In a typical Biometrics system, a person registers with the system when one or more of their physical and behavioral characteristics is obtained, processed by a numerical algorithm, and entered into a database. Ideally, when you walk in, almost all of your features match; So when someone else tries to identify themselves, they don't match completely, so the system doesn't allow them access. Current technologies have success rates that vary widely (from low values ​​such as 60% to high values ​​such as 99.9%).

The performance of a biometric measure is generally defined in terms of false positive rate (FAR), false negative rate (FNMR, also False Rejection Rate or FRR), and failure-to-enroll rate (FTE or FER).

In real biometric systems, the FAR and the FRR can be transformed into each other by changing a certain parameter. One of the most common measurements of real biometric systems is the rate at which the setting at which they accept and reject errors is equal: the Equal Error Rate (EER), also known as the Cross-over Error Rate (CER). The lower the EER or CER, the more accurate the system is considered.

Announced error rates sometimes involve idiosyncratic or subjective elements. For example, one biometric system manufacturer set the acceptance threshold high to minimize false acceptances; In practice, three attempts were allowed, so a false rejection was counted only if all three attempts were unsuccessful (e.g. writing, speaking, etc.), opinions may vary as to what constitutes a false rejection. If you entered a signature verification system using my initial and last name, can I legitimately say that it is a false rejection when it rejects my first and last name?

Despite these doubts, biometric systems have the potential to identify individuals with a very high degree of certainty. Forensic DNA testing enjoys a particularly high degree of public confidence today (ca. 2004) and the technology is moving towards iris recognition, which has the ability to differentiate between two individuals with identical DNA.

One of the benefits of biometric technology is that it is not necessary to carry a card or key to access a building. Large business network infrastructures, government identification, secure banking transactions, and health and social services, among other areas, already benefit from the use of this type of verification.

Associated with other access restriction technologies, biometrics guarantees one of the least passable authentication levels today. Furthermore, the inconveniences of having to remember a password or an access PIN number will soon be overcome thanks to the use of biometric methods, because the latter have notable advantages: they are directly related to the user, they are accurate and allow audit trails.

The use of a biometric device allows administration costs to be lower, since only the reader must be maintained, and one person is responsible for keeping the database updated. Another benefit: the biometric characteristics of one person are not transferable to another.

What follows is a table that shows the different characteristics of biometric systems:

The biometrics industry offers several technologies. Each technology is considered a different market segment. The best known are fingerprints, face recognition and iris (eye) recognition. The table below contains the different technologies, horizontal applications and the main vertical markets (in the private and public sectors) offered by the biometric industry:

In recent years, there has been a growing concern among regulatory organizations regarding the development of standards related to the use of biometric techniques in the computing environment. This concern is a reflection of the growing industrial interest in this technological field, and the multiple benefits that its use brings.

However, ongoing standardization remains poor and as a result, biometric solution providers continue to provide proprietary software interfaces for their products, making it difficult for companies to switch products or vendors.

At the global level, the main body that coordinates biometric standardization activities is Sub-Committee 17 (SC17) of the Joint Technical Committee on Information Technology (ISO/IEC JTC1), of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).

In the United States, the M1 Technical Committee of INCITS (InterNational Committee for Information Technology Standards), the National Institute of Standards and Technology (NIST) and the American National Standards Institute (ANSI) play a similar role.

There are also other non-governmental organizations promoting initiatives in biometric matters such as: Biometrics Consortium, International Biometrics Groups and BioAPI. The latter was established in the United States in 1998 made up of the companies Bioscrypt, Compaq, Iridiam, Infineon, NIST, Saflink and Unisis. The BioAPI Consortium jointly developed with other consortia and associations, a standard that would promote the connection between biometric devices and different types of application programs, in addition to promoting the growth of biometric markets.

Some of the most important standards are:

Contenido

En el proceso de autentificación (o verificación) los rasgos biométricos se comparan solamente con los de un patrón ya guardado, este proceso se conoce también como uno-para-uno ( 1:1 ). Este proceso implica conocer presuntamente la identidad del individuo a autentificar, por lo tanto, dicho individuo ha presentado algún tipo de credencial, que después del proceso de autentificación biométrica será validada o no.

En el proceso de identificación los rasgos biométricos se comparan con los de un conjunto de patrones ya guardados, este proceso se conoce también como uno-para-muchos ( 1:N ). Este proceso implica no conocer la identidad presunta del individuo, la nueva muestra de datos biométricos es tomada del usuario y comparada una a una con los patrones ya existentes en el banco de datos registrados. El resultado de este proceso es la identidad del individuo, mientras que en el proceso de autentificación es un valor verdadero o falso.

El proceso de autentificación o verificación biométrica es más rápido que el de identificación biométrica, sobre todo cuando el número de usuarios (N) es elevado. Esto se debe a que la necesidad de procesamiento y comparaciones es más reducido en el proceso de autentificación. Por esta razón, es habitual usar autentificación cuando se quiere validar la identidad de un individuo desde un sistema con capacidad de procesamiento limitada o se quiere un proceso muy rápido.

Un ejemplo de esto es la aplicación móvil OneID, diseñada para sistemas Single Sign-On, que utiliza la dactiloscopía.[2]​ Una coalición de empresas de hardware y software denominada Alianza Fido, se dedica al estudio de sistemas biométricos para reemplazar el uso de contraseñas, ya sea con lectores de huellas dactilares, faciales o identificadores de voz. Un ejemplo de su producción es YubiKey, producto de la empresa Yubico.[2]​.

iris recognition

The iris is a pigmented membrane suspended inside the eye, between the cornea and the lens. Regulates the size of the pupil to control the amount of light entering the eye. It acquires its pigmentation from melanin.

Before iris recognition occurs, the iris is located using landmark features. These landmark features and the distinct shape of the iris allow image digitization, feature isolation, and extraction. Iris localization is an important step in iris recognition because, if done incorrectly, the resulting noise (e.g., eyelashes, reflections, pupils, and eyelids) in the image can lead to poor performance.

Because infrared has insufficient energy to cause photochemical effects, the primary potential mode of damage is thermal. When NIR is produced using light-emitting diodes, the resulting light is incoherent. Any risk to eye safety is remote with a single LED source using today's LED technology. Multiple LED illuminators can, however, cause eye damage if not carefully designed and used.

2D and 3D facial recognition

The person's face is a physical characteristic that allows the identification of the person in a unique and stable way. There are devices that capture the 2D pattern (plane projection) and devices that capture the 3D pattern (volumetric description of the face).

The disadvantage of 2D equipment is that the system does not distinguish whether what it is capturing is really a face or a photograph of a face, so they do not offer a sufficient level of security in most access control applications.

Equipment with 3D facial biometric technology includes infrared technology combined with 3D, thus disabling the use of masks or photographs to falsify the face. Thanks to this, 3D facial biometrics allows contactless identification very quickly and safely, because it is possible to build a 3D pattern of the face of the identified person.

Therefore, 3D equipment offers much higher security since it requires a real face (not a photograph) to identify the user. For this reason, in access control and presence control applications it is advisable to use 3D facial recognition equipment.

Another important characteristic of facial recognition systems is the ability to identify the person without contact (normally on the order of tens of centimeters), making these systems much less intrusive than those based on fingerprint, iris or vascular biometrics. Apart from being less intrusive, this remote identification capacity makes them very well accepted for access control or presence control applications in environments where direct contact of the user with the terminal may represent problems (either for hygiene reasons or because users wear gloves).

Vascular recognition

In vascular biometry, the biometric pattern is extracted from the geometry of the finger vein tree. Unlike a fingerprint, the biometric pattern is internal, for this reason it does not leave a trace and can only be obtained in the presence of the person. Identity theft is therefore very difficult.

Due to these characteristics, it is especially suitable for high security environments, as well as in harsh environments, where the surface of the finger (and therefore the surface print) may be in poor condition, eroded or not very clean.

heart rate

Cryptographers at the University of Toronto developed a bracelet that, through the use of a voltmeter, detects heartbeats and uses the electrocardiogram as a biometric identification method. The bracelet can be used to remotely activate different devices that require identity verification, although it is still in the development phase. For scientist Karl Martin it is an effective method, because, unlike passwords, heart rate "cannot be broken."[2]​.

The applications of biometric technology are many and are related to the identification of the person. Among the main applications are physical access control applications, presence control (or labor signing), access control to information and resources or biometric signature control.

For access control and presence control applications, it is common to use biometric technology in combination with other card identification technologies, such as RFID cards. This combination allows the biometric pattern to be saved on the card, so it is the user who keeps this information and it is not saved on the control device.

The advancement of technology and the miniaturization of devices has recently enabled the use of fingerprint scanners in consumer electronic devices such as laptops and mobile phones.

Biometric systems are usually incorporated to control attendance, the system recognizes the entry and exit of the individual, which facilitates control of the hours worked, in addition to avoiding falsehoods in the attendance record.[3]​.

Como con otros procesos tecnológicos y de gran alcance, las excesivas dudas en lo referente a la biometría pueden eclipsar una crítica más general. La biometría puede llegar a asociarse con fallos severos de la justicia en aquellos casos en los que la tecnología ha desviado la atención del verdadero foco, así, un individuo podría:.

identity theft

Concerns about identity theft through the use of Biometrics have not yet been resolved. If a person's credit card number is stolen, for example, it can cause that person great difficulty. If your iris scan patterns are stolen, however, allowing another person to access personal information or financial accounts, the damage could be irreversible since unlike the use of keys or passphrases, an individual's biometric data cannot be changed and once compromised could no longer be secure in use.

Frequently, biometric technologies have been put into use without adequate security measures for the personal information that is protected through them.

Privacy

Although biometrics are frequently used as a means to combat crime, there are concerns that biometrics could be used to diminish the personal freedoms of citizens.

Developments in digital video technology, infrared,

In a typical Biometrics system, a person registers with the system when one or more of their physical and behavioral characteristics is obtained, processed by a numerical algorithm, and entered into a database. Ideally, when you walk in, almost all of your features match; So when someone else tries to identify themselves, they don't match completely, so the system doesn't allow them access. Current technologies have success rates that vary widely (from low values ​​such as 60% to high values ​​such as 99.9%).

The performance of a biometric measure is generally defined in terms of false positive rate (FAR), false negative rate (FNMR, also False Rejection Rate or FRR), and failure-to-enroll rate (FTE or FER).

In real biometric systems, the FAR and the FRR can be transformed into each other by changing a certain parameter. One of the most common measurements of real biometric systems is the rate at which the setting at which they accept and reject errors is equal: the Equal Error Rate (EER), also known as the Cross-over Error Rate (CER). The lower the EER or CER, the more accurate the system is considered.

Announced error rates sometimes involve idiosyncratic or subjective elements. For example, one biometric system manufacturer set the acceptance threshold high to minimize false acceptances; In practice, three attempts were allowed, so a false rejection was counted only if all three attempts were unsuccessful (e.g. writing, speaking, etc.), opinions may vary as to what constitutes a false rejection. If you entered a signature verification system using my initial and last name, can I legitimately say that it is a false rejection when it rejects my first and last name?

Despite these doubts, biometric systems have the potential to identify individuals with a very high degree of certainty. Forensic DNA testing enjoys a particularly high degree of public confidence today (ca. 2004) and the technology is moving towards iris recognition, which has the ability to differentiate between two individuals with identical DNA.

One of the benefits of biometric technology is that it is not necessary to carry a card or key to access a building. Large business network infrastructures, government identification, secure banking transactions, and health and social services, among other areas, already benefit from the use of this type of verification.

Associated with other access restriction technologies, biometrics guarantees one of the least passable authentication levels today. Furthermore, the inconveniences of having to remember a password or an access PIN number will soon be overcome thanks to the use of biometric methods, because the latter have notable advantages: they are directly related to the user, they are accurate and allow audit trails.

The use of a biometric device allows administration costs to be lower, since only the reader must be maintained, and one person is responsible for keeping the database updated. Another benefit: the biometric characteristics of one person are not transferable to another.

What follows is a table that shows the different characteristics of biometric systems:

The biometrics industry offers several technologies. Each technology is considered a different market segment. The best known are fingerprints, face recognition and iris (eye) recognition. The table below contains the different technologies, horizontal applications and the main vertical markets (in the private and public sectors) offered by the biometric industry:

In recent years, there has been a growing concern among regulatory organizations regarding the development of standards related to the use of biometric techniques in the computing environment. This concern is a reflection of the growing industrial interest in this technological field, and the multiple benefits that its use brings.

However, ongoing standardization remains poor and as a result, biometric solution providers continue to provide proprietary software interfaces for their products, making it difficult for companies to switch products or vendors.

At the global level, the main body that coordinates biometric standardization activities is Sub-Committee 17 (SC17) of the Joint Technical Committee on Information Technology (ISO/IEC JTC1), of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).

In the United States, the M1 Technical Committee of INCITS (InterNational Committee for Information Technology Standards), the National Institute of Standards and Technology (NIST) and the American National Standards Institute (ANSI) play a similar role.

There are also other non-governmental organizations promoting initiatives in biometric matters such as: Biometrics Consortium, International Biometrics Groups and BioAPI. The latter was established in the United States in 1998 made up of the companies Bioscrypt, Compaq, Iridiam, Infineon, NIST, Saflink and Unisis. The BioAPI Consortium jointly developed with other consortia and associations, a standard that would promote the connection between biometric devices and different types of application programs, in addition to promoting the growth of biometric markets.

Some of the most important standards are:

Contenido

En el proceso de autentificación (o verificación) los rasgos biométricos se comparan solamente con los de un patrón ya guardado, este proceso se conoce también como uno-para-uno ( 1:1 ). Este proceso implica conocer presuntamente la identidad del individuo a autentificar, por lo tanto, dicho individuo ha presentado algún tipo de credencial, que después del proceso de autentificación biométrica será validada o no.

En el proceso de identificación los rasgos biométricos se comparan con los de un conjunto de patrones ya guardados, este proceso se conoce también como uno-para-muchos ( 1:N ). Este proceso implica no conocer la identidad presunta del individuo, la nueva muestra de datos biométricos es tomada del usuario y comparada una a una con los patrones ya existentes en el banco de datos registrados. El resultado de este proceso es la identidad del individuo, mientras que en el proceso de autentificación es un valor verdadero o falso.

El proceso de autentificación o verificación biométrica es más rápido que el de identificación biométrica, sobre todo cuando el número de usuarios (N) es elevado. Esto se debe a que la necesidad de procesamiento y comparaciones es más reducido en el proceso de autentificación. Por esta razón, es habitual usar autentificación cuando se quiere validar la identidad de un individuo desde un sistema con capacidad de procesamiento limitada o se quiere un proceso muy rápido.

Un ejemplo de esto es la aplicación móvil OneID, diseñada para sistemas Single Sign-On, que utiliza la dactiloscopía.[2]​ Una coalición de empresas de hardware y software denominada Alianza Fido, se dedica al estudio de sistemas biométricos para reemplazar el uso de contraseñas, ya sea con lectores de huellas dactilares, faciales o identificadores de voz. Un ejemplo de su producción es YubiKey, producto de la empresa Yubico.[2]​.

iris recognition

The iris is a pigmented membrane suspended inside the eye, between the cornea and the lens. Regulates the size of the pupil to control the amount of light entering the eye. It acquires its pigmentation from melanin.

Before iris recognition occurs, the iris is located using landmark features. These landmark features and the distinct shape of the iris allow image digitization, feature isolation, and extraction. Iris localization is an important step in iris recognition because, if done incorrectly, the resulting noise (e.g., eyelashes, reflections, pupils, and eyelids) in the image can lead to poor performance.

Because infrared has insufficient energy to cause photochemical effects, the primary potential mode of damage is thermal. When NIR is produced using light-emitting diodes, the resulting light is incoherent. Any risk to eye safety is remote with a single LED source using today's LED technology. Multiple LED illuminators can, however, cause eye damage if not carefully designed and used.

2D and 3D facial recognition

The person's face is a physical characteristic that allows the identification of the person in a unique and stable way. There are devices that capture the 2D pattern (plane projection) and devices that capture the 3D pattern (volumetric description of the face).

The disadvantage of 2D equipment is that the system does not distinguish whether what it is capturing is really a face or a photograph of a face, so they do not offer a sufficient level of security in most access control applications.

Equipment with 3D facial biometric technology includes infrared technology combined with 3D, thus disabling the use of masks or photographs to falsify the face. Thanks to this, 3D facial biometrics allows contactless identification very quickly and safely, because it is possible to build a 3D pattern of the face of the identified person.

Therefore, 3D equipment offers much higher security since it requires a real face (not a photograph) to identify the user. For this reason, in access control and presence control applications it is advisable to use 3D facial recognition equipment.

Another important characteristic of facial recognition systems is the ability to identify the person without contact (normally on the order of tens of centimeters), making these systems much less intrusive than those based on fingerprint, iris or vascular biometrics. Apart from being less intrusive, this remote identification capacity makes them very well accepted for access control or presence control applications in environments where direct contact of the user with the terminal may represent problems (either for hygiene reasons or because users wear gloves).

Vascular recognition

In vascular biometry, the biometric pattern is extracted from the geometry of the finger vein tree. Unlike a fingerprint, the biometric pattern is internal, for this reason it does not leave a trace and can only be obtained in the presence of the person. Identity theft is therefore very difficult.

Due to these characteristics, it is especially suitable for high security environments, as well as in harsh environments, where the surface of the finger (and therefore the surface print) may be in poor condition, eroded or not very clean.

heart rate

Cryptographers at the University of Toronto developed a bracelet that, through the use of a voltmeter, detects heartbeats and uses the electrocardiogram as a biometric identification method. The bracelet can be used to remotely activate different devices that require identity verification, although it is still in the development phase. For scientist Karl Martin it is an effective method, because, unlike passwords, heart rate "cannot be broken."[2]​.

The applications of biometric technology are many and are related to the identification of the person. Among the main applications are physical access control applications, presence control (or labor signing), access control to information and resources or biometric signature control.

For access control and presence control applications, it is common to use biometric technology in combination with other card identification technologies, such as RFID cards. This combination allows the biometric pattern to be saved on the card, so it is the user who keeps this information and it is not saved on the control device.

The advancement of technology and the miniaturization of devices has recently enabled the use of fingerprint scanners in consumer electronic devices such as laptops and mobile phones.

Biometric systems are usually incorporated to control attendance, the system recognizes the entry and exit of the individual, which facilitates control of the hours worked, in addition to avoiding falsehoods in the attendance record.[3]​.

Como con otros procesos tecnológicos y de gran alcance, las excesivas dudas en lo referente a la biometría pueden eclipsar una crítica más general. La biometría puede llegar a asociarse con fallos severos de la justicia en aquellos casos en los que la tecnología ha desviado la atención del verdadero foco, así, un individuo podría:.

identity theft

Concerns about identity theft through the use of Biometrics have not yet been resolved. If a person's credit card number is stolen, for example, it can cause that person great difficulty. If your iris scan patterns are stolen, however, allowing another person to access personal information or financial accounts, the damage could be irreversible since unlike the use of keys or passphrases, an individual's biometric data cannot be changed and once compromised could no longer be secure in use.

Frequently, biometric technologies have been put into use without adequate security measures for the personal information that is protected through them.

Privacy

Although biometrics are frequently used as a means to combat crime, there are concerns that biometrics could be used to diminish the personal freedoms of citizens.

Developments in digital video technology, infrared,