biometric standards

25
Biometric standards An overview of biometrics and identity management February 2010

Upload: frey

Post on 25-Feb-2016

40 views

Category:

Documents


0 download

DESCRIPTION

Biometric standards. An overview of biometrics and identity management February 2010. The need to identify. Every day we are required to identify ourselves Using a bank card with a PIN at a cash machine A password to log on to a computer Using a key to open a door - PowerPoint PPT Presentation

TRANSCRIPT

Page 1: Biometric standards

Biometric standardsAn overview of biometrics and identity management

February 2010

Page 2: Biometric standards

2

The need to identify• Every day we are required to identify ourselves

Using a bank card with a PIN at a cash machine A password to log on to a computer Using a key to open a door Punching a code into a keypad to enter the workplace Using passwords on the Internet Providing a passport and driving licence as proof of

identity• We need to be able to accurately IDENTIFY an

individual to minimize current issues and threats

Page 3: Biometric standards

3

Current attributes used to identify

• Name• Address• Postcode• Date of Birth• Account no.• Passwords• PINs• Phone no.

• Mother’s maiden name• Passport• Birth certificate• Driving licence• Credit cards• Utility bills• Membership cards• Salary slip

Page 4: Biometric standards

4

Is biometrics the answer?• A biometric is part of the person and is not easily

compromised through: Theft Collusion Loss

• Simplifies user management resulting in cost savings• Users do not need to remember passwords• Users do not need to remember PINs• User accounts cannot be shared• Easy to use

Page 5: Biometric standards

5

Biometric definition• The automated recognition of individuals based on

their behavioural and biological characteristics The general meaning of biometrics encompasses

counting, measuring and statistical analysis of any kind of data in the biological sciences including the relevant medical sciences

• The term is derived from the Greek words “bios” meaning life and “metron” meaning measure

Page 6: Biometric standards

6

Biological and behavioural• Biological

Fingerprint Face (2D & 3D) Iris Vein pattern Hand geometry DNA

• Behavioural Signature Gait Voice Keystroke dynamics

Page 7: Biometric standards

7

Iris• Captures the pattern of flecks on the iris• Uses conventional cameras• Average 2 seconds for identification• No physical contact between user and reader

Page 8: Biometric standards

8

Face• Based upon the geometric shape and position of

features of the face• Resistant to changes in skin tone, facial hair, hair

style, and eyeglasses• No active user involvement required in order to

perform identification/verification• Limited success in practical applications

Page 9: Biometric standards

9

Voice• Analyses voice patterns and characteristics of

speech e.g. pitch, tone, etc.• High user acceptance – perceived as least

intrusive biometric technology• Easy for end users to implement• Ideal for telephone systems/mobile environments

Page 10: Biometric standards

10

Hand geometry• Measures the physical characteristics of the user’s

hand and fingers• Low level infrared light and camera used to capture an

image• Suited to applications where there is a large user base

or users access the system infrequently• Systems are easy to use and robust

Page 11: Biometric standards

11

Signature• Based on analysis of the dynamics of a handwritten

signature e.g. shape, speed, stroke order, pen pressure

• Generally use pressure sensitive tablets or wired pens• User friendly• Non intrusive – minimal public acceptance issues• Captured signature can be used for digitally signing

documents

Page 12: Biometric standards

12

Keystroke dynamics• Monitors rate of typing and intervals between letters• Verification based on typing rhythm – intruders may

guess password but fail to key in with correct rhythm• Neither enrolment nor verification disturbs the regular

flow of work• Low cost – only hardware required is keyboard

Page 13: Biometric standards

13

Fingerprint• Variety of fingerprint devices available (silicon and

optical)• Template constructed by analysing patterns that make

the fingerprint (minutiae)

Page 14: Biometric standards

14

DNA• Forensic genetics use deoxyribonucleic acid (DNA) profiling in a number

of important human identity applications• 0.01% of a person's entire genome is unique to each individual

This represents 3 million base pairs of DNA 95% of the human genome are non-coding sequences (called junk DNA)

• Standard profiling systems only exploit the junk DNA to maintain the privacy and civil rights of the donor

Page 15: Biometric standards

15

Multimodal• Combination of one or more

biometrics Algorithmic level Results level

• Multimodal is the fusion of results with logic applied

Page 16: Biometric standards

16

Key multimodal facts

Can be used to:• Improve reliability• Make forgery more difficult• Make systems more flexible to

user characteristics (decreases failure to enrol)

• Make systems more complex• Promote inclusivity

Input Device

Matching

Result

Input Device

Matching

Result

Fusion

Fusion

Fusion

Page 17: Biometric standards

17

Verification versus Identification

“Are you who you say you are?”

“Who are you?”

NOT

Page 18: Biometric standards

18

Verification and Identification• Verification

Involves confirming or denying a person’s claimed identity – Are you who you claim to be?

Biometric sample captured and compared with the previously stored template for that user

One-to-one comparison Are you who you say you

are? “I am who I say I am”

• Identification Means establishing a

person’s identity from an already established list – Who are you from this list?

Biometric sample presented to a system which searches the existing (enrolled) subjects

One-to-many comparison Do I know you? “I am not known to you

already”

Page 19: Biometric standards

19

Identification before verification• To establish a ‘clean’ database of individuals each

individual first needs to be identified One-to-many match is performed against the central

database to ensure the individual does not already exist under correct name or any other aliases

• Once identity is established it can be sufficient to verify the individual as proof of identity only One-to-one match is performed at the point of interface

without the need to check back to the central database

Page 20: Biometric standards

20

Key Consideration in a biometric system

Current & Future

Technology

Risk & Requirement

Analysis

Research & Development

User Perception

Accuracy & Throughput

IntegrationPerformanceBusiness Process

Strategy

Page 21: Biometric standards

21

Considerations of adding a biometric system

• Not all biometrics technologies suit all people• In many cases additional hardware is required• User co-operation is usually necessary• Privacy concerns must be addressed• Cost of personal devices in large systems can be

significant• User education is required• Biometric revocation must be considered as

biometric data is not secret

Page 22: Biometric standards

22

Capture the legal and political imperatives

• Ask what additional considerations are there with a biometric application as opposed to any other IT deliverable Privacy? Data access considerations (who and why)? Sensitivity of data? Legislative limitations? User acceptance? Standards compliance?

Page 23: Biometric standards

23

ISO/IEC JTC1 SC 37 Biometrics• Currently 25 participating countries and 7 observer countries• Liaisons with:

JTC 1/SC 17 Cards and Personal Identification. JTC 1/SC 24 Computer Graphics and Imaging JTC 1/SC 27 Information Technology Security Techniques. JTC 1/SC 29 Coding of Audio, Picture and Multimedia and Hypermedia Information. JTC 1/SC 31 Automatic Identification and Data Capture Techniques JTC 1/SC 32 Data Management and Interchange JTC 1/SC 36 Information Technology for Learning, Education and Training. ITU-T SG17 Telecommunication Standardization Sector Study Group on Data

Networks and Telecommunications Software. BioAPI Consortium IBIA International Biometrics Industry Association (IBIA) ILO International Labour Office of the UN

Page 24: Biometric standards

24

The benefits of standards for biometrics

• They foster wide spread utilization of the technology

• They are a sign of industry maturity• They reduce time-to-market• They facilitate interchange and/or interoperability• They reduce risk to integrators and end users• They reduce vendor “lock-in” effect

Page 25: Biometric standards

25