BIOMETRICS

At the beginning of the 20th century, the federal government decided that U.S. Navy ships should be made out of steel. Up until that time, the steel industry looked promising, but no one wanted to take a chance on using the material. With the government's decision to replace its wooden navy ships with ones constructed from steel made to standardized specifications, steel sealed its future as a major commercial construction material.

At the beginning of the 20th century, the federal government decided that U.S. Navy ships should be made out of steel. Up until that time, the steel industry looked promising, but no one wanted to take a chance on using the material. With the government's decision to replace its wooden navy ships with ones constructed from steel made to standardized specifications, steel sealed its future as a major commercial construction material.

History is repeating itself a century later related to the 21st century technology of biometrics. Three years ago, the U.S. government decided to adopt biometric authentication systems for Homeland security and the prevention of identity theft. That decision led to an effort to develop specification standards for government agencies to use in requesting proposals for biometric technology — and will eventually translate into wider use of biometrics in the corporate world.

According to Frances Zelazny, a spokesperson for Identix Inc., a biometrics firm based in Minnetonka, Minn., a focus on standards is necessary to spur widespread government adoption of biometrics. “Governments around the world plan to install applications that will be used by seven to 10 million people to access government facilities in the United States and elsewhere,” she says.

Zelazny notes that 27 designated visa waiver countries will soon require travelers visiting the United States to embed facial biometrics on their passports. In addition, the European Union has moved to require fingerprint biometrics on passports issued to the international travelers among its 460 million people. In October, Zelazny continues, any U.S. government employee or contractor with access to federal facilities must have an identification card containing a biometric.

“Some of these government applications will push biometrics into the corporate world,” Zelazny says. “A [government contractor's] employee with access to federal facilities will have a biometric card. If I were the corporate security director of that large government contractor, my people would have these biometric cards. So why would I not use biometrics for access control in my facility?”

As long as these new biometric technologies can interoperate with each other and with other security technologies, they will become more popular. But interoperability will require that biometric vendors adhere to the standards employed by government systems.

In short, government adoption will prove that biometrics can fulfill a security need, while government-driven standards will ensure that one vendor's system will be able to operate with other vendors' systems. Both sides of the equation will play into further commercial adoption.

Over the years, standardized technologies in the security industry have proven difficult to come by. Today, interoperability is spotty, and unpleasant surprises are the rule. The standards development effort in the biometric industry aims to prevent such problems.

“Most of the standards being developed now have to do with interoperability,” Zelazny says. “Think of the phone jack in your wall. Every phone jack is the same shape. No matter what phone you buy, you can plug it into any wall jack, and the phone will work or interoperate with the wall connection.”

On the other hand, proprietary systems would enable vendors to raise prices. Standards force vendors to compete by balancing price and quality better, or at least differently, than the competition.

“Standards are important to large corporations where one office uses one biometric vendor and another office uses another,” Zelazny says. “If the two comply with standards, they can interoperate.”

Another reason for a security director to care about standards relates to the volatility of technology industries. If a corporation standardizes on one vendor's technology and that vendor goes out of business, what does the security director do when it comes time to replace aging devices?

The good news is that the U.S. government's need for biometric technologies is not that different from private industry's needs, but on a much larger scale. In the case of the government, it is necessary to authenticate millions of cardholders. Standards development aims to facilitate this authentication. If and when vendors adopt these standards, the benefits will flow to government security users as well as commercial security installations.

According to Donald Waymire, a senior associate in the technology consulting practice of Booz Allen Hamilton, McLean, Va., biometric vendors, government agencies, academia and research organizations are developing 22 to 24 national standards and more than 30 international standards.

Standards groups overseeing this work include the American National Standards Institute (ANSI) and the InterNational Committee for Information Technology Standards (INCITS) on the national side and the International Standards Organization (ISO) and the International Electrotechnical Commission (IEC) on the international side.

“All standards are of importance to the biometrics market and are driven by the marketplace needs,” Waymire says.

So what are the standards? Waymire groups the standards into eight categories:

• Biometric Technical Interfaces: This category standardizes the interfaces and interactions between one biometric system and another and between system components and sub-systems. This category also deals with the use of security mechanisms to protect stored data and data transferred between systems.

• Biometric Data Interchange Formats: These standards cover the content, meaning and representation of biometric data interchange formats for various kinds of biometric systems including fingerprint, iris, hand geometry and facial.

• Testing Standards: This category covers conformance testing and interoperability testing standards for the technical interface standards and biometric data interchange formats.

• Data Quality Standards: This standard considers the means by which the qualities of a biometric sample will be expressed, interpreted and measured.

• Biometric Application Profiles: This area sets standards for various biometric applications, such as point-of-sale, logical and physical access control, and Department of Defense applications.

• Biometric Performance Testing and Reporting: Committees working in this area aim to standardize biometric performance metric definitions and calculations.

• Multibiometric Fusion Methods: When two or more layers of biometrics are used, transactional data must be combined or fused to produce an authentication result. This standard deals with how different biometric modalities may be fused.

• Cross Jurisdictional and Societal Issues: This area looks at standardizing technical solutions to societal issues, such as privacy, related to biometric implementation.

Some standardization has already occurred in the outputs that fingerprint readers, hand geometry readers and iris readers send to access control systems. “Most of the leading biometric brands can send Wiegand outputs,” says Peter Boriskin, director of product management for access control with Lexington, Mass.-based Tyco Fire and Security. “Most, if not all, access control companies and security management systems can take Wiegand signals. So, in a sense, there is a de facto standard in this area.”

On the other hand, some systems are hampered by the lack of standards in other areas. “Without mentioning names, there is an access control system on the market now that reads cards and fingerprints,” Boriskin says. “If you present a valid card to the reader and a valid fingerprint, you can get in. The trouble is, the card and fingerprint do not have to be from the same person. This is called a print mismatch. There are a couple of mismatch issues that should be taken up by standards committees.”

Another standard that Boriskin recommends for consideration by standards committees covers the duress capabilities of systems. Suppose that an employee enrolls his or her pointer finger and thumb. The finger is used generally to get inside the building. But if someone is forcing the employee into a facility, using the thumbprint can open the door while signaling for help from security. “Not every Wiegand stream has a bit or a stream that can be associated with that kind of application,” Boriskin says.

Standards will eventually make it possible to evaluate biometric purchasing decisions. For the time being, however, standards will sometimes require corporate security directors to balance security needs against standards.

“I think that standards will provide important benefits,” says Bill Spence, strategic business unit manager for biometrics at Recognition Systems Inc., Campbell, Calif. “But that doesn't mean you should accept standards without question. Standards may occasionally drive manufacturers to the lowest common denominator — which means that something like performance might be given up in the process.”

Suppose, Spence continues, that a security director wants to use a minutiae-based template. The data from a standards-compliant system may not provide the security performance that the data from a proprietary system would provide. The problem may be in accuracy or a longer verification time.

Faced with a choice between standardized systems and proprietary systems, a security director will have to choose by comparing corporate security performance requirements with the capabilities of each system.

They will ultimately have to make the best decision possible in an imperfect world.

(bi´´o-met´riks) (n.) Generally, the study of measurable biological characteristics. In computer security, biometrics refers to authentication techniques that rely on measurable physical characteristics that can be automatically checked.

There are several types of biometric identification schemes:

• face: the analysis of facial characteristics
• fingerprint: the analysis of an individual’s unique fingerprints
• hand geometry: the analysis of the shape of the hand and the length of the fingers
• retina: the analysis of the capillary vessels located at the back of the eye
• iris: the analysis of the colored ring that surrounds the eye’s pupil
• signature: the analysis of the way a person signs his name.
• vein: the analysis of pattern of veins in the back if the hand and the wrist
• voice: the analysis of the tone, pitch, cadence and frequency of a person’s voice.
  

Though the field is still in its infancy, many people believe that biometrics will play a critical role in future computers, and especially in electronic commerce. Personal computers of the future might include a fingerprint scanner where you could place your index finger. The computer would analyze your fingerprint to determine who you are and, based on your identity, authorize you different levels of access. Access levels could include the ability to use credit card information to make electronic purchases.

Fingerprint Indentification Systems

Fingerprint Identification is the method of identification using the impressions made by the minute ridge formations or patterns found on the fingertips. No two persons have exactly the same arrangement of ridge patterns, and the patterns of any one individual remain unchanged throughout life. Fingerprints offer an infallible means of personal identification. Other personal characteristics may change, but fingerprints do not.

The first year for the first known systematic use of fingerprint identification began in the United States is 1902. The New York Civil Service Commission established the practice of fingerprinting applicants to pre-vent them from having better qualified persons take their tests for them. The New York state prison system began to use fingerprints for the identification of criminals in 1903. In 1904 the fingerprint system accelerated when the United States Penitentiary at Leavenworth, Kansas, and the St. Louis, Missouri, Police Department both established fingerprint bureaus. During the first quarter of the 20th century, more and more local police identification bureaus established fingerprint systems. The growing need and demand by police officials for a national repository and clearinghouse for fingerprint records led to an Act of Congress on July 1, 1921, establishing the Identification Division of the FBI.

In 1924 the Identification Division of the Federal Bureau of Investigation (FBI) was established to provide one central repository of fingerprints. When the Identification Division was established its purpose was to provide a central repository of criminal identification data for law enforcement agencies throughout the Nation. However, in 1933 the United States Civil Service Commission (now known as the Office of Personnel Management) turned the fingerprints of more that 140, 000 Government employees and applicants over to the FBI. Therefore, a Civil Identification Section was established. These innovations marked the initiation of the FBI's Civil File which was destined to dwarf the criminal files in size. In 1992 the Identification Division was re-established as the Criminal Justice Information Services Division (CJIS).

At the forefront of fingerprint biometric technology is the Integrated Automated Fingerprint Identification System (IAFIS). The Integrated Automated Fingerprint Identification System, more commonly known as IAFIS, is a national fingerprint and criminal history system maintained by the Federal Bureau of Investigation (FBI), Criminal Justice Information Services (CJIS) Division. The IAFIS provides automated fingerprint search capabilities, latent searching capability, electronic image storage, and electronic exchange of fingerprints and responses, 24 hours a day, 365 days a year. As a result of submitting fingerprints electronically, agencies receive electronic responses to criminal ten-print fingerprint submissions within two hours and within 24 hours for civil fingerprint submissions.

The IAFIS maintains the largest biometric database in the world, containing the fingerprints and corresponding criminal history information for more than 47 million subjects in the Criminal Master File. The fingerprints and corresponding criminal history information are submitted voluntarily by state, local, and federal law enforcement agencies.

Just a few years ago, substantial delays were a normal part of the fingerprint identification process, because fingerprint cards had to be physically transported and processed. A fingerprint check could often take three months to complete. The FBI formed a partnership with the law enforcement community to revitalize the fingerprint identification process, leading to the development of the IAFIS. The IAFIS became operational in July 1999.

Retina and Iris Identification

Iris recognition today combines technologies from several fields including, computer vision (CV), pattern recognition, statistical interference, and optics. The goal of the technology is near-instant, highly accurate recognition of a person's identity based on a digitally represented image of the scanned eye. The technology is based upon the fact that no two iris patterns are alike (the probability is higher than that of fingerprints). The iris is a protected organ which makes the identification possibilities life long. The iris can therefore serve as a life long password which the person must never remember. Confidence in recognition and identification facilitates exhustive searches through nation-sized databases.

Iris recognition technology looks at the unique characteristics of the iris, the colored area surrounding the pupil. While most biometrics have 13 to 60 distinct characteristics, the iris is said to have 266 unique spots. Each eye is believed to be unique and remain stable over time and across environments (e.g., weather, climate, occupational differences).

Iris recognition systems use small, high-quality cameras to capture a black and white high-resolution photograph of the iris. Once the image is captured, the iris’ elastic connective tissue—called the trabecular meshwork—is analyzed, processed into an optical “fingerprint,” and translated into a digital form. Figure 12 depicts the process of generating an iris biometric. Given the stable physical traits of the iris, this technology is considered to be one of the safest, fastest, and most accurate, noninvasive biometric technologies. This type of biometric scanning works with glasses and contact lenses in place. Therefore, iris scan biometrics may be more useful for higher risk interactions, such as building access. Improvements in ease of use and system integration are expected as new products are brought to market.

The iris is differentiated by several characteristics including ligaments, furrows, ridges, crypts, rings, corona, freckles, and a sigzag collarette.

Iris recognition technologies are now seen in a wide array of identification systems. They are used in passports, aviation security, access security (both physical and electronic), hospitals, and national watch lists. Iris recognition alogithms can be seen in more and more identification systems relating to customs and immigration. Future applications will include, e-commerce, information security (infosec), authorisation, building entry, automobile ignition, forensic applications, computer network access, PINs, and personal passwords.

Advantages of the Iris for Identification

Disadvantages of the Iris for Identification

• Small target (1 cm) to acquire from a distance (1 m)

• Moving target ...within another... on yet another
• Located behind a curved, wet, reflecting surface
• Obscured by eyelashes, lenses, reflections
• Partially occluded by eyelids, often drooping
• Deforms non-elastically as pupil changes size
• Illumination should not be visible or bright
• Some negative (Orwellian) connotations

Retina recognition technology captures and analyzes the patterns of blood vessels on the thin nerve on the back of the eyeball that processes light entering through the pupil. Retinal patterns are highly distinctive traits. Every eye has its own totally unique pattern of blood vessels; even the eyes of identical twins are distinct. Although each pattern normally remains stable over a person’s lifetime, it can be affected by disease such as glaucoma, diabetes, high blood pressure, and autoimmune deficiency syndrome.

The fact that the retina is small, internal, and difficult to measure makes capturing its image more difficult than most biometric technologies. An individual must position the eye very close to the lens of the retina-scan device, gaze directly into the lens, and remain perfectly still while focusing on a revolving light while a small camera scans the retina through the pupil. Any movement can interfere with the process and can require restarting. Enrollment can easily take more than a minute. The generated template is only 96 bytes, one of the smallest of the biometric technologies.

One of the most accurate and most reliable of the biometric technologies, it is used for access control in government and military environments that require very high security, such as nuclear weapons and research sites. However, the great degree of effort and cooperation required of users has made it one of the least deployed of all the biometric technologies. Newer, faster, better retina recognition technologies are being developed.

Face Recognition Systems

Most face recognition systems focus on specific features on the face and make a two-dimensional map of the face. Newer systems make three-dimensional maps. The systems capture facial images from video cameras and generate templates that are stored and used for comparisons. Face recognition is a fairly young technology compared with other biometrics like fingerprints.

One face recognition technology, referred to as local feature analysis, looks at specific parts of the face that do not change significantly over time, such as:

• Upper sections of eye sockets
• Area surrounding cheek bones
• Sides of mouth
• Distance between eyes.

Data such as the distance between the eyes, the length of the nose, or the angle of the chin contribute collectively to the template.

A second method of face recognition is called the eigenface method. It looks at the face as a whole. A collection of face images is used to generate a two-dimensional gray-scale image to produce the biometric template.

Facial scans are only as good as the environment in which they are collected. The so-called mug-shot environment is ideal. The best scans are produced under controlled conditions with proper lighting and proper placement of the video device. As part of a highly sensitive security environment, there may be several cameras collecting image data from different angles, producing a more exact scan sample. Certain facial scanning applications also include tests for liveness, such as blinking eyes. Testing for liveness reduces the chance that the person requesting access is using a photograph of an authorized individual.

Facial recognition, like all biometrics, produces results based on probabilities. Once the live scan is performed and compared with the template database, positive identifications are produced according to the level of accuracy set in the system. If the system is set to accept only a match that is determined to be 100 percent accurate, with no margin of error, the rejection rate increases dramatically. As accuracy variables decrease below 100 percent, rejection rates decrease likewise. Facial recognition is generally subject to larger margins of error than more established biometrics, such as fingerprint recognition. Financial institutions considering the use of face recognition for customer authentication should carefully evaluate the adverse consequences of an unacceptably high FAR or FRR.

Facial scanning is considered one of the easiest biometrics to use. A portable web cam sitting on a desktop computer will suffice. The connecting system must be able to support the web cam and must be loaded with software to create the template and communicate with the authenticating system. The technique is nonintrusive, and user acceptance is typically high.

Identification and verification of a person's identity are two generic application areas of face recognition systems. In identification applications, an algorithm identifies an unknown face in an image by searching through an electronic mugbook. In verification applications, an algorithm confirms the claimed identity of a particular face. Proposed applications have the potential to impact all aspects of everyday life by controlling access to physical and information facilities, confirming identities for legal and commercial transactions, and controlling the flow of citizens at borders. For face recognition systems to be successfully fielded, one has to be able to evaluate their performance. To evaluate an algorithm, its behavior is scored on a test set of matchable images in a mugbook known as the Gallery. One computes a similarity matrix that quantifies the proximities of images of a subset of the Gallery (called the Probe set) to each image in the Gallery.

Large collections of test images are already in existence (FERET/Army Research Lab/ George Mason Univ./93-96) or currently undergoing development (Human ID/DARPA/99-04). These databases (which include IR, still, video, and hyperspectral images of the face, gait, and iris of thousands of human subjects) provide the Human ID research community with de facto database standards for algorithm development and comparison.

A first, simple approach is to limit the comparisons to replicated same-face match scores, transform the scores from the multiple algorithm outputs to a common scale, and examine ranking's and clustering's produced by application of standard Multiple Comparisons procedures, e.g., Student-Newman-Keuls. A useful common scaling is achieved by Probability Integral Transform-ing (PIT) each algorithm's scores using knowledge of its characteristic score EDF based on larger heterogeneous (FERET) experiments, then applying the inverse Gaussian cumulative distribution. Application of this procedure to a sizable extract of the FERET database yields a credible ranking of 15 algorithms dated 1996-1997.

An extension to a mixture of same-subject and different-subject match scores can be achieved by use of ordinary 2-dimensional MultiDimensional Scaling (MDS). MDS translates similarity matrices into pictorial maps with matrix row/column headers converted into mapped locations with appropriate inter-location distances. A good algorithm should cluster same-subject images and cleanly discriminate among different-subject images. The ability to discriminate, and tightness of clusters as quantified, e.g., by circumscribed Voronoi ellipse aspect ratios, can be used to rank algorithm performance. Demonstration tests against small-scale FERET extracts show this clearly.

Voice Verification

Voice biometrics works by digitizing a profile of a person's speech to produce a stored model voice print, or template. Biometric technology reduces each spoken word to segments composed of several dominant frequencies called formants. Each segment has several tones that can be captured in a digital format. The tones collectively identify the speaker's unique voice print. Voice prints are stored in databases in a manner similar to the storing of fingerprints or other biometric data.

To ensure a good-quality voice sample, a person usually recites some sort of text or pass phrase, which can be either a verbal phrase or a series of numbers. The phrase may be repeated several times before the sample is analyzed and accepted as a template in the database. When a person speaks the assigned pass phrase, certain words are extracted and compared with the stored template for that individual. When a user attempts to gain access to the system, his or her pass phrase is compared with the previously stored voice model. Some voice recognition systems do not rely on a fixed set of enrolled pass phrases to verify a person's identity. Instead, these systems are trained to recognize similarities between the voice patterns of individuals when the persons speak unfamiliar phrases and the stored templates.

A person's speech is subject to change depending on health and emotional state. Matching a voice print requires that the person speak in the normal voice that was used when the template was created at enrollment. If the person suffers from a physical ailment, such as a cold, or is unusually excited or depressed, the voice sample submitted may be different from the template and will not match. Other factors also affect voice recognition results. Background noise and the quality of the input device (the microphone) can create additional challenges for voice recognition systems. If authentication is being attempted remotely over the telephone, the use of a cell phone instead of a landline can affect the accuracy of the results. Voice recognition systems may be vulnerable to replay attacks: if someone records the authorized user's phrase and replays it, that person may acquire the user's privileges. More sophisticated systems may use liveness testing to determine that a recording is not being used.

Consumer voice recognition systems are typically inexpensive and user-friendly. Most computer systems are equipped to support a microphone used to develop a voice template and later to collect the authentication request. Voice recognition is more often used in an environment in which voice is the only available biometric identifier, such as in telephony and call-center applications. Voice recognition systems have a high user acceptance rate because they are perceived as less intrusive and are one of the easiest biometric systems to use.

Voice verification technology uses the different characteristics of a person’s voice to discriminate between speakers. These characteristics are based on both physiological and behavioral components. The physical shape of the vocal tract is the primary physiological component. The vocal tract is made up the oral and nasal air passages that work with the movement of the mouth, jaw, tongue, pharynx and larynx to articulate and control speech production. “The physical characteristics of these airways impart measurable acoustic patters on the speech that is produced,” as one expert explained.91 The behavioral component is made up of movement, manner, and pronunciation.

The combination of the unique physiology and behavioral aspects of speaking enable verification of the identity of the person who is speaking. Voice verification technology works by converting a spoken phrase from analog to digital format and extracting the distinctive vocal characteristics, such as pitch, cadence, and tone, to establish a speaker model or voiceprint. A template is then generated and stored for future comparisons.

Voice verification systems can be text dependent, text independent, or a combination of the two. Text dependent systems require a person to speak a predetermined word or phrase. This information, known as a “pass phrase,” can be a piece of information such as a name, birth city, favorite color or a sequence of numbers. The pass phrase is then compared to a sample captured during enrollment. Text independent systems recognize a speaker without requiring a predefined pass phrase. It operates on speech inputs of longer duration so that it has a greater opportunity to identify the distinctive vocal characteristics (i.e., pitch, cadence, tone).

Voice verification systems can be used to verify a person’s claimed identity or to identify a particular person. It is often used where voice is the only available biometric identifier, such as over the telephone. Voice verification systems may require minimal hardware investment as most personal computers already contain a microphone. The downside to the technology is that, although advances have been made in recognizing the human voice, ambient temperature, stress, disease, medications, and other physical changes can negatively impact automated recognition.

Voice verification systems are different from voice recognition systems although the two are often confused. Voice recognition is used to translate the spoken word into a specific response, while voice verification verifies the vocal characteristics against those associated with the enrolled user. The goal of voice recognition systems is simply to understand the spoken word, not to establish the identity of the speaker. A familiar example of voice recognition systems is that of an automated call center asking a user to “press the number one on his phone keypad or say the word ‘one’.” In this case, the system is not verifying the identity of the person who says the word “one”; it is merely checking that the word “one” was said instead of another option.

Vein Authentication

Tokyo, Japan, Nov 2, 2006 - (JCN Newswire) - Fujitsu Limited today announced that Aderans Co., Ltd., a major Japanese hair care company, will deploy Fujitsu's PalmSecure(TM) contactless biometric palm vein authentication system for the PC log-in system for computers used by staff at Aderans branches throughout Japan. This is the first implementation of palm vein-based biometric authentication to safeguard customer data by the hair care industry, which includes wigs and hair pieces, hair-volumizing products, and services for healthy hair growth. In recent years, companies and government agencies have an increased awareness of the importance of protecting personal data. At Aderans, due to the fact that the company's internal information system handles sensitive customer data, the company sought advanced high-level security measures for system log-in, beyond merely employee IDs and passwords.

In addition, because the system would be accessed from the company's 172 branches throughout Japan by roughly 2000 employees who use various products - such as shampoos, hair regeneration formulas, and other liquid hair care products - that can affect the skin condition of their hands in their daily work with customers, the company required a biometric authentication system that would function properly well with minimal impact from temperatures or the condition of the skin of employee's hands.

Thus, Aderans chose to deploy a PC log-in system that uses Fujitsu's PalmSecure, which offers advanced biometric security, with minimal impact from various skin conditions of hands. From November of this year, Aderans will begin registering the palm vein patterns of its employees, and plans to deploy the system on approximately 1000 computers at its 172 branches nationwide.

Advantages of Fujitsu's PalmSecure Biometric Palm Vein Authentication Technology

Difficult to forge

Because palm veins are beneath the body surface, they are extremely difficult to forge. Furthermore, compared to the pattern of veins in fingers or the back of the hand, palm vein patterns are more complex - again, increasing the difficulty of forgery - and more stable, as they are less affected by temperature and other external impacts. These factors, together with the system's high verification accuracy - a false acceptance rate of less than 0.00008% and false rejection rate of 0.01% - enable PalmSecure(TM) to provide highly secure and reliable personal identity verification.

High applicability

Unlike fingerprint-based authentication methods, for which registration and verification of biometric data cannot be successfully completed if the surface of the skin is impacted by abrasion or dryness, contactless palm vein authentication has negligible susceptibility to such external factors. In developing its palm vein authentication technology, Fujitsu collected data samples of 150,000 palm vein patterns from 75,000 individuals worldwide to verify authentication accuracy and applicability rate. In this process, there were no cases in which the data sample could not be registered and verified.

High user acceptance

In addition to requiring no direct contact with the scanner surface, the non-invasive scanning process is carried out in a simple and natural manner that is not awkward to the user. This alleviates potential psychological resistance due to concerns regarding hygiene or difficulty of use.

Emerging Biometric Technologies

Newer biometric technologies using diverse physiological and behavioral characteristics are in various stages of development. Some are commercially available, some may emerge over the next 2 to 4 years, and others are many years from implementation. Each technique’s performance can vary widely, depending on how it is used and its environment in which it is used.

Vein scan biometric technology can automatically identify a person from the patterns of the blood vessels in the back of the hand. The technology uses near-infrared light to detect vein vessel patterns. Vein patterns are distinctive between twins and even between a person’s left and right hand. Developed before birth, they are highly stable and robust, changing throughout one’s life only in overall size. The technology is not intrusive, and works even if the hand is not clean. It is commercially available.

Facial thermography detects heat patterns created by the branching of blood vessels and emitted from the skin. These patterns, called thermograms, are highly distinctive. Even identical twins have different thermograms. Developed in the mid-1990s, thermography works much like facial recognition, except that an infrared camera is used to capture the images. The advantages of facial thermography over other biometric technologies are that it is not intrusive—no physical contact is required— every living person presents a usable image, and the image can be collected on the fly. Also, unlike visible light systems, infrared systems work accurately even in dim light or total darkness. Although identification systems using facial thermograms were undertaken in 1997, the effort was suspended because of the cost of manufacturing the system.

DNA matching is a type of biometric in the sense that it uses a physiological characteristic for personal identification. It is considered to be the “ultimate” biometric technology in that it can produce proofpositive identification of a person, except in the case of identical twins. However, DNA differs from standard biometrics in several ways. It compares actual samples rather than templates generated from samples. Also, because not all stages of DNA comparison are automated, the comparison cannot be made in real time. DNA’s use for identification is currently limited to forensic applications. The technology is many years away from any other kind of implementation and will be very intrusive.

Researchers are investigating a biometric technology that can distinguish and measure body odor. This technology would use an odor-sensing instrument (an electronic “nose”) to capture the volatile chemicals that skin pores all over the body emit to make up a person’s smell. Although distinguishing one person from another by odor may eventually be feasible, the fact that personal habits such as the use of deodorants and perfumes, diet, and medication influence human body odor renders the development of this technology quite complex.

Blood pulse biometrics measure the blood pulse on a finger with infrared sensors. This technology is still experimental and has a high false match rate, making it impractical for personal identification.

The exact composition of all the skin elements is distinctive to each person. For example, skin layers differ in thickness, the interfaces between the layers have different undulations, pigmentation differs, collagen fibers and other proteins differ in density, and the capillary beds have distinct densities and locations beneath the skin. Skin pattern recognition technology measures the characteristic spectrum of an individual’s skin. A light sensor illuminates a small patch of skin with a beam of visible and near-infrared light. The light is measured with a spectroscope after being scattered by the skin. The measurements are analyzed, and a distinct optical pattern can be extracted.

Nailbed identification technology is based on the distinct longitudinal, tongue-in-groove spatial arrangement of the epidermal structure directly beneath the fingernail. This structure is mimicked in the ridges on the outer surface of the nail. When an interferometer is used to detect phase changes in back-scattered light shone on the fingernail, the distinct dimensions of the nailbed can be reconstructed and a one-dimensional map can be generated.

Gait recognition, recognizing individuals by their distinctive walk, captures a sequence of images to derive and analyze motion characteristics. A person’s gait can be hard to disguise because a person’s musculature essentially limits the variation of motion, and measuring it requires no contact with the person. However, gait can be obscured or disguised if the individual, for example, is wearing loose fitting clothes. Preliminary results have confirmed its potential, but further development is necessary before its performance, limitations, and advantages can be fully assessed.

Ear shape recognition is still a research topic. It is based on the distinctive shape of each person’s ears and the structure of the largely cartilaginous, projecting portion of the outer ear. Although ear biometrics appears to be promising, no commercial systems are available.