Design

Problem
Information Security &
Privacy

SUBMITTED TO: - SUBMITTED

BY:-

Miss. Maheep Sandhu

Ankur Bhutani
BCA (HONS.)-
MCA
 2

ROLL NO –
25
7010070008

DESIGN PROBLEM

Biometrics Help the Army Solve an Identity Crisis?

The Army is having an identity crisis, and it affects both its

wartime and peacetime operations. Simply put, the Army
needs to ensure that the right people and only the right
people-can get access to its information systems, its
weapons, and its many databases that serve the Army
community. Biometrics-that is, physical characteristics or
personal traits that can be measured quickly-may offer a
solution. But using biometrics raises some knotty legal,
ethical, and sociological issues-for example, how to
safeguard biometric information so it cannot be used for
other, possibly nefarious, purposes.

2
 3

Acknowledgement

This work was not only a mandatory exercise for my curriculum but
also a very rare opportunity to learn and be able to work in an
extremely healthy environment at “LOVELY PROFESSIONAL
UNIVERSITY”. I express my heartiest gratitude towards all those
people who have, in various ways helped me to complete this design.

I am thankful to Miss Maheep Sandhu (Class In charge) for taking

interest in making arrangements for the project and remain interactive
throughout the problem. Her timely suggestions and guidance was
instrumental in completing this problem. She is too my design
problem guide (In charge) for steering me through tough and easier

3
 4

phases of this problem in an expert and oriented manner. Her

valuable guidance was available to me as and when required.

Last but not least I am earnestly thankful to my parents who took

great pains in getting my entire education through, who get happier
many-folds on my small successes, but prevent me from losing heart
on the biggest failures.

(Ankur Bhutani)

Table of contents

1. Biometrics Introduction......................5
2. Biometrics In army..........................11
3. Access Control..............................14
4. Security Technique..........................19
5. Authentication..............................23
6. Innovative..................................27
7. Use of Biometric techniques.................33
8. Importance..................................35
9. Conclusion….................................36
10. Country using biometrics...................38
11. Certificate of agreement...................40

4
 5

Introduction
Biometrics
History
The term “biometrics” is derived from the Greek
words “bio” (life) and “metrics” (to measure).
Automated biometric systems have only become
available over the last few decades, due to
significant advances in the field of computer
processing. Many of these new automated
techniques.

One of the oldest and most basic examples of a

characteristic that

5
 6

is used for recognition by humans is the face. Since

the beginning
of civilization, humans have used faces to identify
known and unknown individuals. This simple task
became increasingly more challenging as populations
increased and as more convenient methods of travel
introduced many new Individuals into- once small
communities. The concept of human- To-human
recognition is also seen in behavioral-predominant
Biometrics such as speaker and gait recognition.
Individuals use these characteristics, somewhat
unconsciously, to recognize Known individuals on a
day-to-day basis.

Definition
Biometrics is the science and technology of
measuring and analyzing biological data. In simple
words “Application of electronics in
measurement of biological characteristics or
features”. According to Hackers”Biometrics refers to
the measurement of “physiological and behavioral
characteristics” used to identify computer users”.
Examples are face, iris and retinal patterns, hand
geometry and voice.

Biometrics, increasingly built into laptop computers,

fingerprint readers have become popular as a secure
method for identification. Biometrics not only deals
with static patterns, but action as well. The dynamics
of writing one's signature as well as typing on the
keyboard can be analyzed.

6
 7

Biometrics technologies:
 Fingerprint Recognition
 Face Recognition
 Iris Recognition
 Voice Recognition
 Smart Cards
 Encryption Systems
 Security Tokens

Fingerprint Recognition is one of the most used

and familiar biometric methods. Fingerprint
Recognition Technology or Fingerprint Authentication
is a technique of verifying a match between two
human fingerprints.

Some Application of this system:-

 Web Page Security

 Employee Recognition Systems
 Time and Attendance Systems
 Voting Solutions

7
 8

Face Recognition is a biometric technique for

automatic identification or verification of a person
from a digital image or a video frame from a video
source. One of the ways to do this is by comparing
selected facial features from the image and a facial
database. Face Recognition System is typically used
in security systems and can be compared to other
biometrics such as fingerprint or eye iris recognition
systems.

Iris Recognition is another biometric authentication

method that uses pattern recognition techniques
based on high-resolution images of the irides of an
individual's eyes. Converted into digital templates,
these images provide mathematical representations
of the iris that yield unambiguous positive
identification of an individual.
Iris recognition technology has become
popular in security applications because of its ease of
use, accuracy, and safety. Its most common use is
controlling access to high-security areas. Iris
recognition technology is currently used at physical
access points demanding high security, such as
airports, government buildings, and research
laboratories.

8
 9

Voice Recognition or Speaker Recognition is a

biometric process of of validating a user's claimed
identity using characteristics extracted from their
voices. Thus voice recognition can be an effective
technique in user authentication and identification.

Smart Cards are digital security pocket-sized cards

with embedded integrated circuits which can process
data. Thus smart cards can be used for identification,
authentication, and data storage. It can also be used
as a medium to provide a means of effecting
business transactions in a flexible, secure, standard
way with minimal human intervention. Smart card
can provide strong authentication for single sign-on
or enterprise single sign-on to computers, laptops,
data with encryption, enterprise resource planning
platforms such as SAP, etc...

Encryption Systems on the other hand, use an

encryption technique for transforming information

9
 10

(referred to as plaintext) using an algorithm (called

cipher) to make it unreadable to anyone except
those possessing special knowledge, usually referred
to as a key. The result of the process is encrypted
information (in cryptography, referred to as cipher
text). Encryption Systems can be used to protect
data in transit, for example data being transferred
via networks (e.g. the Internet, e-commerce), mobile
telephones, wireless microphones, wireless intercom
systems, Bluetooth devices and bank automatic teller
machines.

Security Tokens (or sometimes a hardware token,

hard token, authentication token, USB token,
cryptographic token, or key fob) are biometric
devices which eases authentication for authorized
user of computer services. These tokens are also
known as Software Tokens. Security tokens are used
to prove one's identity electronically (as in the case
of a customer trying to access their bank account).
The token is used in addition to or in place of a
password to prove that the customer is who they
claim to be. The token acts like an electronic key to
access something.

Comparison among different types of biometric

characteristics:

10
 11

More Secure Than Passwords

Biometrics are a more secure form of authentication
than typing passwords or even using smart cards,
which can be stolen. However, methods can be
circumvented; for example, fingerprints captured
from a water glass can fool scanners.

Biometric devices, such as finger scanners, consist

of:

• A reader or scanning device

• Software that converts the scanned information
into digital form and compares match points
• A database that stores the biometric data for
comparison

11
 12

Biometrics Help the

Army In Identity An Identity
Crises….

Introduction

Biometrics is Identification of Physical

characteristics that help in verification of an
individual’s identity. Once installed, it can be used to
regulate individual access to army services and
resources or to deny a criminal hide his true identity
by stripping away anonymity with swift, accurate,
and definitive identity verification.

Biometric technologies provide new kinds of

digital identity data, new ways to collect it, and new
opportunities for its use. Using biometric data to
screen entrants to the defensive site, for example,
greatly reduces the risk of unknown individuals, who
have been involved in terrorist activities in maximum
countries.

Biometrics will become increasingly more

valuable as a tool for verifying identities in a new and
deeply interconnected national security
environment. However, it is important to note the

12
 13

civil liberty implications of employing biometric

technologies and realize that the security must be
balanced with the protection of privacy.

Identification Problem
Listed below are a few: -

• Phishing - attempting to acquire sensitive

information such as credit card information under the
pretense of a trustworthy entity

• Pharming -attempting to redirect website traffic to

another website, while pretending to be a reputable
financial institution or business.

• Misuse of P2P -file sharing software intended for

music sharing; may unknowingly allow others to copy
private files - even giving access to entire folders and
subfolders

• Change of Address - diverting your billing

statements to another location by completing a
"change of address" form

• Old-fashioned Theft - stealing wallets, purses,

mail - to include pre-approved credit offers.

Importance

13
 14

Biometrics is key to intelligence and security efforts

in the Global War on Terrorism or any other
defensive activity for the country. The ability to
establish an individual’s identity with certitude and
link the individual to past aliases or activities gives
our Soldiers a decisive edge in fighting the Global
War on Terrorism and aiding other defense
organizations. In addition, biometrics add a layer of
security and a method of identity verification when
accessing defense and federal government spaces by
further automating the identification process and
increasing speed of entry.

To monitor new enrollments at detention centers, the

military is using the Biometric Automated Tool Kit;
the kit has a portable identification processing
system, complete with handheld iris scanner,
notebook computer, digital camera and one
biometric technique.

Army Work to do:-

It should consider the following:-

• Demonstrating its commitment to individual

privacy by placing strict limits on sharing
biometric data with other organizations.
• Providing a detailed analysis of the problems
that biometrics can help solve.
• Justifying any central repository in the same way
it justifies its biometric program.
• Participating in the U.S. government's Biometric
Consortium.

14
 15

• Exploring the issues of international law that

might affect implementation of a biometric
program overseas.

Example
Troops and intelligence analysts are using biometrics
to hire and maintain an Iraqi workforce, protect
military bases and monitor inmates at detention
centers.

About 100 fingerprint and iris scanners are in use at

bases in Iraq, and the number grows steadily as
more units are requested. The devices help troops
verify employees and identify prisoners' past crimes
and affiliations.

Access control

15
 16

It is the restriction on the operations that a user of a

computer system may perform on files and other
resources of the system.

Item control is an area within an access control

system which concerns the managing of possession
and location of small assets or physical keys.

In army, item control and access control are key

terms to control the unauthorized access.

The Army Needs to Control Access

to Systems

16
 17

• Wartime: Dependence on information

as tactical & strategic asset requires control
over battlefield networks
_ Logistics flows, weapon systems,
intelligence
_ Digitized Army
• Peacetime: Improving efficiency &
convenience depends on fast & accurate
identification
_ Running human resource services
Controlling access to facilities, office systems, and
classified information

Biometrics Proposed As Solution

to Access Control
Technically, commercially viable biometric
applications (COTS) are operational.Today, most of
army have issued to Military sites. This card contains
biometric data and digitized photographs. It also has
laser-etched photographs and holograms to add
security and reduce the risk of falsification. There
have been over billion of these cards issued.

Politically, Congress included $15 million in Army’s

budget to assess biometrics.

But it raises three key concerns by biometric:-

-Information Privacy
-Physical Privacy
-Religious Objections

17
 18

Information Privacy

By far the greatest concern was about an individual's

ability to control personal information. Not
surprisingly, misuse of the information ranked high
on the list of information privacy issues. Widely
publicized accounts of identity theft and financial loss
stemming from it have made people nervous about
any information that could enable someone to
assume their identity. Biometric data, though more
complex than most passwords, can also be stolen or
copied, so any attempt to develop a system using it
must take these concerns into account.

18
 19

Physical Privacy

Unlike some other identifiers--a Social Security

number, for example--biometrics raise issues of
physical privacy. One is that certain biometrics carry
a stigma. Fingerprints, for example, are widely
associated with criminal activity. Another issue is
concern about actual physical harm. While the
research team found no biometric that causes such
harm, it nonetheless troubles some. For example,
retinal scanning techniques require individuals to
place their eyes close to a camera lens, a
requirement that makes some people uneasy.
Hygiene issues also concern some. The need to place
a hand or finger on a sensor plate can prompt fear
about the spread of disease.

Religious Objections

Certain Christian sects have objected to the use of

biometrics based on the "Mark of the Beast"
language in the Book of Revelation. Although the
number of such believers is relatively small, some
members of the Army community might hold similar
beliefs. The Army needs to be prepared to address
such objections.

For Access control the three factors are

characterized as:-

• Something you have, such as an access badge

or pass card,
• Something you know, e.g. a PIN, or password.

19
 20

• Something you are, typically a biometric input.

Physical access control

In physical security, the term access control refers to
the practice of restricting entrance to a property, a
building, or a room to authorized persons. Physical
access control can be achieved by a human (a guard,
bouncer, or receptionist), through mechanical means
such as locks and keys, or through technological
means such as access control systems like the
Access control vestibule. Within these environments,
physical key management may also be employed as
a means of further managing and monitoring access
to mechanically keyed areas or access to certain
small assets.

Physical access control is a matter of who, where,

and when. An access control system determines who
is allowed to enter or exit, where they are allowed to
exit or enter, and when they are allowed to enter or
exit. Historically this was partially accomplished
through keys and locks. When a door is locked only
someone with a key can enter through the door
depending on how the lock is configured. Mechanical
locks and keys do not allow restriction of the key
holder to specific times or dates. Mechanical locks
and keys do not provide records of the key used on
any specific door and the keys can be easily copied
or transferred to an unauthorized person. When a
mechanical key is lost or the key holder is no longer
authorized to use the protected area, the locks must
be re-keyed.

20
 21

Access control techniques

Access control techniques are sometimes
categorized as either discretionary or non-
discretionary. The three most widely recognized
models are:-

Discretionary Access Control (DAC)

Mandatory Access Control (MAC)

Role Based Access Control (RBAC).

Security Techniques

21
 22

• Face recognition

Of the various biometric identification methods,

face recognition is one of the most flexible,
working even when the subject is unaware of being
scanned. It also shows promise as a way to search
through masses of people who spent only seconds
in front of a "scanner" - that is, an ordinary digital
camera.
Face recognition systems work by systematically

22
 23

analyzing specific features that are common to

everyone's face - the distance between the eyes,
width of the nose, position of cheekbones, jaw line,
chin and so forth. These numerical quantities are
then combined in a single code that uniquely
identifies each person.

• Fingerprint identification

Fingerprints remain constant throughout life. In

over 140 years of fingerprint comparison
worldwide, no two fingerprints have ever been
found to be alike, not even those of identical twins.
Good fingerprint scanners have been installed in
PDAs like the iPaq Pocket PC; so scanner
technology is also easy.Might not work in industrial

23
 24

applications since it requires clean hands.

Fingerprint identification involves comparing the
pattern of ridges and furrows on the fingertips, as
well as the minutiae points (ridge characteristics
that occur when a ridge splits into two, or ends) of
a specimen print with a database of prints on file.

• Hand geometry biometrics

Hand geometry readers work in harsh

environments, do not require clean conditions, and
forms a very small dataset. It is not regarded as an
intrusive kind of test. It is often the authentication
method of choice in industrial environments.

• Retina scan

There is no known way to replicate a retina. As far

as anyone knows, the pattern of the blood vessels
at the back of the eye is unique and stays the
same for a lifetime. However, it requires about 15
seconds of careful concentration to take a good

24
 25

scan. Retina scan remains a standard in military

and government installations.

• Iris scan

Like a retina scan, an iris scan also provides unique

biometric data that is very difficult to duplicate and
remains the same for a lifetime. The scan is
similarly difficult to make (may be difficult for
children or the infirm). However, there are ways of
encoding the iris scan biometric data in a way that
it can be carried around securely in a "barcode"
format. (See the SF in the News article Biometric
Identification Finally Gets Started for some detailed
information about how to perform an iris scan.)

• Signature

25
 26

A signature is another example of biometric data

that is easy to gather and is not physically
intrusive. Digitized signatures are sometimes used,
but usually have insufficient resolution to ensure
authentication.

• Voice analysis

Like face recognition, voice biometrics provide a

way to authenticate identity without the subject's
knowledge. It is easier to fake (using a tape
recording); it is not possible to fool an analyst by
imitating another person's voice.

Biometric Authentication System

The technology used for identification of used based
on physical characteristics such as fingerprint, iris,
voice or handwriting is called Biometric
Authentication.
Above defined authentication methods face, iris or
fingerprints recognised are only started because
main concern of national security for identity
issues in army.

Steps
The key steps involved in biometric Authentication
are: -

26
 27

• Image capture—using scanning device available

in the market.
• Image recognition--Using standard algorithms.
• Template Creation--Using standard algorithms.
• Matching--Using application and using standard
algorithms.

27
 28

Biometrics is automated methods of identifying a

person or verifying the identity of a person based on
a physiological or behavioural characteristic.
Examples of physiological characteristics include
hand or finger images, facial characteristics, and iris
recognition. Behavioural characteristics are traits
that are learned or acquired. Dynamic signature
verification, speaker verification, and keystroke
dynamics are examples of behavioural
characteristics.
Biometric authentication requires comparing a
registered or enrolled biometric sample (biometric
template or identifier) against a newly captured
biometric sample (for example, a fingerprint
captured during a login).

Identification and authentication (I&A) is the process

of verifying that an identity is bound to the entity
that makes an assertion or claim of identity. The I&A
process assumes that there was an initial validation
of the identity, commonly called identity proofing.
Various methods of identity proofing are available
ranging from in person validation using government
issued identification to anonymous methods that
allow the claimant to remain anonymous, but known
to the system if they return. The method used for
identity proofing and validation should provide an
assurance level commensurate with the intended use
of the identity within the system. Subsequently, the
entity asserts an identity together with an

28
 29

authenticator as a means for validation. The only

requirements for the identifier are that it must be
unique within its security domain.

Authenticators are commonly based on at least one

of the following four factors:

• Something you know, such as a password or a

personal identification number (PIN). This
assumes that only the owner of the account
knows the password or PIN needed to access the
account.
• Something you have, such as a smart card or
security token. This assumes that only the owner
of the account has the necessary smart card or
token needed to unlock the account.
• Something you are, such as fingerprint, voice,
retina, or iris characteristics.
• Where you are, for example inside or outside a
company firewall, or proximity of login location
to a personal GPS device.

In army, same authentication procedure is used but

to check control on authorised or unauthorised
persons.

Authorization
Authorization applies to subjects rather than to users
(the association between a user and the subjects
initially controlled by that user having been
determined by I&A). Authorization determines what a
subject can do on the system.

29
 30

Most modern operating systems define sets of

permissions that are variations or extensions of three
basic types of access:

• Read (R): The subject can

o Read file contents
o List directory contents
• Write (W): The subject can change the contents
of a file or directory with the following tasks:
o Add
o Create
o Delete
o Rename
• Execute (X): If the file is a program, the subject
can cause the program to be run. (In Unix
systems, the 'execute' permission doubles as a
'traverse directory' permission when granted for
a directory.)

Innovation in Biometrics
In Biometrics also there are lot of innovations and
different new biometrics Products are being released
after specific time.
For example:-

Biometrics is currently being used in the national

identification card schemes of both Hong Kong
and Malaysia. The USA has also begun the testing
of biometrics to enhance airport security. Many
companies are using biometric technology also with
Disney employing biometric devices for season ticket
holders.

30
 31

Security device that uses vein patterns to verify identity

Palm-vein recognition system has been available in

Japan for just over a year and has already achieved
some notable success. The Bank of Tokyo Mitsubishi,
Japan's third-largest retail bank, began installing the
system on its ATMs last October as a higher-security
alternative to personal identification numbers. About
half of the bank's 3,000 ATMs will have the system
by September, and other major national and regional
banks have also said they're adopting the system.
The palm-vein detector contains a camera that takes
a picture of the palm of a user's hand. The image is
then matched against a database as a means of
verification. The camera works in the near-infrared
range so veins present under the skin are visible, and
a proprietary algorithm is used to help confirm
identity. The system takes into account identifying
features such as the number of veins, their position
and the points at which they cross.
The result is a system that offers a higher level of
security than competing technologies, including
voice print, facial recognition, fingerprint recognition
and iris scanning, according to Fujitsu. The
company's claim is partly based on a real-life test it
carried out that involved scanning the hands of
140,000 Fujitsu employees worldwide.

Imaging Applications
Vein pattern IR. grey-scale images are binarized,
compressed and stored within a relational database

31
 32

of 2D vein images. Subjects are verified against a

reference template in under 200ms providing fast,
robust biometric authentication.

Vein Images

Images The images displayed above show the

progression from a grey-scale IR. vein image through
a bianarized vein pattern template to a view of an
exclusive OR of two automatically aligned vein
images taken from the same individual.

32
 33

Vein Image Binarization

The Image below shows the effective real time
binarization of a grey-scale vein image.

Vein Pattern Advantages

1. The human vascular structure is a unique &
private feature of an individual.
2. Infra Red absorption patterns are easily
compared via optical and DSP techniques.
3. Identical twins have different and distinct IR
absorption patterns.
4. Uniqueness of vein patterns tested by
Cambridge Consultants Ltd.
5. Veins provide large, robust, stable and hidden
biometric features.

33
 34

6. Vein patterns are not easily observed, damaged,

obscured or changed.
7. Vein patterns require only low resolution IR.
imaging allied to simple image processing.
8. Vein pattern stability and repeatability requires
only simple algorithms for auto identification.
9. Vein structures provide the opportunity for low
cost personal worn and pocket biometric keys.
10. Biometric Keys (Bio keys & Bio watches) read
wrist or hands dorsal vein structures.
11. Bio watches output encrypted access codes
whilst strapped to a recognized non coerced
wrist
12. Bio keys & Bio watches output encrypted access
codes (Cryptographic signatures) to vehicles,
computers, access portals, weapons, firearms
etc.
13. Lost Vehicle Bio keys are not a problem; use any
other! Vehicle Bio keys default to transmitting
unrecognized patterns as plain text.
14. Vehicle security/engine management
systems will let you in and drive if they
recognize your vein pattern.

15.Bio keys & Bio watches maintain biometric

privacy by placing the ownership of the biometric
system, data & Crypto keys in the hands of the
users.

Latest Finger recognition

software

34
 35

Secugen Hamster IV FIPS201/PIV Fingerprint Scanner

Type: Optical fingerprint sensor/reader

Scanning window size: 16.1 x 18.2mm

Image resolution: 260 x 360 pixel, 500 DPI

Colors: 256 levels grayscale

Supported OS: Windows Vista/ XP/2000/Me/98 SE/Server 2003

FS80 USB Fingerprint Scanner

Type: Optical fingerprint sensor/reader

Scanning window size: 16.26 x 24.38mm

Image resolution: 480 x 320 pixel, 500 DPI

Colors: 256 levels grayscale

Supported OS: Windows Vista/XP/2000/CE , Linux , Mac

35
 36

Countries widely using Biometrics

GERMANY

Germany is also one of the first countries to

implement biometric technology at the Olympic
Games to protect German athletes. “The Olympic
Games is always a diplomatically tense affair and
previous events have been rocked by terrorist
attacks - most notably when Germany last held the
Games in Munich in 1972 and 11 Israeli athletes were
killed”.

Biometric technology was first used at the Olympic

Summer Games in Athens, Greece in 2004. “On
registering with the scheme, accredited visitors will
receive an ID card containing their fingerprint
biometrics data that will enable them to access the
'German House'. Accredited visitors will include
athletes, coaching staff, team management and
members of the media”.

Iraq

Biometrics are being used extensively in Iraq to

catalogue as many Iraqis as possible providing Iraqis
with a verifiable identification card, immune to
forgery. During account creation, the collected
biometrics information is logged into a central
database which then allows a user profile to be
created. Even if an Iraqi has lost their ID card, their
identification can be found and verified by using their
unique biometric information. Additional information
can also be added to each account record, such as

36
 37

individual personal history. This can help American

forces determine whether someone has been causing
trouble in the past. One major system in use in Iraq is
called BISA. This system uses a smartcard and a
user's biometrics (fingerpint, iris, and face photos) to
ensure they are authorized access to a base or
facility. Another is called BAT for Biometric
Automated Toolset.

Japan

Several banks in Japan have adopted either palm

vein authentication or finger vein authentication
technology on their ATMs. Palm vein authentication
technology which was developed by Fujitsu, among
other companies, proved to have a false acceptance
rate of 0.01177% and a false rejection rate of 4.23%.
Finger vein authentication technology, developed by
Hitachi, has a false acceptance rate of 0.0100% and
a false rejection rate of 1.26%.[23] Finger vein
authentication technology has so far been adopted
by banks such as Sumitomo Mitsui Financial Group,
Mizuho Financial Group and Japan Post Bank. Palm
vein authentication technology has been adopted by
banks such as the Bank of Tokyo-Mitsubishi UFJ.[

Australia

Visitors intending to visit Australia may soon have to

submit to biometric authentication as part of the
Smartgate system, linking individuals to their visas
and passports. Biometric data are already collected
from some visa applicants by Immigration. Australia
is the first country to introduce a Biometrics Privacy
Code, which is established and administered by the

37
 38

Biometrics Institute. The Biometrics Institute Privacy

Code Biometrics Institute forms part of Australian
privacy legislation. The Code includes privacy
standards that are at least equivalent to the
Australian National Privacy Principles (NPPs) in the
Privacy Act and also incorporates higher standards of
privacy protection in relation to certain acts and
practices. Only members of the Biometrics Institute
are eligible to subscribe to this Code. Biometrics
Institute membership, and thus subscription to this
Code, is voluntary.

Canada

Canada has begun research into the use of biometric

technology in the area of border security and
immigration. Citizenship and Immigration Canada
and the Canada Border Services Agency will probably
be the first government institutions to fully
implement the technology in Canada.

Israel
The Israeli government has proposed a bill calling for
the creation of a database of all Israeli citizens. The
citizens will be obliged to submit fingerprints; facial
features will also be kept. The bill is expected to be
voted over in September 2009. Opponents of the
proposed law, including prominent Israeli scientists
and security experts, warn that the existence of such
a database could damage both civil liberties and
state security, because any leaks could be used by
criminals or hostile individuals against citizens.

38
 39

Use of Biometric techniques:-

BIOMETRIC APPLICATIONS:

Most biometric applications fall into one of nine

general categories:

• Financial services (e.g., ATMs and kiosks).

• Immigration and border control (e.g., points
of entry, preloaded frequent travellers,
passport and visa issuance, and asylum
cases).
• Social services (e.g., fraud prevention in
entitlement programs).
• Health care (e.g., security measure for
privacy of medical records).
• Physical access control (e.g., institutional,
government, and residential).

39
 40

• Time and attendance (e.g., replacement of

time punch card).
• Computer security (e.g., personal computer
access, network access, Internet use, e-
commerce, e-mail, encryption).
• Telecommunications (e.g., mobile phones,
call centre technology, phone cards, televised
shopping).
• Law enforcement (e.g., criminal
investigation, national ID, driver’s license,
correctional institutions/prisons, home
confinement, smart gun).

Uses

* Increase security - Provide a convenient and low-

cost additional tier of security.

* Reduce fraud by employing hard-to-forge

technologies and materials. For e.g. Minimise the
opportunity for ID fraud, buddy punching.

* Eliminate problems caused by lost IDs or

forgotten passwords by using physiological
attributes. For e.g. Prevent unauthorised use of
lost, stolen or "borrowed" ID cards.

* Reduce password administration costs.

40
 41

* Replace hard-to-remember passwords which may

be shared or observed.
* Integrate a wide range of biometric solutions and
technologies, customer applications and databases
into a robust and scalable control solution for
facility and network access

* Make it possible, automatically, to know WHO did

WHAT, WHERE and WHEN!

* Offer significant cost savings or increasing ROI in

areas such as Loss Prevention or Time &
Attendance.
* Unequivocally link an individual to a transaction
or event.

Importance OF BIOMETRIC
TECHNOLOGIES:
Biometric technologies can be applied to areas
requiring logical access solutions, and it can be used
to access applications, personal computers,
networks, financial accounts, human resource
records, the telephone system, and invoke
customized profiles to enhance the mobility of the
disabled. In a business-to-business scenario, the
biometric authentication system can be linked to the
business processes of a company to increase
accountability of financial systems, vendors, and

41
 42

supplier transactions; the results can be extremely

beneficial.

The global reach of the Internet has made the

services and products of a company available 24/7,
provided the consumer has a user name and
password to login. In many cases the consumer may
have forgotten his/her user name, password, or both.
The consumer must then take steps to retrieve or
reset his/her lost or forgotten login information. By
implementing a biometric authentication system
consumers can opt to register their biometric trait or
smart card with a company’s business-to-consumer
e-commerce environment, which will allow a
consumer to access their account and pay for goods
and services (e-commerce). The benefit is that a
consumer will never lose or forget his/her user name
or password, and will be able to conduct business at
their convenience. A biometric authentications
system can be applied to areas requiring physical
access solutions, such as entry into a building, a
room, a safe or it may be used to start a motorized
vehicle. Additionally, a biometric authentication
system can easily be linked to a computer-based
application used to monitor time and attendance of
employees as they enter and leave company
facilities. In short, contact less biometrics can and do
lend themselves to people of all ability levels.

42
 43

CONCLUSION:
Currently, there exist a gap between the number of
feasible biometric projects and knowledgeable
experts in the field of biometric technologies. The
post September 11 the, 2002 attack (a.k.a. 9-11) on
the World Trade Centre has given rise to the
knowledge gap. Post 9-11 many nations have
recognized the need for increased security and
identification protocols of both domestic and
international fronts. This is however, changing as
studies and curriculum associated to biometric
technologies are starting to be offered at more
colleges and universities. A method of closing the
biometric knowledge gap is for knowledge seekers of
biometric technologies to participate in biometric
discussion groups and biometric standards
committees.

The solutions only needs the user to possess a

minimum of require user knowledge and effort. A
biometric solution with minimum user knowledge and
effort would be very welcomed to both the purchase
and the end user. But, keep in mind that at the end
of the day all that the end users care about is that
their computer is functioning correctly and that the
interface is friendly, for users of all ability levels.
Alternative methods of authenticating a person’s
identity are not only a good practice for making
biometric systems accessible to people of variable

43
 44

ability level. But it will also serve as a viable

alternative method of dealing with authentication
and enrolment errors.

Auditing processes and procedures on a regular basis

during and after installation is an excellent method of
ensuring that the solution is functioning within
normal parameters. A well-orchestrated biometric
authentication solution should not only prevent and
detect an impostor in instantaneous, but it should
also keep a secure log of the transaction activities for
prosecution of impostors. This is especially
important, because a great deal of ID theft and fraud
involves employees and a secure log of the
transaction activities will provide the means for
prosecution or quick resolution of altercations.

44
 45

Certificate of Agreement

Project Leader, Ankur Bhutani

Signature……………………...

Date………………

Project Incharge – Miss Maheep Sandhu

Signature……………………...

Date………………

Class Incharge – Miss Maheep Sandhu

Signature……………………...

Date………………

Dean-miss Rashmi Mittal

Signature……………………...

Date………………

45
46

46