biometrics
The Vitruvian Man
The biometrics (including biometrics - from ancient Greek βίος bíos "life" and μέτρον métron " measure , benchmark") is a science that deals with measurements of living things busy and the required measurement and evaluation.
There are different definitions of details depending on the area of application. In 1841, Christoph Bernoulli was one of the first scientists to use a literal interpretation of the term biometrics for the measurement and statistical analysis of human life .
The concept of biometrics has the two facets of biometric statistics and biometric recognition processes , which are also separated in practice.
In biometric statistics it comes to the development and application of statistical methods for analysis of measurements of all kinds of living beings. It is used intensively by all life sciences . The pioneer of scientific methodology was Karl Pearson (1857–1936). In this context, biometrics is also used as a synonym for biostatistics .
As a recognition process , biometrics was used early on for personal identification. In 1879 Alphonse Bertillon developed a system for determining identity, later called Bertillonage , which was based on 11 body length measurements ( anthropometry ). In 1892, Francis Galton laid the scientific foundation for the use of fingerprints ( dactyloscopy ).
Today, biometrics in the field of person recognition is also defined as the automated recognition of individuals based on their behavioral and biological characteristics .
Other areas of application for biometrics are, for example, automated disease diagnosis methods.
Biometrics lives from the interplay of the disciplines of life sciences , statistics , mathematics and computer science . Only today's information technology makes it possible to cope with the high computing power requirements of conventional biometric processes.
Biometric statistics
Biometry as the development and application of statistical methods in the context of empirical studies on living beings serves to gain scientific knowledge, make decisions and optimize products economically. Here are some examples:
- biology
- Epidemiology : Research into the causes of disease, distribution routes and environmental influences, e.g. B. to support an effective health policy and disease prevention
- forestry
- Genetics : Examination of the genetic components of diseases for better prevention and increasing the chances of recovery
- Agriculture : feed development and optimization; Plant breeding, yield optimization depending on environmental parameters
- Medicine : Determination of risk factors for certain diseases; Clinical studies in the run-up to drug approvals to determine effects and side effects, evaluation of the risk-benefit ratio
- Actuarial mathematics : calculation and forecast of the relevant parameters for life insurers, e.g. B. the life table .
- Veterinary medicine : degradation behavior of drugs; Research into the causes of disease, ways of spreading and environmental influences
Biometric recognition process
Biometric recognition methods have experienced an enormous boom in recent years. Technological progress increasingly allows the rapid measurement of biological characteristics and their evaluation with reasonable effort and high quality. The use of biometrics is a promising approach to solving the unsolved problem of many security concepts: How do you connect identities and the corresponding rights with the physical persons who have the correct identity?
Biometric characteristics
When using biometrics for the automated recognition of people, it is important to find individual biometric behavior or body characteristics that can a. characterized by the following properties:
- Uniqueness : The measured value of the characteristic is different for as many people as possible
- Constancy : The measured value does not depend on the age of the person or the time of the measurement
- Measurability : There should be a well-defined measurand exist for which suitable sensors are
- Universality : The characteristic occurs in as many people as possible.
Biometric characteristics are often divided into active / passive, behavior / physiology-based, or dynamic / static. The long-term stable behavior-based characteristics include the voice, hand or signature, typing behavior and gait dynamics. Long-term stable physiological characteristics are for example the fingerprint, the iris or the hand geometry. This distinction is widely accepted, but there are limits. Most behavior-based biometric characteristics are influenced by physiology, for example the voice through the human speech apparatus.
As biometric characteristics u. a. be used:
- DNA (mobile DNA test, genetic fingerprint )
- Fingerprint (finger line image)
- Gait style ( automatic gait recognition )
- Face geometry
- Hand geometry
- Hand line structure
- Palm vein structure
- Iris (iris skin) / iris detection
- Body odor
- Height (anthropometry)
- Lip movement, usually in connection with voice recognition (tone color)
- Nail bed pattern
- Ear shape
- Retina (fundus)
- Voice / speaker authentication (not to be confused with speech recognition )
- Tip behavior on keyboards ( Engl. Dynamics keystroke )
- Signature (static, dynamic, also handwriting )
- Dental impression
Realization and functionality
A biometric recognition system essentially consists of the components sensor (measured value recorder), feature extraction and feature comparison . Which types of sensors are used depends heavily on the biometric characteristic. So a video camera is suitable for most characteristics; Other imaging methods can also be used for fingerprint recognition. The result of the sensor component is a biometric sample . The feature extraction uses complex algorithms to remove all information provided by the sensor that does not meet the required feature properties and delivers the biometric features as a result . The feature comparator finally calculates a comparison value (score) between the biometric template stored in the learning phase and the current data set supplied by the feature extraction. If this comparison value exceeds or falls below an (adjustable) threshold, the detection is considered successful.
In the "learning phase", the enrollment , the biometric feature data is stored in encrypted digital form as a reference pattern . At the next contact with the biometric system, a current sample is recorded and compared with the reference pattern ( template ). The system then decides whether the similarity of the two patterns is sufficiently high and thus, for example, access may or not.
The most important types of detection are verification and identification . During the verification, the person to be verified must first inform the system of their name or their user ID. The biometric system then decides whether the person belongs to the associated reference feature data record or not. During identification, the person to be recognized only reveals their biometric characteristics; the system uses this to determine the associated name or user ID by comparing them with the reference characteristic data records of all users.
Performance criteria
Since the samples delivered by the biometric sensor are subject to strong statistical fluctuations, incorrect detection can occasionally occur. The reliability of the identification or verification is mainly assessed according to two criteria: according to the admission rate of unauthorized persons and according to the rejection rate of authorized persons:
- False acceptance rate ( FAR ) = admission rate of unauthorized persons
- False rejection rate ( FRR ) = rejection rate of entitled persons
Both rates depend in opposite directions on the decision threshold value: a higher threshold selected reduces the FAR, but at the same time increases the FRR and vice versa. Therefore z. For example, simply specifying the FAR without an associated FRR makes no sense. With an FRR of 10%, the (verification) FAR can reach values of 0.1% to <0.000001% in good biometric systems, depending on the characteristic.
While the FAR is a constant in verification systems for a given decision threshold, in identification systems it grows with the number of stored reference data records. The resulting total FAR results approximately from multiplying the underlying verification FAR by the number of data records. This is the reason why only strongly distinctive characteristics such as iris and ten-fingerprint enable reliable identification over large databases with millions of entries.
Finally describes the
- Falschenrolmentrate ( FER ) = rate of unsuccessful enrollments
the fact that not every biometric characteristic is always available in sufficient quality for every person. The FER does not only depend on the respective constitution of the biometric characteristic; like the other error rates, it is also influenced by the performance of the technology and the involvement of the respondent .
As a rule, the error rates described cannot be calculated theoretically, but have to be determined in complex statistical studies. The effort increases with decreasing error rates in inverse proportion. The ISO / IEC 19795 standard describes procedures for performance testing and evaluation for biometric systems .
With biometric systems, however, the recognition time also plays a major role. In addition to the safety and reliability of user acceptance and which are usability ( usability ) in the assessment of a biometric system crucial criteria.
Applications
Biometric identification processes can be used almost everywhere where the identity of a person plays a direct or indirect role. However, not all applications are necessarily successful. It is important that the application and the possibilities of a special biometric characteristic match. The most common methods are verification with a card / ID card and pure identification, in which the user is authenticated exclusively via the biometric characteristic. The latter is very convenient, but the increasing number of users places high demands on the biometric characteristic (FAR), computing power and data protection and is usually not suitable for security-critical areas. When using an ID, the biometric reference data can be stored in a chip or printed on the card as a 2D barcode . There are also systems that use the card only as a pointer for the reference data set stored in a database.
Automated fingerprint identification systems ( AFIS ) support the dactyloscope in comparing crime scene fingerprints with the fingerprints of criminals or suspects that are stored or to be taken. While the manual evaluation of fingerprints in Germany has been one of the tried and tested investigative tools of the criminal police since 1903, the first computer-aided procedures were introduced into investigative work in the 1980s in the USA and in 1993 in Germany.
PC registration by fingerprint: With the appearance of inexpensive semiconductor fingerprint sensors from around 1998, the first products were established on the market that replaced or supplemented password registration on the PC or company network with fingerprint recognition. Although such systems have so far only been able to establish themselves in the professional sector, it is to be expected in the future that most notebooks will be equipped with even more cost-effective strip sensors as standard. (Strip sensors require the user to actively move over the sensor.) The main argument cited is the cost savings due to the elimination of forgotten passwords.
Biometric passports and identity cards: Based on the international standard 9303 of the ICAO , since November 1, 2005, only passports with an integrated chip on which a digital photo is stored as a biometric sample have been issued. Fingerprints have also been recorded since November 2007. Biometric passports are characterized by the following properties: possible personnel savings at border controls due to a higher clearance rate, support in determining the identity of the passport and holder, high costs that the passport holder has to bear, as well as unresolved data protection situation when biometric data is used by foreign countries . In Switzerland, the inclusion of electronic biometric characteristics in the passport is voluntary. From November 1, 2010, the German identity cards will also have biometric features. Temporary passports (recognizable by the green envelope), children's passports or temporary identity cards are partially excluded from this . Although these do not have an integrated chip, they still require a biometric photo. In the case of children, more deviations are permitted in the photos and fingerprints can optionally only be given from the age of 6.
Season tickets: For non-transferable season tickets, the use of biometric recognition is recommended to prevent them from being passed on to unauthorized persons. The Hanover Zoo sets for this purpose for several years successfully face recognition system. Other applications, mostly based on fingerprints, are becoming more and more popular in fitness studios, solariums and thermal baths.
Physical access: For access to particularly sensitive areas, conventional authentication methods are supplemented by biometric procedures. Examples are face recognition in security gates to chip card development areas, fingerprint recognition in nuclear power plant areas and iris recognition in the baby ward of a Berchtesgaden clinic. Palm vein recognition is very popular in Japan.
Paying by fingerprint: More and more shops are offering their registered regular customers the option of paying by fingerprint instead of a customer card, with payment being made by direct debit. Features: the customer does not need cash or a card; there are similar problems in terms of data protection law as with discount card systems .
Detection of asylum seekers: From asylum seekers are in their entry into the EU recorded the prints of all 10 fingers. The central EURODAC database can then be used to determine whether an asylum seeker has already been turned away from another EU country.
Casinos occasionally use biometrics (mostly facial recognition and fingerprinting) to prevent addicts from entering. Gamblers who know of themselves that they are temporarily addicted can voluntarily deposit their biometric data at the casino in order to protect themselves in this way from engaging in their addictive behavior.
Doubtful applications: The use of biometrics only makes sense if the biometric characteristic can meet the specific requirements of an application. For example, extremely high error rates (FRR) are to be expected when trying to identify construction workers for the purpose of presence control on site with fingerprint systems. The reason for this is the dirt and temporary wear and tear on the finger lines. A fully automated search for target persons using face recognition on conventional surveillance cameras usually fails because the recognition rate is too low, caused by an image quality that is too poor for identification and a low probability of the person being sought. Experts strongly advise against using applications that could induce attackers to cut off the fingers of authorized persons (examples: immobilizer or ATM in identification mode).
Security aspects
In applications in which incorrect verification or identification can lead to damage, not only a sufficiently low false acceptance rate (FAR) is important. Since biometric characteristics can be copied as mechanical samples or as a data record, depending on the application and characteristics, it must also be ensured that the biometric recognition system is able to distinguish facsimiles from originals and to reject the former if necessary. This is particularly important because a biometric characteristic usually cannot be exchanged like a password.
To solve this problem, there are different powerful methods for automated copy recognition. The defense against the improper use of severed body parts, on the other hand, is carried out using methods of life detection. For reasons of cost, however, copy and life recognition are usually only possible if there are high security requirements. Other methods rely on a combination of several characteristics, on the connection with conventional authentication methods or on manual monitoring for the detection of attempted attacks. Most of the simple biometric systems for a low level of protection are currently not equipped with copy or life recognition, which leads to criticism of biometrics in detail. Most documented attempts at forgery, however, assume that latency fingerprints are deliberately left in good quality. Scientific research into how high the risk is in real life does not seem to exist at the moment.
privacy
Biometric authentication systems are usually subject to statutory data protection . The following properties are important for data protection:
- Biometric characteristics can be used more or less well as unique identifiers . On this basis, abuse is also possible, as is known from e-mail addresses, US social security numbers or credit card numbers. If the biometric characteristics are used in different applications (e.g. payment systems, access control), they can also enable the allocation of persons across these applications (cross-matching) and the determination of profiles. Furthermore, the use of biometrics for monitoring (e.g. the whereabouts or behavior) is possible up to government abuse.
- Biometric characteristics cannot be changed or “recalled” like passwords or cryptographic keys .
- Biometric characteristics are usually not perfect secrets, but can be recorded from recordings or traces without the knowledge and consent of the owner.
- Biometric systems can only be partially protected against facsimile.
- Biometric characteristics can provide further information, e.g. B. about gender, ethnic origin, physical constitution or state of health.
For all these reasons, compliance with basic data protection principles is essential. In the case of biometrics, this includes:
- Avoidance of risks: Access- protected and encrypted storage of the biometric reference data, if possible under the complete control of the biometric test person. Alternatively, Biometric Template Protection can be used to prevent misuse of the stored reference data.
- Elimination of sample information that is not required for detection (diseases, etc.).
- Restriction to applications in which there is no harm to the biometric test person if the biometric data falls into the wrong hands.
- The biometric test person is free to use the application and is able to use other types of authentication without discrimination.
literature
- Astrid Albrecht: Biometric procedures in the field of tension between authenticity in electronic legal communication and protection of privacy (= Frankfurt studies on data protection. Volume 24). Nomos-Verlags-Gesellschaft, Baden-Baden 2003, ISBN 3-8329-0387-9 . (Also: Frankfurt am Main, Univ., Diss., 2003)
- Michael Behrens, Richard Roth (ed.): Biometric identification. Basics, procedures, perspectives. Vieweg, Braunschweig et al. 2001, ISBN 3-528-05786-6 .
- Anil K. Jain, Ruud M. Bolle, Sharath Pankanti (Eds.): Biometrics. Personal Identification in Networked Society. Springer, New York NY 2006, ISBN 0-387-28539-3 (English).
- Wolfgang Köhler , Gabriel Schachtel, Peter Voleske: Biostatistics. An introduction for biologists and agronomists. 3rd, updated and expanded edition. Springer, Berlin et al. 2002, ISBN 3-540-42947-6 .
- D. Rasch, ML Tiku, D. Sumpf (Eds.): Elsevier's Dictionary of Biometry. Elsevier, Amsterdam / London / New York 1994, ISBN 0-444-81495-7 .
- Hans J. Trampisch, Jürgen Windeler (Hrsg.): Medical statistics. 2nd, revised and updated edition. Springer, Berlin et al. 2000, ISBN 3-540-66824-1 .
Web links
Biometric statistics
- German Region of the International Biometric Society (IBS-DR)
- Austria-Switzerland region (ROeS) of the International Biometric Society (IBS)
Biometric recognition process
- Federal Office for Information Security, BSI, Biometrics
- Bioidentification FAQ
- Explanation of the functionality of the individual biometric identification systems. Whitepaper biometrics for download as PDF.
- Biometrics - how to use and how not? ( PDF , 1.5 MB)
Individual evidence
- ↑ Handbook of Population Studies . P. 389, 1841.
- ^ Francis Galton and Fingerprints, Finger Prints , 1892
- ↑ ISO / IEC: Harmonized Biometric Vocabulary
- ↑ Fraunhofer FOKUS Competence Center Public IT: The ÖFIT trend sonar in IT security. April 2016, accessed on 19 May 2016 .
- ^ ARD : Retail - fingerprint system outwitted. Archived from the original on February 8, 2008 ; Retrieved December 13, 2010 . ( Video )
- ↑ BBC News : Malaysia car thieves steal finger. Retrieved December 13, 2010 .



