250 likes | 364 Vues
Biometric standards. An overview of biometrics and identity management February 2010. The need to identify. Every day we are required to identify ourselves Using a bank card with a PIN at a cash machine A password to log on to a computer Using a key to open a door
E N D
Biometric standards An overview of biometrics and identity management February 2010
The need to identify • Every day we are required to identify ourselves • Using a bank card with a PIN at a cash machine • A password to log on to a computer • Using a key to open a door • Punching a code into a keypad to enter the workplace • Using passwords on the Internet • Providing a passport and driving licence as proof of identity • We need to be able to accurately IDENTIFY an individual to minimize current issues and threats
Current attributes used to identify • Name • Address • Postcode • Date of Birth • Account no. • Passwords • PINs • Phone no. • Mother’s maiden name • Passport • Birth certificate • Driving licence • Credit cards • Utility bills • Membership cards • Salary slip
Is biometrics the answer? • A biometric is part of the person and is not easily compromised through: • Theft • Collusion • Loss • Simplifies user management resulting in cost savings • Users do not need to remember passwords • Users do not need to remember PINs • User accounts cannot be shared • Easy to use
Biometric definition • The automated recognition of individuals based on their behavioural and biological characteristics • The general meaning of biometrics encompasses counting, measuring and statistical analysis of any kind of data in the biological sciences including the relevant medical sciences • The term is derived from the Greek words “bios” meaning life and “metron” meaning measure
Biological and behavioural • Behavioural • Signature • Gait • Voice • Keystroke dynamics • Biological • Fingerprint • Face (2D & 3D) • Iris • Vein pattern • Hand geometry • DNA
Iris • Captures the pattern of flecks on the iris • Uses conventional cameras • Average 2 seconds for identification • No physical contact between user and reader
Face • Based upon the geometric shape and position of features of the face • Resistant to changes in skin tone, facial hair, hair style, and eyeglasses • No active user involvement required in order to perform identification/verification • Limited success in practical applications
Voice • Analyses voice patterns and characteristics of speech e.g. pitch, tone, etc. • High user acceptance – perceived as least intrusive biometric technology • Easy for end users to implement • Ideal for telephone systems/mobile environments
Hand geometry • Measures the physical characteristics of the user’s hand and fingers • Low level infrared light and camera used to capture an image • Suited to applications where there is a large user base or users access the system infrequently • Systems are easy to use and robust
Signature • Based on analysis of the dynamics of a handwritten signature e.g. shape, speed, stroke order, pen pressure • Generally use pressure sensitive tablets or wired pens • User friendly • Non intrusive – minimal public acceptance issues • Captured signature can be used for digitally signing documents
Keystroke dynamics • Monitors rate of typing and intervals between letters • Verification based on typing rhythm – intruders may guess password but fail to key in with correct rhythm • Neither enrolment nor verification disturbs the regular flow of work • Low cost – only hardware required is keyboard
Fingerprint • Variety of fingerprint devices available (silicon and optical) • Template constructed by analysing patterns that make the fingerprint (minutiae)
DNA • Forensic genetics use deoxyribonucleic acid (DNA) profiling in a number of important human identity applications • 0.01% of a person's entire genome is unique to each individual • This represents 3 million base pairs of DNA • 95% of the human genome are non-coding sequences (called junk DNA) • Standard profiling systems only exploit the junk DNA to maintain the privacy and civil rights of the donor
Multimodal • Combination of one or more biometrics • Algorithmic level • Results level • Multimodal is the fusion of results with logic applied
Input Device Fusion Input Device Matching Fusion Matching Result Fusion Result Key multimodal facts Can be used to: • Improve reliability • Make forgery more difficult • Make systems more flexible to user characteristics (decreases failure to enrol) • Make systems more complex • Promote inclusivity
Verification versus Identification “Are you who you say you are?” “Who are you?” NOT
Verification and Identification • Identification • Means establishing a person’s identity from an already established list – Who are you from this list? • Biometric sample presented to a system which searches the existing (enrolled) subjects • One-to-many comparison • Do I know you? • “I am not known to you already” • Verification • Involves confirming or denying a person’s claimed identity – Are you who you claim to be? • Biometric sample captured and compared with the previously stored template for that user • One-to-one comparison • Are you who you say you are? • “I am who I say I am”
Identification before verification • To establish a ‘clean’ database of individuals each individual first needs to be identified • One-to-many match is performed against the central database to ensure the individual does not already exist under correct name or any other aliases • Once identity is established it can be sufficient to verify the individual as proof of identity only • One-to-one match is performed at the point of interface without the need to check back to the central database
Current & Future Technology Risk & Requirement Analysis Research & Development User Perception Accuracy & Throughput Strategy Business Process Performance Integration Key Consideration in a biometric system
Considerations of adding a biometric system • Not all biometrics technologies suit all people • In many cases additional hardware is required • User co-operation is usually necessary • Privacy concerns must be addressed • Cost of personal devices in large systems can be significant • User education is required • Biometric revocation must be considered as biometric data is not secret
Capture the legal and political imperatives • Ask what additional considerations are there with a biometric application as opposed to any other IT deliverable • Privacy? • Data access considerations (who and why)? • Sensitivity of data? • Legislative limitations? • User acceptance? • Standards compliance?
ISO/IEC JTC1 SC 37 Biometrics • Currently 25 participating countries and 7 observer countries • Liaisons with: • JTC 1/SC 17 Cards and Personal Identification. • JTC 1/SC 24 Computer Graphics and Imaging • JTC 1/SC 27 Information Technology Security Techniques. • JTC 1/SC 29 Coding of Audio, Picture and Multimedia and Hypermedia Information. • JTC 1/SC 31 Automatic Identification and Data Capture Techniques • JTC 1/SC 32 Data Management and Interchange • JTC 1/SC 36 Information Technology for Learning, Education and Training. • ITU-T SG17 Telecommunication Standardization Sector Study Group on Data Networks and Telecommunications Software. • BioAPI Consortium • IBIA International Biometrics Industry Association (IBIA) • ILO International Labour Office of the UN
The benefits of standards for biometrics • They foster wide spread utilization of the technology • They are a sign of industry maturity • They reduce time-to-market • They facilitate interchange and/or interoperability • They reduce risk to integrators and end users • They reduce vendor “lock-in” effect