Vous êtes sur la page 1sur 7



Biometrics technologies are used to accurately identify and verify an individual’s

identity. This involves identifying his physiological and behavioral characteristics.
Biometrics, in general, refers to the study of biological characteristics. With reference to
computer security, it refers to authentication techniques using biological characteristics that
are measurable or identifiable, and unique to an individual.
The basic idea behind biometrics is that no two people are same (excluding the fact
they are twins). The paper discusses the working of various biometrics techniques as well as
on what grounds they are judged to be effective. Also we show how some biometrics
techniques are “Hard to forge but easy to steal!” The paper shows how human being is
converted into a key, of the lock that protects his private and necessary information. Also we
stress over the fact of adopting better encryption technique for data transfer and data storage.






Bond! James Bond!! Well, there are few things common to every James bond movie,
isn’t it? To start with, we have “THE BMW”, which crosses every defined boundary that one
can even imagine. Well!! To people who are not convinced with this idea and have some
other idea rocking in there mind, I would like to tell them that “Dear, this is a technical
paper”. The next thing that you find the most is the outstanding and extensive use of the
technology called as BIOMETRICS. Biometrics, the technology that today has started to
redefine the boundary of the medical industry and the computer industry. It’s the best
combination of both these fields.
So what exactly is this thing called biometrics? What’s really the fuss about this
thing? The best way to describe it is as follows “Biometrics is the science of using digital
technology to identify an individual based on their unique physical and biological qualities.
This technique verifies a person’s identity from a physical characteristic or a behavioral trait”.
You may think the idea to be too futuristic and too obscure, but my dear smart pant the world
is now really making a move toward it!! In general, biometrics is the answer to all problems
that are created when you forget your passwords and PIN or just mingle them up with one
another. The concept utilizes you, the human being itself as key. The way you speak, the way
you look, your finger prints, your beautiful eyes, ear and other hell lot of things which are
exploited in such a positive way that provide you security.


Looking, into the history we find that biometrics, though seems to be a modern
branch, traces itself back to 1920’s when the use of finger prints as a means of identification
was used. It’s quite logical to say that some how forensic science gave birth to biometrics.
Well, afterwards the research began in the field of redefining the parameters for human
identification, but the field really stormed and revolutionized on the onset of the never ending
development that computer industry is making.


Biometrics can be separated into two classifications, physiological and behavioral.

Physical identifiers do not change over time or with mood. Behavioral identifiers are
generally considered less conclusive because they are subject to such limitations as illness,
imitation, and mood changes. It is not so much to see which one is better, but it is important
to determine which type of security works best in a given environment.

Physiological classification includes: Behavioral classification


Fingerprints Voice Authentication

Hand Geometry Signature Analysis
Eye Patterns
Facial Recognition


Everything, which is under the sun, has a unit or a parameter to describe its capability.
Similarly we have units, to be precise the parameters that measure the capability of the type
of biometric technique applied. These are FRR and FAR.

FAR: - It stands for False Acceptance Rate, which means that the rate at which an
imposter is accepted as a valid match.
FRR: - It stands for False Rejection Rate, which means that the rate at which a
legitimate match is denied to access.

For a biometric technique to be acceptable and to be publicly used it should have both
these parameters to low value. Well it’s quite logical why we don’t have high value for these


No matter which biometric method is used, the underlying process is similar. To

enroll a new user, an encrypted template file of the users’ biometric information must be
stored on a server or client PC. When a users logs on, the template is compared against the
new, “live” information. If it checks out, access is granted. It’s here during the comparison of
the old and live template, the concept of FAR and FRR comes into picture.



An individual’s finger is scanned from various angles. The reader takes a picture of
the fingerprint and the system’s software converts the fingerprint into a map of minutiae
(precise) points, not the swirled lines that we normally associate with a fingerprint, but the
tiny irregularities within the print. The print map of the fingerprint is stored for reference.
Only the minutiae are stored in the image, not the actual fingerprint. To gain access, a user
holds their finger to the reader and the print map is matched to the print map that is stored.


The user signs his/her signature on a digitized graphics tablet with a stylus. Signature
dynamics such as speed, relative speed, stroke order, stroke count and pressure are analyzed.
The system compares what the signature looks like with how it is signed.


Like other biometric techniques, recognizing a face involves taking pictures of that
face, extracting its features, creating a template from these features, and comparing this to
existing templates in a database.


Voice biometrics works by digitizing a profile of a person’s speech to produce a stored

model voiceprint or template. The position and movement of the glottal tissues, lips, jaw, and
tongue correspond with speech movements in the vocal tract. Biometric technology reduces
each spoken word into segments. Each segment has three or four dominant tones that can be
captured in digital form and plotted on a table or spectrum. This table of tones yields the
speaker’s unique voiceprint.

WHATT!!!! :>>

All these techniques mentioned above are having one or the other thing wrong with
them. So we name these methods as “weak biometrics”. So let’s what’s wrong with them. To
start with we have fingerprint scan. An individual’s fingerprint is unique and each person will
always have the same one. If your fingerprint gets into the wrong hands, another person
could pose as you. It is difficult, but not impossible, to translate a print map. Next is the
signature analysis. The only thing wrong with this thing is that this forms the behavioral view
of a person which as a matter of fact may change with time and may lead to FRR. A same
type of problem is faced by face recognition and voice recognition biometrics. The face of a
person may change with the age and the voice may also change with time.

So if these methods are weak then where are the strong methods? The answer lies in
the next section.



When a person places his or her hand on a reader, it is read three-dimensionally. The
reader checks a multitude of different measurements, including length, width, thickness, and
surface areas. The unique characteristics are stored in a template…a mathematical
representation of the hand for later retrieval and comparison. The reader updates the template
every time a person’s hand is scanned, taking into account growing children or weight
changes. While the template can be stored internally in the reader itself, they can also be
transferred to a computer. To gain access, the user places a hand on the reader and a template
is called up to verify their identity, with the entire process taking about one second.
Hand geometry is the granddaddy of biometrics. The low cost, the ease of use and the
convenience offered by the technology has made it a viable alternative for commercial access


DNA Fingerprinting uses genetic material to identify individuals. Biometrics relies on

distinctive individual physiological traits. Within such traits, DNA (Deoxyribo Nucleic Acid)-
the hereditary material that determines what genetic traits we inherit-is supposed to be the
most distinctive. Structurally, it is a long double-helical chain of a phosphate backbone, to
which are attached the nitrogenous bases.

DNA samples can be taken from the body if the subject or his personal belongings are
passed through chemical processes. This DNA fingerprint is in the form of a sequence of A’s,
T’s, G’s, U’s and C’s in random order. These alphabets refer to the nitrogenous bases. Here A
stands for “Adenine”, T stands for “Thymine”, G stands for “Guanine”, U stands for “Uracil”
and C stands for “Cytosine”. The length of this sequence is immense and beyond

DNA matching has advantages over other means of biometric verification. DNA
samples can be collected in many more forms than blood samples, retina scans or
fingerprints. Even the personal belongings of people like hairbrushes, toothbrushes or clothes
carry their DNA from phenomenon like natural skin flaking. So it becomes close to
impossible for an imposter to fake a DNA sample or avoid leaving a trace at a crime scene.
Microsoft has recently declared that they will introduce biometrics in their coming versions
of windows operating system. Well, nothing wrong with that buy hope that they don’t use
DNA fingerprinting because if that is the case then if you want to start your PC on Saturday
than you either you have to switch on your PC either on Wednesday or on Tuesday. Present
day technology still takes more than couple of days for DNA verification.



Retina scanning and iris scanning are two biometric technologies that use the characteristics
of human eyes for authentication like fingerprints, the retina and iris of the human eye exhibit
uniqueness for each human. The retina is an internal part of the eye, while the iris is the outer
colored part. The retina is located at the back of the eye, and is a set of thin nerves which
senses the light coming through the cornea, pupil, eye lens and vitreous humor, in that order.
The patterns of blood vessels which make up the retina are unique for each individual.

The unique pattern of the blood vessels can be recorded by a retina scan device. The
individual, whose retina pattern has to be scanned, must have his eye located at a distance of
not more than a half inch. Also the position of the eye must not move while it is scanned.
While scanning, the individual looks at a rotating green light. The recorded pattern is
compared against the blood vessel pattern of the individual. If they match, access is permitted
else prohibited. Since the retina is an internal portion of the eye, retina scanning is considered
intrusive. Thus the individual tend to be more hesitant to get exposed to the scanning.

The iris has colored streaks and lines that radiate out from the pupil of the eye. The iris
provides the most comprehensive biometric data after DNA. And the chance that any two
people may have the same pattern is one in 10 to-the-power-78, which is way above the
current population of the Earth. In this scanning, the characteristics of the iris are taken into
account. About 266 unique points (compared to 40 in finger prints) are recorded and
converted into a 512 byte IrisCode (somewhat similar to barcode). For recording the iris
pattern, a monochrome camera is used and the distance between the eye and the camera can
be at most 3 feet. The patterns located at the inner edge - at the pupil - of the Iris are
recorded. The IrisCode constructed contains information the characteristics and position of
the unique points. Iris scanning can be done at day or night, with glasses or contact lenses on.
As it is carried out from up to 2-feet it is not considered to be intrusive.


Everything alright with biometric, what about the phase involved in biometric when the
created template from the client is being transferred to the database at server for comparison?
Or what about the security of the database stored in the server? Well any eavesdropper can
get into the above process and get the required template, which sadly he can use against you!
Well, the answer lies in the encryption technique to be used. A separate branch dealing with
encryption and biometrics is emerging with a hope that they will find the required algorithm
for squiring the data.



Biometrics is moving into the mainstream, aligning its products to the way many
companies do business. Biometric applications will likely be used in conjunction with other
applications, which may transform them from security measures to integral parts of daily life.
Just some questions that come to mind are:
• How will such large amounts of information be stored? Will the database be
secure to intruders? Will our personal and business information be shared
without our consent or knowledge?
• Will we lose our human identity? Will turning your fingerprints over to an e-
business present a viable solution? Is e-signature in your future? Will airlines
be asking you for your fingerprint instead of a photo ID?
• Will biometrics provide the medical community access to our health history?
• What sort of encryption technique would be used for security purpose?

If the industry works together, biometrics has the potential to become everything
visionaries imagined it could be. As James Bond would say, “Never say never again”.