Skip to main content

Biometric Recognition Challenges and Opportunities (2010) / Chapter Skim
Currently Skimming:

1 Introduction and Fundamental Concepts
Pages 15-52

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.


From page 15...
... As we seek to recognize individuals as members of larger communi ties, however, or to recognize them at a scale and speed that could dull our perceptions, we need to find ways to automate such recognition. Biometrics is the automated recognition of individuals based on their behavioral and biological characteristics.1 1 "Biometrics" today carries two meanings, both in wide use.
Read the entire page →
From page 16...
... Automated human recognition began with semiautomated speaker recognition systems in the 1940s. Semiautomated and fully automated fingerprint, handwriting, and facial recognition systems emerged in the 1960s as digital computers became more widespread and capable.
Read the entire page →
From page 17...
... And while very sophisticated statistical methods are used for the signal analysis and pattern recognition aspects of biometric technology, the systems and population sampling issues that affect performance in practice may not be fully appreciated. That fields once related are now separate may reflect that biometric recognition is scientifically less basic than other areas of interest, or that funding for open research is lacking, or even that most universities have no ongoing research in biometric recognition.
Read the entire page →
From page 18...
... This report's definition of biometrics is consistent with ISO/IEC JTC 1/SC 37 Standing Document 2, "Harmonized Biometric Vocabulary, version 10," August 20, 2008. 2 Early biometric systems using analog computers and contemporary biometric systems us ing optical comparisons are examples of nondigital processing of biometric characteristics.
Read the entire page →
From page 19...
... No biometric technology, whether aimed at increasing security, improving through put, lowering cost, improving convenience, or the like, can in and of itself achieve an application goal. Even the simplest, most automated, accurate, and isolated biometric application is embedded in a larger system.
Read the entire page →
From page 20...
... MOTIVATIONS FOR USING BIOMETRIC SYSTEMS A primary motivation for using biometrics is to easily and repeat edly recognize an individual so as to enable an automated action based on that recognition.4 The reasons for wanting to automatically recognize individuals can vary a great deal; they include reducing error rates and improving accuracy, reducing fraud and opportunities for circumvention, reducing costs, improving scalability, increasing physical safety, and improving convenience. Often some combination of these will apply.
Read the entire page →
From page 21...
... Moreover, automating the recognition process based on biological and be havioral traits can make it more economical and efficient. Other motivations for automating the mechanisms for recognizing individuals using biometric systems vary depending on the application and the context in which the system is deployed; they include reducing error rates and improving accuracy; reduc ing fraud and circumvention; reducing costs; improving security and safety; improving convenience; and improving scalability and practicability.
Read the entire page →
From page 22...
... If an individual is recognized, then previously granted authorizations can once again be granted. If we consider this record of attributes to con stitute a personal "identity," as defined in the NRC report on authentication,5 then biometric characteristics can be said to point to this identity record.
Read the entire page →
From page 23...
... . The Fundamental Dogma of Biometrics The finding that an encountered biometric characteristic is similar to a stored reference does not guarantee an inference of individualiza tion -- that is, that a single individual can be unerringly selected out of a group of all known individuals (or, conversely, that no such individual is known)
Read the entire page →
From page 24...
... However, the distinctiveness of biometric characteristics used in biometric systems is not well understood at scales approaching the entire human population, which hampers predicting the behavior of very large scale biometric systems. The development of a science of human individual distinctiveness is essential to the effective and appropriate use of biometrics as a means of human recognition and encompasses a range of fields.
Read the entire page →
From page 25...
... , the reference database (where previously enrolled subjects' biometric data are held) , the matcher (which compares presented data to reference data in order to make a recognition decision)
Read the entire page →
From page 26...
... and unacceptable costs. In this report the committee usually discusses recognition error rates in terms of the false match rate (FMR; the probability that the matcher recognizes an individual as a different enrolled subject)
Read the entire page →
From page 27...
... In this case the sense of false acceptance is aligned for both the biometric matching operation and the application function. In a system designed to detect and prevent multiple enrollments of a single person, sometimes referred to as a negative recognition system, a false acceptance results when the system fails to match the submitted biometric sample to a reference already in the database.
Read the entire page →
From page 28...
... Within- and Between-Person Variability Variability in the observed values of a biometric trait can refer to variation in a given trait observed in the same person or to variation in
Read the entire page →
From page 29...
... In contrast, demographic heterogeneity among enrolled subjects in a biometric system database may contribute to large between-person variation in measurements of a particular biometric trait, although fluctuations in the sensing environment from which their presentation samples are obtained may contribute to large within-person variation as well. It is the magnitude of within-person variation relative to betweenperson variation (observed in the context of a finite range of expression of human biometric traits)
Read the entire page →
From page 30...
... may have too few variants to guarantee that different individuals are distinguishable from one another. The population statistics for most biometric traits are poorly understood.
Read the entire page →
From page 31...
... Biometric Modalities A biometric modality11 refers to a system built to recognize a particular biometric trait. Face, fingerprint, hand geometry, palm print, iris, voice, signature, gait, and keystroke dynamics are examples of biometric traits.12 In the context of a given system and application, the presentation of a user's biometric feature involves both biological and behavioral aspects.
Read the entire page →
From page 32...
... Challenges include the fact that large-scale fingerprint recognition systems are computationally intensive, particularly when trying to find a match among millions of references. Hand Geometry Hand geometry refers to the shape of the human hand, size of the palm, and the lengths and widths of the fingers.
Read the entire page →
From page 33...
... Palm prints, like fingerprints, have particular application in the forensic community, as latent palm prints can often be found at crime scenes. Iris The iris, the circular colored membrane surrounding the eye's pupil, is complex enough to be useful for recognition.
Read the entire page →
From page 34...
... Moreover, even if some of the downsides could be overcome, a modality itself might have inherent deficien cies, although very little research into this has been done. Therefore, the choice of a biometric trait for a particular application depends on issues besides the matching performance.
Read the entire page →
From page 35...
... Multibiometrics As the preceding discussions make clear, using a single biometric modality may not always provide the performance18 needed from a given system. One approach to improving performance (error rates but not speed)
Read the entire page →
From page 36...
... For example, Are the modalities of hand geometry and fingerprints completely independent -- beyond, say, the trivial corre lation between a missing hand and the failure to acquire fingerprints? As a large-scale biometric system becomes multimodal, it is that much more important to adopt approaches and architectures that support interoperability and implementation of best-of-breed matching components.
Read the entire page →
From page 37...
... The following series of examples illustrates how the percentage of "right" decisions by a biometric system depends upon the impostor base rate,23 the percentage of "impostors" actually encountered by the system, not just on the error rates of the technology. The error rates 22 I n addition, if recognition rates are tunable in a given system (that is, if it is possible to adjust certain parameters and make, say, the FMR or FNMR higher or lower)
Read the entire page →
From page 38...
... (the FMR and FNMR) are independent of the impostor base rate, but all of these pieces of information are needed to understand the frequency that a given recognition (or nonrecognition)
Read the entire page →
From page 39...
... and in cases where the impostor base rate is 50 percent (that is, half the people trying to get into the dorm are nonresident impostors)
Read the entire page →
From page 40...
... 2. A biometric technology's FMR and its FNMR are not accurate mea
Read the entire page →
From page 41...
... The bad news, therefore, is that even with a very accurate biometric system, correctly identifying rare events (an impostor's attempt to get into the dorm, in our first example) is very hard.
Read the entire page →
From page 42...
... can be very high -- far higher than 99.9 percent. In our first example, when the impostor base rate is 0.1 percent, our confidence in the correctness of a match is almost 100 percent (actually 99.9999 percent)
Read the entire page →
From page 43...
... , but a false match never results in a false acceptance, since a false match has the same system-level result -- entrance to the dorm -- as correct identification. A false match is possible only when an impostor approaches the sensor and is incorrectly matched.
Read the entire page →
From page 44...
...  BIOMETRIC RECOGNITION TABLE 1.5 Impostor Base Rate of 0.1% Biometric Decision Proffered Authentication Identity Attempts Match Nonmatch Conclusion Authentic 999 999 × 99.9% 999 × 0.1% Confidence that a matcher = 998 =1 is not an impostor = fraction of nonimpostors Impostor 1 1 × 0.1% = 0 1 × 99.9% = 1 among matches = 998/998 Total 1,000 998 2 = 100% 1,000 Candidates 50 Rows 1 Nonresident impostor 999 Residents 0.1% 99.9 % FMR TMR 998 True matches 0 False matches 998 Matches; 100 percent correct FIGURE 1.6 Authenticating residents (impostor base rate 0.1 percent; high match Figure 1.6 accuracy)
Read the entire page →
From page 45...
... People at very low risk of a disease, for example, are usually not routinely screened, because positive results are much more likely to be a false alarm than lead to an early diagnosis. Unless the effects of the base rate on system performance are anticipated in the design of a biometric system, false alarms may consume large amounts of resources in situations where very few impostors exist in the system's target population.
Read the entire page →
From page 46...
... In general, additions to a watch list offer new opportunities for an unenrolled presenter to match with the list, and for an enrolled presenter to match with the wrong enrollee. If additions to the watch list are made in such a way as to leave the presentation distribution unchanged -- for example, by enrolling persons who will not contribute to the presentation pool -- then the ratio of true to false matches will decline, necessarily reducing confidence in a match.
Read the entire page →
From page 47...
... Threat modeling can assist in developing estimates of imposter base rates and is discussed in the next section. SECURITY AND THREAT MODELING Security considerations are critical to the design of any recognition system, and biometric systems are no exception.
Read the entire page →
From page 48...
... To estimate the impostor base rate, one should develop a threat model appropriate to the setting.30 Biometric systems are often deployed in contexts meant to provide some form of security, and any system aimed at security requires a well-considered threat model.31 Before deploying any such system, especially on a large scale, it is important to have a realistic threat model that articulates expected attacks on the system along with what sorts of resources attackers are likely to be able to apply. Of course, a thorough security analysis, however, is not a guarantee that a system is safe from attack or misuse.
Read the entire page →
From page 49...
... A threat model should try to answer the following questions: • What are the various types of subversive data subjects? • Is it the system or the data subject who initiates interaction with the biometric system?
Read the entire page →
From page 50...
... . If an attacker can gain access to a large-scale biometric database, then he or she has the opportunity to search for someone who is a biometric doppelganger -- someone for whom there is a close enough match given the target false match rate for the system.34 • Exposure of biometric traits.
Read the entire page →
From page 51...
... Accordingly, the more ubiquitous biometric systems become, the more important it is that each system using biometrics perform a threat analysis that presumes public knowledge of a subject's biometric traits. Those systems should then deploy measures to verify that the presentation ceremony is commensurate with the risk of impersonation.38 Furthermore, in high-assurance and high-criticality in Adances in Biometrics, Massimo Tistarelli and Mark S
Read the entire page →
From page 52...
... Variability in biometric traits also affects the probability of correct recognition. In the end, probability theory must be well understood and properly applied in order to use biometric systems effectively and to know whether they achieve what they promise.
Read the entire page →

Key Terms

  • base rate
  • impostor base
  • biometric trait
  • biometric traits
  • error rates

  • watch list
  • biometric data
  • false match
  • false nonmatch
  • hand geometry

  • biometric technology
  • false claim
  • threat modeling
  • presentation distribution
  • biometric characteristic

  • biometric modality
  • false acceptance
  • previously enrolled
  • threat model
  • nonresident impostors

  • biometric characteristics
  • false matches
  • personal identification
  • true nonmatches
  • affect performance

  • particular biometric
  • biometric sample
  • biometric applications
  • human recognition
  • human identity


    • This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
    More information on Chapter Skim is available.