The Biometric White Paper
This paper provides a broad overview of the subject of biometrics, how they are used, how performance is measured, how systems are typically constructed and practical implementation issues.
Management Summary - The busy persons guide to Biometrics
Biometric Background - How it all started
Popular Biometric Methodologies - What are they?
Applications - The story so far
Future Applications - Some common ideas
How Things Work - Typical device / systems process map
Performance Measures - What do they really mean?
Verification v Identification - The distinction
Understanding User Psychology - Why?
OK, so what are biometrics and why should we be concerned with them?
Biometrics are best defined as measurable physiological and / or behavioural characteristics that can be utilised to verify the identity of an individual. They include fingerprints, retinal and iris scanning, hand geometry, voice patterns, facial recognition and other techniques. They are of interest in any area where it is important to verify the true identity of an individual. Initially, these techniques were employed primarily in specialist high security applications, however we are now seeing their use and proposed use in a much broader range of public facing situations.
So what was wrong with cards and PIN’s?
PIN,s (personal identification numbers) were one of the first identifiers to offer automated recognition. However, it should be understood that this means recognition of the PIN, not necessarily recognition of the person who has provided it. The same applies with cards and other tokens. We may easily recognise the token, but it could be presented by anybody. Using the two together provides a slightly higher confidence level, but this is still easily compromised if one is determined to do so.
A biometric however cannot be easily transferred between individuals (replacement part surgery is outside the scope of this paper) and represents as unique an identifier as we are likely to see. If we can automate the verification procedure in a user friendly manner, there is considerable scope for integrating biometrics into a variety of processes.
What does this mean in practice?
It means that verifying an individuals identity can become both more streamlined (by the user interacting with the biometric reader) and considerably more accurate as biometric devices are not easily fooled.
In the context of travel and tourism for example, one immediately thinks of immigration control, boarding gate identity verification and other security related functions. However, there may be a raft of other potential applications in areas such as marketing, premium passenger services, online booking, alliance programmes and so on where a biometric may be usefully integrated into a given process at some stage. In addition, there are organisation related applications such as workstation / LAN access, physical access control and other potential applications.
This does not mean that biometrics are a panacea for all our personal identification related issues - far from it! But they do represent an interesting new tool in our technology toolbox, which we might usefully consider as we march forward into the new millennium.
But surely this is all science fiction, we don’t see them working in everyday applications?
Ten years ago, this was an often heard response and frankly, a justified one as many of the early biometric devices were rather cumbersome in use and priced at a point which prohibited their implementation in all but a few very high security applications where they were considered viable.
These days things are different as not only has considerable technical progress been made, providing more accurate, more refined products, but unit cost has dropped to a point which makes them suitable for broader scale deployment where appropriate. In addition, the knowledge base concerning their use and integration into other processes has increased dramatically. This is no longer a ‘black art’ practised by a few high priests (who charged accordingly) but an everyday piece of relevant technology that the average five year old will soon be able to tell you all about.
The remainder of this document will cover the subject in greater detail and provide a solid background into this interesting and exciting technology.
It is tempting to think of biometrics as being sci-fi futuristic technology that we shall all be using together with solar powered cars, food pills and other fiendish devices some time in the near future. This popular image suggests that they are a product of the late twentieth century computer age.
In fact, the basic principles of biometric verification were understood and practised somewhat earlier. Thousands of years earlier to be precise, as our friends in the Nile valley routinely employed biometric verification in a number of everyday business situations. There are many references to individuals being formally identified via unique physiological parameters such as scars, measured physical criteria or a combination of features such as complexion, eye colour, height and so on. This would often be the case in relation to transactions in the agricultural sector where grain and provisions would be supplied to a central repository and also with regard to legal proceedings of various descriptions. Of course, they didn’t have automated electronic biometric readers and computer networks (as far as we know), and they certainly were not dealing with the numbers of individuals that we have to accommodate today, but the basic principles were similar.
Later, in the nineteenth century there was a peak of interest as researchers into criminology attempted to relate physical features and characteristics with criminal tendencies. This resulted in a variety of measuring devices being produced and much data being collected. The results were not conclusive but the idea of measuring individual physical characteristics seemed to stick and the parallel development of fingerprinting became the international methodology among police forces for identity verification.
The absolute uniqueness or otherwise of fingerprints is often debated, and the criteria that different countries employ to verify a fingerprint varies across the globe with a greater or lesser number of minutiae points required to be matched. Added to this is the question of personal interpretation which may be pertinent in border line cases. Never the less, this was the best methodology on offer and still the primary one for police forces, although the matching process is very often automated these days.
With this background, it is hardly surprising that for many years a fascination with the possibility of using electronics and the power of microprocessors to automate identity verification had occupied the minds of individuals and organisations both in the military and commercial sectors. Various projects were initiated to look at the potential of biometrics and one of these eventually led to a large and rather ungainly hand geometry reader being produced. It wasn’t pretty, but it worked and motivated it’s designers to further refine the concept. Eventually, a small specialist company was formed and a much smaller, and considerably enhanced hand geometry reader became one of the cornerstones of the early biometric industry. This device worked well and found favour in numerous biometric projects around the world.
In parallel, other biometric methodologies such as fingerprint verification were being steadily improved and refined to the point where they would become reliable, easily deployed devices. In recent years, we have also seen much interest in iris scanning and facial recognition techniques which offer the potential of a non contact technology, although there are additional issues involved in this respect.
The last decade has seen the biometric industry mature from a handful of specialist manufacturers struggling for sales, to a global industry shipping respectable numbers of devices and poised for significant growth as large scale applications start to unfold.
You will see reference to a number of biometrics, some of which are rather impractical even if technically interesting. The ‘popular’ biometrics seem to gravitate at present around the following methodologies.
There are a variety of approaches to fingerprint verification. Some of them try to emulate the traditional police method of matching minutiae, others are straight pattern matching devices, and some adopt a unique approach all of their own, including moiré fringe patterns and ultrasonics. Some of them can detect when a live finger is presented, some cannot. There is a greater variety of fingerprint devices available than any other biometric at present.
Potentially capable of good accuracy (low instances of false acceptance) fingerprint devices can also suffer from usage errors among insufficiently disciplined users (higher instances of false rejection) such as might be the case with large user bases. One must also consider the transducer / user interface and how this would be affected by large scale usage in a variety of environments. Fingerprint verification may be a good choice for in house systems where adequate explanation and training can be provided to users and where the system is operated within a controlled environment. It is not surprising that the workstation access application area seems to be based almost exclusively around fingerprints, due to the relatively low cost, small size (easily integrated into keyboards) and ease of integration.
As the name suggests, hand geometry is concerned with measuring the physical characteristics of the users hand and fingers, from a three dimensional perspective in the case of the leading product. One of the most established methodologies, hand geometry offers a good balance of performance characteristics and is relatively easy to use. This methodology may be suitable where we have larger user bases or users who may access the system infrequently and may therefore be less disciplined in their approach to the system. Accuracy can be very high if desired, whilst flexible performance tuning and configuration can accommodate a wide range of applications. Hand geometry readers are deployed in a wide range of scenarios, including time and attendance recording where they have proved extremely popular. Ease of integration into other systems and processes, coupled to ease of use makes hand geometry an obvious first step for many biometric projects.
A potentially interesting technique bearing in mind how much voice communication takes place with regard to everyday business transactions. Some designs have concentrated on wall mounted readers whilst others have sought to integrate voice verification into conventional telephone handsets. Whilst there have been a number of voice verification products introduced to the market, many of them have suffered in practice due to the variability of both transducers and local acoustics. In addition, the enrolment procedure has often been more complicated than with other biometrics leading to the perception of voice verification as unfriendly in some quarters. However, much work has been and continues to be undertaken in this context and it will be interesting to monitor progress accordingly.
An established technology where the unique patterns of the retina are scanned by a low intensity light source via an optical coupler. Retinal scanning has proved to be quite accurate in use but does require the user to look into a receptacle and focus on a given point. This is not particularly convenient if you are a spectacle wearer or have concerns about intimate contact with the reading device. For these reasons retinal scanning has a few user acceptance problems although the technology itself can work well. The leading product underwent a redesign in the mid nineties, providing enhanced connectivity and an improved user interface, however this is still a relatively marginal biometric technology.
Iris scanning is undoubtedly the less intrusive of the eye related biometrics. It utilises a fairly conventional ccd camera element and requires no intimate contact between user and reader. In addition it has the potential for higher than average template matching performance. As a technology it has attracted the attention of various third party integrators and one would expect to see additional products launched in due course as a result. It has been demonstrated to work with spectacles in place and with a variety of ethnic groups and is one of the few devices which can work well in identification mode. Ease of use and system integration have not traditionally been strong points with the iris scanning devices, but we can expect to see improvements in these areas as new products are introduced.
Signature verification enjoys a synergy with existing processes that other biometrics do not. People are used to signatures as a means of transaction related identity verification and would mostly see nothing unusual in extending this to encompass biometrics. Signature verification devices have proved to be reasonably accurate in operation and obviously lend themselves to applications where the signature is an accepted identifier. Curiously, there have been relatively few significant applications to date in comparison with other biometric methodologies. If your application fits, it is a technology worth considering, although signature verification vendors have tended to have a somewhat chequered history.
A technique which has attracted considerable interest and whose capabilities have often been misunderstood. Extravagant claims have sometimes been made for facial recognition devices which have been difficult if not impossible to substantiate in practice. It is one thing to match two static images (all that some systems actually do - not in fact biometrics at all), it is quite another to unobtrusively detect and verify the identity of an individual within a group (as some systems claim). It is easy to understand the attractiveness of facial recognition from the user perspective, but one needs to be realistic in ones expectations of the technology. To date, facial recognition systems have had limited success in practical applications. However, progress continues to be made in this area and it will be interesting to see how future implementations perform. If technical obstacles can be overcome, we may eventually see facial recognition become a primary biometric methodology.
There are other biometric methodologies including the use of scent, ear lobes and various other parameters. Whilst these may be technically interesting, they are not considered at this stage to be workable solutions in everyday applications. Those listed above represent the majority interest and would be a good starting place for you to consider within your biometric project. The sections of this paper dealing with performance issues and user psychology offer a further insight into the application of these devices.
The bulk of biometric applications to date are probably in areas that you will never hear of. This is because there are a very large number of relatively small security related applications undertaken by specialist security systems suppliers. These systems account for the majority of unit sales as far as the device manufacturers are concerned and are often supplied via a third party distribution chain.
The applications that you will here of are those in the public domain. These include:
Prison visitor systems, where visitors to inmates are subject to verification procedures in order that identities may not be swapped during the visit - a familiar occurrence among prisons worldwide.
Drivers licences, whereby some authorities found that drivers (particularly truck drivers) had multiple licences or swapped licences among themselves when crossing state lines or national borders.
Canteen administration, particularly on campus where subsidised meals are available to bona fide students, a system which was being heavily abused in some areas.
Benefit payment systems. In America, several states have saved significant amounts of money by implementing biometric verification procedures. Not surprisingly, the numbers of individuals claiming benefit has dropped dramatically in the process, validating the systems as an effective deterrent against multiple claims.
Border control. A notable example being the INSPASS trial in America where travellers were issued with a card enabling them to use the strategically based biometric terminals and bypass long immigration queues. There are other pilot systems operating in S.E. Asia and elsewhere in this respect.
Voting systems, where eligible politicians are required to verify their identity during a voting process. This is intended to stop ‘proxy’ voting where the vote may not go as expected.
Junior school areas where (mostly in America) problems had been experienced with children being either molested or kidnapped.
In addition there are numerous applications in gold and diamond mines, bullion warehouses and bank vaults, as indeed you might expect, as well as the more commonplace physical access control applications in industry.
There are many views concerning potential biometric applications, some popular examples being;
ATM machine use.
Most of the leading banks have been experimenting with biometrics for ATM machine use and as a general means of combating card fraud. Surprisingly, these experiments have rarely consisted of carefully integrated devices into a common process, as could easily be achieved with certain biometric devices. Previous comments in this paper concerning user psychology come to mind here and one wonders why we have not seen a more professional and carefully considered implementation from this sector. The banks will of course have a view concerning the level of fraud and the cost of combating it via a technology solution such as biometrics. They will also express concern about potentially alienating customers with such an approach. However, it still surprises many in the biometric industry that the banks and financial institutions have so far failed to embrace this technology with any enthusiasm.
Workstation and network access.
For a long time this was an area often discussed but rarely implemented until recent developments saw the unit price of biometric devices fall dramatically as well as several designs aimed squarely at this application. In addition, with household names such as Sony, Compaq, KeyTronics, Samsung and others entering the market, these devices appear almost as a standard computer peripheral. Many are viewing this as the application which will provide critical mass for the biometric industry and create the transition between sci-fi device to regular systems component, thus raising public awareness and lowering resistance to the use of biometrics in general.
Travel and tourism.
There are many in this industry who have the vision of a multi application card for travellers which, incorporating a biometric, would enable them to participate in various frequent flyer and border control systems as well as paying for their air ticket, hotel room, hire care etc., all with one convenient token.
Technically this is eminently possible, but from a political and commercial point of view there are still many issues to resolve, not the least being who would own the card, be responsible for administration and so on. These may not be insurmountable problems and perhaps we may see something along these lines emerge. A notable challenge in this respect would be packaging such an initiative in a way that would be truly attractive for users.
Many immediately think of on line transactions as being an obvious area for biometrics, although there are some significant issues to consider in this context. Assuming device cost could be brought down to a level whereby a biometric (and perhaps chip card) reader could be easily incorporated into a standard build PC, we still have the problem of authenticated enrolment and template management, although there are several approaches one could take to that. Of course, if your credit card already incorporated a biometric this would simplify things considerably. It is interesting to note that certain device manufacturers have collaborated with key encryption providers to provide an enhancement to their existing services. Perhaps we shall see some interesting developments in this are in the near future.
No doubt many telesales and call centre managers have pondered the use of biometrics. It is an attractive possibility to consider, especially for automated processes. However, voice verification is a difficult area of biometrics, especially if one does not have direct control over the transducers, as indeed you wouldn’t when dealing with the general public. The variability of telephone handsets coupled to the variability of line quality and the variability of user environments presents a significant challenge to voice verification technology, and that is before you even consider the variability in understanding among users.
The technology can work well in controlled closed loop conditions but is extraordinarily difficult to implement on anything approaching a large scale. Designing in the necessary error correction and fallback procedures to automated systems in a user friendly manner is also not a job for the faint hearted.
Perhaps we shall see further developments which will largely overcome these problems. Certainly there is a commercial incentive to do so and I have no doubt that much research is under way in this respect.
Public identity cards.
A biometric incorporated into a multi purpose public ID card would be useful in a number of scenarios if one could win public support for such a scheme. Unfortunately, in this country as in others there are huge numbers of individuals who definitely do not want to be identified. This ensures that any such proposal would quickly become a political hot potato and a nightmare for the minister concerned. You may consider this a shame or a good thing, depending on you point of view. From a dispassionate technology perspective it represents something of a lost opportunity, but this is of course nothing new. It’s interesting that certain local authorities in the UK have issued ‘citizen’ cards with which named cardholders can receive various benefits including discounts at local stores and on certain services. These do not seem to have been seriously challenged, even though they are in effect an ID card.
Whilst individual biometric devices and systems have their own operating methodology, there are some generalisations one can make as to what typically happens within a biometric systems implementation.
The following diagram depicts the process pictorially and the accompanying notes provide a more detailed explanation.
[A] Obviously, before we can verify an individuals identity via a biometric we must first capture a sample of the chosen biometric. This ‘sample’ is referred to as a biometric template and is the reference data against which subsequent samples provided at verification time are compared. A number of samples are usually captured during enrolment (typically three) in order to arrive at a truly representative template via an averaging process. The template is then referenced against an identifier (typically a PIN or card number if used in conjunction with existing access control tokens) in order to recall it ready for comparison with a live sample at the transaction point. The enrolment procedure and quality of the resultant template are critical factors in the overall success of a biometric application. A poor quality template will often cause considerable problems for the user, often resulting in a re-enrolment.
[B] Template storage is an area of interest, particularly with large scale applications which may accommodate many thousands of individuals. The possible options are as follows;
1) Store the template within the biometric reader device.
2) Store the template remotely in a central repository.
3) Store the template on a portable token such as a chip card.
Option 1, storing the template within the biometric device has both advantages and disadvantages depending on exactly how it is implemented. The advantage is potentially fast operation as a relatively small number of templates may be stored and manipulated efficiently within the device. In addition, you are not relying on an external process or data link in order to access the template. In some cases, where devices may be networked together directly, it is possible to share templates across the network.
The potential disadvantage is that the templates are somewhat vulnerable and dependent upon the device being both present and functioning correctly. If anything happens to the device, you may need to re-install the template database or possibly re-enrol the user base.
Option 2, storing the templates in a central repository is the option which will naturally occur to IT systems engineers. This may work well in a secure networked environment where there is sufficient operational speed for template retrieval to be invisible to the user. However, we must bear in mind that with a large number of readers working simultaneously there could be significant data traffic, especially if users are impatient and submit multiple verification attempts. The size of the biometric template itself will have some impact on this, with popular methodologies varying between 9 bytes and 1.5k. Another aspect to consider is that if the network fails, the system effectively stops unless there is some sort of additional local storage. This may be possible to implement with some devices, using the internal storage for recent users and instructing the system to search the central repository if the template cannot be found locally.
Option 3, storing the template on a token. This is an attractive option for two reasons. Firstly, it requires no local or central storage of templates (unless you wish to) and secondly, the user carries their template with them and can use it at any authorised reader position.
However, there are still considerations. If the user is attracted to the scheme because he believes he has effective control and ownership of his own template (a strong selling point in some cases) then you cannot additionally store his template elsewhere in the system. If he subsequently loses or damages his token, then he will need to re-enrol. Another consideration may be unit cost and system complexity if you need to combine chip card readers and biometric readers at each enrolment and verification position.
If the user base has no objection, you may wish to consider both on token and central storage of templates (options 2 and 3) this could provide fast local operation with a fallback position if the chip card reading process fails for any reason or if a genuine user loses their token and can provide suitable identity information. Your choice of template storage may be dictated to some extent by your choice of biometric device. Some devices offer greater flexibility than others in this respect.
[C] The network. There are possible variations on a theme with regard to networks. Some devices have integral networking functionality, often via RS485 or RS422 with a proprietary protocol. This may enable you to network a number of devices together with no additional equipment involved, or maybe with a monitoring PC connected at one end of the network. In such a case, you will almost certainly be relying on the vendors systems design and message functionality, together with their own software.
Alternatively you may design the networking, message passing and monitoring system yourself, taking advantage of the recent generic biometric API’s and accessing the reader functions directly. This will give you absolute flexibility and control over systems design, providing the chosen device supports this.
Yet another option may be to use the vendors network for message passing and primary interconnection, coupled to your own custom software at the monitoring point, which may in turn interface with other systems under your control.
In some cases, you may have an existing network and control interface into which the biometric devices may be integrated via a common security standard such as Wiegand or ABA. In this case they will appear as just another device, although you will have to separately consider template storage and access.
[D] Verification. The verification process requires the user to claim an identity by either entering a PIN or presenting a token, and then verify this claim by providing a live biometric to be compared against the claimed reference template. There will be a resulting match or no match accordingly (the parameters involved will be discussed later under performance measures). A record of this transaction will then be generated and stored, either locally within the device or remotely via a network and host (or indeed both).
With certain devices, you may allow the user a number of attempts at verification before finally rejecting them if the templates do not match. Setting this parameter requires some thought. On the one hand, you want to provide every opportunity for a valid user (who may be having difficulty using the system) to be recognised. On the other hand, you do not want impostors to have too much opportunity to experiment.
With some systems, the reference template is automatically updated upon each valid transaction. This allows the system to accommodate minor changes to the users live sample as a result of ageing, local abrasions etc. and may be a useful feature when dealing with large userbases.
[E] Transaction storage. This is an important area as you will certainly wish to have some sort of secure audit trail with respect to the use of your system. Some devices will store a limited number of transactions internally, scrolling over as new transactions are received. This is fine as long as you are confident of retrieving all such transactions before the buffer fills up and you start losing them. In practice, this is unlikely to be a problem unless you have severe network errors. In some cases, you may wish to have each biometric device connected directly to a local PC which may in turn be polled periodically (over night for example) in order to download transactions to a central point. In either case, you will probably wish to adopt a local procedure to deal with error and exceptional conditions, which will in turn require some sort of local messaging. This may be as simple as a relay closure in the event of a failed transaction activating an annunciator of some description.
What you do with this transaction data is another matter. You may wish to analyse it via an existing reporting tool (if it is in a suitable format) or perhaps write a custom application in order to show transactions in real time as well as write them to a central database.
[F] The network (again). How the network handles transactions may be of critical importance in some applications. For example, you may have multiple terminals distributed within a large facility, each of which requires a real time display of information. This will require fast and reliable message transmission. Each terminal user may wish to ‘hold’ a displayed transaction until a response has been initiated. This will require a separate local message buffer and possibly a message prioritisation methodology to ensure that critical messages are dealt with promptly.
You may require variations on terminal / host software according to the user and core function. All of this will need to be accommodated within the overall network in a secure and efficient manner. There are many potential issues to consider in this respect and your overall system design should reflect this.
False accepts, false rejects, equal error rates, enrolment and verification times - these are the typical performance measures quoted by device vendors (how they arrived at them is another matter). But what do they really mean? Are these performance statistics actually realised in real systems implementations? Can we accept them with any degree of confidence?
Let’s explore further....
False accept rates (FAR) indicate the likelihood that an impostor may be falsely accepted by the system.
False reject rates (FRR) indicate the likelihood that the genuine user may be rejected by the system. This measure of template matching can often be manipulated by the setting of a threshold which will bias the device towards one situation or the other. Hence one may bias the device towards a larger number of false accepts but a smaller number of false rejects (user friendly) or a larger number of false rejects but a smaller number of false accepts (user unfriendly), the two parameters being mutually exclusive.
Somewhere between the extremes is the equal error point where the two curves cross (see below) and which may represent a more realistic measure of performance than either FAR or FRR quoted in isolation.
These measures are expressed in percentage (of error transactions) terms, with an equal error rate of somewhere around 0.1% being a typical figure.
However, the quoted figures for a given device may not be realised in practice for a number of reasons. These will include user discipline, familiarity with the device, user stress, individual device condition, the user interface, speed of response and other variables. We must remember that vendor quoted statistics may be based upon limited tests under controlled laboratory conditions, supplemented by mathematical theory. They should only ever be viewed as a rough guide and not relied upon for actual system performance expectations.
This situation is not because vendors are trying to mislead you (in most cases anyway) but because it is almost impossible to give an accurate indication of how a device will perform in a limitless variety of real world conditions.
Similarly, actual enrolment times will depend upon a number of variables inherent in your enrolment procedure. Are the users pre-educated? Have they used the device before? What information are you gathering? Are you using custom software? How well trained is the enrolling administrator? How many enrolment points will you be operating? What other processes are involved? And so on. The vendors cannot possibly understand these variables for every system and their quoted figure will again be based upon their own in house experiences under controlled conditions.
Verification time is often misunderstood as vendors will typically describe the average time taken for the actual verification process, which will not typically include the time taken to present the live sample or undertake other processes such as the presentation of a token or keying of a PIN. Consider also an average time for user error and system response and it will be apparent that the end to end verification transaction time will be nothing like the quoted figure.
Given the above, it will come as no surprise that biometric device performance measures have sometimes become a contentious issue when implementing real systems. In order to provide an independent view a National Biometric Test Centre has been established in the US with a similar facility recently announced in Hong Kong. These centres are based at academic institutions and will over time no doubt provide for some interesting views. However, this does not necessarily mean that vendors will rush to conform with regard to their quoted specifications and the method used to arrive at them. We should therefore continue to view such specifications as a rough guide and rely on our own trials and observations to provide a more meaningful appraisal of overall performance.
As a side issue to the above, there is a question concerning the uniqueness of biometric parameters such as fingerprints, irises, hands and so forth. The degree of individuality or similarity within a userbase will naturally affect performance to some degree. It is outside the scope of this paper to examine this aspect in any detail, but suffice it to say that no one has reliable data for the whole world and cannot therefore say that any biometric is truly unique. What we can say is that the probability of finding identical fingerprints, irises, hands etc. within a typical userbase is low enough for the parameter in question to be regarded as a reliable identifier. Splitting hairs maybe, but beware of claims of absolute uniqueness - some individuals are similar enough to cause false accepts, even in finely tuned systems.
You will often come across the terms ‘verification’ and ‘identification’ which are sometimes confused when people are discussing biometrics.
The majority of available devices operate in verification mode. This means that an identity is claimed by calling a particular template from storage (by the input of a PIN or presentation of a token) and then presenting a live sample for comparison, resulting in a match or no match according to predefined parameters. Thus a simple one to one match that may be performed quickly and generate a binary yes/no result.
A few devices claim to offer biometric identification whereby the user submits his live sample and the system attempts to identify him within a database of templates. A more complex one to many match which may generate a multiple result according to the number and similarity of stored templates.
Imagine a scenario whereby you have 750’000 templates stored in a database. The user presents his live sample and the database engine starts searching. Depending on how tightly you define the likeness threshold parameter, the search may result in 10000 possible identities for your user - now what do you do? You may be able to apply filters based upon sex, ethnic origin, age and so forth in order to reduce this list to a manageable size, if indeed you can capture this information from the user. You may still end up with a sizeable list of potential identities. Of course, in a smaller database this becomes less of a problem, but it is precisely with large databases that this functionality is typically sought.
All of this assumes that the system can indeed function as claimed in identification mode. Certain devices have been demonstrated to work well in this manner with small databases of tens of users, but the situation becomes very complicated with databases of even a few hundred. The mathematical probability of finding an exact match within such a database is extremely slim (to say the least). A large database, such as might be the case with travellers across borders for example, would be almost impossible to manage in this manner with current technology. We haven’t even considered the time taken to search such a database and the impact of multiple concurrent users.
For these and other reasons, one should exercise extreme caution when considering biometric ‘identification’ systems. Whilst one can readily understand the attraction of this mode of operation, it has to date rarely been successful in practice, except in small scale carefully controlled situations.
Verification systems on the other hand are straightforward in operation and may easily be deployed within a broad cross section of applications, as indeed has been the case.
You will rarely find reference to the above topic among biometric literature, as it is likely to open up a sizeable can of worms as far as realised systems performance is concerned. Never the less, we must consider it carefully if we are to design and implement a successful system.
If a user is not happy about using the biometric device, he is not likely to be consistent in using it, potentially producing a much larger than average error rate. Conversely, if a user is intrigued and enthusiastic about using the device, he is likely to use it as intended, be more consistent and enjoy relatively low error rates. Between these examples are users who have no particular bias but are nervous or self conscious about using such devices, users who have some physical difficulty in using the device, badly trained users, users who have a poor reference template and users who are by nature impatient and intolerant. The users particular temperament, understanding and current state of mind can have a dramatic impact on real system performance - much more than the quoted difference between individual devices for example. So whilst you may be pondering about the difference between FRR figures of 0.05% and 0.1% an unhappy user may add 25% to this figure for his transactions!
Clearly then we should aim for well educated (in terms of the system) users who have good quality reference templates and are happy with the overall system concept and its benefits.
These individuals will have received proper and comprehensive training in the use of the system, been guided carefully and unhurriedly through the enrolment procedure, been invited to ask questions about the system in general and received some reference documentation with help / enquiry line details included, all within a comfortable unchallenging environment where individual needs can be addressed. If we are not prepared to do this as an absolute minimum, then we should not be contemplating any such system.
The larger the potential userbase, the more important this becomes as the instances of ‘unusual’ requirements or misunderstandings increase.
In some public applications such as prison visitor systems or benefit payment systems, there is a tangible and immediate benefit to the user in operating the system correctly and indeed, they are required to do so by the administrating authority. In these situations we have a captive audience who mostly desire to be correctly verified (there are exceptions of course) and who may accept a methodology in this situation that they would not do elsewhere.
In a corporate or proprietary system where the user may have a choice in using the system or otherwise, we do not have this luxury and must strive to make it an interesting / exciting experience coupled to a clearly defined user benefit. If there is any doubt about this the system will probably not be successful. The user must therefore be the primary focus of our system design - not the technology. We must think of the user at each stage of our process / technical configuration plan and consider his requirements and operating experience very carefully. If we get this part right, we can always juggle with the technicalities later on.
© Julian Ashbourn 1999. This document or any part thereof may not be reproduced in any manner without written permission from the author.