Vous êtes sur la page 1sur 69

Public

Whitepaper
«Biometrics»

Smart Cards
Identity Cards
Security Printing
Consulting

Trüb AG
Hintere Bahnhofstrasse 12
5001 Aarau
Switzerland
Phone +41 62 832 00 00
Fax +41 62 832 01 00
www.trueb.com
5001 Aarau, January 30, 2005/Biometrics Whitepaper.doc ISO 9001 certified
White Paper - Biometrics 2/69
Public

Table of contents

1 INTRODUCTION .........................................................................................................6

1.1 Physiological or Behavioral ........................................................................................................... 6


1.2 Verification vs Identification ......................................................................................................... 6
1.2.1 Identification (1:N, one-to-many, recognition) ................................................................................... 7
1.2.2 Verification (1:1, matching, authentication) ....................................................................................... 7
1.3 Applications .................................................................................................................................... 7
1.4 Biometrics technologies ................................................................................................................. 7
1.5 How it works .................................................................................................................................. 8
1.5.1 Enrollment......................................................................................................................................... 8
1.5.2 Submission ........................................................................................................................................ 8
1.5.3 Acquisition device.............................................................................................................................. 8
1.5.4 Biometric sample ............................................................................................................................... 9
1.5.5 Feature extraction.............................................................................................................................. 9
1.5.6 Template ........................................................................................................................................... 9
1.6 Biometric decision-making........................................................................................................... 10
1.6.1 Matching......................................................................................................................................... 10
1.6.2 Score ............................................................................................................................................... 10
1.6.3 Threshold ........................................................................................................................................ 10
1.6.4 Decision........................................................................................................................................... 11
1.7 Benefits.......................................................................................................................................... 11
1.7.1 For employers.................................................................................................................................. 11
1.7.2 For employees ................................................................................................................................. 11
1.7.3 For consumers ................................................................................................................................. 11
1.7.4 For retailers (online and point-of-sale).............................................................................................. 11
1.7.5 For public sector usage .................................................................................................................... 12
1.8 Are Biometric Systems Difficult to Use? ..................................................................................... 12
1.8.1 Fingerprint....................................................................................................................................... 12
1.8.2 Facial recognition ............................................................................................................................ 12
1.8.3 Voice recognition ............................................................................................................................ 12
1.8.4 Iris-scan ........................................................................................................................................... 12
1.8.5 Retina-scan...................................................................................................................................... 12
1.8.6 Hand geometry ............................................................................................................................... 12
1.8.7 Signature-scan................................................................................................................................. 12
1.8.8 Keystroke-scan ................................................................................................................................ 13
1.9 Security of biometrics template .................................................................................................. 13
1.10 What Factors Cause Biometric Systems to Fail?......................................................................... 13
1.10.1 Fingerprint....................................................................................................................................... 13
1.10.2 Voice recognition ............................................................................................................................ 13
1.10.3 Facial recognition ............................................................................................................................ 14
1.10.4 Iris-scan ........................................................................................................................................... 14
1.10.5 Retina-scan...................................................................................................................................... 14
1.10.6 Hand geometry ............................................................................................................................... 14
1.10.7 Signature-scan................................................................................................................................. 14
1.11 Application design........................................................................................................................ 15

2 FINGERPRINT RECOGNITION.......................................................................................18

2.1 What is Fingerprint Scanning? .................................................................................................... 18

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 3/69
Public

2.2 Practical Applications for Fingerprint Scanning......................................................................... 18


2.3 Accuracy and Integrity ................................................................................................................. 18
2.3.1 Fingerprint Matching ....................................................................................................................... 19
2.3.2 Fingerprint Classification.................................................................................................................. 19
2.3.3 Fingerprint Image Enhancement ...................................................................................................... 20
2.4 Prerequisites for common usage of biometrics ......................................................................... 20
2.4.1 Convenience First ............................................................................................................................ 20
2.4.2 Simple Truths .................................................................................................................................. 21
2.4.3 Emerging Standards ........................................................................................................................ 21
2.4.4 Cost ................................................................................................................................................ 21
2.4.5 Complete Solutions ......................................................................................................................... 21
2.4.6 Measurable Usefulness .................................................................................................................... 21
2.5 Biometric vs. Non-Biometric Fingerprinting ............................................................................... 22
2.6 Fingerprint Market Size ............................................................................................................... 23
2.7 Fingerprint Growth Drivers and Enablers .................................................................................. 23
2.8 Fingerprint Growth Inhibitors ..................................................................................................... 24
2.9 Applications .................................................................................................................................. 24
2.10 Fingerprint Feature Extraction .................................................................................................... 24
2.11 Fingerprint Form Factors.............................................................................................................. 26
2.11.1 Desktop peripherals......................................................................................................................... 26
2.11.2 Embedded desktop solutions ........................................................................................................... 26
2.11.3 Embedded physical access solutions ................................................................................................ 27
2.11.4 Embedded wireless handheld solutions............................................................................................ 27
2.12 Types of scanners: Optical - Silicon - Ultrasound....................................................................... 27
2.13 Fingerprint Matching ................................................................................................................... 28
2.14 Fingerprint Classification ............................................................................................................. 30
2.15 Fingerprint Image Enhancement................................................................................................. 31

3 FACE RECOGNITION .................................................................................................32

3.1 Important questions on face recognition................................................................................... 32


3.1.1 How is facial recognition technology currently being used? ............................................................. 32
3.1.2 How well does facial recognition work? .......................................................................................... 32
3.1.3 What is the government's previous experience with facial recognition? ........................................... 33
3.1.4 Should we deploy face-recognition in airports to prevent terrorism?................................................ 33
3.1.5 Should we use the technology in other public places? ..................................................................... 33
3.1.6 How does facial recognition technology threaten privacy?............................................................... 34
3.1.7 The bottom line: how do we decide whether to install facial recognition systems? .......................... 34
3.2 Why Face Recognition? ................................................................................................................ 34
3.3 Facial Recognition: How it Works ............................................................................................... 35
3.4 Image Quality ............................................................................................................................... 35
3.5 Facial Scan Process Flow .............................................................................................................. 35
3.6 Verification vs. Identification ...................................................................................................... 36
3.7 Primary Facial Recognition Technologies ................................................................................... 36
3.8 Facial Recognition Applications .................................................................................................. 37
3.9 Facial Recognition Market ........................................................................................................... 38

4 IRIS RECOGNITION ...................................................................................................39


TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 4/69
Public

4.1 Benefits of Using Iris Technology ............................................................................................... 40


4.2 Technology Comparison .............................................................................................................. 40
4.3 Iris-Scan: How it Works ................................................................................................................ 40
4.3.1 The Iris............................................................................................................................................. 41
4.3.2 IrisCodeTM...................................................................................................................................... 41
4.3.3 Iris Acquisition ................................................................................................................................. 41
4.4 Iris-Scan Issues .............................................................................................................................. 41
4.5 Iris-Scan Applications ................................................................................................................... 42
4.6 Iris-Scan Market Size .................................................................................................................... 43

5 SIGNATURE RECOGNITION ........................................................................................44

5.1 Signature-Scan: How It Works .................................................................................................... 44


5.2 Signature-Scan: Strengths and Weaknesses .............................................................................. 45
5.3 Typical Signature-Scan Applications........................................................................................... 45
5.4 Signature-Scan Market Size......................................................................................................... 45
5.5 Difference between Biometric and digital signatures .............................................................. 46

6 VOICE RECOGNITION................................................................................................48

6.1 Voice Recognition: How it Works ............................................................................................... 48


6.2 Voice Recognition: Strengths and Weaknesses ......................................................................... 48
6.3 Voice Recognition Applications................................................................................................... 49
6.4 Voice Recognition Market Size.................................................................................................... 49
6.5 Voice Verification in Telephone Banking ................................................................................... 49
6.5.1 The Problem .................................................................................................................................... 50
6.5.2 The Solution? Voice Verification ...................................................................................................... 50
6.6 Details............................................................................................................................................ 51
6.7 Choice of features ........................................................................................................................ 53
6.8 Speaker Modeling ........................................................................................................................ 53
6.9 Pattern Matching.......................................................................................................................... 54

7 HAND GEOMETRY ..................................................................................................55

7.1 Applications for Hand Scanning.................................................................................................. 55


7.2 Combining Biometric Methods.................................................................................................... 55
7.3 How it Works ................................................................................................................................ 55
7.4 Hand Geometry Strengths and Weaknesses.............................................................................. 56
7.4.1 Strengths......................................................................................................................................... 56
7.4.2 Weaknesses..................................................................................................................................... 57
7.5 Enhanced Biometric Technology ................................................................................................. 57
7.6 Highest User Acceptance ............................................................................................................. 58
7.7 Applications .................................................................................................................................. 58
7.8 Hand Geometry Market Size ....................................................................................................... 59

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 5/69
Public

8 AFIS ....................................................................................................................60

8.1 AFIS Applications.......................................................................................................................... 60


8.2 AFIS Market Size........................................................................................................................... 60

9 MULTIMODAL BIOMETRICS .......................................................................................61

9.1 Integrating Faces and Fingerprints for Personal Identification ................................................ 61


9.2 A Multimodal Biometric System Using Fingerprint, Face, and Speech .................................... 61

10 2D BARCODE .........................................................................................................63

10.1 Datastrip Card Readers ................................................................................................................ 63


10.2 Datastrip Applications.................................................................................................................. 63

11 SMART CARD BIOMETRICS ........................................................................................65

12 ORGANIZATIONS AND RESOURCES .............................................................................68

13 DISCLAIMER ...........................................................................................................69

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 6/69
Public

1 Introduction
Biometrics are automated methods of recognizing a person based on a physiological or behavioral
characteristic. Among the features measured are; face, fingerprints, hand geometry, handwriting,
iris, retinal, vein, and voice. Biometric technologies are becoming the foundation of an extensive
array of highly secure identification and personal verification solutions. As the level of security
breaches and transaction fraud increases, the need for highly secure identification and personal
verification technologies is becoming apparent.
Biometric-based solutions are able to provide for confidential financial transactions and personal data
privacy. The need for biometrics can be found in federal, state and local governments, in the military,
and in commercial applications. Enterprise-wide network security infrastructures, government IDs,
secure electronic banking, investing and other financial transactions, retail sales, law enforcement,
and health and social services are already benefiting from these technologies.
Biometric-based authentication applications include workstation, network, and domain access, single
sign-on, application logon, data protection, remote access to resources, transaction security and Web
security. Trust in these electronic transactions is essential to the healthy growth of the global
economy. Utilized alone or integrated with other technologies such as smart cards, encryption keys
and digital signatures, biometrics are set to pervade nearly all aspects of the economy and our daily
lives. Utilizing biometrics for personal authentication is becoming convenient and considerably more
accurate than current methods (such as the utilization of passwords or PINs). This is because
biometrics links the event to a particular individual (a password or token may be used by someone
other than the authorized user), is convenient (nothing to carry or remember), accurate (it provides
for positive authentication), can provide an audit trail and is becoming socially acceptable and
inexpensive.

1.1 Physiological or Behavioral

To elaborate on this definition, physiological biometrics are based on measurements and data
derived from direct measurement of a part of the human body. Fingerprint, iris-scan, retina-scan,
hand geometry, and facial recognition are leading physiological biometrics.
Behavioral characteristics are based on an action taken by a person. Behavioral biometrics, in turn,
are based on measurements and data derived from an action, and indirectly measure characteristics
of the human body. Voice recognition, keystroke-scan, and signature-scan are leading behavioral
biometric technologies. One of the defining characteristics of a behavioral biometric is the
incorporation of time as a metric – the measured behavior has a beginning, middle and end.

1.2 Verification vs Identification

A biometric system is essentially a pattern recognition system which makes a personal identification
by determining the authenticity of a specific physiological or behavioral characteristic possessed by
the user. An important issue in designing a practical system is to determine how an individual is
identified. Depending on the context, a biometric system can be either a verification (authentication)
system or an identification system.
There are two different ways to resolve a person's identity: verification and identification. Verification
(Am I whom I claim I am?) involves confirming or denying a person's claimed identity. In
identification, one has to establish a person's identity (Who am I?). Each one of these approaches has
it's own complexities and could probably be solved best by a certain biometric system.
In day-to-day life most people with whom you do business verify your identity. You claim to be
someone (your claimed identity) and then provide proof to back up your claim. For encounters with
friends and family, there is no need to claim an identity. Instead, those familiar to you identify you,
determining your identity upon seeing your face or hearing your voice.

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 7/69
Public

These two examples illustrate the difference between the two primary uses of biometrics:
identification and verification.

1.2.1 Identification (1:N, one-to-many, recognition)


The process of determining a person’s identity by performing matches against multiple biometric
templates. Identification systems are designed to determine identity based solely on biometric
information. There are two types of identification systems: positive identification and negative
identification. Positive identification systems are designed to find a match for a user’s biometric
information in a database of biometric information.
Positive identification answers the “Who am I?,” although the response is not necessarily a name – it
could be an employee ID or another unique identifier. A typical positive identification system would
be a prison release program where users do not enter an ID number or use a card, but simply look at
a iris capture device and are identified from an inmate database. Negative identification systems
search databases in the same fashion, comparing one template against many, but are designed to
ensure that a person is not present in a database. This prevents people from enrolling twice in a
system, and is often used in large-scale public benefits programs in which users enroll multiple times
to gain benefits under different names.
Not all identification systems are based on determining a username or ID. Some systems are designed
determine if a user is a member of a particular category. For instance, an airport may have a
database of known terrorists with no knowledge of their actual identities. In this case the system
would return a match, but no knowledge of the person’s identity is involved.

1.2.2 Verification (1:1, matching, authentication)


The process of establishing the validity of a claimed identity by comparing a verification template to
an enrollment template. Verification requires that an identity be claimed, after which the individual’s
enrollment template is located and compared with the verification template. Verification answers the
question, “Am I who I claim to be?” Some verification systems perform very limited searches against
multiple enrollee records. For example, a user with three enrolled fingerprint templates may be able
to place any of the three fingers to verify, and the system performs 1:1 matches against the user’s
enrolled templates until a match is found. One-to-few. There is a middle ground between
identification and verification referred to as one-to-few (1:few). This type of application involves
identification of a user from a very small database of enrollees. While there is no exact number that
differentiates a 1:N from a 1:few system, any system involving a search of more than 500 records is
likely to be classified as 1:N. A typical use of a 1:few system would be access control to sensitive
rooms at a 50-employee company, where users place their finger on a device and are located from a
small database.

1.3 Applications

Biometrics is a rapidly evolving technology which is being widely used in forensics such as criminal
identification and prison security, and has the potential to be used in a large range of civilian
application areas. Biometrics can be used to prevent unauthorized access to ATMs, cellular phones,
smart cards, desktop PCs, workstations, and computer networks. It can be used during transactions
conducted via telephone and internet (electronic commerce and electronic banking). In automobiles,
biometrics can replace keys with key-less entry devices.

1.4 Biometrics technologies

The primary biometric disciplines include the following:


Fingerprint (optical, silicon, ultrasound, touch less)
Facial recognition (optical and thermal)
Voice recognition (not to be confused with speech recognition)

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 8/69
Public

Iris-scan
Retina-scan
Hand geometry
Signature-scan
Keystroke-scan
Palm-scan (forensic use only)
Disciplines with reduced commercial viability or in exploratory stages include:
DNA
Ear shape
Odor (human scent)
Vein-scan (in back of hand or beneath palm)
Finger geometry (shape and structure of finger or fingers)
Nailbed identification (ridges in fingernails)
Gait recognition (manner of walking)

1.5 How it works

Biometric systems convert data derived from behavioral or physiological characteristics into
templates, which are used for subsequent matching. This is a multi-stage process whose stages are
described below.

1.5.1 Enrollment
The process whereby a user’s initial biometric sample or samples are collected, assessed, processed,
and stored for ongoing use in a biometric system. Enrollment takes place in both 1:1 and 1:N
systems. If users are experiencing problems with a biometric system, they may need to re-enroll to
gather higher quality data.

1.5.2 Submission
The process whereby a user provides behavioral or physiological data in the form of biometric
samples to a biometric system. A submission may require looking in the direction of a camera or
placing a finger on a platen. Depending on the biometric system, a user may have to remove
eyeglasses, remain still for a number of seconds, or recite a pass phrase in order to provide a
biometric sample.

1.5.3 Acquisition device


The hardware used to acquire biometric samples. The following acquisition devices are associated
with each biometric technology:
Technology Acquisition Device
Fingerprint Desktop peripheral, PCMCIA card, mouse, chip or reader embedded in keyboard
Voice recognition Microphone, telephone
Facial recognition Video camera, PC camera, single-image camera
Iris-scan Infrared-enabled video camera, PC camera
Retina-scan Proprietary desktop or wall-mountable unit
Hand geometry Proprietary wall-mounted unit
Signature-scan Signature tablet, motion-sensitive stylus
Keystroke-scan Keyboard or keypad
Table 1: Acquisition Devices depending on biometrics

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 9/69
Public

1.5.4 Biometric sample


The identifiable, unprocessed image or recording of a physiological or behavioral characteristic,
acquired during submission, used to generate biometric templates. Also referred to as biometric
data. The following sample types are associated with each biometric technology:
Technology Biometric Sample
Fingerprint Fingerprint image
Voice recognition Voice recording
Facial recognition Facial Image
Iris-scan Iris Image
Retina-scan Retina Image
Hand geometry 3-D image of top and sides of hand and fingers
Signature-scan Image of signature and record of related dynamics measurements
Keystroke-scan Recording of characters typed and record of related dynamics measurements
Table 2: Biometric samples depending on technology

1.5.5 Feature extraction


The automated process of locating and encoding distinctive characteristics from a biometric sample
in order to generate a template. The feature extraction process may include various degrees of image
or sample processing in order to locate a sufficient amount of accurate data. For example, voice
recognition technologies can filter out certain frequencies and patterns, and fingerprint technologies
can thin the ridges present in a fingerprint image to the width of a single pixel. Furthermore, if the
sample provided is inadequate to perform feature extraction, the biometric system will generally
instruct the user to provide another sample, often with some type of advice or feedback.
The manner in which biometric systems extract features is a closely guarded secret, and varies from
vendor to vendor. Common physiological and behavioral characteristics used in feature extraction
include the following:
Technology Feature Extracted
Fingerprint Location and direction of ridge endings and bifurcations on fingerprint
Voice recognition Frequency, cadence and duration of vocal pattern
Facial recognition Relative position and shape of nose, position of cheekbones
Iris-scan Furrows and striations in iris
Retina-scan Blood vessel patterns on retina
Hand-scan Height and width of bones and joints in hands and fingers
Signature-scan Speed, stroke order, pressure, and appearance of signature
Keystroke-scan Keyed sequence, duration between characters
Table 3: Feature extraction depending on technology

1.5.6 Template
A comparatively small but highly distinctive file derived from the features of a user’s biometric sample
or samples, used to perform biometric matches. A template is created after a biometric algorithm
locates features in a biometric sample. The concept of the template is one of biometric technology’s
defining elements, although not all biometric systems use templates to perform biometric matching:
some voice recognition system utilize the original sample to perform a comparison.
Depending on when they are generated, templates can be referred to as enrollment templates or
verification templates. Enrollment templates are created upon the user’s initial interaction with a
biometric system, and are stored for usage in future biometric comparisons. Verification templates
are generated during subsequent verification attempts, compared to the stored template, and
generally discarded after the comparison. Multiple samples may be used to generate an enrollment
template – facial recognition, for example, will utilize several facial images to generate an enrollment
template. Verification templates are normally derived from a single sample – a template derived from
a single facial image can be compared to the enrollment template to determine the degree of
similarity.

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 10/69
Public

Just as the feature extraction process is a closely held secret, the manner in which information is
organized and stored in the template is proprietary to biometric vendors. Biometric templates are not
interoperable – a template generated in vendor A’s fingerprint system cannot be compared to a
template generated in vendor B’s fingerprint system.

1.6 Biometric decision-making

Biometric decision-making is frequently misunderstood. For the vast majority of technologies and
systems, there is no such thing as a 100% match, though systems can provide a very high degree of
certainty. The biometric decision-making process is comprised of various components, as indicated
below.

1.6.1 Matching
The comparison of biometric templates to determine their degree of similarity or correlation. A match
attempt results in a score that, in most systems, is compared against a threshold. If the score exceeds
the threshold, the result is a match; if the score falls below the threshold, the result is a non-match.
Biometric comparisons take place when proprietary algorithms process biometric templates. These
algorithms manipulate the data contained in the template in order to make valid comparisons,
accounting for variations in placement, background noise, etc. Without the vendor algorithm, there
is no way to compare biometric templates – comparing the bits which comprise the templates does
not indicate if they came from the same user. The bits must be processed by the vendor as a
precondition of comparison.
The matching process involves the comparison of the match template, created upon sample
submission, with the reference template(s) already on file. In 1:1 verification systems, there is
generally a single match template matched against a reference template. In 1:N identification
systems, the single match template can be matched against dozens, thousands, even millions of
reference templates.
In most systems, reference and match templates should never be identical. An identical match is an
indicator that some sort of fraud is taking place, such as the resubmission of an intercepted or
otherwise compromised template.

1.6.2 Score
A number indicating the degree of similarity or correlation of a biometric match. Traditional
verification methods – passwords, PINs, keys, and tokens - are binary, offering only a strict yes/no
response. This is not the case with most biometric systems. Nearly all biometric systems are based on
matching algorithms that generate a score subsequent to a match attempt. This score represents the
degree of correlation between the match template and the reference template. There is no standard
scale used for biometric scoring: for some vendors a scale of 1-100 might be used, others might use
a scale of –1 to 1; some vendors may use a logarithmic scale and others a linear scale. Regardless of
the scale employed, this verification score is compared to the system’s threshold to determine how
successful a verification attempt has been.
Incidentally, many systems return a score during enrollment, referred to as an enrollment score or
quality score. This score refers to how successful the extraction process was at finding distinctive
features in the biometric sample. If the sample was rich in information, there will likely be a high
enrollment score. This score is not used in the matching process, but might be used to determine
whether a user can enroll successfully. A low quality score may indicate that the user cannot be
reliable verified.

1.6.3 Threshold
A predefined number, often controlled by a biometric system administrator, which establishes the
degree of correlation necessary for a comparison to be deemed a match. If the score resulting from
template comparison exceeds the threshold, the templates are a “match” (though the templates
themselves are not identical).

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 11/69
Public

When a biometric system is set to low security, the threshold for a successful match is more forgiving
than when a system is set to high security.

1.6.4 Decision
The result of the comparison between the score and the threshold. The decisions a biometric system
can make include match, non-match, and inconclusive, although varying degrees of strong matches
and non-matches are possible. Depending on the type of biometric system deployed, a match might
grant access to resources, a non-match might limit access to resources, while inconclusive may
prompt the user to provide another sample.
One of the most interesting facts about most biometric technologies is that unique biometric
templates are generated every time a user interacts with a biometric system. As an example, two
immediately successive placements of a finger on a biometric device generate entirely different
templates. These templates, when processed by a vendor’s algorithm, are recognizable as being from
the same person, but are not identical. In theory, a user could place the same finger on a biometric
device for years and never generate an identical template.
Therefore, for most technologies, there is simply no such thing as a 100% match. This is not to imply
that the systems are not secure – biometric systems may be able to verify identify with error rates of
less than 1/100,000 or 1/1,000,000. However, claims of 100% accuracy are misleading and are not
reflective of the technology’s basic operation.

1.7 Benefits

1.7.1 For employers


Reduced costs – password maintenance
Reduced costs – no buddy punching
Increased security – no shared or compromised passwords
Increased security – deter and detect fraudulent account access
Increased security – no badge sharing in secure areas
Competitive advantage – familiarity with advanced technology

1.7.2 For employees


Convenience – no passwords to remember or reset
Convenience – faster login
Security – confidential files can be stored securely
Non-repudiation – biometrically transactions difficult to refute

1.7.3 For consumers


Convenience – no passwords to remember or reset
Security – personal files, including emails, can be secured
Security – online purchases safer when enabled by biometric
Privacy – ability to transact anonymously

1.7.4 For retailers (online and point-of-sale)


Reduced costs – biometric users less likely to commit fraud
Competitive advantage – first to offer secure transaction method
Security – account access much more secure than via password

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 12/69
Public

1.7.5 For public sector usage


Reduced costs – strongest way to detect and deter benefits fraud
Increased trust – reduced entitlement abuse

1.8 Are Biometric Systems Difficult to Use?

Biometrics are much easier to use than one might expect. Here is a brief technology-by-technology
summary of how one interacts with biometric systems.

1.8.1 Fingerprint
When prompted, the user gently places his or her finger on a postage-stamp sized optical or silicon
surface. This surface, known as a platen, is built into a peripheral device, mouse, keyboard, or
PCMCIA card. The user generally must hold the finger in place for 1-2 seconds, during which
automated comparison and matching takes place. After a successful match, the user has access to
programs, files, or resources. Typical verification time from “system ready” prompt: 2-3 seconds.

1.8.2 Facial recognition


User faces the camera, preferably positioned within 24 inches of the face. Generally, the system will
locate one’s face very quickly and perform matches against the claimed identity. In some situations,
the user may need to alter his facial aspect slightly to be verified. Typical verification time from
“system ready” prompt: 3-4 seconds.

1.8.3 Voice recognition


User positions him or herself near the acquisition device (microphone, telephone). At the prompt,
user either recites enrollment pass phrase or repeats pass phrase given by the system. Typical
verification time from “system ready” prompt: 4-6 seconds.

1.8.4 Iris-scan
User positions him or herself near the acquisition device (peripheral or standalone camera). User
centers eye on device so he or she can see the eye’s reflection. Depending on the device, the user is
between 2-18 inches away. Capture and verification are nearly immediate. Typical verification time
from “system ready” prompt: 3-5 seconds.

1.8.5 Retina-scan
User looks into a small opening on a desktop or wall-mounted device. User holds head very still,
looking at a small green light located within the device. Typical verification time from “system
ready” prompt: 10-12 seconds.

1.8.6 Hand geometry


User places hand, palm-down, on an 8 x 10 metal surface with five guidance pegs. Pegs ensure that
fingers are placed properly, ensure correct hand position. Typical verification time from “system
ready” prompt: 2-3 seconds.

1.8.7 Signature-scan
User positions himself to sign on tablet (if applicable). When prompted, user signs name in tablet’s
capture area. Typical verification time from “system ready” prompt: 4-6 seconds.

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 13/69
Public

1.8.8 Keystroke-scan
User types his or her password or pass phrase. Typical verification time from “system ready” prompt:
2-3 seconds.

1.9 Security of biometrics template

If my template is compromised, does that mean that I can never use the biometric again?
Not in a well-designed system. If a criminal steals or guesses your password, it is very easy to have it
changed. There is a fear, however, that if a criminal gets hold of a biometric template, the damage is
irreparable - there is no way to change that part of your body. Although templates are often
encrypted when in transit and storage in order to protect against such an occurrence, what happens
if a template is compromised?
The answer depends on how well a biometric system is designed. If a system allows a template to be
inserted into the verification process without ensuring that this template came from an actual
placement, a compromised template can pose a problem. However, a well-designed system will
ensure that the information it is analyzing is not a recording but is in fact a new sample.
One way to assure that a new template is being submitted is to seed the request for a sample. This
involves the biometric system sending an encrypted random number (known as a seed) to the
biometric sensor. This number can be encrypted such that only the sensor itself can decrypt the
message. When returning the biometric template, the sensor also sends the seed number back
(encrypted). This ensures that the template being sent was created immediately after the request for
the template (as opposed to an old template that has been recorded and played back).
The size of a template varies by technology and vendor. It varies from 9 bytes to as much a 2kb.
Fingerprint template is normally about 500Bytes in size. Templates can be stored in databases or
files.

1.10 What Factors Cause Biometric Systems to Fail?

Biometric system performance varies according to sample quality and the environment in which the
sample is being submitted. While it is not possible to definitely state if a biometric submission will be
successful, it is possible to locate factors that can reduce affect system performance.
The IBG Strike System details, technology-by-technology, aspects that work against a successful
verification. Some of these strikes are listed below.

1.10.1 Fingerprint
Cold finger
Dry/oily finger
High or low humidity
Angle of placement
Pressure of placement
Location of finger on platen (poorly placed core)
Cuts to fingerprint
Manual activity that would mar or affect fingerprints (construction, gardening)

1.10.2 Voice recognition


Cold or illness that affects voice
Different enrollment and verification capture devices
Different enrollment and verification environments (inside vs. outside)
Speaking softly

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 14/69
Public

Variation in background noise


Poor placement of microphone / capture device
Quality of capture device

1.10.3 Facial recognition


Change in facial hair
Change in hairstyle
Lighting conditions
Adding/removing hat
Adding/removing glasses
Change in weight
Change in facial aspect (angle at which facial image is captured)
Too much or too little movement
Quality of capture device
Change between enrollment and verification cameras (quality and placement)
‘Loud’ clothing that can distract face location

1.10.4 Iris-scan
Too much movement of head or eye
Glasses
Colored contacts

1.10.5 Retina-scan
Too much movement of head or eye
Glasses

1.10.6 Hand geometry


Jewelry
Change in weight
Bandages
Swelling of joints

1.10.7 Signature-scan
Signing too quickly
Different signing positions (e.g., sitting vs. standing)
In addition, for many systems, an additional strike occurs when a long period of time has elapsed
since enrollment or since one’s last verification. If significant time has elapsed since enrollment,
physiological changes can complicate verification. If time has elapsed since a user’s last verification,
the user may have “forgotten” how he or she enrolled, and may place a finger differently or recite a
pass phrase with different intonation. For the most part, a single strike will probably not materially
affect the performance of a given system. However, as you have more and more strikes for a given
submission, your chances of a successful verification diminish.
These strikes do not include inherent characteristics such as age, ethnicity, or gender, which can also
affect system accuracy. The performance of many biometric systems varies for specific populations.

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 15/69
Public

1.11 Application design

As in all good application designs, it is the business process requirements which should drive the
design - not the other way around. Similarly the specific type of biometric chosen, i.e., fingerprints,
iris codes, hand geometry etc. should reflect the application requirements - the application should
not be a slave to an individual biometric methodology.
A successful application development and deployment scenario may follow a path something like the
following;
Identify the business and operational requirements clearly, together with any current problems
and the effect they are having on the situation.
Develop and agree a suitable business process which has the potential to significantly improve
on the current situation, given the current state of technology.
Quantify the operational logistics such as (in an access control context) number of people, time
profile / distribution of transactions, type of entry point, target transaction time, environmental
considerations, availability and profile of system operators and so on.
Analyse existing situation and processes in order to identify legacy requirements and system
interaction - it may be necessary to retain or assure compatibility with certain existing processes.
Design a system architecture which accounts for all of the above whilst remaining open for
future development and enhancement.
Design an operating methodology and user interface which satisfies the above requirements in
an intuitive and attractive manner.
Choose the appropriate front end technology accordingly (i.e., biometric / biometric and chip
card etc.) ensuring that the biometric methodology is the most suitable for this application.
Interface the biometric / token technology with your system.
Thoroughly test and document the system in house before demonstrating the system to the
client and agreeing and documenting any design changes.
Develop and schedule an operator training programme together with the provision of system
manuals as necessary.
Install and commission the system having surveyed the site and noted relevant conditions and
with due consideration to existing systems.
Hand over the system after ensuring that operators have a comprehensive understanding of the
functionality and that all operating data is present and correct.
In the above example, you will notice that the final choice of a biometric came relatively far down the
list. We should only be considering this parameter once we have fully understood the business
requirement and the potential benefit that adopting a biometric system might bring.
In defining the specification required, we should concern ourselves with perceived ease of use,
acceptable transaction time, contingency measures for errors, where the biometric template should
be stored, enrolment procedures and logistics and general compatibility and connectivity issues.
We should also understand the distinction between verification and identification. In short,
verification is a straightforward one to one check whereby we are comparing a live biometric sample
with a single stored template with a simple match or no match result. Identification is a different
kettle of fish entirely as we may be seeking to compare a live biometric sample with hundreds,
thousands or conceivably even millions of stored templates. The probability of errors multiplies with
the number of templates in the database. Currently, there is really only one commercially available
product which offers the promise of practical identification from a large database of templates. For
the majority of applications we are probably going to be concerned with biometric verification..

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 16/69
Public

We must also consider where the biometric template (the individual reference derived from taking a
biometric sample or series of samples) will be stored. It may be that the template is stored on a token
such as a chip card and input into the system by the user prior to verification. This would certainly
allow for a large user base as well as a degree of portability between systems and would provide for
automatic updating of templates if appropriate. Alternatively, we may decide to keep the templates
on a central database and call them from either a card swipe or PIN input for comparison. This
decision will naturally have an impact on system hardware and configuration - if we are maintaining
a central database we had better be sure about our system host and it's communication with the
biometric readers, not to mention the usual database maintenance and backup requirements.
Whilst we are on the subject of hardware, it is worth stressing the importance of understanding the
cabling and line termination requirements of different communication protocols. Lack of attention to
detail in this area can often result in temperamental performance and perceived intermittent faults
which can be difficult to trace subsequently. Whilst this may seem like stating the obvious, it is
surprising how often otherwise well designed systems are tripped over by poor installation practice.
You will have noticed that we have got a long way into this paper without trundling out the usual
marketing promises about biometrics or contemplating the old chestnuts of false accepts / false
rejects etc. This is deliberate - one can concentrate too much on the theoretical individual device
performance issues. The performance we should concern ourselves with is that of the entire system,
not individual components. In the real world, theoretical performance may be influenced greatly by
other less quantitative parameters. For example, a badly sited reader which is difficult for individuals
to use comfortably will almost certainly result in increased false rejects, even though the system may
be functioning properly. Similarly, a lack of training or understanding among both system
administrators and regular users will play havoc with your anticipated performance. The operational
processes coupled to the perception and attitude of the user are as much of a performance criterion
as biometric hardware specifications. These elements, coupled with overall system design and
component performance combine to produce the Total System Performance (TSP). It is the TSP that
we should have uppermost in our minds throughout the development and implementation of the
entire project.
To put this into perspective, it would seem rather pointless to have lengthy discussions about the
inclined valve angle on a one litre petrol engine which we are fitting into a three ton vehicle - we
should be asking about power to weight ratios and what sort of engine we need to propel this
vehicle at the required speed. The same is true of our biometric system. We must consider the system
as a whole, together with our business related objectives for implementing such a system.
So far, we have discussed some of the issues inherent in a typical systems supplier / client situation.
In certain cases, the end user (or retained systems house) may wish to buy in the component
technology on an OEM basis and develop their own custom application according to precise
requirements. In the early days of biometrics this would have been quite difficult with many of the
proprietary products available. These days life is a lot easier for the application development team as
several of the leading device manufacturers have taken the trouble to make available a Software
Development Kit (SDK) for use with their product. This usually takes the form of a set of DLL's which
the developer may call from his application in order to access various functions of the device. This
allows the developer to concentrate on the user interface and program logic without having to get
too involved with the low level coding detail.
This is certainly a step forward and is to be welcomed. However, it is a little device specific in the
sense that if you decided later on to use a different front end biometric device, then you would need
to rewrite your application accordingly. This may be acceptable in some instances, but what if you
wish to use more than one type of biometric device on your system? This is not unreasonable. You
may wish to use a dual biometric for high security reasons, or to use different biometrics in different
areas for environmental reasons. This can complicate matters somewhat. It would be nice perhaps if
there were a universally accepted biometric Application Programming Interface (API) which
developers could use in order to mix biometric methodologies within a single system. In fact, there
has been much work undertaken in this context and by the time you read this paper at least one
such API should be freely available. The question is, will the biometric manufacturers be happy to
comply with and support such an initiative? I hope that they will, but suspect that this may take a
while to become embedded in biometric culture.

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 17/69
Public

What of the future? The is no doubt that biometric technology is mature and eminently useable
across a wide variety of advanced personal ID related applications. Both the systems integrator and
the end user have a wider choice than ever of front end biometric components and it is easier than it
has ever been to integrate these components into bespoke systems. Individual unit cost is still
relatively high for biometric products, but this too is changing and several manufacturers are
introducing lower cost OEM modules to the market place.
In short, if you have an operational problem that biometrics might solve there is no reason to sit on
the fence any longer - biometrics are alive and well and available off the shelf at a location near you!

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 18/69
Public

2 Fingerprint recognition
Among all the biometric techniques, fingerprint-based identification is the oldest method which has
been successfully used in numerous applications. Everyone is known to have unique, immutable
fingerprints. A fingerprint is made of a series of ridges and furrows on the surface of the finger. The
uniqueness of a fingerprint can be determined by the pattern of ridges and furrows as well as the
minutiae points. Minutiae points are local ridge characteristics that occur at either a ridge bifurcation
or a ridge ending.

2.1 What is Fingerprint Scanning?

Fingerprint scanning is the acquisition and recognition of a person’s fingerprint characteristics for
identification purposes. This allows the recognition of a person through quantifiable physiological
characteristics that verify the identity of an individual.
There are basically two different types of finger-scanning technology that make this possible.
One is an optical method, which starts with a visual image of a finger.
The other uses a semiconductor-generated electric field to image a finger.
There are a range of ways to identify fingerprints. They include traditional police methods of
matching minutiae, straight pattern matching, moiré fringe patterns and ultrasonics.

2.2 Practical Applications for Fingerprint Scanning

There are a greater variety of fingerprint devices available than any other biometric. Fingerprint
recognition is the front-runner for mass-market biometric-ID systems.
Fingerprint scanning has a high accuracy rate when users are sufficiently educated. Fingerprint
authentication is a good choice for in-house systems where enough training can be provided to users
and where the device is operated in a controlled environment. The small size of the fingerprint
scanner, ease of integration - can be easily adapted to keyboards, and most significantly the relatively
low costs make it an affordable, simple choice for workplace access security.
Plans to integrate fingerprint scanning technology into laptops using biometric technology include a
single chip using more than 16,000 location elements to map a fingerprint of the living cells that lay
below the top layers of dead skin. Therefore, the reading is still detectable if the finger has calluses,
is damaged, worn, soiled, moist, dry or otherwise hard-to-read finger surfaces--a common obstacle.
This subsurface capability eliminates any attainment or detection failures.

2.3 Accuracy and Integrity

With any security system, users will wonder,… can fingerprint recognition system be beaten? In most
cases, false negatives (a failure to recognize a legitimate user) are more likely than false positives.
Overcoming a fingerprint system by presenting it with a "false or fake" fingerprint is likely to be a
difficult deed. However, such scenarios will be tried, and the sensors on the market use a variety of
means to circumvent them. For instance, someone may attempt to use latent print residue on the
sensor just after a legitimate user accesses the system. At the other end of the scale, there is the
gruesome possibility of presenting a finger to the system that is no longer connected to its owner.
Therefore, sensors attempt to determine whether a finger is live, and not made of latex (or worse).
Detectors for temperature, blood-oxygen level, pulse, blood flow, humidity, or skin conductivity
would be integrated.

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 19/69
Public

Unfortunately, no technology is perfect--false positives and spoiled readings do occur from time to
time. But for those craving to break free from the albatross that the password has become as both a
security and time-management issue fingerprint scanners are worth looking into. It is estimated that
40 percent of helpdesk calls are password related. Whether incorporated into the keyboard or
mouse, or used as a standalone device, scanners are more affordable than ever, allow encryption of
files keyed to a fingerprint, and can, perhaps most importantly, help minimize stress over that stolen
laptop.

2.3.1 Fingerprint Matching


Among all the biometric techniques, fingerprint-based identification is the oldest method which has
been successfully used in numerous applications. Everyone is known to have unique, immutable
fingerprints. A fingerprint is made of a series of ridges and furrows on the surface of the finger. The
uniqueness of a fingerprint can be determined by the pattern of ridges and furrows as well as the
minutiae points. Minutiae points are local ridge characteristics that occur at either a ridge bifurcation
or a ridge ending.
Fingerprint matching techniques can be placed into two categories: minutae-based and correlation
based. Minutiae-based techniques first find minutiae points and then map their relative placement
on the finger. However, there are some difficulties when using this approach. It is difficult to extract
the minutiae points accurately when the fingerprint is of low quality. Also this method does not take
into account the global pattern of ridges and furrows. The correlation-based method is able to
overcome some of the difficulties of the minutiae-based approach. However, it has some of its own
shortcomings. Correlation-based techniques require the precise location of a registration point and
are affected by image translation and rotation.
Fingerprint matching based on minutiae has problems in matching different sized (unregistered)
minutiae patterns. Local ridge structures can not be completely characterized by minutiae. We are
trying an alternate representation of fingerprints which will capture more local information and yield
a fixed length code for the fingerprint. The matching will then hopefully become a relatively simple
task of calculating the Euclidean distance will between the two codes.
We are developing algorithms which are more robust to noise in fingerprint images and deliver
increased accuracy in real-time. A commercial fingerprint-based authentication system requires a very
low False Reject Rate (FAR) for a given False Accept Rate (FAR). This is very difficult to achieve with
any one technique. We are investigating methods to pool evidence from various matching
techniques to increase the overall accuracy of the system. In a real application, the sensor, the
acquisition system and the variation in performance of the system over time is very critical. We are
also field testing our system on a limited number of users to evaluate the system performance over a
period of time.

2.3.2 Fingerprint Classification


Large volumes of fingerprints are collected and stored everyday in a wide range of applications
including forensics, access control, and driver license registration. An automatic recognition of
people based on fingerprints requires that the input fingerprint be matched with a large number of
fingerprints in a database (FBI database contains approximately 70 million fingerprints!). To reduce
the search time and computational complexity, it is desirable to classify these fingerprints in an
accurate and consistent manner so that the input fingerprint is required to be matched only with a
subset of the fingerprints in the database.
Fingerprint classification is a technique to assign a fingerprint into one of the several pre-specified
types already established in the literature which can provide an indexing mechanism. Fingerprint
classification can be viewed as a coarse level matching of the fingerprints. An input fingerprint is first
matched at a coarse level to one of the pre-specified types and then, at a finer level, it is compared
to the subset of the database containing that type of fingerprints only.

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 20/69
Public

We have developed an algorithm to classify fingerprints into five classes, namely, whorl, right loop,
left loop, arch, and tented arch. The algorithm separates the number of ridges present in four
directions (0 degree, 45 degree, 90 degree, and 135 degree) by filtering the central part of a
fingerprint with a bank of Gabor filters. This information is quantized to generate a FingerCode
which is used for classification. Our classification is based on a two-stage classifier which uses a K-
nearest neighbor classifier in the first stage and a set of neural networks in the second stage.
The classifier is tested on 4,000 images in the NIST-4 database. For the five-class problem,
classification accuracy of 90% is achieved. For the four-class problem (arch and tented arch
combined into one class), we are able to achieve a classification accuracy of 94.8%. By incorporating
a reject option, the classification accuracy can be increased to 96% for the five-class classification
and to 97.8% for the four-class classification when 30.8% of the images are rejected.

2.3.3 Fingerprint Image Enhancement


A critical step in automatic fingerprint matching is to automatically and reliably extract minutiae from
the input fingerprint images. However, the performance of a minutiae extraction algorithm relies
heavily on the quality of the input fingerprint images. In order to ensure that the performance of an
automatic fingerprint identification/verification system will be robust with respect to the quality of
the fingerprint images, it is essential to incorporate a fingerprint enhancement algorithm in the
minutiae extraction module.
We have developed a fast fingerprint enhancement algorithm, which can adaptively improve the
clarity of ridge and furrow structures of input fingerprint images based on the estimated local ridge
orientation and frequency. We have evaluated the performance of the image enhancement
algorithm using the goodness index of the extracted minutiae and the accuracy of an online
fingerprint verification system. Experimental results show that incorporating the enhancement
algorithms improves both the goodness index and the verification accuracy.

2.4 Prerequisites for common usage of biometrics

It has been more than 15 years since the introduction of commercial fingerprint authentication
systems. Yet they are just now gaining broad acceptance. We should not be surprised. Many
technologies required several years before the right combination of factors allowed them to become
ubiquitous. If one looks back to laptop computers, cell phones, fax machines, pagers, laser printers
and countless other everyday devices, one will realize most had long gestation periods. Biometrics is
now at the acceptance crossroads. What will propel them into common usage?

2.4.1 Convenience First


There is the reason end-users should use fingerprint authentication in the IT world, i.e. security, and
there is the reason they WILL use it, convenience. The simple fact is that passwords don't work very
well. They are "nocost" to establish, but very expensive to maintain. Just ask the help desk manager
in a major corporation. More than 50 percent of all help desk calls are related to passwords
3&Mac218;4 lost, forgotten or otherwise useless. Count all the passwords you use everyday and
often have to change once a month. Password administration is a nightmare for MIS managers and
users. Fingerprint authentication eliminates the problem, and the headaches.
Other authentication mechanisms such as tokens, smart cards, etc. require you to carry something.
This is better than a password, but easier to lose. Think about losing your credit card or driver's
license. Losing your corporate network access card could be a lot worse. Information is valuable and
harder to track than money.
Fingerprints can also act as a simple, trusted and convenient user-interface to a well thought out
security architecture. The two components need each other to provide truly effective security. A user
authenticated via fingerprints can take advantage of a solid security system with minimal education.

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 21/69
Public

2.4.2 Simple Truths


Users don't trust what they don't understand. Most IT security concepts are incomprehensible to the
common user. Explaining public and private keys, key recovery systems and digital certificates is
beyond the skills of even experienced MIS professionals. Most users have no concept of encryption
algorithms and their implementations, nor do they want to understand. Users want simple, trusted
security.
Simple, as in put your finger down. It does not take a security professional to realize that 10
passwords on sticky notes attached to your monitor are poor security. Most breaches of security
require doing the obvious, and are often done by insiders.
Trusted, as in having stood the test of time. Fingerprints have been used for identification for over
100 years. They are the standard without question. In addition to signatures, fingerprints are the only
other form of identification that have a legal standing. A key issue of trust is privacy. The best way to
maintain that is to store a template of unique fingerprint characteristics instead of the entire print.
This is sufficient for one-to-one or one-to-many matching and eliminates the need for a database of
searchable fingerprints.

2.4.3 Emerging Standards


IT professionals insist upon standards, multiple sources of supply and endorsement by industry
leaders. It's beginning to happen, but to think that a small biometrics company can set an industry
standard is ludicrous. Yet many have tried.
Any CIO or MIS manager would not bet his job or company on a proprietary solution from a small
biometrics company. These people want choice and standards to provide multiple sources of supply
and fair competition among vendors. The one exception to this rule is when there has been a major
catastrophe, such as a significant loss of money. However, it is tough to build a sustainable business
chasing disasters.
Standards need to be set by the IT industry leaders such as Intel, Microsoft, Phoenix Technologies
and the top 10 computer companies. In the last year, many of these large organizations have banded
together to begin the process of standardization. This is the first sign of an industry maturing.

2.4.4 Cost
Just as in the early days of desktop computers when a system cost more than $10,000, only a few
people had systems. Now when they cost less than $1,000, everybody has one. This same "order of
magnitude" cost breakthrough has recently occurred with fingerprint technology. What cost $1,000
two years ago is now available for less than $100. Cost alone is not the answer, but it is a necessary
component of broad market acceptance of this technology.

2.4.5 Complete Solutions


Lots of companies talk about "complete solutions," but what does this mean? It does not mean a
custom, proprietary combination of fingerprint sensor, matching software and application software -
point products and closed solutions are not acceptable. It does mean an open architecture where the
sensor, matching algorithm and applications are interchangeable and leverageable. Veridicom's
OpenTouch™ architecture embraces this tenet and lets the user choose.

2.4.6 Measurable Usefulness


Being able to accurately gauge the usefulness of a fingerprint authentication solution is very
important. This technology saves money in password administration, user up-time and user support.
More importantly fingerprint authentication allows you to do more with a computer. Now, remote
secure network access is possible. Electronic commerce makes sense when the authentication is
trusted. It is a fact that 75 percent of all Internet users are uncomfortable transmitting their credit
card information over the public network. Imagine if this was never an issue. Fingerprint
authentication is an enabling technology for trusted e-commerce.

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 22/69
Public

All the signs are in the market for the acceptance of fingerprint authentication as a simple, trusted,
convenient method of personal authentication. Industry leaders are validating the technology
through standards initiatives. Cost and performance breakthroughs have transformed fingerprint
biometrics from an interesting technology to an easy to implement authentication solution. Industry
trends such as electronic commerce and remote computing exacerbate the need for better
authentication. Most importantly, users understand and accept the concept. Passwords and tokens
are universally disliked. You can't get much simpler than a fingerprint.

2.5 Biometric vs. Non-Biometric Fingerprinting

The aura of criminality that accompanies the term "fingerprint" has not significantly impeded the
acceptance of fingerprint technology, because the two authentication methods are very different.
Fingerprinting, as the name suggests, is the acquisition and storage of the image of the fingerprint.
Fingerprinting was for decades the common ink-and-roll procedure, used when booking suspects or
conducting criminal investigations. More advanced optical or non-contact fingerprinting systems
(known as live-scan), which normally utilize prints from several fingers, are currently the standard for
forensic usage. They require 250kb per finger for a high-quality image. Fingerprint technology also
acquires the fingerprint, but doesn't store the full image. It stores particular data about the
fingerprint in a much smaller template, requiring from 250-1000 bytes. After the data is extracted,
the fingerprint is not stored. Significantly, the full fingerprint cannot be reconstructed from the
fingerprint template.
Fingerprints are used in forensic applications: large-scale, one-to-many searches on databases of up
to millions of fingerprints. These searches can be done within only a few hours, a tribute to the
computational power of AFIS. AFIS (Automated Fingerprint Identification Systems) - commonly
referred to as "AFIS Systems" (a redundancy) - is a term applied to large-scale, one-to-many
searches. Although fingerprint technology can be used in AFIS on 100,000 person databases, it is
much more frequently used for one-to-one verification within 1-3 seconds.
Many people think of forensic fingerprinting as an ink and paper process. While this may still be
done in some locations, most jurisdictions utilize optical scanners known as livescan systems. There
are some fundamental differences between these forensic fingerprinting systems (used in AFIS
systems) and the biometric fingerprint systems used to logon to a PC:
When the differences between the two technologies are explained, nearly all users are comfortable
with fingerprint technology. The key is the template - what is stored is not a full fingerprint, but a
small amount of data derived from the fingerprint's unique patterns.

Response time
AFIS systems may take hours to match a candidate, while fingerprint systems respond with seconds
or fractions of seconds.

Cost
an AFIS capture device can range from several hundred to tens of thousands of dollars, depending
on whether it is designed to capture one or multiple fingerprints. A PC peripheral fingerprint device
generally costs less than $200)

Accuracy
an AFIS system might return the top 5 candidates in a biometric comparison with the intent of
locating or questioning the top suspects. Fingerprint systems are designed to return a single yes/no
answer based on a single comparison.

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 23/69
Public

Scale
AFIS systems are designed to be scalable to thousands and millions of users, conducting constant 1:N
searches. Fingerprint systems are almost invariably 1:1, and do not require significant processing
power.

Capture
AFIS systems are designed to use the entire fingerprint, rolled from nail to nail, and often capture all
ten fingerprints. Fingerprint systems use only the center of the fingerprint, capturing only a small
fraction of the overall fingerprint data.

Storage
AFIS systems generally store fingerprint images for expert comparison once a possible match has
been located. Fingerprint systems, by and large, do not store images, as they are not used for
comparison.

Infrastructure
AFIS systems normally require a backend infrastructure for storage, matching, and duplicate
resolution. These systems can cost hundreds of thousands of dollars. Fingerprint systems rely on a PC
or a peripheral device for processing and storage.

2.6 Fingerprint Market Size

Already the leading non-AFIS technology in the biometric market, fingerprint is poised to remain the
leading non-AFIS technology through 2007. Because of the range of environments in which
fingerprint can be deployed, its years of development, and the strong companies involved in the
technology’s manufacture and development, fingerprint revenues are projected to grow from
$144.2m in 2002 to $1,229.8m in 2007. Fingerprint revenues are expected to comprise
approximately 30% of the entire biometric market.

2.7 Fingerprint Growth Drivers and Enablers

A number of basic factors should combine to help drive fingerprint revenues. If and when biometrics
become a commonly used solution for e-commerce and remote transactions, segments expected to
grow rapidly through 2007, fingerprint will be a primary benefactor. fingerprint is a very strong
desktop solution, and it is anticipated that the desktop will become a driver for biometric revenue
derived from product sales and transactional authentication. Most middleware solutions leverage a
variety of fingerprint solutions for desktop authentication.
Fingerprint is a proven technology capable of high levels of accuracy. The fingerprint has long been
recognized as a highly distinctive identifier, and classification, analysis, and study of fingerprints has
existed for decades. The combination of an innately distinctive feature with a long history of use as
identification sets fingerprint apart in the biometric industry. There are physiological characteristics
more distinctive than the fingerprint (the iris and retina, for example), but technology capable of
leveraging these characteristics has only been developed over the past few years, not decades.
Strong fingerprint solutions are capable of processing thousands of users without allowing a false
match, and can verify nearly 100% of users with one or two placements of a finger. Because of this,
many fingerprint technologies can be deployed in applications where either security or convenience
is the primary driver.
Reduced size and power requirements, along with fingerprint’s resistance to environmental changes
such as background lighting and temperature, allow the technology to be deployed in a range of
logical and physical access environments. Fingerprint acquisition devices have grown quite small –
sensors slightly thicker than a coin, and smaller than 1.5cm x 1.5cm, are capable of acquiring and
processing images.

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 24/69
Public

2.8 Fingerprint Growth Inhibitors

Though radical changes in the composition of the marketplace would need to occur to undermine
fingerprint’s anticipated growth, the technology does face potential growth inhibitors.
As opposed to technologies such as facial recognition and voice recognition, which can leverage
existing acquisition devices, fingerprint’s growth is contingent on the widespread incorporation of
sensors in keyboards, peripherals, access control devices, and handheld devices. The ability to acquire
fingerprints must be present wherever and whenever users want to authenticate. Currently,
acquisition devices are present in but a tiny fraction of authentication environments.
A percentage of users, varying by the specific technology and user population, are unable to enroll in
many fingerprint systems. Furthermore, certain ethnic and demographic groups have lower quality
fingerprints and are more difficult to enroll. Testing has shown that elderly populations, manual
laborers, and some Asian populations are more likely to be unable to enroll in some fingerprint
systems. In an enterprise deployment for physical or logical security, this means that some number of
users need to be processed by another method, be it another biometric, a password, or a token. In a
customer-facing application, this may mean that a customer willing to enroll in a biometric system is
simply unable to. In a large-scale 1:N application, the result may be that a user is able to enroll
multiple times, as data from his or her fingerprints cannot be reliably acquired. If the system is
designed to be more forgiving, and to enroll marginal fingerprints, then the common result is
increased error rates.

2.9 Applications

Fingerprint technology is used by hundreds of thousands of people daily to access networks and PCs,
enter restricted areas, and to authorize transactions. The technology is used broadly in a range of
vertical markets and within a range of horizontal applications, primarily PC/Network Access, Physical
Security/Time and Attendance, and Civil ID. Most deployments are 1:1, though there are a number
of "one-to-few" deployments in which individuals are matched against modest databases, typically
of 10-100 users. Large-scale 1:N applications, in which a user is identified from a large fingerprint
database, are classified as AFIS.

2.10 Fingerprint Feature Extraction

The human fingerprint is comprised of various types of ridge patterns, traditionally classified
according to the decades-old Henry system: left loop, right loop, arch, whorl, and tented arch. Loops
make up nearly 2/3 of all fingerprints, whorls are nearly 1/3, and perhaps 5-10% are arches. These
classifications are relevant in many large-scale forensic applications, but are rarely used in biometric
authentication. This fingerprint is a right loop.

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 25/69
Public

Picture 1: Fingerprint with the various types of characteristics recognized

Minutiae (Picture 1), the discontinuities that interrupt the otherwise smooth flow of ridges, are the
basis for most fingerprint authentication. Codified in the late 1800's as Galton features, minutiae are
at their most rudimentary ridge endings, the points at which a ridge stops, and bifurcations, the
point at which one ridge divides into two. Many types of minutiae exist, including dots (very small
ridges), islands (ridges slightly longer than dots, occupying a middle space between two temporarily
divergent ridges), ponds or lakes (empty spaces between two temporarily divergent ridges), spurs (a
notch protruding from a ridge), bridges (small ridges joining two longer adjacent ridges), and
crossovers (two ridges which cross each other).
Other features are essential to fingerprint authentication. The core is the inner point, normally in the
middle of the print, around which swirls, loops, or arches center. It is frequently characterized by a
ridge ending and several acutely curved ridges. Deltas are the points, normally at the lower left and
right hand of the fingerprint, around which a triangular series of ridges center.
The ridges are also marked by pores, which appear at steady intervals. Some initial attempts have
been made to use the location and distribution of the pores as a means of authentication, but the
resolution required to capture pores consistently is very high.
Once a high-quality image is captured, there are a several steps required to convert its distinctive
features into a compact template. This process, known as feature extraction, is at the core of
fingerprint technology. Each of the 50 primary fingerprint vendors has a proprietary feature
extraction mechanism; the vendors guard these unique algorithms very closely. What follows is a
series of steps used, in some fashion, by many vendors - the basic principles apply even to those
vendors who use alternative mechanisms.
The image must then be converted to a usable format. If the image is grayscale, areas lighter than a
particular threshold are discarded, and those darker are made black. The ridges are then thinned
from 5-8 pixels in width down to one pixel, for precise location of endings and bifurcations.
Minutiae localization begins with this processed image. At this point, even a very precise image will
have distortions and false minutiae that need to be filtered out. For example, an algorithm may
search the image and eliminate one of two adjacent minutiae, as minutiae are very rarely adjacent.
Anomalies caused by scars, sweat, or dirt appear as false minutiae, and algorithms locate any points
or patterns that don't make sense, such as a spur on an island (probably false) or a ridge crossing
perpendicular to 2-3 others (probably a scar or dirt). A large percentage of would-be minutiae are
discarded in this process.

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 26/69
Public

The point at which a ridge ends, and the point where a bifurcation begins, are the most rudimentary
minutiae, and are used in most applications. There is variance in how exactly to situate a minutia
point: whether to place it directly on the end of the ridge, one pixel away from the ending, or one
pixel within the ridge ending (the same applies to bifurcation). Once the point has been situated, its
location is commonly indicated by the distance from the core, with the core serving as the 0,0 on an
X,Y-axis. Some vendors use the far left and bottom boundaries of the image as the axes, correcting
for misplacement by locating and adjusting from the core. In addition to the placement of the
minutia, the angle of the minutia is normally used. When a ridge ends, its direction at the point of
termination establishes the angle (more complicated rules can apply to curved endings). This angle is
taken from a horizontal line extending rightward from the core, and can be up to 359.
In addition to using the location and angle of minutiae, some vendors classify minutia by type and
quality. The advantage of this is that searches can be quicker, as a particularly notable minutia may
be distinctive enough to lead to a match. A vendor can also rank high versus low quality minutia and
discard the latter. Those vendors who shy away from this methodology do so because of the wide
variation from print to print, even on successive submissions. Measuring quality may only introduce
an unnecessary level of complication.
Approximately 80% of biometric vendors utilize minutiae in some fashion. Those who do not utilize
minutia use pattern matching, which extrapolates data from a particular series of ridges. This series
of ridges used in enrollment is the basis of comparison, and verification requires that a segment of
the same area be found and compared. The use of multiple ridges reduces dependence on minutiae
points, which tend to be affected by wear and tear. The templates created in pattern matching are
generally, but not always, 2-3 times larger than in minutia - usually 900-1200 bytes.

2.11 Fingerprint Form Factors

Form factor is a term used to describe the manner in which a biometric sensor is imbedded into an
acquisition device, Biometric sensor, in particular fingerprint sensors, can be imbedded on top of a
device, on its side, recessed or protruding. Some biometric devices require users to sweep their
fingers across the them while others require that users place their fingers on the sensors and hold
them still until they are authenticated.
Though the placement of the biometric sensor is important from an ergonomic standpoint, several
other considerations are equally important form factors. One of them is the type of device that the
user interacts with. Several broad categories of device types are listed below.

2.11.1 Desktop peripherals.


Desktop peripherals include biometrically-enabled mice and other handheld devices that computer
users interact with when they operate a desktop computer. Because the standard size of desktop
peripheral is typically small, the biometric sensor must also be small enough to fit on the device.
However, the sensor's ability to acquire images effectively also diminishes as it is made small enough
to fit on the peripheral devices.

2.11.2 Embedded desktop solutions


Embedded desktop solutions include biometrically-enabled keyboards and other primary components
of computers that computer users interact with when they operate a desktop computer. Because
the embedded desktop devices are larger than desktop peripherals, sensor size is not as significant a
consideration -- the sensors can be large enough to acquire images without compromising the ability
of the device to operate effectively. Since desktop devices like keyboards are typically cheap, the
addition of an embedded sensor should not significantly increase its cost.

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 27/69
Public

2.11.3 Embedded physical access solutions


Embedded physical access solutions include biometrically-enabled keypads and other devices that
users interact with to gain access to restricted areas (i.e., opening doors). Because physical access
solutions are often used to protect items of value and because making the device small typically isn't
a concern, the sensors can be large enough to meet this security requirement. Several other factors,
including the location of the device (indoors or outdoors), the type of client (military, government or
commercial) and purpose of the device (apartment access, protect nuclear materials) will also be
important in determining how the embedded physical access solution is deployed.

2.11.4 Embedded wireless handheld solutions.


Embedded wireless handheld solutions include biometrically-enabled cell phones and other mobile
personal communication devices that require owner authentication to use. Like desktop peripherals,
embedded wireless handheld solutions, wireless devices are small and, consequently, the biometric
sensor must also be small enough to fit on the device. Similarly, the sensor's ability to acquire images
effectively diminishes as it is made small enough to fit on the wireless device.
Ultimately the type of application being deployed and the environment in which it is being rolled out
will drive the form factor. In fact, these form factors will have implications on what type of sensor
technology is used in the fingerprint device. Today there are three primary sensor technologies:
optical, ultrasound and silicon. Each sensor technology has its advantages and disadvantages. For
example, optical sensors are durable and temperature-resistant, qualities that lend themselves well to
usage in embedded military equipment solutions. However, because optical sensors must be large
enough to achieve quality images, they are not well suited to embedded desktop solutions and
embedded wireless handheld solutions. On the other hand, silicon sensors are able to produce
quality images with less surface area, they are better suited to use in these compact devices.

2.12 Types of scanners: Optical - Silicon - Ultrasound

Acquiring high-quality images of distinctive fingerprint ridges and minutiae is a complicated task. The
fingerprint is a small area from which to take measurements, and the wear of daily life affects which
ridge patterns show most prominently. Increasingly sophisticated mechanisms have been developed
to capture the fingerprint image with sufficient detail and resolution. The technologies in use today
are optical, silicon, and ultrasound.
Optical technology is the oldest and most widely used. The finger is placed on a coated platen,
usually built of hard plastic but proprietary to each company. In most devices, a charged coupled
device (CCD) converts the image of the fingerprint, with dark ridges and light valleys, into a digital
signal. The brightness is either adjusted automatically (preferable) or manually (difficult), leading to a
usable image.
Optical devices have several strengths: they are the most proven over time; they can withstand, to
some degree, temperature fluctuations; they are fairly inexpensive; and they can provide resolutions
up to 500 dpi. Drawbacks to the technology include size - the platen must be of sufficient size to
achieve a quality image - and latent prints. Latent prints are leftover prints from previous users. This
can cause image degradation, as severe latent prints can cause two sets of prints to be
superimposed. Also, the coating and CCD arrays can wear with age, reducing accuracy.
Optical is the most implemented technology by a significant margin. Identicator and its parent
company Identix, two of the most prominent fingerprint companies, utilize optical technology, much
of which is developed jointly with Motorola. The majority of companies use optical technology, but
and increasing number of vendors utilize silicon technology.
Silicon technology has gained considerable acceptance since its introduction in the late 90's. Most
silicon, or chip, technology is based on DC capacitance. The silicon sensor acts as one plate of a
capacitor, and the finger is the other. The capacitance between platen and the finger is converted
into an 8-bit grayscale digital image. With the exception of AuthenTec, whose technology employs
AC capacitance and reads to the live layer of skin, all silicon fingerprint vendors use a variation of this
type of capacitance.

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 28/69
Public

Silicon generally produces better image quality, with less surface area, than optical. Since the chip is
comprised of discreet rows and columns - between 200-300 lines in each direction on a 1cmx1.5cm
wafer - it can return exceptionally detailed data. The reduced size of the chip means that costs
should drop significantly, now that much of the R&D necessary to develop the technology is bearing
fruit. Silicon chips are small enough to be integrated into many devices which cannot accommodate
optical technology.
Silicon's durability, especially in sub-optimal conditions, has yet to be proven. Although
manufacturers use coating devices to treat the silicon, and claim that the surface is 100x more
durable than optical, this has to be proven. Also, with the reduction in sensor size, it is even more
important to ensure that enrolment and verification are done carefully - a poor enrollment may not
capture the center of the fingerprint, and subsequent verifications are subject to the same type of
placement. Many major companies have recently moved into the silicon field. Infineon (the
semiconductor division of Siemens) and Sony have developed chips to compete with Veridicom (a
spin-off of Lucent), the leader in silicon technology.
Ultrasound technology, though considered perhaps the most accurate of the fingerprint
technologies, is not yet widely used. It transmits acoustic waves and measures the distance based on
the impedance of the finger, the platen, and air. Ultrasound is capable of penetrating dirt and
residue on the platen and the finger, countering a main drawback to optical technology.
Until ultrasound technology gains more widespread usage, it will be difficult to assess its long-term
performance. However, preliminary usage of products from Ultra-Scan Corporation (USC) indicates
that this is a technology with significant promise. It combines a strength of optical technology, large
platen size and ease of use, with a strength of silicon technology, the ability to overcome sub-
optimal reading conditions.

2.13 Fingerprint Matching

Among all the biometric techniques, fingerprint-based identification is the oldest method which has
been successfully used in numerous applications. Everyone is known to have unique, immutable
fingerprints. A fingerprint is made of a series of ridges and furrows on the surface of the finger. The
uniqueness of a fingerprint can be determined by the pattern of ridges and furrows as well as the
minutiae points. Minutiae points are local ridge characteristics that occur at either a ridge bifurcation
or a ridge ending.
Fingerprint matching techniques can be placed into two categories: minutae-based and correlation
based. Minutiae-based techniques first find minutiae points and then map their relative placement
on the finger. However, there are some difficulties when using this approach. It is difficult to extract
the minutiae points accurately when the fingerprint is of low quality. Also this method does not take
into account the global pattern of ridges and furrows. The correlation-based method is able to
overcome some of the difficulties of the minutiae-based approach. However, it has some of its own
shortcomings. Correlation-based techniques require the precise location of a registration point and
are affected by image translation and rotation.

Picture 2: Fingerprint with the various types of characteristics recognized

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 29/69
Public

Picture 3: Fingerprint with marked minutiae and rotation direction

Picture 4: Fingerprint comparison

Fingerprint matching based on minutiae has problems in matching different sized (unregistered)
minutiae patterns. Local ridge structures can not be completely characterized by minutiae. We are
trying an alternate representation of fingerprints which will capture more local information and yield
a fixed length code for the fingerprint. The matching will then hopefully become a relatively simple
task of calculating the Euclidean distance will between the two codes.
We are developing algorithms which are more robust to noise in fingerprint images and deliver
increased accuracy in real-time. A commercial fingerprint-based authentication system requires a very
low False Reject Rate (FAR) for a given False Accept Rate (FAR). This is very difficult to achieve with
any one technique. We are investigating methods to pool evidence from various matching
techniques to increase the overall accuracy of the system. In a real application, the sensor, the
acquisition system and the variation in performance of the system over time is very critical. We are
also field testing our system on a limited number of users to evaluate the system performance over a
period of time.

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 30/69
Public

2.14 Fingerprint Classification

Large volumes of fingerprints are collected and stored everyday in a wide range of applications
including forensics, access control, and driver license registration. An automatic recognition of
people based on fingerprints requires that the input fingerprint be matched with a large number of
fingerprints in a database (FBI database contains approximately 70 million fingerprints!). To reduce
the search time and computational complexity, it is desirable to classify these fingerprints in an
accurate and consistent manner so that the input fingerprint is required to be matched only with a
subset of the fingerprints in the database.

Picture 5: Several types of fingerprints

Fingerprint classification is a technique to assign a fingerprint into one of the several pre-specified
types already established in the literature which can provide an indexing mechanism. Fingerprint
classification can be viewed as a coarse level matching of the fingerprints. An input fingerprint is first
matched at a coarse level to one of the pre-specified types and then, at a finer level, it is compared
to the subset of the database containing that type of fingerprints only. We have developed an
algorithm to classify fingerprints into five classes, namely, whorl, right loop, left loop, arch, and
tented arch. The algorithm separates the number of ridges present in four directions (0 degree, 45
degree, 90 degree, and 135 degree) by filtering the central part of a fingerprint with a bank of
Gabor filters. This information is quantized to generate a FingerCode which is used for classification.
Our classification is based on a two-stage classifier which uses a K-nearest neighbor classifier in the
first stage and a set of neural networks in the second stage. The classifier is tested on 4,000 images
in the NIST-4 database. For the five-class problem, classification accuracy of 90% is achieved. For the
four-class problem (arch and tented arch combined into one class), we are able to achieve a
classification accuracy of 94.8%. By incorporating a reject option, the classification accuracy can be
increased to 96% for the five-class classification and to 97.8% for the four-class classification when
30.8% of the images are rejected.

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 31/69
Public

2.15 Fingerprint Image Enhancement

A critical step in automatic fingerprint matching is to automatically and reliably extract minutiae from
the input fingerprint images. However, the performance of a minutiae extraction algorithm relies
heavily on the quality of the input fingerprint images. In order to ensure that the performance of an
automatic fingerprint identification/verification system will be robust with respect to the quality of
the fingerprint images, it is essential to incorporate a fingerprint enhancement algorithm in the
minutiae extraction module. We have developed a fast fingerprint enhancement algorithm, which
can adaptively improve the clarity of ridge and furrow structures of input fingerprint images based on
the estimated local ridge orientation and frequency. We have evaluated the performance of the
image enhancement algorithm using the goodness index of the extracted minutiae and the accuracy
of an online fingerprint verification system. Experimental results show that incorporating the
enhancement algorithms improves both the goodness index and the verification accuracy.

Picture 6: Image Enhancement. Left without enhancement. Right with enhancement.

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 32/69
Public

3 Face recognition
A smart environment is one that is able to identify people, interpret their actions, and react
appropriately. Thus, one of the most important building blocks of smart environments is a person
identification system. Face recognition devices are ideal for such systems, since they have recently
become fast, cheap, unobtrusive, and, when combined with voice-recognition, are very robust
against changes in the environment. Moreover, since humans primarily recognize each other by their
faces and voices, they feel comfortable interacting with an environment that does the same.
Facial recognition systems are built on computer programs that analyze images of human faces for
the purpose of identifying them. The programs take a facial image, measure characteristics such as
the distance between the eyes, the length of the nose, and the angle of the jaw, and create a unique
file called a "template." Using templates, the software then compares that image with another
image and produces a score that measures how similar the images are to each other. Typical sources
of images for use in facial recognition include video camera signals and pre-existing photos such as
those in driver's license databases.

3.1 Important questions on face recognition

3.1.1 How is facial recognition technology currently being used?


Unlike other biometric systems, facial recognition can be used for general surveillance, usually in
combination with public video cameras. There have been three such uses of face-recognition in the
U.S. so far. The first is in airports, where they have been proposed - and in a few cases adopted - in
the wake of the terrorist attacks of September 11. Airports that have announced adoption of the
technology include Logan Airport in Boston, T.F. Green Airport in Providence, R.I., and San Francisco
International Airport and the Fresno Airport in California.
A second use of the technology was at the 2001 Super Bowl in Tampa, where pictures were taken of
every attendee as they entered the stadium through the turnstiles and compared against a database
of some undisclosed kind. The authorities would not say who was in that database, but the software
did flag 19 individuals. The police indicated that some of those were false alarms, and no one
flagged by the system was anything more than a petty criminal such as a ticket scalper. Press reports
indicate that NewOrleans authorities are considering using it again at the 2002 Super Bowl.
The technology has also been deployed by a part of Tampa, Ybor City, which has trained cameras on
busy public sidewalks in the hopes of spotting criminals. As with the Super Bowl, it is unclear what
criteria were used for including photos in the database. The operators have not yet caught any
criminals. In addition, in England, where public, police-operated video cameras are widespread, the
town of Newham has also experimented with the technology.

3.1.2 How well does facial recognition work?


Computers can do increasingly amazing things, but they are not magic. If human beings often can't
identify the subject of a photograph, why should computers be able to do it any more reliably? The
human brain is highly adapted for recognizing faces - infants, for example, remember faces better
than other patterns, and prefer to look at them over other patterns. The human brain is also far
better than computers at compensating for changes in lighting and angle. The fact is that faces are
highly complex patterns that often differ in only subtle ways, and that it can be impossible for man
or machine to match images when there are differences in lighting, camera, or camera angle, let
alone changes in the appearance of the face itself.

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 33/69
Public

Not surprisingly, government studies of face-recognition software have found high rates of both
"false positives" (wrongly matching innocent people with photos in the database) and "false
negatives" (not catching people even when their photo is in the database). One problem is that
unlike our fingerprints or irises, our faces do not stay the same over time. These systems are easily
tripped up by changes in hairstyle, facial hair, or body weight, by simple disguises, and by the effects
of aging.
A study by the government's National Institute of Standards and Technology (NIST), for example,
found false-negative rates for face-recognition verification of 43 percent using photos of subjects
taken just 18 months earlier, for example. And those photos were taken in perfect conditions,
significant because facial recognition software is terrible at handling changes in lighting or camera
angle or images with busy backgrounds. The NIST study also found that a change of 45 degrees in
the camera angle rendered the software useless. The technology works best under tightly controlled
conditions, when the subject is starting directly into the camera under bright lights - although
another study by the Department of Defense found high error rates even in those ideal conditions.
Grainy, dated video surveillance photographs of the type likely to be on file for suspected terrorists
would be of very little use.
In addition, questions have been raised about how well the software works on dark-skinned people,
whose features may not appear clearly on lenses optimized for light-skinned people.
Samir Nanavati of the International Biometric Group, a consulting firm, sums it up: "You could
expect a surveillance system using biometrics to capture a very, very small percentage of known
criminals in a given database.

3.1.3 What is the government's previous experience with facial recognition?


Several government agencies have abandoned facial-recognition systems after finding they did not
work as advertised, including the Immigration and Naturalization Service, which experimented with
using the technology to identify people in cars at the Mexico-U.S. border.
However, the government also has possession of a huge, ready-made facial image database - driver's
license photos - and is looking into how they can be used. By law, the government can't sell those
photos to private companies, but there are no prohibitions on their use for surveillance purposes by
the government itself. The Federal government has begun to fund pilot projects on expanding the
use of driver's license photos to facial recognition databases.

3.1.4 Should we deploy face-recognition in airports to prevent terrorism?


It makes no sense to use face-recognition in airports. To begin with, there is no photo database of
terrorists. Only two of the 19 hijackers on September 11 were known to the CIA and FBI - and
surviving terrorists aren't exactly lining up to have their photo taken by the U.S. government. In
addition, the technology simply isn't reliable enough for such an important security application. It
would work especially poorly in the frenetic environment of an airport, where fast-moving crowds
and busy background images would further reduce its already limited effectiveness. The evidence
suggests that these systems would miss a high proportion of suspects included in the photo
database, and flag huge numbers of innocent people - lessening vigilance, wasting precious
manpower resources, and creating a false sense of security.

3.1.5 Should we use the technology in other public places?


If facial recognition is unjustified in airports and at public events such as the Super Bowl, its use for
general surveillance is even more inappropriate. The security threat on a public street is far lower
than in airports, and sociological studies of closed-circuit television monitoring of public places in
Britain have shown that it has not reduced crime. The balance between the risks and benefits of
facial recognition is even more unfavorable in such locations than in airports.

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 34/69
Public

3.1.6 How does facial recognition technology threaten privacy?


One threat is the fact that facial recognition, in combination with wider use of video surveillance,
would be likely to grow increasingly invasive over time. Once installed, this kind of a surveillance
system rarely remains confined to its original purpose. New ways of using it suggest themselves, the
authorities or operators find them to be an irresistible expansion of their power, and citizens' privacy
suffers another blow. Ultimately, the threat is that widespread surveillance will change the character,
feel, and quality of American life.
Another problem is the threat of abuse. The use of facial recognition in public places like airports
depends on widespread video monitoring, an intrusive form of surveillance that can record in graphic
detail personal and private behavior. And experience tells us that video monitoring will be misused.
Video camera systems are operated by humans, after all, who bring to the job all their existing
prejudices and biases. In Great Britain, for example, which has experimented with the widespread
installation of closed circuit video cameras in public places, camera operators have been found to
focus disproportionately on people of color, and the mostly male operators frequently focus
voyeuristically on women.
While video surveillance by the police isn't as widespread in the U.S., an investigation by the Detroit
Free Press (and followup) shows the kind of abuses that can happen. Looking at how a database
available to Michigan law enforcement was used, the newspaper found that officers had used it to
help their friends or themselves stalk women, threaten motorists, track estranged spouses - even to
intimidate political opponents. The unavoidable truth is that the more people who have access to a
database, the more likely that there will be abuse.
Facial recognition is especially subject to abuse because it can be used in a passive way that doesn't
require the knowledge, consent, or participation of the subject. It's possible to put a camera up
anywhere and train it on people; modern cameras can easily view faces from over 100 yards away.
People act differently when they are being watched, and have the right to know if their movements
and identities are being captured.

3.1.7 The bottom line: how do we decide whether to install facial recognition systems?
Facial recognition - or any security technology - should not be deployed until two questions are
answered. First, is the technology effective? Does it significantly increase our safety and security? If
the answer is no, then further discussion is beside the point. If the answer is yes, then it must be
asked whether the technology violates the appropriate balance between security and liberty. In fact,
facial recognition fails on both counts: because it doesn't work reliably, it won't significantly protect
our security - but it would pose a significant threat to our privacy.

3.2 Why Face Recognition?

Given the requirement for determining people's identity, the obvious question is what technology is
best suited to supply this information? There are many different identification technologies available,
many of which have been in wide-spread commercial use for years. The most common person
verification and identification methods today are Password/PIN (Personal Identification Number)
systems, and Token systems (such as your driver's license). Because such systems have trouble with
forgery, theft, and lapses in users' memory, there has developed considerable interest in biometric
identification systems, which use pattern recognition techniques to identify people using their
physiological characteristics. Fingerprints are a classic example of a biometric; newer technologies
include retina and iris recognition.
While appropriate for bank transactions and entry into secure areas, such technologies have the
disadvantage that they are intrusive both physically and socially. They require the user to position
their body relative to the sensor, and then pause for a second to `declare' themselves. This `pause
and declare' interaction is unlikely to change because of the fine-grain spatial sensing required.
Moreover, there is a `oracle-like' aspect to the interaction: since people can't recognize other people
using this sort of data, these types of identification do not have a place in normal human interactions
and social structures.

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 35/69
Public

While the `pause and present' interaction and the oracle-like perception are useful in high-security
applications (they make the systems look more accurate), they are exactly the opposite of what is
required when building a store that recognizes its best customers, or an information kiosk that
remembers you, or a house that knows the people who live there.
Face recognition from video and voice recognition have a natural place in these next-generation
smart environments -- they are unobtrusive (able to recognize at a distance without requiring a
`pause and present' interaction), are usually passive (do not require generating special electro-
magnetic illumination), do not restrict user movement, and are now both low-power and
inexpensive. Perhaps most important, however, is that humans identify other people by their face
and voice, therefore are likely to be comfortable with systems that use face and voice recognition

3.3 Facial Recognition: How it Works

Facial recognition utilizes distinctive features of the face - including the upper outlines of the eye
sockets, the areas surrounding the cheekbones, the sides of the mouth, and the location of the nose
and eyes - to perform verification and identification. Most technologies are somewhat resistant to
moderate changes in hairstyle, as they do not utilize areas of the face located near the hairline.
When used in identification mode, facial recognition technology generally returns candidate lists of
close matches as opposed to returning a single definitive match (as do fingerprint and iris-scan
technologies).

3.4 Image Quality

The performance of facial recognition technology is very closely tied to the quality of the facial
image. Low-quality images are much more likely to result in enrollment and matching errors than
high-quality images. For example, many photograph databases associated with drivers' licenses or
passports contain photographs of marginal quality, such that importing these files and executing
matches may lead to reduced accuracy. Similarly well-known problems exist with surveillance
deployments. If facial images for enrollment and matching can be acquired from live subjects with
high-quality equipment, system performance increases substantially. For facial recognition at slightly
greater-than-normal distances, there is a strong correlation between camera quality and system
capabilities.

3.5 Facial Scan Process Flow

As with all biometrics, 4 steps - sample capture, feature extraction, template comparison, and
matching - define the process flow of facial scan technology. Enrollment generally consists of a 20-
30 second enrollment process whereby several pictures are taken of one's face. Ideally, the series of
pictures will incorporate slightly different angles and facial expressions, to allow for more accurate
matching. After enrollment, distinctive features are extracted (or global reference images are
generated), resulting in the creation of a template. The template is much smaller than the image
from which it is derived: facial images can require 15-30kb, templates range from 84 bytes to 3000
bytes. The smaller templates are normally used for 1:N matching.
Verification and identification follow the same steps. Assuming your audience is a cooperative
audience (as opposed to uncooperative or non-cooperative), the user 'claims' an identity through a
login name or a token, stands or sits in front of the camera for a few seconds, and is either matched
or not matched. This comparison is based on the similarity of the newly created match template
against the reference template or templates on file. The point at which two templates are similar
enough to match, known as the threshold, can be adjusted for different personnel, PC's, time of
day, and other factors.

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 36/69
Public

3.6 Verification vs. Identification

System design for facial scan verification vs. identification differ in a number of ways. The primary
difference is that identification does not utilize a claimed identity. Instead of employing a PIN or user
name, then delivering confirmation or denial of the claim, identification systems attempt to answer
the question "Who am I?" If there are only a handful of enrollees in the database, this requirement
is not demanding; as databases grow very large, into the tens and hundreds of thousands, this task
becomes much more difficult. The system may only be able to narrow the database to a number of
likely candidates. Human intervention may then be required at the final verification stages.
A second variable in identification is the dynamic between the target subjects and capture device. In
verification, one assumes a cooperative audience, one comprised of subjects who are motivated to
use the system correctly. Facial scan systems, depending on the exact type of implementation, may
also have to be optimized for non-cooperative and uncooperative subjects. Non-cooperative subjects
are unaware that a biometric system is in place, or do not care, and make no effort to either be
recognized or to avoid recognition. Uncooperative subjects actively avoid recognition, and may use
disguises or take evasive measures. Facial scan technologies are much more capable of identifying
cooperative subjects, and are almost entirely incapable of identifying uncooperative subjects.

3.7 Primary Facial Recognition Technologies

The four primary methods employed by facial recognition vendors to identify and verify subjects
include eigenfaces, feature analysis, neural network, and automatic face processing. Some types of
facial scan technology are more suitable than others for applications such as forensics, network
access, and surveillance.
"Eigenface," roughly translated as "one's own face," is a technology patented at MIT which utilizes
two dimensional, global grayscale images representing distinctive characteristics of a facial image.
Variations of eigenface are frequently used as the basis of other face recognition methods.

Picture 7: Variations of eigenface

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 37/69
Public

As suggested by the graphic, distinctive characteristics of the entire face are highlighted for use in
future authentication. The vast majority of faces can be reconstructed by combining features of
approximately 100-125 eigenfaces. Upon enrollment, the subject's eigenface is mapped to a series of
numbers (coefficients). For 1-to-1 authentication, in which the image is being used to verify a
claimed identity, one's "live" template is compared against the enrolled template to determine
coefficient variation. The degree of variance from the template, of course, will determine acceptance
or rejection. For 1-to-many identification, the same principle applies, but with a much larger
comparison set. Like all facial recognition technology, eigenface technology is best utilized in well-lit,
frontal image capture situations.
Feature analysis is perhaps the most widely utilized facial recognition technology. This technology is
related to Eigenface, but is more capable of accommodating changes in appearance or facial aspect
(smiling vs. frowning, for example). Visionics, a prominent facial recognition company, uses Local
Feature Analysis (LFA), which can be summarized as an "irreducible set of building elements." LFA
utilizes dozens of features from different regions of the face, and also incorporates the relative
location of these features. The extracted (very small) features are building blocks, and both the type
of blocks and their arrangement are used to identify/verify. It anticipates that the slight movement of
a feature located near one's mouth will be accompanied by relatively similar movement of adjacent
features. Since feature analysis is not a global representation of the face, it can accommodate angles
up to approximately 25° in the horizontal plane, and approximately 15° in the vertical plane. Of
course, a straight-ahead video image from a distance of three feet will be the most accurate. Feature
analysis is robust enough to perform 1-1 or 1-many searches.
In Neural Network Mapping technology, features from both faces - the enrollment and verification
face - vote on whether there is a match. Neural networks employ an algorithm to determine the
similarity of the unique global features of live versus enrolled or reference faces, using as much of the
facial image as possible. An incorrect vote, i.e. a false match, prompts the matching algorithm to
modify the weight it gives to certain facial features. This method, theoretically, leads to an increased
ability to identify faces in difficult conditions. As with all primary technologies, neural network facial
recognition can do 1-1 or 1-many.
Automatic Face Processing (AFP) is a more rudimentary technology, using distances and distance
ratios between easily acquired features such as eyes, end of nose, and corners of mouth. Though
overall not as robust as eigenfaces, feature analysis, or neural network, AFP may be more effective in
dimly lit, frontal image capture situations.

3.8 Facial Recognition Applications

Facial recognition is deployed in large-scale citizen identification applications, surveillance


applications, law enforcement applications such as booking stations, and kiosks. It is most often
deployed in 1:N environments, searching databases of facial images for close matches. Facial
recognition is not as adept at 1:1 verification; facial recognition vendors have attempted to penetrate
the desktop login market, but the technology is not optimized for desktop authentication.

Project Location Vendor Vertical Sector Horizontal Application Additional Description


Description Application Description

Manchester, US-NH Viisage Travel and Surveillance Screening 4th US airport to adopt
NH Viisage Transportation / Screening solution

Cognitec Australia Cognitec Travel and Phys Physical 6k Qantas aircrew, based
'SmartGate' Transportation Acc/T&A Access on passport read
Sydney Airport

Virginia Beach US-VA Identix Law Enforcement Criminal ID Surveillance 600 image database, 10
Surveillance subjects, alarm rate met
with deployer approval

Berlin Airport Germany ZN Travel and Phys Physical Face recognition terminal;
Transportation Acc/T&A Access template stored on SC

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 38/69
Public

Project Location Vendor Vertical Sector Horizontal Application Additional Description


Description Application Description

Diversity Visa US-MA Viisage Government Civil ID Immig ID Image first entered into
Program system at time of green
card registration to
prevent duplicate apps,
later used for security
screening

CO DL US-CO Identix Government Civil ID DL duplicate enrollment


detection

Zurich Airport Switzerland C-VIS Travel and Surveillance Screening Zurich Airport Police
Face Transportation / running system; targeting
Screening illegal immigrants from W.
Africa, M.East and Asia

City of US-CA Imagis Law Enforcement Criminal ID Forensic ID-2000 and CABS
Brentwood system integrated into the
Police Dept. Records Management
System (RMS) of
Data911
Table 4: Biometric Projects with Facial-Recognition

3.9 Facial Recognition Market

Facial recognition technology is expected to grow rapidly as customers deploy it for criminal and civil
identification applications, including surveillance and screening, through 2007. Increased revenues
will be primarily attributable to use in large-scale ID projects in which facial imaging already takes
place and the technology can leverage existing processes, such as drivers' licensing, passport issuance
applications, and voter registration. In addition, facial recognition technology's use in surveillance
applications is expected to increase significantly in public and private sector applications. Because of
its unique ability to perform surveillance, as well as the fact that facial images are acquired as part of
nearly every document and ID issuance process, facial recognition stands to benefit strongly from
post 9/11 deployment decisions. Facial recognition revenues are projected to grow from $34.4m in
2002 to $429.1m in 2007 and are expected to comprise approximately 10% of the entire biometric
market.

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 39/69
Public

4 Iris recognition
Iris scan biometrics employs the unique characteristics and features of the human iris in order to
verify the identity of an individual. The iris is the area of the eye where the pigmented or coloured
circle, usually brown or blue, rings the dark pupil of the eye.

Picture 8: Iris of an eye

The iris-scan process begins with a photograph. A specialized camera, typically very close to the
subject, no more than three feet, uses an infrared imager to illuminate the eye and capture a very
high-resolution photograph. This process takes only one to two seconds and provides the details of
the iris that are mapped, recorded and stored for future matching/verification.
Eyeglasses and contact lenses present no problems to the quality of the image and the iris-scan
systems test for a live eye by checking for the normal continuous fluctuation in pupil size.
The inner edge of the iris is located by an iris-scan algorithm which maps the iris’ distinct patterns
and characteristics. An algorithm is a series of directives that tell a biometric system how to interpret
a specific problem. Algorithms have a number of steps and are used by the biometric system to
determine if a biometric sample and record is a match.
Iris’ are composed before birth and, except in the event of an injury to the eyeball, remain
unchanged throughout an individual’s lifetime. Iris patterns are extremely complex, carry an
astonishing amount of information and have over 200 unique spots. The fact that an individual’s
right and left eyes are different and that patterns are easy to capture, establishes iris-scan technology
as one of the biometrics that is very resistant to false matching and fraud.
The false acceptance rate for iris recognition systems is 1 in 1.2 million, statistically better than the
average fingerprint recognition system. The real benefit is in the false-rejection rate, a measure of
authenticated users who are rejected. Fingerprint scanners have a 3 percent false-rejection rate,
whereas iris scanning systems boast ratees at the 0 percent level.
Iris-scan technology has been piloted in ATM environments in England, the US, Japan and Germany
since as early as 1997. In these pilots the customer’s iris data became the verification tool for access
to the bank account, thereby eliminating the need for the customer to enter a PIN number or
password. When the customer presented their eyeball to the ATM machine and the identity
verification was positive, access was allowed to the bank account. These applications were very
successful and eliminated the concern over forgotten or stolen passwords and received tremendously
high customer approval ratings.
Airports have begun to use iris-scanning for such diverse functions as employee
identification/verification for movement through secure areas and allowing registered frequent airline
passengers a system that enables fast and easy identity verification in order to expedite their path
through passport control.
Other applications include monitoring prison transfers and releases, as well as projects designed to
authenticate on-line purchasing, on-line banking, on-line voting and on-line stock trading to name
just a few. Iris-scan offers a high level of user security, privacy and general peace of mind for the
consumer.
A highly accurate technology such as iris-scan has vast appeal because the inherent argument for any
biometric is, of course, increased security

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 40/69
Public

4.1 Benefits of Using Iris Technology

The iris is a thin membrane on the interior of the eyeball. Iris patterns are extremely complex.
Patterns are individual (even in fraternal or identical twins).
Patterns are formed by six months after birth, stable after a year. They remain the same for life.
Imitation is almost impossible.
Patterns are easy to capture and encode

4.2 Technology Comparison

Method Coded Pattern Misidentification rate Security Applications


Iris Recognition Iris pattern 1 :1'200’000 High High-security facilities
Fingerprinting Fingerprints 1:1’000 Medium Universal
Hand Shape Size, length and 1:700 Low Low-security facilities
tickness of hands
Facial Recognition Outline, shape and 1:100 Low Low-security facilities
distribution of eyes and
nose
Signature Shape of letters, 1:100 Low Low-security facilities
writing order, pen
pressure
Voiseprinting Voice characteristics 1:30 Low Telephone service
Table 5: Biometric technology comparison: Source: AIM Japan, Automatic Identification Seminar, Sept.14, 2001

4.3 Iris-Scan: How it Works

Dr. John Daugman's work in iris recognition form the basis of this information. Information and
images found on his website, http://www.cl.cam.ac.uk/users/jgd1000, are presented below.
Iris recognition leverages the unique features of the human iris to perform identification and, in
certain cases, verification.

Picture 9: Schematic view on an eye with Iris and Retina pointed out

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 41/69
Public

Picture 10: Encoded eye

4.3.1 The Iris


Iris recognition is based on visible (via regular and/or infrared light) qualities of the iris. A primary
visible characteristic is the trabecular meshwork (permanently formed by the 8th month of gestation),
a tissue which gives the appearance of dividing the iris in a radial fashion. Other visible characteristics
include rings, furrows, freckles, and the corona, to cite only the more familiar.

4.3.2 IrisCodeTM
Expressed simply, iris recognition technology converts these visible characteristics as a phase
sequence into a 512 byte IrisCode(tm), a template stored for future identification attempts. From the
iris' 11mm diameter, Dr. Daugman's algorithms provide 3.4 bits of data per square mm. This density
of information is such that each iris can be said to have 266 'degrees of freedom', as opposed to 13-
60 for traditional biometric technologies. This '266' measurement is cited in most iris recognition
literature; after allowing for the algorithm's correlative functions and for characteristics inherent to
most human eyes, Dr. Daugman concludes that 173 "independent binary degrees-of-freedom" can
be extracted from his algorithm - an exceptionally large number for a biometric. A key differentiator
of iris-scan technology is the fact that 512 byte templates are generated for every iris, which
facilitates match speed (capable of matching over 500,000 templates per second)

4.3.3 Iris Acquisition


The first step is location of the iris by a dedicated camera no more than 3 feet from the eye. After the
camera situates the eye, the algorithm narrows in from the right and left of the iris to locate its outer
edge. This horizontal approach accounts for obstruction caused by the eyelids. It simultaneously
locates the inner edge of the iris (at the pupil), excluding the lower 90° because of inherent moisture
and lighting issues.

4.4 Iris-Scan Issues

Iris-scan technology requires reasonably controlled and cooperative user interaction - the enrollee
must hold still in a certain spot, even if only momentarily. Many users struggle to interact with the
system until they become accustomed to its operations. In applications whose user interaction is
frequent (e.g. employee physical access), the technology grows easier to use; however, applications
in which user interaction is infrequent (e.g. national ID) may encounter ease-of-use issues. Over time,
with improved acquisition devices, this issue should grow less problematic.

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 42/69
Public

The accuracy claims associated with iris-scan technology may overstate the real-world efficacy of the
technology. Because the claimed equal error rates are derived from assessment and matching of ideal
iris images (unlike those acquired in the field), actual results may not live up to the astronomical
projections provided by leading suppliers of the technology.
Lastly, since iris technology is designed to be an identification technology, fallback procedures may
not be as fully developed as in a verification deployment (users accustomed to identification may not
carry necessary ID, for example). Though these issues do not reduce the effectiveness of iris
recognition technology, they must be kept in mind should a company decide to implement on iris-
based solution.

4.5 Iris-Scan Applications

Iris-scan technology has traditionally been deployed in high-security employee-facing physical access
implementations, although 2002 saw a number of novel, high-profile iris-scan deployments in new
applications. Iridian - the technology’s primary developer - is dedicated to moving the technology to
the desktop, and has had some success in small-scale logical access deployments. The most
prominent recent deployments of iris-scan technology have been passenger authentication programs
at airports in the U.S., U.K., Amsterdam, and Iceland; the technology is also used in corrections
applications in the U.S. to identify inmates. A number of developing countries are considering iris-
scan technology for national ID and other large-scale 1:N applications, although to date it is still
believed that the largest deployed Iridian database spans under 100,000 enrollees. Notable iris-scan
applications include the following.
Project Location Vertical Sector Horizontal Application Additional Description
Description Application Description
Iris in Pakistan Pakistan Government Civil ID Tracking Afghan refugees receive
assistance package on first
enrollment through UNHCR
Iris Pilot – Logan US_MA Travel and Physical Access / Physical Access Iris piloted for employee
Transportation T&A access to security office
(LG3000)
JFK Iris Pilot US-NY Travel and Physical Access / Physical Access 1 door to tarmac protected
Transportation T&A
City Hospital of Germany Health care Phys Acc/T&A Physical Access Access control to infant
Bad Reichenhall center to prevent kidnappings
in Bavaria

Singapore Singapore Government Travel and Physical Access 50k day workers enter
Border Crossing Transportation Singapore from Malaysia
daily by motorcycle. Iris-
scan does 1:N

UK Passport UK Government Civil ID Passport Opt-in pilot to test iris


Office Iris Pilot acceptance, part of 6-mo
public comment period

Venerable Bede UK Education Retail/ATM/POS POS 900-pupil school to use


(UK) School - Iris Iridian for library check-out
and cafeteria payment
Table 6: Listing of biometric projects

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 43/69
Public

4.6 Iris-Scan Market Size

Though it is one of the later emerging technologies in the biometric market, iris-scan is set to grow
substantially through 2007. Iris-scan offers low false match rates and hands-free operation, and is
the only viable alternative to fingerprint technologies in 1:N applications where a single record must
be located. Iris-scan's resistance to false matches is offset somewhat by the the level of training
required to use the system effectively. As such, iris-scan will primarily be used in applications that
require high levels of security, although convenience-driven deployments (e.g. Privium) will continue.
Iris-scan revenues are projected to grow from $16.2m in 2002 to $210.2m in 2007. Iris-scan
revenues are expected to comprise approximately 5% of the entire biometric market.

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 44/69
Public

5 Signature recognition
Signature verification is the process used to recognize an individual’s hand-written signature.
Dynamic signature verification technology uses the behavioral biometrics of a hand written signature
to confirm the identity of a computer user. This is done by analyzing the shape, speed, stroke, pen
pressure and timing information during the act of signing. Natural and intuitive, the technology is
easy to explain and trust.
As a replacement for a password or a PIN number, dynamic signature verification is a biometric
technology that is used to positively identify a person from their handwritten signature.
There is an important distinction between simple signature comparisons and dynamic signature
verification. Both can be computerized, but a simple comparison only takes into account what the
signature looks like. Dynamic signature verification takes into account how the signature was made.
With dynamic signature verification it is not the shape or look of the signature that is meaningful, it
is the changes in speed, pressure and timing that occur during the act of signing. Only the original
signer can recreate the changes in timing and X, Y, and Z (pressure).
A pasted bitmap, a copy machine or an expert forger may be able to duplicate what a signature
looks like, but it is virtually impossible to duplicate the timing changes in X, Y and Z (pressure). The
practiced and natural motion of the original signer would required to repeat the patterns shown.
There will always be slight variations in a person’s handwritten signature, but the consistency created
by natural motion and practice over time creates a recognizable pattern that makes the handwritten
signature a natural for biometric identification.
Signature verification is natural and intuitive. The technology is easy to explain and trust. The primary
advantage that signature verification systems have over other types of biometric technologies is that
signatures are already accepted as the common method of identity verification. This history of trust
means that people are very willing to accept a signature based verification system.
Dynamic signature verification technology uses the behavioral biometrics of a hand written signature
to confirm the identity of a computer user. Unlike the older technologies of passwords and keycards
- which are often shared or easily forgotten, lost, and stolen - dynamic signature verification provides
a simple and natural method for increased computer security and trusted document authorization.

5.1 Signature-Scan: How It Works

Signature-scan technology utilizes the distinctive aspects of the signature to verify the identity of
individuals. The technology examines the behavioral components of the signature, such as stroke
order, speed and pressure, as opposed to comparing visual images of signatures. Unlike traditional
signature comparison technologies, signature-scan measures the physical activity of signing. While a
system may also leverage a comparison of the visual appearance of a signature, or “static signature,”
the primary components of signature-scan are behavioral.
The signature, along with the variables present during the signing process, is transmitted to a local
PC for template generation. Verification can take place against a local PC or a central PC, depending
on the application. In employee-facing signature-scan applications such as purchase order
authentication, local processing may be preferred; there may be just a single PC used for such
authorization. For customer-facing applications, such as retail or banking authentication, centralized
authentication is likely necessary because the user may sign at one of many locations.

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 45/69
Public

The results of signature-scan comparisons must be tied into existing authentication schemes or used
as the basis of new authentication procedures. For example, in a transactional authentication
scenario, the “authorize transaction” message might be sent after a signature is acquired by a
central PC. When signature-scan is integrated into this process, an additional routine requires that
the signature characteristics be successfully matched against those on file in order for the “authorize
transaction” message to go forward. In other applications, the results of a signature-scan match may
simply be noted and appended to a transaction. For example, in document authentication, an
unsuccessful comparison may be flagged for future resolution while not halting a transaction. The
simplest example would be a signature used for handheld device login: the successful authentication
message merely needs to be integrated into the login module, similarly to a PIN or password.

5.2 Signature-Scan: Strengths and Weaknesses

Signature-Scan has several strengths. Because of the large amount of data present in a signature-
scan template, as well as the difficulty in mimicking the behavior of signing, signature scan-
technology is highly resistant to imposter attempts. As a result of the low False Acceptance Rates
(FAR), a measure of the likelihood that a user claiming a false identity will be accepted, deployers can
have a high confidence level that successfully matched users are who they claim to be. Signature-
scan also benefits from its ability to leverage existing processes and hardware, such as signature
capture tablets and systems based on public key infrastructure (PKI), a popular method for data
encryption. Since most people are accustomed to providing their signatures during customer
interactions, the technology is considered less invasive than some other biometrics.
However, signature-scan has several weaknesses. Signature-scan is designed to verify subjects based
on the traits of their unique signature. As a result, individuals who do not sign their names in a
consistent manner may have difficulty enrolling and verifying in signature-scan. During enrollment
subjects must provide a series of signatures that are similar enough that the system can locate a large
percentages of the common characteristics between the enrollment signatures. During verification
enough characteristics must remain constant to determine with confidence that the authorized
person signed. As a result, individuals with muscular illnesses and people who sometimes sign with
only their initials might result in a higher False Rejection Rate (FRR), which measures the likelihood
that a system will incorrectly reject an authorized user. Since many users are unaccustomed to
signing on a tablet, some subjects' signatures may differ to their signatures on ink and paper,
increasing the potential for false rejection.

5.3 Typical Signature-Scan Applications

Signature-scan is implemented in situations where signature or written input processes are already in
place. These applications include contract execution, formal agreements, acknowledgement of
services received, access to controlled documents, etc.
As the act of signing documents becomes more integrated with electronic capture processes -
signing on acquisition tablets, using special styluses, etc. - the opportunity for biometric
authentication will increase dramatically. As of today, there are few acquisition devices deployed in
operational environments capable of capturing biometric data. Note that signature-scan is not the
same as signature capture, currently used in various point-of-sale systems. Nor is it the same as
digital signatures, an encryption technology.

5.4 Signature-Scan Market Size

Though it is one of the least frequently deployed technology in the biometric market today,
signature-scan usage will increase, as a complement to static signature capture, through 2005.
Though a handful of vendors sell signature-scan, these firms will need to show the success of the
technology in more high-profile settings. As applications for contract execution, formal agreements
and access to controlled documents are demonstrated, signature-scan revenues are projected to
grow from $3.0m in 2000 to $101.1m in 2005. Signature-scan revenues are expected to comprise
approximately 5% of the entire biometric market.

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 46/69
Public

5.5 Difference between Biometric and digital signatures

Handwriting has been around since the beginning of civilization and the ‘signature ’or the act of
signing a document, has long been accepted by nearly every culture as one ’s recognition and
agreement on the contents and implications of written words.
The increasing recognition of electronic signatures by lawmakers is bringing to the forefront
concerns over electronic security for privacy and protection of individuals.
For many now conducting business transactions over private networks or the Internet, some form of
official acknowledgement is now essential and legally binding. The security implications of producing
or recognizing ‘original ’electronic documents will be more important than ever before. In this
respect, it is important to understand the distinction between the terms “Biometric ” and “Digital ”
signatures.
A digital signature is a term used to describe a long numerical code that has been uniquely assigned
to one person, hence the reference to ‘signature ’.It has nothing to do with a real signature. Their
purpose is to be used in encryption systems. Asymmetric encryption (or PKI)is an example of a
popular encryption approach. A digital signature is issued to an individual by what is called a
Certificate Authority. This is a group or organization responsible for maintenance and safekeeping of
digital signatures. Because of their length no one actually remembers or even knows their digital
signature.
An individual’s digital signature will normally reside on his or her computer, or can be stored on a
card (similar to banking cards).When someone wishes to encrypt an electronic document, they will
use a password or PIN that in turn allows the digital signature to be used. Although secure once
encrypted, digital signatures are only as safe as the medium where they reside. Anyone obtaining
access to your password, PIN or computer can potentially make unauthorized use of your digital
signature. The use of a digital signature does not guarantee the identity of the originator.
Handwriting results from a highly complex series of dynamic neuromuscular tasks from brain to
fingertips. A naturally developed signature represents the most often reproduced and habitual act of
writing.
Although we never sign exactly the same way twice, the signature adheres within certain boundaries
unique to each individual. This natural variation is an essential component of handwriting. It also
means that each signature is unique in that no two will be identical in all discrete features. Unlike
fingerprints, retinal or DNA patterns which remain constant over time, the execution of a person ’s
signature will be unique and individual at that particular moment. Handwriting remains one of the
most powerful human identifiers that exist today. Identical twins will have the same DNA pattern
while their handwriting and signatures remain distinctively different.
Biometric signature is a term used to refer to a signature that has been recorded/captured using a
variety of input devices such as digitizing tablets, personal digital assistants (PDA),computer displays
or other contact sensitive technologies. This method allows real handwritten signatures to be
incorporated into e-documents during electronic transactions. Not every technology captures
signature information the same way. Some systems have a static approach and will only record an
image of a signature and as such do not record the unique behavioral elements associated with the
execution of a signature. In a biometric system such as CIC’s SignItÔ, both the geometric and
dynamic characteristics of the signing process will be recorded and incorporated in an electronic
document. Most of the elements that make a signature unique and identifiable can be derived from
the digital signature data. Furthermore, the data that is incorporated in an electronic document can
be used to lock and protect the contents from alteration. Biometric signatures can also be used to
provide and control access security to buildings, networks, computers, documents and databases.
For the layperson, the pictorial appearance of a conventional signature can be convincingly imitated.
Forensically, when there is a question of whether or not the signature on a document is genuine,
expert visual and microscopic examination is required. This involves evaluating and comparing the
general and discrete features of the contested signature with known signatures. With biometric
signatures, the authentication can be done in real-time or after the fact. In the event that a biometric
signature is contested, the signature data can be extracted from the document and submitted to
similar forensic investigation and analysis to verify the authenticity of the signature.

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 47/69
Public

In fact, some of the biometric data that is captured such as speed, acceleration, deceleration, and the
amount of time the pen is on and off the paper is accurately measured. This data is either
unavailable or qualitatively assessed at best in conventional forensic examinations of signatures. The
additional behavioral features recorded from biometric signatures make them even more difficult if
not impossible to imitate.
Biometric signatures represent an ideal bridge between the long-recognized convention of signing a
document and the need for electronic documents to be uniquely recognized by individuals. This
application provides individuals with security and control on documents originated, transacted and
stored in the digital domain.

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 48/69
Public

6 Voice recognition
Voice Recognition is a technology which allows a user to use his/her voice as an input
device. Voice recognition may be used to dictate text into the computer or to give commands to the
computer (such as opening application programs, pulling down menus, or saving work).
Older voice recognition applications require each word to be separated by a distinct space. This
allows the machine to determine where one word begins and the next stops. These kinds of voice
recognition applications are still used to navigate the computer's system, and operate applications
such as web browsers or spread sheets.
Newer voice recognition applications allow a user to dictate text fluently into the computer. These
new applications can recognize speech at up to 160 words per minute. Applications that allow
continuous speech are generally designed to recognize text and format it, rather then controlling the
computer system itself.
Voice recognition uses a neural net to "learn" to recognize your voice. As you speak, the voice
recognition software remembers the way you say each word. This customization allows voice
recognition, even though everyone speaks with varying accents and inflection.
In addition to learning how you pronounce words a voice recognition also uses grammatical context
and frequency of use to predict the word you wish to input. These powerful statistical tools allow the
software to cut down the massive language data base before you even speak the next word.
While the accuracy of voice recognition has improved over the past few years some users still
experience problems with accuracy either because of the way they speak or the nature of
their voice.

6.1 Voice Recognition: How it Works

Voice recognition technology utilizes the distinctive aspects of the voice to verify the identity of
individuals. Voice recognition is occasionally confused with speech recognition, a technology which
translates what a user is saying (a process unrelated to authentication). Voice recognition technology,
by contrast, verifies the identity of the individual who is speaking. The two technologies are often
bundled – speech recognition is used to translate the spoken word into an account number, and
voice recognition verifies the vocal characteristics against those associated with this account.
Voice recognition can utilize any audio capture device, including mobile and land telephones and PC
microphones. The performance of voice recognition systems can vary according to the quality of the
audio signal as well as variation between enrollment and verification devices, so acquisition normally
takes place on a device likely to be used for future verification.
During enrollment an individual is prompted to select a passphrase or to repeat a sequence of
numbers. The passphrases selected should be approximately 1-1.5 seconds in length – very short
passphrases lack enough identifying data, and long passwords have too much, both resulting in
reduced accuracy. The individual is generally prompted to repeat the passphrase or number set a
handful of times, making the enrollment process somewhat longer than most other biometrics.

6.2 Voice Recognition: Strengths and Weaknesses

One of the challenges facing large-scale implementations of biometrics is the need to deploy new
hardware to employees, customers and users. One strength of telephony-based voice recognition
implementations is that they are able to circumvent this problem, especially when they are
implemented in call center and account access applications. Without additional hardware at the user
end, voice recognition systems can be installed as a subroutine through which calls are routed before
access to sensitive information is granted. The ability to use existing telephones means that voice
recognition vendors have hundreds of millions of authentication devices available for transactional
usage today.

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 49/69
Public

Similarly, voice recognition is able to leverage existing account access and authentication processes,
eliminating the need to introduce unwieldy or confusing authentication scenarios. Automated
telephone systems utilizing speech recognition are currently ubiquitous due to the savings possible by
reducing the amount of employees necessary to operate call centers. Voice recognition and speech
recognition can function simultaneously using the same utterance, allowing the technologies to
blend seamlessly. Voice recognition can function as a reliable authentication mechanism for
automated telephone systems, adding security to automated telephone-based transactions in areas
such as financial services and health care.
Though inconsistent with many users’ perceptions, certain voice recognition technologies are highly
resistant to imposter attacks, even more so than some fingerprint systems. While false non-matching
can be a common problem, this resistance to false matching means that voice recognition can be
used to protect reasonably high-value transactions.
Since the technology has not been traditionally used in law enforcement or tracking applications
where it could be viewed as a Big Brother technology, there is less public fear that voice recognition
data can be tracked across databases or used to monitor individual behavior. Thus, voice recognition
largely avoids one of the largest hurdles facing other biometric technologies, that of perceived
invasiveness.

6.3 Voice Recognition Applications

Voice recognition is a strong solution for implementations in which vocal interaction is already
present. It is not a strong solution when speech is introduced as a new process. Telephony is the
primary growth area for voice recognition, and will likely be by far the most common area of
implementation for the technology. Telephony-based applications for voice recognition include
account access for financial services, customer authentication for service calls, and challenge-
response implementations for house arrest and probation-related authentication. These solutions
route callers through enrollment and verification subroutines, using vendor-specific hardware and
software integrated with an institution's existing infrastructure.
Voice recognition has also been implemented in physical access solutions for border crossing,
although this is not the technology's ideal deployment environment.

6.4 Voice Recognition Market Size

Though revenues from the technology are relatively small today, voice recognition will draw
substantially greater revenues through 2007. Most likely to be deployed in telephony-based
environments (such as account access for financial services and customer authentication for service
calls), voice recognition revenues are projected to grow from $12.2m in 2002 to $142.1m in 2007.
Voice recognition revenues are expected to comprise approximately 4% of the entire biometric
market.

6.5 Voice Verification in Telephone Banking

Telephone banking is increasingly popular with customers, and will be increasingly attractive to
banks and other financial institutions as they start to implement highly cost effective automated
speech recognition technology to handle routine transactions (the subject of another "financial
futures" web page).
But the procedures for verifying customers over the telephone are unsatisfactory, both in terms of
customer convenience and also, increasingly, from a security point of view.

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 50/69
Public

6.5.1 The Problem


The usual approach to verifying customers - proving that they are who they claim to be - is to use
some sort of PIN or password. To avoid the customer having to say the password out loud, they are
usually prompted for, say, the second and fourth letters in the password.
There are several problems with this approach:
Firstly, passwords and PINs are difficult to remember and unwieldy for customers to use in this
manner.
Secondly, it takes time - identification and verification of the caller is often the lengthiest component
of a transaction and this translates directly to the bottom line.
Thirdly, the security itself leaves a lot to be desired - many customers write down their passwords or
reveal them to the operator (in extreme cases they may self select the same PIN that they use for
ATM withdrawals). Many call centres prompt the caller for additional 'secret' items such as their
mother's maiden name, but this only exacerbates the other two problems.

6.5.2 The Solution? Voice Verification


Technology now exists which enables individuals to be reliably, rapidly and cost-effectively verified on
the basis of the physical characteristics of their voice.
Several vendors now supply commercial voice verification technology. A good example is Nuance
Communications, based in California, using essentially the same technology which underlies their
speaker independent speech recognition software. But in this case recognition is speaker dependent
- the customer is only allowed to use the system if their individual voiceprint matches their identity
(normally established though an account number).
A new customer automatically enrolls in the system over the telephone by repeating about 10 four
digit numbers or reading a short piece of text. The software extracts from this a number of physical
characteristics which are unique to that voice. In all subsequent transactions, the caller, once
identified, is asked to repeat a couple of randomly generated PINs or, for example, names of cities
(this is to prevent fraudsters tape-recording a customer saying their password or PIN). If the voiceprint
matches the one stored against the account number the transaction proceeds; if not, the customer is
referred to a supervisor.
Pilot tests of the technology are encouraging. A high accuracy of correct verification can be
combined with a low probability of false rejection which is suitable for most banking operations and
the whole procedure is faster, easier and much more cost effective. Surprisingly, only a few kilobytes
of storage are required for each voiceprint and because the claimed identity of the customer is
already established, a single comparison is all that is required, so verification is quite rapid (using the
same technology for voice identification is of course much slower since the system must find a match
out of many voiceprints).
Voice verification is particularly appropriate for automated speech recognition dialogues and we
expect that a seamless combination of the two technologies will rapidly become the norm for most
simple telephone banking transactions.
Of course voice verification is much less applicable to other delivery channels such as branch banking
or screen-based systems (although pilot systems have been built). For an intriguing new approach to
customer verification over the Internet based on face recognition, see the "financial futures" web
page on Passfaces or check out the ID-Arts web site.

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 51/69
Public

6.6 Details

The speaker-specific characteristics of speech are due to differences in physiological and behavioral
aspects of the speech production system in humans. The main physiological aspect of the human
speech production system is the vocal tract shape. The vocal tract is generally considered as the
speech production organ above the vocal folds, which consists of the following: (i) laryngeal pharynx
(beneath the epiglottis), (ii) oral pharynx (behind the tongue, between the epiglottis and velum), (iii)
oral cavity (forward of the velum and bounded by the lips, tongue, and palate), (iv) nasal pharynx
(above the velum, rear end of nasal cavity), and (v) nasal cavity (above the palate and extending from
the pharynx to the nostrils). The shaded area in Picture 11 depicts the vocal tract.

Picture 11: Vocal tract

The vocal tract modifies the spectral content of an acoustic wave as it passes through it, thereby
producing speech. Hence, it is common in speaker verification systems to make use of features
derived only from the vocal tract. In order to characterize the features of the vocal tract, the human
speech production mechanism is represented as a discrete-time system of the form depicted in Picture
12.

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 52/69
Public

Picture 12: the human speech production mechanism is represented as a discrete-time system of the form as depicted

The acoustic wave is produced when the airflow from the lungs is carried by the trachea through the
vocal folds. This source of excitation can be characterized as phonation, whispering, frication,
compression, vibration, or a combination of these. Phonated excitation occurs when the airflow is
modulated by the vocal folds. Whispered excitation is produced by airflow rushing through a small
triangular opening between the arytenoid cartilage at the rear of the nearly closed vocal folds.
Frication excitation is produced by constrictions in the vocal tract. Compression excitation results
from releasing a completely closed and pressurized vocal tract. Vibration excitation is caused by air
being forced through a closure other than the vocal folds, especially at the tongue. Speech produced
by phonated excitation is called voiced, that produced by phonated excitation plus frication is called
mixed voiced, and that produced by other types of excitation is called unvoiced.
It is possible to represent the vocal-tract in a parametric form as the transfer function H(z). In order to
estimate the parameters of H(z) from the observed speech waveform, it is necessary to assume some
form for H(z). Ideally, the transfer function should contain poles as well as zeros. However, if only the
voiced regions of speech are used then an all-pole model for H(z) is sufficient. Furthermore, linear
prediction analysis can be used to efficiently estimate the parameters of an all-pole model. Finally, it
can also be noted that the all-pole model is the minimum-phase part of the true model and has an
identical magnitude spectra, which contains the bulk of the speaker-dependent information.
The above discussion also underlines the text-dependent nature of the vocal-tract models. Since the
model is derived from the observed speech, it is dependent on the speech. Picture 13 illustrates the
differences in the models for two speakers saying the same vowel.

Picture 13: Differences in the models for two speakers saying the same vowel

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 53/69
Public

6.7 Choice of features

The LPC features were very popular in the early speech-recognition and speaker-verification systems.
However, comparison of two LPC feature vectors requires the use of computationally expensive
similarity measures such as the Itakura-Saito distance and hence LPC features are unsuitable for use
in real-time systems. Furui suggested the use of the cepstrum, defined as the inverse Fourier
transform of the logarithm of the magnitude spectrum, in speech-recognition applications. The use
of the cepstrum allows for the similarity between two cepstral feature vectors to be computed as a
simple Euclidean distance. Furthermore, Atal has demonstrated that the cepstrum derived from the
LPC features results in the best performance in terms of FAR and FRR for a speaker verification
system. Consequently, we have decided to use the LPC derived cepstrum for our speaker verification
system.

6.8 Speaker Modeling

Using cepstral analysis as described in the previous section, an utterance may be represented as a
sequence of feature vectors. Utterances spoken by the same person but at different times result in
similar yet a different sequence of feature vectors. The purpose of voice modeling is to build a model
that captures these variations in the extracted set of features. There are two types of models that
have been used extensively in speaker verification and speech recognition systems: stochastic models
and template models. The stochastic model treats the speech production process as a parametric
random process and assumes that the parameters of the underlying stochastic process can be
estimated in a precise, well defined manner. The template model attempts to model the speech
production process in a non-parametric manner by retaining a number of sequences of feature
vectors derived from multiple utterances of the same word by the same person. Template models
dominated early work in speaker verification and speech recognition because the template model is
intuitively more reasonable. However, recent work in stochastic models has demonstrated that these
models are more flexible and hence allow for better modeling of the speech production process. A
very popular stochastic model for modeling the speech production process is the Hidden Markov
Model (HMM). HMMs are extensions to the conventional Markov models, wherein the observations
are a probabilistic function of the state, i.e., the model is a doubly embedded stochastic process
where the underlying stochastic process is not directly observable (it is hidden). The HMM can only
be viewed through another set of stochastic processes that produce the sequence of observations.
Thus, the HMM is a finite-state machine, where a probability density function p(x | s_i) is associated
with each state s_i. The states are connected by a transition network, where the state transition
probabilities are a_{ij} = p(s_i | s_j). A fully connected three-state HMM is depicted in Picture 14.

Picture 14: Fully connected three-state HMM

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 54/69
Public

For speech signals, another type of HMM, called a left-right model or a Bakis model, is found to be
more useful. A left-right model has the property that as time increases, the state index increases (or
stays the same)-- that is the system states proceed from left to right. Since the properties of a speech
signal change over time in a successive manner, this model is very well suited for modeling the
speech production process.

6.9 Pattern Matching

The pattern matching process involves the comparison of a given set of input feature vectors against
the speaker model for the claimed identity and computing a matching score. For the Hidden Markov
models discussed above, the matching score is the probability that a given set of feature vectors was
generated by the model.

Picture 15: Systems diagram of the pattern matching process

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 55/69
Public

7 Hand Geometry
This biometric approach uses the geometric form of the hand for confirming an individual’s identity.
Because human hands are not unique, specific features must be combined to assure dynamic
verification.
Some hand-scan devices measure just two fingers, others measure the entire hand. These features
include characteristics such as finger curves, thickness and length; the height and width of the back
of the hand; the distances between joints and overall bone structure.
It should be noted that although the bone structure and joints of a hand are relatively constant traits,
other influences such as swelling or injury can disguise the basic structure of the hand. This could
result in false matching and non-false matching, however the amount of acceptable distinctive
matches can be adjusted for the level of security needed.
To register in a hand-scan system a hand is placed on a reader’s covered flat surface. This placement
is positioned by five guides or pins that correctly situate the hand for the cameras. A succession of
cameras captures 3-D pictures of the sides and back of the hand. The attainment of the hand-scan is
a fast and simple process. The hand-scan device can process the 3-D images in 5 seconds or less and
the hand verification usually takes less than 1 second. The image capturing and verification software
and hardware can easily be integrated within standalone units. Hand-scan applications that include a
large number of access points and users can be centrally administered, eliminating the need for
individuals to register on each device.

7.1 Applications for Hand Scanning

Internationally, many airports use hand-scan devices to permit frequent international travelers to by-
pass waiting lines for various immigration and customs systems.
Employers use hand-scan for entry/exit, recording staff movement and time/attendance procedures.
This can go long way to eradicating the age old problem of buddy-clocking and other deceptive
activities.

7.2 Combining Biometric Methods

Hand-scanning can be easily combined with other biometrics such as fingerprint


identification. A system where fingerprints are used for infrequent identification and
hand-scanning is used for frequent verification would create a two tiered structure.
The hand-scan component used frequently allows identity verification or 1:1 (one to
one) verification that ensures the user is who they claim they are. The fingerprint
identification component used infrequently, confirms who the user is and accurately
identifies the user in a 1:N (one to many) identification that is compared with
numerous records.
Some anthropologists suspect that human intelligence has evolved due in large part to the shape of
the hand.
While the hand hasn't changed much in a long time, it's now being put to a new use, to verify its
owner's identity.

7.3 How it Works

Every hand is unique. Hand geometry scanners such as those made by Recognition Systems Inc. take
over 90 measurements of the length, width, thickness, and surface area of the hand and four
fingers--all in just 1 second.

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 56/69
Public

The technology uses a 32,000-pixel CCD digital camera to record the hand's three-dimensional
shape from silhouetted images projected within the scanner.
The scanner disregards surface details, such as fingerprints, lines, scars, and dirt, as well as
fingernails, which may grow or be cut from day to day.
When a person uses the scanner, it compares the shape of the user's hand to a template recorded
during an enrollment session. If the template and the hand match, the scanner produces an output--
it may unlock a door, transmit data to a computer, verify identification, or log the person's arrival or
departure time.
During enrollment, which takes approximately 30 seconds, the user places the right hand in the
reader three times. The unit's internal processor and software convert the hand image to a 9-byte
mathematical template, which is the average of the three readings.
The user's template may reside in internal memory (capable of holding over 27,000 users), or on
other media such as a hard disk or smart card chip.
As opposed to such technologies as fingerprint, voice recognition, and facial recognition, where a
multitude of vendors compete via their proprietary technology, hand geometry technology is
dominated by one company, Recognition Systems, Inc. Finger geometry is led by Biomet Partners.
RSI's method for capturing the biometric sample is fairly straightforward. To enroll, the users places
his or her hand palm down on the reader's surface. The user then aligns his or her hand with the five
pegs designed to indicate the proper location of the thumb, forefinger, and middle finger. Three
placements are required to enroll on the unit; the enrollment template is a representation of the
most relevant data from the three placements.
RSI's units use a 32,000-pixel CCD (charged coupled device) digital camera, inferring the length,
width, thickness, and surface area of the hand and fingers from silhouetted images projected within
the scanner. Over 90 measurements are taken, and the hand and fingers' characteristics are
represented as a 9 byte template. source: Recognition Systems, Inc. Biomet Partners' technology is
similar, but draws on the shape and characteristics of the index and middle finger. The data is saved
as a 20 byte template.
Hand geometry is a relatively accurate technology, but does not draw on as rich a data set as finger,
face, or iris. A decent measure of the distinctiveness of a biometric technology is its ability to perform
1-to-many searches - that is, the ability to identify a user without the user first claiming an identity.
Hand geometry does not perform 1-to-many identification, as similarities between hands are not
uncommon. Where hand geometry does have an advantage is in its FTE (failure to enroll) rates,
which measure the likelihood that a user is incapable of enrolling in the system. Fingerprint, by
comparison, is prone to FTE's due to poor quality fingerprints; facial recognition requires consistent
lighting to properly enroll a user. Since nearly all users will have the dexterity to use hand geometry
technology, fewer employees and visitors will need to be processes outside the biometric. Hand
geometry is occasionally misunderstood as "palm reading", as the placement of the hand palm-
down on the reader can be confusing to the those unfamiliar with the technology.

7.4 Hand Geometry Strengths and Weaknesses

7.4.1 Strengths

Ease of use
the submission of the biometric is straightforward, and with proper training can be done with few
misplacements. The only may be elderly clientele or those with arthritic hands, who may be unable to
easily spread their fingers and place their hand on the unit's surface. The unit also works fairly well
with dirty hands.

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 57/69
Public

Resistant to fraud
short of casting a model of an enrolled person's hand and fingers, it would be difficult and time
consuming to submit a fake sample. Since much of the value of hand scan is as a deterrent in time
and attendance scenarios, it would rarely be worth the effort to attempt a fake submission.

Template size
Using RSI as the standard bearer of hand scan, a template size of 9 bytes is extremely small, orders of
magnitude smaller than most other biometric technologies. By contrast, finger scan biometrics
require 250-1000 bytes and voice scan biometrics commonly require 1500-3000 bytes. This
facilitates storage of a large number of templates in a standalone device, which is how many hand
scan devices are designed to work. It also facilitates card-based storage, as even magstripe cards
have ample room for 9 byte samples.

User perceptions
as opposed to facial scan or eye-based technologies, which can encounter some resistance, the use
of hand geometry is not problematic for the vast majority of users. It bears very little of the stigma of
other authentication methods.

7.4.2 Weaknesses

Static design
as opposed to other biometrics, which can take advantage of technological breakthroughs like silicon
development or camera quality, hand scan has remained largely unchanged for years. Its size
precludes it from being used in most logical access scenarios, where compact design may be a
prerequisite.

Cost
hand scan readers cost approximately $1400-2000, placing them toward the high end of the
physical security spectrum. Finger scan readers, whatever strengths and weaknesses they may have,
can be much less expensive, in the $800-1200 range.

Injuries to hands
as with all biometrics, physiological changes can cause users to be rejected falsely. Injuries to hands
are fairly common, and would make use of systems such as RSI's impossible.

Accuracy
although generally more reliable than behavioral biometrics such as voice or signature, hand
geometry, in its current incarnation, cannot perform 1-to-many searches, but instead is limited to 1-
to-1 verification. This limits its use in many different applications.

7.5 Enhanced Biometric Technology

Recognition Systems Inc. significantly enhanced biometric technology for its hand scanners. By
maintaining a low False Reject Rate (the probability that the device will reject an authorized user),
while maintaining a high deterrent to unauthorized access, RSI's units process large numbers of
people with minimal delays.
The crossover of False Reject and False Accept rates for RSI's hand geometry readers is 0.1%. These
optimal error rates were documented in independent testing at Sandia National Laboratories.
Subsequent field results from thousands of users and hundreds of thousands of transactions
confirmed the Sandia findings.

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 58/69
Public

7.6 Highest User Acceptance

Among biometric technologies, Sandia reported that hand geometry had the highest user
acceptance of all devices tested. With a high level of security, ease of use, and non-threatening
technology, hand geometry has become the most widely accepted biometric technology in use
today.

7.7 Applications

RSI hand geometry scanners verify identity at the front entrances of over half the nuclear power
plants in the U.S. At the 1996 Olympic Games, RSI's units were integrated with the Olympic Village
security system to process millions of transactions, with minimum delay.
The U.S. Immigration and Naturalization Service (INS) uses RSI hand geometry scanners to allow over
60,000 frequent travelers to bypass immigration lines (through the INSPASS program).
The drastic reductions in cost of microprocessors in recent years has brought affordable hand
geometry technology to the commercial market. Biometrics are no longer found only in nuclear
power plants. Day care centers, athletic clubs, obstetrics wards, and police departments now use
RSI's scanners.
Tomorrow will find ever-expanding applications for this thoroughly time-tested technology--for
financial transactions, ticket-less travel, and new business and residential applications where high
security is a major concern.
Hand geometry is currently among the most widely used biometric technologies, most suitable for
access control and time and attendance applications. As opposed to more exotic biometric
technologies, whose implementations may be quite few and far between, hand scan is used reliably
at thousands of places of employment, universities, apartment buildings, and airports - anyplace
requiring reasonably accurate, non-intrusive authentication. The nature of hand geometry
technology is such that most projects are fairly small-scale and involve only a handful of readers, but
there are some projects which incorporate dozens of readers.
Perhaps the most frequently used and most successful hand scan project is the INSPASS (Immigration
and Naturalization Service Passenger Accelerated Service System) project, one which allows frequent
travelers to circumvent long immigration lines at international airports in Los Angeles, Miami,
Newark, N.J., New York City, Washington, San Francisco, Toronto, and Vancouver. Qualified
passengers, after enrolling in the service, receive a magstripe card encoded with their hand scan
information. Instead of being processed by passport control personnel, INSPASS travelers swipe their
card, place their hand, and proceed with their I-94 to the customs gate. Nearly 50,000 people have
enrolled in the service, and approximately 20,000 verifications take place every month. Travelers from
30 different countries are qualified to register for INSPASS; pending budgetary constraints, the near-
term objective is to rollout the INSPASS project to over 20 airports in the U.S.
Not yet implemented, but expected to begin at some point in 2000, is another high-profile hand
scan project in Israel known informally as "Basel." Designed to control access to a road connecting
the Gaza Strip and the West Bank, Basel will incorporate both hand scan and facial scan; an
overriding objective in the design of this biometric system was to provide maximum security while
allowing for authentication under challenging environmental conditions. Dozens of biometrically
enabled turnstiles will feature proximity-based smart cards, hand scan readers, and cameras to
perform facial scan matching. Although neither face nor hand is ideal for this application, the
combination of the two allows for maximum efficiency in processing what will be over 30,000
Palestinian workers each day.The only major implementation of hand geometry by a vendor other
than RSI is Disney's verification of season pass holders via two-finger geometry. This is both a
convenience measure and a deterrent, as season pass holders are able to circumvent long lines but
cannot give their season passes to friends

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 59/69
Public

7.8 Hand Geometry Market Size

Though the technology for the biometric is mature, hand geometry is projected to be one of the
slowed growing biometric technology through 2007. Because the range of applications in which
hand geometry is typically limited to access control and time and attendance, it will draw a
progressively smaller percentage of biometric revenues. Overall, hand geometry revenues are
projected to grow from $27.7m in 2002 to $97.4m in 2007. Hand geometry revenues are expected
to comprise approximately 2.5% of the entire biometric market.

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 60/69
Public

8 AFIS

8.1 AFIS Applications

Automated Fingerprint Identification System (AFIS) technology is used in a variety of law enforcement
and civil applications. In law enforcement, fingerprints are collected from arrested subjects and
searched against local, state, regional, and/or national fingerprint databases. The subject's ten
fingerprints are acquired either through the traditional ink-and-roll method or through an optical
livescan system, consisting of a sizeable fingerprint scanner, PC, and imaging and transmission
software. The electronic fingerprints are submitted, along with demographic data, to identify or
verify the identity of the subject. Searches may take minutes, hours, or days, depending on the
quality of the information submitted, the size of the database being searched, and the entity
requesting the search. Law enforcement searches often return candidate lists used to determine
which of several possible matches is the best match. Searches for latent prints lifted from crime
scenes are a subset of this category.
The primary civil sector applications of AFIS technology are (1) background searches to screen job
applicants in industries such as financial services and air travel; and (2) public benefits programs such
as welfare issuance, Aid to Families with Dependent Children, etc. The technology is implemented to
locate duplicate sets of fingerprints, which would indicate that a user is committing fraud. AFIS
technology is also in a similar fashion in national ID programs. In civil sector applications, the value of
AFIS may be as much in deterrence as detection, as most individuals interacting with a public sector
entity are not attempting to commit fraud. Background searches utilize ten fingerprints, as in law
enforcement, while benefits and ID programs normally require the collection of between two and
four fingerprints.
A largely untapped segment of the AFIS market is what might be called "transactional" AFIS.
Increased computing power and improved matching capabilities have resulted in small-scale AFIS
systems within the budgetary and operational reach of private sector entities such as health care
providers. These systems can be used to identify patients and providers from databases of tens to
hundreds of thousands of fingerprint, with response times in the few-minute range.

8.2 AFIS Market Size

An established technology in law enforcement settings, Automated Fingerprint Identification System


(AFIS) is the most widespread application of biometrics today and will continue to be through 2007.
Since many law enforcement organizations are already using AFIS, its primary growth will come from
private sector employee background check applications. Because of this growing need to screen
applicants for criminal records before hiring them, AFIS revenues are projected to grow from $323.0
in 2002 to $1,250.3m in 2007. AFIS revenues are expected to comprise approximately 30% of the
entire biometric market.

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 61/69
Public

9 Multimodal biometrics
A multimodal biometric system uses multiple applications to capture different types of biometrics.
This allows the integration of two or more types of biometric recognition and verification systems in
order to meet stringent performance requirements.
A multimodal system could be, for instance, a combination of fingerprint verification, face
recognition, voice verification and smart-card or any other combination of biometrics. This enhanced
structure takes advantage of the proficiency of each individual biometric and can be used to
overcome some of the limitations of a single biometric.
A multimodal system can combine any number of independent biometrics and overcome some of
the limitations presented by using just one biometric as your verification tool. For instance, it is
estimated that 5% of the population does not have legible fingerprints, a voice could be altered by a
cold and face recognition systems are susceptible to changes in ambient light and the pose of the
subject. A multimodal system, which combines the conclusions made by a number of unrelated
biometrics indicators, can overcome many of these restrictions.
Multimodals are generally much more vital to fraudulent technologies, because it is more difficult to
forge multiple biometric characteristics than to forge a single biometric characteristic.

9.1 Integrating Faces and Fingerprints for Personal Identification

An automatic personal identification system based solely on fingerprints or faces is often not able to
meet the system performance requirements. Face recognition is fast but not reliable while fingerprint
verification is reliable but inefficient in database retrieval. We have developed a prototype biometric
system which integrates faces and fingerprints. The system overcomes the limitations of face
recognition systems as well as fingerprint verification systems. The integrated prototype system
operates in the identification mode with an admissible response time. The identity established by the
system is more reliable than the identity established by a face recognition system. In addition, the
proposed decision fusion schema enables performance improvement by integrating multiple cues
with different confidence measures. Experimental results demonstrate that our system performs very
well. It meets the response time as well as the accuracy requirements.

9.2 A Multimodal Biometric System Using Fingerprint, Face, and Speech

A biometric system which relies only on a single biometric identifier in making a personal
identification is often not able to meet the desired performance requirements. Identification based
on multiple biometrics represents an emerging trend. We introduce a multimodal biometric system,
which integrates face recognition, fingerprint verification, and speaker verification in making a
personal identification. This system takes advantage of the capabilities of each individual biometric. It
can be used to overcome some of the limitations of a single biometrics. Preliminary experimental
results demonstrate that the identity established by such an integrated system is more reliable than
the identity established by a face recognition system, a fingerprint verification system, and a speaker
verification system.

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 62/69
Public

Picture 16: Multimodal Biometric System

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 63/69
Public

10 2D Barcode
To address rising concerns over identity theft and security threats, Datastrip offers a high-density
two-dimensional bar code technology called 2D Superscript that can easily store biometric templates,
photographs (color and grayscale) and text in a bar code the size of a magnetic stripe. 2D Superscript
bar codes can be printed on any substrate, whether it is an ID card, passport, Visa or plain piece of
paper. 2D Superscript can store an exceptionally large volume of information and provide a high
degree of tamper resistance to any identity document without adding any cost to the card itself. The
image below illustrates an ID document containing approximately 2100 bytes of information in a 2D
Superscript bar code.

10.1 Datastrip Card Readers

Card reading is performed either online or offline with Datastrip's DSVerify2D, the first portable bar
code/smart card reader capable of decoding text, fingerprints and photographs. DSVerify is one of
the smallest computers on the market and should not be confused with a PDA. Weighing just 3.5
pounds, the portable DSVerify has a built-in color LCD for display of photographs and text, as well as
an optical fingerprint scanner that can perform live, on-the-spot fingerprint verification. Datastrip
also offers a PC based card reader, called PCVerify, for stationary computer based card reading
systems.

10.2 Datastrip Applications

You may be wondering what types of applications there are for Datastrip's technology and who are
typical end users? The applications on the following page will give you some ideas for the types of
end users to prospect.

Security
Marketing to corporations and secured facilities such as nuclear power plants for:
Corporate and union workforce ID cards - identity verification at manned access control points
for entry into secured areas.

Financial
Marketing to banks for:
Safety deposit box access card, bank ID cards - verify the identity of individuals accessing safety
deposit boxes, bank accounts and for check cashing.

Retail and Gaming


Marketing to casinos, grocery store and other retail establishments for:
ID card systems for check cashing, loyalty, rewards and promotional cards and gaming systems
for access management and VIP programs.

Transportation
Marketing to airports and ports for:
Port and airport employee and transportation worker IDs, passenger boarding passes, trusted
traveler ID program, commercial driver's licenses.

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 64/69
Public

Public Safety & Justice


Marketing to state and county level Department of Corrections for:
Prison IDs to verify the identity of visitors, employees, inmates, vendors and guests.
Parolee IDs for identification of individuals on parole for drug testing and meetings with parole
officers.

Hospitality
Marketing to arenas, concert promoters, and theme parks for:
Guest ID and VIP pass cards - identity verification for facility access and purchases.

Education
Marketing to schools, particularly higher education and teaching hospitals for:
Student, staff and visitor IDs - identity verification for attendance, test taking and facility access.

Certification Testing
Marketing to testing centers and certification agencies for:
IDs for individuals being tested and certified - identity verification for admittance to testing.
Certification credential IDs - identity verification to ensure that certification credentials are valid
(i.e. this union worker is certified to perform this type of job or this nurse is really an RN).

Healthcare
Marketing to health insurance providers and hospitals for:
Medical insurance cards - identity verification for doctors' office and hospital medical services
and prescription drugs.
Patient/employee ID cards - identity verification for access to secured areas and patient identity
verification.

Government
Marketing to Federal and state agencies (DMV, Department of Public Welfare, etc.) for:
Passports, national ID cards, electronic benefits transfer (EBT) cards, voter cards, driver's licenses
- identity verification at locations such as liquor stores, medical facilities, banks, retail
establishments, immigration, etc.

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 65/69
Public

11 Smart card biometrics


Systems with combination of Smart cards and Biometrics provide unique features.
Smart cards are capable of storing biometrics template in the card memory itself along with other
information hence template may not be stored on the central database. Also access to central
database is not necessary to verify the identity. These unique advantage with this powerful
combination has attracted government organization worldwide to use it as main identification card
for employees, citizens and services.
Smartcards have finally entered the public domain and our used in a variety of applications,
sometimes without the use of being aware that they are actually using a smartcard. The smartcard
itself is simply a plastic card with an integral embedded chip. This provides a degree of tamper
resistance and security for the information held within the card. Smartcards may be categorized into
two primary types, memory cards or microprocessor cards. Memory cards simply store data and allow
that data to be subsequently read from the card. Microprocessor cards on the other hand, allow for
additions and deletions to the data, as well as various manipulations and processing of the data. The
smartcards may be further categorized into contact or contact less cards. Contact cards required the
card to be physically inserted into a smartcard reader. Contact less cards enable the card to be read
without physical contact via a radio frequency link with an antenna embedded into the card. There is
in fact another type of card called a combination card which combines both contact and contact less
technology. This allows for the card to be read by either type of card reader, alternatively, to be read
by both techniques at the same time, enabling a higher degree of security.
Smartcards support our contemporary networked society via a variety of applications, including
network access control, secure payment systems, healthcare applications, ticketing applications,
loyalty and other areas. They may also be used to store digital certificates and passwords and can
encrypt sensitive data. Perhaps one of the most visible applications is that of SIM cards used for
mobile phones. SIM stands for Subscriber Identification Module and the SIM cards store subscriber
information which allows phones to be instantly personalised as well as providing roaming across
different networks and devices. The mobile phone SIM card also provides for a variety of value added
services to be provided by the telecoms companies as appropriate.
An often referred to aspect of smartcard technology, is the potential for the multi application card.
The idea of multiple applications via the use of a single card is an attractive one. However, for this to
be possible they need to be a degree of interoperability between cards and applications. This
interoperability has so far been rather weak, although there are now various initiatives with the aim
of improving this vital aspect of smartcard technology. There is of course an ISO standard for
smartcards (7816 parts 1-10) other different industry sectors have tended to create their own
proprietary versions based around the ISO generic standard. There have also been related initiatives
such as the Microsoft PC/SC standard, which was originally for Windows based systems only,
although this has now been opened out to be across platform initiative. Indeed, the PC/SC initiative
boasts an impressive membership of several distinguished companies from the computer and
telecoms market place.
Another initiative called OpenCard has similar ambitions to provide interoperability across
applications. Perhaps most interesting development of all in this context is Java Card. Java card
provides the potential for Java applets to run right on the card itself, a very interesting capability for
those seeking to develop smartcard applications. Additional future developments in smartcard
technology will probably be as follows:

More processing power.


The migration from an 8-bit processor to a 32-bit processor together with the combination of a
microcontroller and cryptographic co-processor on a single chip. This will provide for a more
powerful processing capability, in turn allowing for better encryption, decryption and general
cryptographic capabilities as while as scope for more adventurous applications.

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 66/69
Public

Better memory management


Memory management will be improved via parallel improvements in on card operating systems. This
will make it easier for application developers to concentrate their efforts on the applications itself and
spend less time having to manage memory requirements.

Uprated security algorithms


It is likely that we shall see more robust and faster security algorithms, together with the ability to
introduce these more easily into new card designs and architectures.

Increased on card memory


The current typical memory capability of smartcards (between 32 and 64 K.) is considered
inadequate for both current and future applications. One of the problems in this respect, has been a
commercially available flash memory chips are physically larger than typical smartcard chips and don't
conform to the flexibility requirements of the standard ISO smartcard specifications. It is likely that
this restriction will be over calm by the development of a more flexible flash memory chip, allowing
several such chips to be incorporated into a single smartcard. Such a development, could have a
dramatic effect upon the memory capability of future smartcards, perhaps raising the potential
memory capacity to around 200 MB or more.

Increased data transfer rates


The current typical data transfer rate of 9600 BPS would clearly be inadequate for typical applications
using higher memory capacity smartcards. It is expected therefore, that we shall see data transfer
rates increased dramatically, perhaps up to 15-20 MBps or more.

Closer integration with biometrics


There has been a great deal of discussion around the potential of integrating biometric user identity
verification with smartcards. Of course, this has already been achieved via various techniques, even
including the addition of a fingerprint sensor onto the smartcard itself, although this resulted in a
non-standard sized smartcard. The issues here are less of a technical nature, and more of an
operational process nature in many instances. However, this is an area of great potential and we
shall doubtless see many interesting developments in this respect over the next few years.

Lower costs
One of the inhibitors to the wide scale adoption of smartcards, has undoubtedly been the cost of the
smartcard itself. While as simple memory cards can often be provided at bulk costs of below one
dollar, the average price of microprocessor cards is still considered too high for many applications at
around three to four dollars per card. By the time we add the system integrators profit margins,
artwork, and administration costs, this can often result in an end-user cost of around seven to eight
dollars per card. This cost is still considered to be too high for applications which may have many
thousands of users. However, we have a problem here in that increasing technology specification is
not always accompanied by decreasing costs. The smartcard industry that has a challenge to both
decrease costs and improve the core technology. Nevertheless, it is a challenge which must be
embraced if we are to see a wider adoption of smartcard technology in everyday applications.
It is envisaged that a typical specification smartcard will stabilize in cost at a slightly lower level than
today's prices, while offering higher capabilities. This should make smartcards more attractive to
application developers and ensure their use across a broader variety of day to day applications.

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 67/69
Public

In conclusion, the use of smartcards has been growing steadily around the world in a variety of
applications. The potential for growth in the adoption of smartcards in other areas is undoubtedly
enormous. For example, many governments are considering the introduction of a citizen ID card
which would use smartcard technology, possibly together with a biometric in order to both securely
store user data and provide a means for identity verification. As such schemes are developed, the
number of smartcards in circulation around the world could rise dramatically. However, there needs
to be greater interoperability than is realised at present if such aspirations are to become feasible.
Furthermore, smartcard technology needs to improve in order to embrace higher memory capacity,
improved processing performance, higher levels of security and better input and output facilities. In
parallel with such improvements, a more realistic and flexible pricing and distribution model would
undoubtedly be welcomed. It is likely that each of these areas will be addressed within coming years.

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 68/69
Public

12 Organizations and Resources


www.ncits.org/tc_home/m1.htm - INCITS Technical Committee M1, Biometrics
http://www.biometrics.org/ - The Biometric Consortium
http://www.bioapi.org/ - The BioAPI Consortium
http://www.jtc1.org/Navigation.asp?Area=Structure&Mode=Browse&CommLevel=SC&SubComm=IS
O/IECJTC1SC00037&x=16&y=16 - The primary international ISO/IET-level biometric standards
committee (go to SC37 Biometrics)
http://www.itl.nist.gov/div895/biometrics/index.html - NIST/ITL Biometric Resource Center
http://www.engr.sjsu.edu/biometrics/ - San Jose State University Biometric Identification Research
http://www.afb.org.uk/ - the Association for Biometrics
http://www.cesg.gov.uk/technology/biometrics/ - the UK Biometric Working Group
http://www.bioprivacy.org/ - the BioPrivacy Initiative
www.dss.state.ct.us/digital.htm - Connecticut Department of Social Services Biometric ID Project
www.fbi.gov/hq/cjisd/iafis.htm - FBI International Automated Fingerprint Identification System (IAFIS)
http://www.c3i.osd.mil/biometrics/ - Department of Defense Biometric Management Office (BMO)
biometrics.cse.msu.edu - Michigan State University Biometric Research Homepage
http://biometrics.dk/ - The European Centre for the Advancement of Biometrics
http://www.findbiometrics.com/ - Resource site for biometrics

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland
White Paper - Biometrics 69/69
Public

13 Disclaimer
This document was compiled based on http://www.biometricsinfo.org on January 1, 2005. All
information provided in this document is subject to change without any prior notice. The information
is provided as-is and no liability can arise from it to the prublisher.
Publication in part or whole are subject to authorization by Trüb AG.
Release 1, January 2005
Trüb AG

TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZERLAND TRüBAGSWITZ

PUBLIC January 30, 2005 copyright by Trüb AG, Hintere Bahnhofstrasse 12, 5001 Aarau, Switzerland