bell Labs Approach, Kluwer,Dordrecht, 1997.


[77] Stoica A., Lohn J., Katz R., et al. Eds. Proc. 2002 NASA/DoD Conf. Evolvable Hard-ware, Alexandria, VA, IEEE Computer Press, 2002.

[78] Stoica A. Robot fostering techniques for sensory-motor development of humanoid robots.J. Robotics and Autonomous Systems, Special Issue on Humanoid Robots, 37:127–143,2001.

[79] Stoica A. Learning eye-arm coordination using neural and fuzzy neural techniques. InTeodorescu H. N., Kandel A., and Jain L., Eds., Soft Computing in Human-RelatedSciences, pp. 31–61, CRC Press, Boca Raton, FL, 1999.

[80] Terzopolous D. T. Regularization of inverse visual problems involving discontinuities.IEEE Trans. Pattern Analysis and Machine Intelligence, 8(4):413–424, 1986.

[81] Tilton C. J. An emergin biometric standards. IEEE Computer Magazine. Special Issueon Biometrics, 1:130–135, 2001.

[82] Turk M. and Pentland A. Eigenfaces for recognition. J. Cognitive Neuro Science, 3(1):71–86, 1991.

[83] Uludag U., Pankanti S., Prabhakar S. B., and Jain A. K. Biometric cryptosystems: issuesand challenges Proceedings of the IEEE, 92(6):948–960, 2004.

[84] Villringer A. and Chance B. Noninvasive optical spectroscopy and imaging of humanbrain functions. Trends in Neuroscience, 20:435–442, 1997.

[85] Wang R., Hua T. J., Wang J., and Fan Y. J. Combining of Fourier transform andwavelet transform for fingerprint recognition. In Proceedings SPIE, vol. 2242, WaveletApplications, pp. 260–270, 1994.

[86] Wayman J. L. Federal biometric technology legislation. IEEE Computer 33(2):76–80,2000.

[87] Wildes R. P., Asmuth J. C., Green G. L., et al. A machine-vision system for iris recog-nition. Machine Vision and Applications, 9:1–8, 1996.

[88] Wildes R. P. Iris recognition: an emerging biometric technology. Proceedings of theIEEE, 85(9):1348–1363, 1997.

[89] Wolfgang R. B. and Delp E. J. A watermark for digital images. In Proc. IEEE Int. Conf.Image Processing, pp. 219–222, Lausanne, Switzerland, 1996.

[90] Wolfgang R. B. and Delp E. J. A Watermarking technique for digital imagery: furtherstudies. In Proc. Int. Conf. Imaging Science, Systems, and Technology, pp. 279–287, LasVegas, 1997.


[91] Wolpaw J. R., Birbaumer N., McFarland D. J., et al. Brain-computer interfaces forcommunication and control. Clinical Neurophysiology, 113:767–791, 2002.

[92] Woodward D. Jr. J., Orlands N. M., and Higgins P. T. Biometrics: Identity Assurancein the Information Age. McGraw-Hill/Osborne, Emeryville, CA, 2003.

[93] Yu Z., Ip H. H. S., and Kwok L. F. A robast watermarking scheme for 3D triangularmesh models. Pattern Recognition, 36:2603–2614, 2003.

[94] Zhang C. and Cohen F. S. 3-D face structure extraction and recognition from imagesusing 3-D morphing and distance mapping. IEEE Trans. Image Processing, 11(11):1249–1259, 2002.

[95] Zhang D. Automated Biometrics: Technologies and Systems. Kluwer, Dordrecht, 2000.

[96] Zhang D. Palmprint Authentication. Kluwer, Dordrecht, 2004.

[97] Zunkel R. Hand geometry based authentication. In Jain AK, Bolle RM, and PankantiS, Eds., Biometrics: Personal Identification in Networked Society, pp. 87–102, Kluwer,Dordrecht, 1999.

11 Problems

Problem 1: Give an example of biometric data with the following properties:

(a) Universal but not unique

(b) Universal and unique, but not permanent

(c) Permanent, universal, and unique, but not collectable

(d) Collectable and reliable, but not acceptable

(e) Collectable but not reliable

(f) Acceptable but not reliable

Problem 2: Answer the following questions, if you have used or seen others using a biometricdevice:

(a) Was the use of the device acceptable for you as a customer? Propose your ideas for serviceimprovement using these biometric devices.

(b) Call at least three reasons why biometric-based documents, such as passports and drivelicences, are more preferable in social infrastructure than traditional documents. Call atleast two reasons why biometric-based documents are not acceptable for society.

(c) Provide your vision on the following three basic characteristics of biometric devices andsystems: Performance, Acceptability, and Circumvention.


(d) Explain the affects of bad performance, unsatisfactory acceptability, and bad circumventionon a biometric system.

Problem 3: Define at least three advantages and three disadvantages of the following biometrics:(a) palmprint; (b) hand geometry; (c) retina;(d) signature; (e) ear; (f)] gait dynamic; (g) voiceand speech.

Problem 4: Consider biometric device for person identification using iris patterns. The devicefails to identify a person. List possible reasons why.HINT: the contact lenses or physical treatment of iris can be considered.

Problem 5: Given the sample of biometric features [2.5; 0.0; 1.3; 0.6], calculate:

(a) The sample mean,

(b) The sample variance and standard deviation,

(c) The sample median.

Problem 6: Recall the differences between identification and verification (authentication):

(a) Provide real-world examples from your life when you were identified or verified.

(b) Provide examples of applications in social infrastructure where verification is extremelyimportant.

(c) Recall the ethical problems of identification.

Problem 7: Use your knowledge of statistics to consider the following problem. The face of aperson that crosses the border check-point is represented in the face authentication system bythe vector of features, which includes 30 numbers (the size of the vector is 30), each representan encoded feature. In a data base, the face of a person is represented by the vector of featuresof size 50. Propose approaches to compare these two vectors.

Problem 8: Explain what kind of knowledge about the applications is required to develop a bio-metric system?

Problem 9: What kind of techniques are called the artificial intelligent techniques?

Problem 10: Recall the possible ways to enhance security and privacy in biometrics-based au-thentication systems.

Problem 11: Consider the following question on testing of biometric devices and systems: (a)Why the standardization of biometric systems is important? (b) Formulate some requirementsto synthetic benchmarks for testing biometric devices and systems.

Problem 12: Provide the arguments about using biometrics against password and PIN basedtechnology.

Date post:	03-May-2020
Category:	Documents
Upload:	others
View:	5 times
Download:	0 times

Fundamentals of Biometric System DesignHardware and software Biometric data are generated by humans...

Documents