UNIT 1
INTRODUCTION TO BIOMETRICS
PART-A
Bio metrics is the measurement and statistical analysis of people’s physiological and behavioral characteristics. The technology is mainly used for identification and access control, or for identifying individuals that are under surveillance. The basic premise of bio metric authentication is that everyone is unique and an individual can be identified by his or her intrinsic physical or behavioral traits.
2)What are biometric systems?
A wide variety of systems require reliable personal recognition schemes to either confirm or determine the identity of an individual requesting their services. The purpose of such schemes is to ensure that the rendered services are accessed only by a legitimate user, and not anyone else. Biometric recognition, or simply biometrics, refers to the automatic recognition of individuals based on their physiological and/or behavioural characteristics. These systems are called as biometric systems.
3)List the types of biometric systems with example?
Bio metrics can furthermore also be defined as either
Passive Bio metrics—Passive bio metrics do not require a users active participation and can be successful without a person even knowing that they have been analyzed.
Eg., Voice recognition technologies
Active Bio metrics— Active bio metrics however, do require a person cooperation and will not work if they deny their participation in the process.
Eg., Hand geometry technologies
List the processes involved in bio metric system process.
Data collection, Transmission, Signal processing, Decision and Data storage.
4)Distinguish between positive and negative
identification.
(April/May 2014) (April/May 2017) (2013 Regulation)
Positive Identification—when a bio metric system accepts a user while identification or authentication process and that is known as positive identification.
Negative Identification—when a bio metric system rejects a user while identification or authentication process and that is known as negative identification.
5)Mention the characteristics of bio metrics?
(April/May 2014) (2013 Regulation)
Physiological characteristics: The shape or composition of the body. Physiological bio metrics use algorithms and other methods to define identity in terms of data gathered from direct measurement of the human body. Finger print and finger scan, hand geometry, Iris and retina scanning and facial geometry are all examples of physiological bio metrics.
Behavioural characteristics: The behavior of a person. Behavioural bio metrics are, however, defined by analyzing a specific action of a person. How a person talks, signs their name or types on a keyboard is a method of determining his identity when analyzed correctly.
6)Difference between identification and verification.
(Nov 2012) (2008 Regulation)
Identification (1:N system) - One to Many: Bio metrics can be used to determine a person's identity even without his knowledge or consent. For example, scanning a crowd with a camera and using face recognition technology, one can determine matches against a known database.
7)Draw the block diagram of bio metric system.
(Nov 2012) (2008 Regulation)
8)What is the physical and logical context of bio metric systems? (April/May 2017) (2013 Regulation)
Physical access control covers identity authentication processes which require users to provide physical characteristics.
It is used in high security locations such as: hospitals, police stations, and thee military.
The most common use for the physical access control application is the access devices which are applied at doors or computers.
This application is confidential and important and is entrusted with a high level of security.
The physical access control reduces the risk of human problems.
It also covers the aspect of data loss in the system.
The system helps to eliminate the process of identifying long and complex pass codes with different processes.
Physical access control is not only effective and efficient but also safe, secure and profitable in the workplace
Logical access control refers to a process of a scheme control over data files or computer programs.
These contain personal or privacy information of many different users.
Logical access control is used by militaries and governments to protect their important data with high security systems using bio metric technology.
The only difference between logical access control and physical access control is that the logical access control is used for computer networks and system access control.
It helps to reduce the burden of long and complex password requirements for users.
Moreover, it is more secure and effective in the way of protecting and maintaining privacy over data in the system. Furthermore, it also provides a great advantage by saving time and money
List few applications of biometric systems.
- Justice/law enforcement
- Time and attendance
- Security locks
- Physical access control
- Logical access control
⇾⇾⇾⇾⇾⇾⇾⇾⇾⇾⇾⇾⇾⇾⇾⇾⇾⇾⇾⇾⇾⇾⇾⇾⇾⇾⇾⇾⇾
PART-B
1)Explain ‘Verification and identification’ in bio metric system. (April/May 2017) (2013 Regulation)
Bio metrics is the measurement and statistical analysis of people’s physiological and behavioural characteristics.
The technology is mainly used for identification and access control, or for identifying individuals that are under surveillance. The basic premise of bio metric authentication is that everyone is unique and an individual can be identified by his or her intrinsic physical or behavioural traits.
Active and passive biometrics
Biometrics can furthermore also be defined as either
- Passive Biometrics, or
- Active Bio metrics.
Passive Bio metrics
Passive bio metrics do not require a users active participation and can be successful without a person even knowing that they have been analyzed.
- Voice recognition technologies
- Iris recognition technologies
- Facial recognition
Active Bio metrics:
Active bio metrics however, do require a person cooperation and will not work if they deny their participation in the process.
- All Fingerprint technologies
- Hand geometry technologies
- Retina scanning technologies
- Signature recognition technologies
Verification (1:1 system) - One to One: Bio metrics can also be used to verify a person's identity. For example, one can grant physical access to a secure area in a building by using finger scans or can grant access to a bank account at an ATM by using retinal scan.
2)With suitable diagram explain the process of matching in bio metric system. (April/May 2017) (2013 Regulation)
The comparison of bio metric templates to determine their degree of similarity or correlation is called matching. The process of matching bio metric templates results in a score, which, in most systems, is compared against a threshold. If the score exceeds the threshold, the result is a match; if the score falls below the threshold, the result is a non match.
The matching process involves the comparison of a verification template, created when the user provides bio metric data, with the enrollment template(s) stored in a bio metric system.
In verification systems, a verification template is matched against a user’s enrollment template or templates (a user may have more than one bio metric template enrolled—for example, multiple fingerprints or iris patterns).
In identification systems, the verification template can be matched against dozens, thousands, even millions of enrollment templates.
The following are steps in involved in matching.
Scoring Bio metric match/no-match decisions are based on a score—a number indicating the degree of similarity or correlation resulting from the comparison of enrollment and verification templates.
Bio metric systems utilize proprietary algorithms to process templates and generate scores.
There is no standard scale used for bio metric scoring: Some bio metric systems employ a scale of 1 to 100; others use a scale of -1 to 1.
These scores can be carried out to several decimal points and can be logarithmic or linear.
Scoring systems vary not only from technology to technology, but from vendor to vendor.
Threshold Once a score is generated, it is compared to the verification attempt’s threshold. A threshold is a predefined number, generally chosen by a system administrator, which establishes the degree of correlation necessary for a comparison to be deemed a match. If the score resulting from template comparison exceeds the threshold, the templates are a match (though the templates themselves are not identical). Thresholds can vary from user to user, from transaction to transaction, and from verification attempt to verification attempt. Systems can be either highly secure or not secure at all, depending on their threshold settings. The flexibility offered by the combination of scoring and thresholds allows bio metrics to bee deployed in ways not possible with passwords, PINs, or tokens. For example, a system can be designed that employs a high security threshold for valuable transactions and a low security threshold for low-value transactions—the underlying comparison is transparent to the user.
Decision. The result of the comparison between the score and the threshold is a decision. The decisions a bio metric system can make include match, non match, and inconclusive, although varying degrees of strong matches and non matches are possible. Depending on the type of biometric system deployed, a match might grant access to resources, a non match might limit access to resources, while inconclusive may prompt the user to provide another sample. Therefore, for most technologies, there is simply no such thing as a 100 percent match. This is not to imply that the systems are not secure—biometric systems may be able to verify identity with error rates of less than 1 in 100,000 or 1 in 1 million. However, claims of 100 percent accuracy are misleading and are not reflective of the technology’s basic operation.
3)Explain security and privacy in bio metrics.
i)Unlike more common forms of identification, bio metric measures contain no personal information and are more difficult to forge or steal.
ii)Bio metric measures can be used in place of a name or Social Security number to secure anonymous transactions.
iii)Some bio metric measures (face images, voice signals and “latent” fingerprints left on surfaces) can be taken without a person’s knowledge, but cannot be linked to an identity without a pre-existing in-vertible database.
iv)A Social Security or credit card number, and sometimes even a legal name, can identify a person in a large population. This capability has not been demonstrated using any single bio metric measure.
v)Like telephone and credit card information, bio metric databases can be searched outside of their intended purpose by court order.
vi)Unlike credit card, telephone or Social Security numbers, bio metric characteristics change from one measurement to the next.
vii)Searching for personal data based on bio metric measures is not as reliable or efficient as using better identifiers, like legal name or Social Security number.
viii)Bio metric measures are not always secret, but are sometimes publicly observable and cannot be revoked if compromised.
Whenever bio metric identification is discussed, people always want to know about the implications for personal privacy.
If a bio metric system is used, will the government, or some other group, be able to get personal information about the users?
Bio metric measures themselves contain no personal information.
Hand shape, fingerprints or eye scans do not reveal name, age, race, gender, health or immigration status. Although voice patterns can give a good estimation of gender, no other bio metric identification technology currently used reveals anything about the person being measured. More common identification methods, such as a driver’s license, reveal name, address, age, gender, vision impairment, height and even weight! Driver’s licenses, however, may be easier to steal or counterfeit than bio metric measures.
Bio metric measures can be used in place of a name, Social Security number or other form of identification to secure anonymous transactions.
Walt Disney World sells season passes to buyers anonymously, then uses finger geometry to verify that the passes are not being transferred.
Use of iris or fingerprint recognition for anonymous health care screening has also been proposed.
A patient would use an anonymous bio metric measure, not a name or Social Security number, when registering at a clinic. All records held at the clinic for that patient would be identified, linked and retrieved only by the measure.
No one at the clinic, not even the doctors, would know the patient’s “real” (publicly recognized) identity.
4)What is biometrics? Explain its different types and its characteristics.
Biometrics is the measurement and statistical analysis of people’s physiological and behavioural characteristics.
The technology is mainly used for identification and access control, or for identifying individuals that are under surveillance. The basic premise of biometric authentication is that everyone is unique and an individual can be identified by his or her intrinsic physical or behavioural traits.
There are two main types of biometric identifiers:
1. Physiological characteristics: The shape or composition of the body.
Physiological biometrics use algorithms and other methods to define identity in terms of data gathered from direct measurement of the human body. Finger print and finger scan, hand geometry, Iris and retina scanning and facial geometry are all examples of physiological biometrics.
Behavioural characteristics: The behaviour of a person.
Behavioural bio metrics are, however, defined by analyzing a specific action of a person. How a person talks, signs their name or types on a keyboard is a method of determining his identity when analyzed correctly.
The ideal bio metric characteristic has five qualities:
By “robust”, we mean unchanging on an individual over time. Robustness is measured by the “false non-match rate” (also known as “Type I error”), the probability that a submitted sample will not match the enrollment image.
By “distinctive”, we mean showing great variation over the population. Distinctiveness is measured by the “false match rate” (also known as “Type II error”) – the probability that a submitted sample will match the enrollment image of another user.
By “available”, we mean that the entire population should ideally have this measure in multiples. Availability is measured by the “failure to enroll” rate, the probability that a user will not be able to supply a readable measure to the system upon enrollment.
By “accessible”, we mean easy to image using electronic sensors. Accessibility can be quantified by the “throughput rate” of the system, the number of individuals that can be processed in a unit time, such as a minute or an hour.
By “acceptable”, we mean that people do not object to having this measurement taken from them. Acceptability is measured by polling the device users. The first four qualities are inversely related to their above measures, a higher “false non-match rate”, for instance, indicating a lower level of robustness.
System administrators might ultimately be concerned with:
The “false rejection rate”, which is the probability that a true user identity claim will be falsely rejected, thus causing inconvenience;
The “false acceptance rate”, which is the probability that a false identity claim will be accepted, thus allowing fraud;
The system throughput rate, measuring the number of users that can be processed in a time period;
The user acceptance of the system, which may be highly dependent upon the way the system is “packaged” and marketed; and
The ultimate total cost savings realized from implementing the system.
- Robustness,
- Distinctiveness,
- Availability,
- Accessibility and
- Acceptability.
By “robust”, we mean unchanging on an individual over time. Robustness is measured by the “false non-match rate” (also known as “Type I error”), the probability that a submitted sample will not match the enrollment image.
By “distinctive”, we mean showing great variation over the population. Distinctiveness is measured by the “false match rate” (also known as “Type II error”) – the probability that a submitted sample will match the enrollment image of another user.
By “available”, we mean that the entire population should ideally have this measure in multiples. Availability is measured by the “failure to enroll” rate, the probability that a user will not be able to supply a readable measure to the system upon enrollment.
By “accessible”, we mean easy to image using electronic sensors. Accessibility can be quantified by the “throughput rate” of the system, the number of individuals that can be processed in a unit time, such as a minute or an hour.
By “acceptable”, we mean that people do not object to having this measurement taken from them. Acceptability is measured by polling the device users. The first four qualities are inversely related to their above measures, a higher “false non-match rate”, for instance, indicating a lower level of robustness.
System administrators might ultimately be concerned with:
The “false rejection rate”, which is the probability that a true user identity claim will be falsely rejected, thus causing inconvenience;
The “false acceptance rate”, which is the probability that a false identity claim will be accepted, thus allowing fraud;
The system throughput rate, measuring the number of users that can be processed in a time period;
The user acceptance of the system, which may be highly dependent upon the way the system is “packaged” and marketed; and
The ultimate total cost savings realized from implementing the system.
5)Explain about data acquisition, enrollment, template creation and matching in a bio metric system.
A bio metric system is a technological system that uses information about a person (or other biological organism) to identify that person. Bio metric systems rely on specific data about unique biological traits in order to work effectively. A biometric system will involve running data through algorithms for a particular result, usually related to a positive identification of a user or other individual.
- Data collection,
- Transmission,
- Signal processing,
- Decision and
- Data storage.
A biometric system can be either an 'identification' system or a 'verification' (authentication) systemm, which are defined below.
Verification (1:1 system) - One to One: Biometrics can also be used to verify a person's identity. For example, one can grant physical access to a secure area in a building by using finger scans or can grant access to a bank account at an ATM by using retinal scan.
6)Explain any two bio metric applications with suitable diagrams.
0 Comments: