V.V.P ENGG. COLLEGE,RAJKOT.

CERTIFICATE

This is To Certify That

Miss. VASOYA DAXA L. Roll No. : 03IT100 Semester : 6 th Branch : INFROMATION TECHNOLOGY has satisfactorily completed the course in the subject of seminar on

“BIOMETRICS”

within the four walls of v.v.p. Engg. College, Rajkot.

Date of Submission: ____________________________

Staff in charge Head of Dept.

1

ACKNOWLEGEMENT

Any successful work may not be possible without the help of guidance and co -operation o many people this repot, like so many other is the product of a team of a people working behind he scenes. I would like to take minute to acknowledge that relay comes from the bottom of heart, to those who pitched in to push this report over the finis line.

I am greatly indebted to our principal Mr. Dhmashaniya sir and H.O.D. Mrs. Nehal Karelia madam. They provide us good facility and fulltime practical support.

I would like to thank out seminar guide Miss. parule manvar fro proof reading the manuscript and giving numerous suggestions without her cheerful co operation and assistance this report would not have been written.

I also acknowledge thank our faculty members, my colleagues and to all those who provided reviews or suggestions for improving the material coved in this report.

I also extend my apologies to anyone that I have failed to mention.

2

ABSTRACT

The future of Biometrics is limited only by ones imagination. Imaging arriving home from work, walking open to your front door and ping it pops open because the house had recognized your face as you arrived home? Or perhaps there will be a day when you go to open your car, you pull then handle and your fingerprints are read to unlock the car. Your neighbor tries the same thing, pulls the handle and the alarm goes off because they are not authorized in your car. . For years now, we have seen biometrics being used in movies and on television: Mission Impossible, Charlie's Angles, Minority Report, and Star Trek are just some examples.

Now biometric technology is moving into the mainstream. Not only are biometrics being used for access to high security areas, but they are now being utilized in corporate settings for network security. Biometrics is a rapidly evolving technology, which is being widely used in forensics such as criminal identification and prison security, and has tile potential to be used in a large range of civilian application areas.

Biometric authentication devices are used to measure something a person is. Biometric authentication technologies such as- face, finger, hand, iris and speaker recognition are commercially available today and are already coming into wide use.

Today's biometric solutions provide a means to achieve fast, user-friendly. Authentication with a high level of accuracy and cost savings.

3

CONTENTS

1. Introduction.

2. Definition.

3. Evaluation of Biometric System.

4. Function of Biometric System.

5. Process of Biometrics.

6. Security of Biometric Template.

7. Types of Biometric Techniques.

7.1. Bertillonage.

7.2. Fingerprint.

7.3. Face Recognition.

7.4. Hand Geometry.

7.5. Iris Scan.

7.6. Retinal Scan.

7.7. Vascular Patterns.

7.8. Signature Scanning.

7.9. Voice Recognition.

7.10. Keystroke Dynamics.

8. Summary of biometrics techniques

9. Advantages and disadvantages

10. Application of Biometrics System.

11. Conclusion.

12. .Bibliography.

4

INTRODUCTION

Today many defense, banking and author corporate sectors, rely on manual authentication such As ID cards, tokens and tickets for internet applications, user names, and passwords are the most preferred authentication mechanisms can be placed in three categories:

What you know:

This category of 'authentication technology realize on certain secret information that only the authentic person is suppose to carry. This includes passwords, PINs, etc. although this constitutes the most common authenticators, this authentication mechanism the easiest to break and hack in to. It is the responsibility of the user to keep the, passwords and PINs secret.

What you have:

Now instead of depending on the user to keep authentication information secret, this category provides end user with an identity object, which can not be easily duplicated or hacked. Smart cards, tokens, ATM cards, licenses, passports etc. but gain of responsibility of keeping these authenticators safe and secure les with end user.

Both these types of authentication do not guarantee fool proof authentications for obvious reasons he need has been n\met by the biometric authentication mechanism, which is the third category of authentication, based on who you are.

Who you are:

Authentication under this category uses the biometric characteristics of end user. It may be physical features, like face, fingerprints, hand geometry, irises etc. or it may be behavioral characteristics, like vase, typing style, etc.

You leave your fingerprint on everything you touch, Based your iris patterns can be observed anywhere you look.

The terms "Biometrics" and "Biometry" have been used since early in the 20th century to refer to the field of development of statistical and mathematical methods applicable to data analysis problems in the biological sciences.

Need for Biometrics can be found in federal, state and local governments, in the military, and in commercial applications. Enterprise-wide network security infrastructures, government IDs, secure electronic banking, investing and other financial transactions, retail sales, law enforcement, and health and social services are already benefiting from these technologies.

5

DEFINITION

Biometrics :

Biometrics is the development of statistical and mathematical methods applicable to data analysis problems in the biological sciences.

The term "biometrics" is derived from the Greek words bio (life) and metric (to measure). For our use, biometrics refers to technologies for measuring and analyzing a person's physiological or behavioral characteristics, such as fingerprints, irises, voice patterns, facial patterns, and hand measurements, for identification and verification purposes.

Biometrics refers to the automatic identification or identity verification of living persons using their enduring physical or behavioral characteristics. Many body parts, personal characteristics and imaging methods have been suggested and used for biometric systems: fingers, hands, feet, faces, eyes, ears, teeth, veins, voices, signatures, typing styles, gaits and odors.

Biometrics Authentication:

Person authentication or simply authentication is a task of confirming or denying a person's claimed identity. Biometrics is a measurement using a person's behavioral or physiological characteristics. Examples of these characteristics are fingerprints, face, voice and signature. Biometric authentication is a task of confirming or denying a person's claimed identity using his behavioral or physiological characteristics.

6

EVALUATION OF BIOMETRIC SYSTEM

Biometric technology is inherently individuating and interface easily to database technology, making privacy violation easier more damaging. If we are to deploy such system, privacy must be designed into them from the beginning, as it is hared to retrofit complex system for privacy.

Biometric systems are useless without a well considered threat model. Before deploying any such system on the national stage, we must a have a realistic threat model, specifying g the categories of people such systems are supposed to target, and the threat thy pose in light of their abilities, resources, motivations and goals. Any such system will also need to map out clearly in advance how the system is to work in both its successes and in its failures.

Biometrics is no substitute for quality data bout potential risks. No matter how accurately a person is identified, identification alone revels nothing abut whether a person is terrorist. Such information is completely external to any biometric ID system.

Biometric identification is only as good as the initial ID. The quality of the initial “enrollment” or “registration” is crucial. Biometric systems are only as good as the initial identification, which in any foreseeable system will be based on exactly the document based method of identification upon which biometrics re supposed to be an improvement. A terrorist with a fake passport would be issued a US visa with his own biometric attached to the name on the phony passport. Unless the terrorist A) has already entered his biometrics info the database search, biometrics won’t stop him at the border.

Biometric identification is often overkill for the task at hand, it is not necessary to identify a person (and to create a record of their presence at a certain place and time) if all you really want to know is whether they are entitled to do something or be somewhere. When in a bar, customers use IDs to prove they are old enough t drink, not to prove who they are or to create a record of their presence.

Some biometric technologies are discriminatory. A nontrivial percentage of population cannot present suitable features to participate in certain biometric systems. Many people have fingers that simply do not “print well”. Even if people will “bad prints” represent 1% of the population, this would mean massive inconvenience and suspicion for that minority. And scale matters the INS for example handle about 1 billion distinct entries and exits every year. Even a seemingly low error rate of 0.1% means 1 million errors, each of which translates to INS resources lost following a false lead.

Biometrics system accuracy is impossible to assess before deployment accuracy ad error rates published by biometrics technology vendors are not trustworthy, as biometric error rates area intrinsically manipulability. Biometric systems fail in two ways: false match (incorrectly matching a subject with someone else’s reference sample) and false non-match (failing to match a subject with her own reference sample). There’s strade off

7

between these two types of error, and biometric systems may be “tuned” to favor one error type over another. When subjected to real-world testing in proposed operating environment, biometric system frequently fall short of the performance promised by vendors.

The cost of failure is high. If you lose a credit card you can cancel it and get new one. If you lose a biometric, you’ve lost it for life. Any biometric system must be built to the highest levels of data security, including transmission that prevents interception, storage that prevents theft, and system wide architecture to prevent both intrusion and compromise corrupt or deceitful agents within the organization.

8

FUNCTIONS OF BIOMETRIC SYSTEMSOne useful way of thinking about biometrics is that they are used for one of two

purposes:

A) To prove that you are who you say your (positive ID).B) To prove that you are who you say you are not (negative ID).

In a positive ID situation, the subject asserts that she is Jane Doe and submits a "live" sample (a fingerprint, for example) to the system. The system then checks its database of previously enrolled or registered samples to see if the live sample matches the reference sample. A positive ID system is designed to prevent more than one person from using a single identity.

In a negative I D situation, John Roe claims not to be someone already known to the system. Here, the system checks its database to see that Roe is not on the watch list of suspected criminals and terrorists, whose biometrics are already in the system. A negative ID system Is designed to prevent one person from using more than one identity.

When biometrics are employed to effect negative identification, one need not enrolled. The only persons who must be "in" the database are those whom the operator is trying to keep out or catch.

Biometrics alone cannot establish “true identify”. A biometric system cannot prevent someone from furnishing fake credentials when thy first enter the system. They can only prevent them from using another identity once enrolled.

Biometrics is used in two major ways. Identification and verification. Identification is determining who a person is. It involves taking the measured characteristics and trying to find a match in a database containing record o f people and that characteristic. This method can required a large amount of processing power and some time if the database is very large. It is used in determining the identity of a suspect from crime scene information.

Verification is determining if a person is who they say they are. It involves taking the measured characteristic and comparing it to the previously recorded data for that person. This method requires less processing power and time and is often used for accessing places or information.

An important advantage of biometrics lies in t fact that physical or behavioral traits cannot be transferred to other individuals, nor can they be forgotten.

9

PROCESS OF BOMETRICS.The process of biometrics authentication revolves around three factors; identity,

identification, and verification of identity. So, there are three sub process Involved in the biometric authentication process.

Established identity or enrolment:

Enrolment is the process of collecting the biometric sample of end user in order to establish the user's identity. The sample enables the system to create detailed information required for the authentication of the, end user. Enrollment is nothing but registering the end, user with biometric system. Enrollment may be either voluntary or involuntary. Involuntary enrolment includes registering terrorists or shoplifter for facial recognition. enrolment should take place under environmental conditions similar to those expected during the routine matching process. Once enrolment is done and sample are collected, then the system' optimally stores the samples for later verification.

Store identify or formatting:

The biometric system, extracts the unique characteristics of the end user from the collected samples. Once the characteristics are collected, the system converts them to a digital form and creates a template’ of the end user which is stored in a database. This process of creating a temple is called formatting. A template used in a biometric system is a file that

10

contains information about an end user and helps in proving user identity. data stored in a template compressed so that the computer system are able to quickly compare measured biometric data biometric templates are not actual images of fingerprints or a face, but are asset of key points representing biometric traits.

Verify identity or matching:

Matching is the process of comparing two templates; one produced at the time of enrolment with the one produced 'on-the-spot', as a user tries to authenticate by providing a biometric via a sensor device

To authenticate a person two steps broadly involved: identification and verification. At the time of authentication the system collects the biometric sample a online and recreates the template to find out the identity of' the person from the existing database sometimes biometrics methods, such as passwords. In this case passwords are used to identify the stored template which is then matched with the newly created template.

11

SECURITY OF BIOMETRICS TEMPLATE.

If my template is compromised, does that mean that I can never use the biometric again?

Not in a well-designed system. If a criminal steals or guesses your password, it is very easy to have it changed. There is a fear, however, that if a criminal gets hold of a biometric template, the damage is irreparable - there is no way to change that part of your body. Although templates are often encrypted when in transit and storage in order to protect against such an occurrence, what happens if a template is compromised?

The answer depends on how well a biometric system is designed. If a system allows a template to be inserted into the verification process without ensuring that this template came from an actual placement, a compromised template can pose a problem. However, a well-designed system will ensure that the information it is analyzing is not a recording but is in fact a new sample.

One way to assure that a new template is being submitted is to seed the request for a sample. This involves the biometric system sending an encrypted random number (known as a seed) to the barometric sensor. This number can be encrypted such that only the sensor itself can decrypt the message. When returning the biometric template, the sensor also, sends the seed number back (encrypted). This ensures that being sent was created immediately after the request for the template (as opposed to an old template that has been recorded and played back).

The size of a template varies by technology and vendor. It varies from 9 bytes to as much a 2kb. Fingerprint template is normally about Acolytes in size. Templates can be stored in databases or files.

12

TYTES OF BIOMETRICS TECHNIQUES.

There are two types of biometrics:

Behavioral biometrics.

Physical biometrics

Behavioral biometrics is generally used for verification while physical biometrics can be used for either identification or verification.

Physical biometrics:

Physiological biometrics is based on measurements -and data derived from direct measurement of a part of the human body.

Physical biometrics includes:

Bertillonage:- measuring body lengths (no longer used)

Fingerprint :- analyzing fingertip patterns

Facial Recognition: - measuring facial characteristics

Hand Geometry :- measuring the shape of the hand

Iris Scan: - analyzing features of colored ring of the eye

Retinal Scan: - analyzing blood vessels in the eye

Vascular patterns:- analyzing vein patterns

Behavioral biometrics:

Behavioral characteristics are based on an action taken by a person Behavioral biometrics, in turn, are based on measurements and data derived from an action, and indirectly, measure characteristics of the human body.

Behavioral biometrics include:

Speaker Recognition:- analyzing vocal behavior

Signature: - analyzing signature dynamics

Keystroke: - measuring the time spacing of typed

13

VIEW OF BIOMETRICS TECHNIQUES.

14

BERTILLONAGE.

History:

Created in the 1890's by a Paris police desk clerk, an anthropologist named Alphonse Bertillion, this method of identification became the primary method for identifying criminals in the late 1800's. Battalion based his system on the claim that measurement of adult bones does not change after the age of 20. He also introduced a cataloguing system, which enabled filing/checking, records quite quickly.

The system was a success, identifying hundreds of repeat offenders, and was used world-wide until 1903, when two identical (within the tolerances) measurements were obtained for two different people at the Fort Leavenworth prison. The prison switched to finger printing the following day and the rest of the world soon forever.

Evaluation:

Predicted to be accurate at 286,435,456 to I allowing for possible (and eventually proven) duplicates, human error in measuring contributed to a smaller effective accuracy. Non-unique measurements allowed for multiple people to have the same results, reducing the usefulness of this method. Also, the time involved to measure a subject was prohibitive for uses other than prison recur.

Basics:

No longer used, bertillonage was a late 19th century method of identifying people by use of multiple bodily measurements. A person would through a 20-60 minute measuring exam where they would have various body measurements taken: height, length, and breadth of the head, the length of different finger the length of forearms, etc. The results were then recorded and/or compared to a record database. Though all done by hand, the -record filing and checking system was quite fast for its time.

USE:

This method is no longer in use

15

FINGERPRINT

History:

Finger printing was first used in a fashion in 14th century China as a method for parents to distinguish their children from those of others. Young children would have their feet and palms stamped in ink and then onto paper to create a record individual to the child.

The English began a using fingerprints in July of 1858, when Sir William Herschel, Chief Magistrate of' the Hooghly district in Jungipoor, India, reached his limit of frustration with the Dishonesty of the local native thought toward personal identification, Herschel had Rajyadhar kunai a local businessman; impress his hand print on the back of a contract.

In the later half of the 19th century, Richard Edward Henry of Scotland Yard developed a method of categorizing and identifying marks in fingerprints. This method, an advanced version of one first brought forward by Francis Galton it 1892 was used on an experimental basis in the late 1890s and soon proved extremely reliable. After the failure.

Of bertillonage in 1903, finger printing became the method of choice for police around the world. Interestingly, another classification system was created almost concurrently in 1891 by Juan Vucetich which is still use in most Spanish countries. International organizations such as Interpol now use both methods.

Still the biometric of choice for most law agencies, the fingerprint is undergoing a major change for the first time in decades as scanners are beginning to rival ink prints in quality and affordability, Highly effective and relatively simple, the use of fingerprints as a viable biometric seems to be here for the long run.

Evaluation:

The crossover accuracy of digital finger printing has been measured to be 1:500 for a single finger. Use of multiple fingers increases the accuracy exponentially. Because of the large amount of data that can be drawn from the fingerprints, as systems become more accurate and powerful, this accuracy should increase even more. Given the amount of information contained in a fingerprint, it is highly unlikely (estimated at I in 64 billion) that any two fingerprints would be identical and therefore impossible to tell apart.

Another advantage to using fingerprint technology is the fairly small storage space required for the biometric template, reducing the size of the database memory required. Also, it is one of the most developed biometrics, with more history, research, and design than any other form the traditional use of fingerprints on criminals has given it a public stigma that is slowly being overcome, but often overshadows its usefulness.

For those concerned with how easy it is to fool a fingerprint reader, companies have been quickly progressing in creating "human-sensing" devices that call differentiate between living human fingers and even some of the best replicas. And since the information in the

16

database is encoded with a mathematical algorithm recreation of a fingerprint is extremely difficult oil even a limited scale with most modem systems.

Basics:

This technique is based on certain unique features such as edges channels and ridges of fingerprints. I fingerprints have been use for more than a century, primarily by law enforcement agencies. Modem day biometric authentication systems are nothing but automated digital version of the older ink- and -paper type fingerprinting method. Whorls, arches, and loops are recorded along with the patterns of ridges" furrows and minutiae. This information may then be processed or stored as an image or as an encoded computer algorithm to be compared with other fingerprint records.

In the digital domain, the software maps the minutiae points in relative placement oil the finger and then searches for similar minutiae information in tile database. Often an algorithm is used to encode the information into a character string that can be searched for in the database, improving search time. In most cases no image of the fingerprint is actually created, only a set of data that can be used for comparison. This method was meant to alleviate the public's fear of their fingerprint being recorded or stolen, but most people still do not understand or believe the actual method used.

17

VERIFYING FINGERPRINT BY COMPARING MINUTE

How it works?:The user presses his finger gently against a small reader surface (optical or silicon)

usually of about 2 inch square size. This reader is attached to a computer and takes the information from the scan and sends it to the database. There it is compared to the information within. The user is usually required to leave his finger on the reader for less than 5 seconds during which time the identification or verification takes place.

To prevent fake fingers from being used, many systems also measure blood flow, or check for correctly arrayed ridges at the edges of the fingers.

FINGERPRINT SCANNER

18

Use:

In use in criminal investigations for over 100 years, and used as far back a. the 14th century for identification purposes, fingerprint usage continues to expand every day. Fingerprint scanning secure entry devices for building door locks and computer network access are becoming more common. Recently a small number of banks have begun using fingerprint readers for authorization at ATMs and grocery stores are experimenting with a fingerprint scan checkout that automatically recognizes and bills a registered user's credit card or debit account. The potential uses for this biometric appear to be limited only by the willingness of people to use it.

19

FCIAL RECOGNITION

History:

The development stage for facial recognition began in the late 1980`s and commercially available systems were made available in the 1990s. While many people first heard about facial recognition after. September I 11th 2001, Football fans were introduced to it at the Super Bowl several months earlier.

Evaluation:

One of the strongest positive aspects of facial recognition is that it is nonintrusive. Verification or identification can be accomplished from two feet away or more, and without requiring the user to wait for long periods of time or do anything more than look at the camera.

One of the strongest positive aspects of facial recognition is that it is non-intrusive. Verification or identification can be accomplished from two feet away or more, and without requiring the user to wait for long periods of time or do anything more wan look at the camera.

Basics:

Facial recognition analyzes the characteristics of a person's face images input through a digital video camera. It measures the overall facial structure, including distances between eyes, nose, mouth, and jaw edges. These measurements are retained in a database and used as a comparison when a user stands before the camera. This biometric has been widely, and perhaps wildly, touted as a fantastic system for recognizing potential threats.

(Whether terrorist, scam artist, or known criminal) but so far has been unproven in high4evel usage. It is currently used in verification only systems with a good deal of success.

How it works?:

User faces the camera, standing about two feet from it. The system will locate the user's face and perform matches against the claimed identity or the facial database. It is possible that the user may need to move and reattempt the verification based on his facial position. The system usually comes to a decision in less than 5 seconds.

To prevent a take face or mold taking out the system, many systems now require the user to smile, blink, or otherwise move in a way that is human before verifying.

Most facial recognition technology works by one of two methods: facial geometry or Eigenface comparison. Facial geometry analysis works by taking a known reference point (for example, the distance from eye to eye), and measuring the various features of the face in their distance and angles from this reference point. Eigenface comparison uses a palette of about 150 facial abstractions, and compares the captured face with these archetypal abstract faces.

20

Use:Currently gaining support as a potential tool for averting terrorist crimes, facial

recognition is already in use-in many law enforcement areas. Software has also been developed for computer networks and automated bank tellers that use facial recognition for user verification purposes.

21

HAND GEOMETRY

History:

Hand geometry is the granddaddy of the modem biometrics by virtue of a 20 yr history of live Applications. There have been six different hand scanning products developed over this span, including some of the most commercially successful biometrics to date.

Evaluation:

Hand geometry has several strengths going for it. It is very easy for users to work the, system - requiring nothing more placing one's hand on the device. It has no public attitude problems as it is associated most commonly with authorized access. The amount of data required to uniquely identify a user in a system is tile smallest by far, allowing it to be used with Smart Cards easily. It is also quite resistant to attempt to fool the system. The time and energy required to sufficiently emulate a person's hand is generally too much to be worth the effort, especially since it is generally used for verification purposes only.

That said, there are some disadvantages to this biometric, including its proprietary hardware cost and required size. Also, while injuries to hands can cause difficulty in using the reader effectively, the lack of accuracy in general requires that it be used for verification alone. In fact, because of the small amount of information measured, it is possible to have duplicate readings if enough people are put into the system, therefore eliminating its use as an identification system.

Basics:

Hand geometry involves the measurement and analysis of the shape of one's hand. It is a fairly simple procedure and is surprisingly accurate. Though it requires special hardware to use, it can be easi ly integrated into other devices or systems. Unlike fingerprints, the human hand isn't unique. Individual hand features are not Descriptive enough for identification. However, it is possible to devise a method by combining various individual features and measurements of fingers and hands for Verification purposes.

How it works:

The user places the palm of his hand on a metal surface which has guidance pegs on it. The hand is properly aligned by the pegs so the device can read tile hand attributes. The device then checks its database for verification of the user. The process usually takes less than 5 seconds

While it seems like it could be added to the systems, current hand geometry scanners do not have any way to detect whether a hand is living or not and here fore can be fooled by a fake hand if Pressure is applied to the plate correctly.

22

FIGURE FOR HAND GEOMETRY(figer)

Use:

Hand Geometry is employed at over 8,000 locations including the Colombian legislatures, San Francisco International Airport, day care centers, a sperm bank, welfare agencies, hospitals, and immigration facilities for the INSPASS frequent international traveler system.

23

IRIS SCAN

History:

The idea of using iris patterns for personal identification was originally proposed in 1936 by ophthalmologist Frank Burch. By the 1980's the idea had appeared in James Bond films, but it still remained science fiction and conjecture. In 1987 two other ophthalmologists, Aran safir and Leonard Flom, patented. This idea, and in 1989 they asked John Daugman (then teaching at Harvard University) to try to create actual algorithms for iris recognition. These algorithms, which Baughman patented in 1994 and are owned by Indian Technologies, are the basis for all current iris recognition systems and products

Evaluation:

The uniqueness -of eyes, even between the left and right eye of the same person, makes iris scanning very powerful for identification purposes. The likelihood of a false positive is extremely low and its relative speed and ease of use make it a great potential biometric. The only drawbacks are the potential difficulty in getting someone to hold their head in the right spot for the scan if they are not doing the scan willingly. It also take's up a bit more memory for the data to be stored, but with the advances in technology, this is unlikely to cause any major difficulty,

Basic:

Iris scans analyze the features that exist in he colored tissue surrounding the pupil which ha more then 200 points that can be used for comparisons, including rigs, furrows and freckles. the scans use a regular video camera style and can be done from further away than retinal scan. It will work through glasses can be used for identification purposes, and not just verification.

24

How it works:

The user places himself so that he can see his own eye’s reflection in the device. The user may e able to do this from up to 2 feet away or may need to be as close as a couple of inches depending on the device Verification time is generally less than 5 seconds though the user will only need to look into the device for a couple moments.

To prevent a fake eye from being used to fool the system, these devices may vary the light shone into the eye and watch for pupil dilation.

Use:

Law enforcement agencies in the United States began using it in 1994 when the Lancaster County Prison in Pennsylvania became the first correctional facility to employ the technology for prisoner identification. In Berkshire County, the technology is used in the newly built Berkshire County Jail as a security check for employees. The Charlotte/Douglas International Airport in North Carolina and the Flughafen Frankfort Airport in Germany allow frequent passengers to register their iris scans in an effort to streamline boarding procedures. There is discussion that banks may someday make iris scans a routine part of ATM transactions and some have begun taking the first steps in testing out these systems.

The use of iris scans as part of the booking procedure along with fingerprints is just beginning to come into existence. Police stations around the country have been looking into the technology and sonic, including the bam stable County jai III Massachusetts which put in a system in early 2002. The power of this biometric may make it rival fingerprints for booking situations where identification and verification are vital.

25

RETINAL SCAN

History:

Retina scan is actually one of the oldest biometrics as 1930's research suggested that the patterns of blood vessels on the back of the human eye were unique to each individual. While technology has taken more time than the theory to be usable, Identify, founded in 1976, developed The Identification 7.5 personal identification unit, the first retina scan device made for commercial use, in 1984. At this time, they are still the primary company for retinal scan devices though they do use resellers.

Evaluation:

Retina scan devices are probably the most accurate biometric available today. The continuity of the retinal pattern throughout life and the difficulty in fooling such a device also make it a great long-term high-security option.

Unfortunately, the cost of the proprietary hardware as well as the inability to evolve easily with new technology make retrial scan devices a bad fit for most situations. It also has the stigma of consumer's thinking it is potentially harmful to the eye, and in general not easy to use.

Basics:

Retinal scanning analyses the layer or blood vessels at the back of' the eye. Scanning involves using a low-intensity light source and an optical coupler and can read the patterns at a great level of accuracy. It does require the user to remove glasses, place their eye close to the device, and focus on a certain point. Whether the accuracy can outweigh the public discomfort is yet to be seen.

How it works?

The user looks through a small opening in the device at a small green light. The user must keep their head still and eye focused on the light for several seconds during which time the device will verify his identity. This process takes about 10 to 15 seconds total.

There is no known way to replicate a retina, and a retina from a dead person would deteriorate too fast to be useful, so no extra precautions have been taken with retinal scans to be sure the user is a living human being.

Use:

Contrary to popular public misconceptions, and reflective of, what is seen in the movies, retina scan is used almost exclusively in high-end security applications. It is used for con trolling access to areas or rooms in military installations, power plants, and the like that are considered high risk security areas.

26

VASCULAR PATTERNS

History:

Vascular pattern technology is still fairly new and there are few published details about it.

Evaluation:

Too new to have much data, vascular pattern technology does seem to have a few advantages over its- counterparts, including the great difficulty in emulating another person's vein structure, and not having to worry about rain, glasses, or external injuries. That said, effects of aging, heart attacks, and a medical problem with one’s arteries on the scans has yet to be determined fully. It also requires a large amount of space to mount the device so that the entire hand can be scanned which may restrict its usability.

Basics:

Vascular patterns are best described as a picture of veins in a person’s hand or face. The thickness and location of these veins are believed to be unique enough to an individual to be used to verify a person's identity.

How it works?:

The most common form of vascular pattern readers are hand-based, requiring the user to place their hand on a- curved reader that takes an infrared scan. This scan creates a picture that can then be compared to a database to verify the user's stated identity.

Use:-

Though minimally used at the moment, vascular pattern scanners can be found in testing at major military installations and is being considered by some established companies in the security industry and multi-outlet retailers. Currently it is still building acceptance.

27

SIGATURE SCANNING:-

Basics:Signature verification is the process used to recognize an individual's handwritten

signature.

Dynamic signature verification technology uses the behavioral biometrics of a hand written signature to confirm the identity of a computer user. This is done by analyzing the shape, speed, stroke pen pressure and timing information during the act of signing. Natural and intuitive, the technology is easy to explain and trust.

As a replacement for a password or a PIN number, dynamic signature verification is a biometric technology that is used to positively identity a person from their handwritten signature.

Signature verification is natural and intuitive. The technology is easy to explain and trust, The primary advantage that signature verification systems have over other types of biometric technologies is that signatures are already accepted as the common method of identity verification. This history of trust means that people are very willing to accept a signature based verification system.

How it works:-

Signature-scan technology utilizes the distinctive aspects of the signature to verify the identity of individuals. The technology examines the behavioral components of the signature, such as stroke order, speed and pressure, as opposed to comparing visual images of signatures. Unlike traditional signature comparison technologies, signature-scan measures the physical activity of signing. While a system may also leverage a comparison of the visual appearance of a signature, or "static signature," the primary components of signature-scan are behavioral.

The signature, along with the variables present during the signing process, is transmitted to a local PC for template generation. Verification can take place against a local PC or a central PC, depending on the application. In employee-facing signature scan applications such as purchase order authentication, local processing may be preferred; there may be just a single PC used for such authorization. For customer facing applications, such as retail or banking authentication, centralized authentication is likely necessary because the user may sign at one of many locations.

The results of signature-scan comparisons must be tied into existing authentication schemes or used as the basis of new authentication procedures, For example, in a transactional authentication scenario, the "authorize transaction" message might be sent after a signature is acquired by a central PC. When signature scan is integrated into this process, an additional routine requires that the signature characteristics be successfully matched against those on file in order for the "authorize transaction" message to go forward. In other applications, the results of a signature scan match may simply be noted and appended to a transaction. For example, in document authentication, an unsuccessful comparison may be flagged for future resolution

28

while not halting a transaction. The simplest example would be a signature used for handheld device login: the successful authentication message merely needs to be integrated into the login module, similarly to a PIN or password.

Use:

Signature-scan is implemented in situations where signature or written input processes are already in place. These applications include contract execution, formal agreements, acknowledgement of services received, access to controlled documents, etc.

As the act of signing documents becomes more integrated with electronic capture processes - signing on acquisition tablets, using special styluses, etc. - the opportunity for biometric authentication will increase dramatically. As of today, there are few -acquisition devices deployed in operational environments capable of capturing biometric data. Note that signature-scan is not the same as signature capture, currently used in various point-of-sale systems. Nor is it the same as digital signatures, an encryption technology.

Using digital signatures opens up opportunities in other areas, as well: trading stocks, authorizing the transfer of medical records, applying for mortgages. All of the things that require a paper signature can potentially move online, making transactions smoother, faster, more secure and less expensive.

29

VOICE RECOGNITION

History:

Speaker recognition has a history dating back some four decades, where the Output of several analog filters was averaged over time for matching.

Basics:

This technique is based on the patterns generated using vocal characteristic (the frequency and wavelength) of the end user, voice. Although this method is easy to use and less expensive, it -is highly dependent on external factors include a change in voice due to the emotional state or physical condition of the user, the background noise and pronunciation of end users.

Capture of the biometric is seen as non-invasive. The technology needs little additional hardware by using existing microphones and voice-transmission technology allowing recognition over long distances via ordinary telephones (wire line or wireless).

How it works:

Speaker recognition use, the acoustic features of speech that have been found to differ between individuals. These acoustic patterns reflect both anatomy (e.g., size and. shape of the throat and mouth) and learned behavioral patterns (e.g. voice pitch, speaking style). This- incorporation of learned patterns into the voice templates (the latter called "voiceprints") has earned speaker recognition its classification as a "behavioral biometric." Speaker recognition systems employ three styles of spoken input:

Text-dependent, Text-prompted Text-independent.

Most speaker verification applications use text-dependent input, which involves selection and enrollment of one or more voice passwords. Text-prompted input is used whenever there is concern of imposters. The various technologies used to process and store voiceprints include hidden Markov models, pattern matching algorithms, neural networks, matrix representation and decision trees. Some systems also Use "antispeaker” techniques, such as cohort models, and world models.

Performance degradation can result from changes in behavioral attributes of the voice and from enrollment using one telephone and verification on another telephone. Voice changes due to aging also need to be addressed by recognition systems.

Use:

Many companies market speaker recognition engines, often as part of large voice processing, control and switching systems.

30

KEYSTROKE SCANNING

This technique is based on keystroke dynamics, such as speed and pressure and time taken between pressing keys. The algorithm for this method is still evolving. This method is generally use to authenticate the end users personal computers.

31

SUMMARY OF BIOMETRICS TECHNIQUES.Technology Advantages Disadvantage SensorFingerprint High security, less

expensive and easy to use

Dirty and unclear image.

Capacitive, optic, thermal, acoustic ,pressure sensitive.

Facial scan Comparatively less expensive, easy to use and a fast method

High storage required, depends on external factors such as lighting user behavior etc low accuracy.

Camera.

Retinal scan High security does no change over a period of time

Users are required to stand still and very close to the device. may reveal sensitive medical information about end user.

Infrared camera

Iris scan Does no require close contact with device. Does not change over a period of time .

Requires more storage and expensive compare to retinal scan.

Infrared camera

Hand scan It is acceptable to end-users. Requires less storage space, hence improved performance.

Accuracy level low is since hand and finger geometry may change.

Camera

Voice recognition May be used for remote access easily. Comparatively inexpensive.

Voice depends on emotional state and physical condition of user.

Microphone.

Keystroke dynamics. Less expensive Depends on speed, presser and time taking between pressing keys.

Keyboard.

32

ADVANTAGES & DISADVANTAGES OF BIOMETRICS SYSTEM

Advantages:

Biometric s protects privacy by safeguarding identity and integrity:

Biometric technology is a major defense against identity theft Identity theft- stolen credit cards, phony checks, benefits fraud, network hacking and other impostor scams to defraud businesses, government agencies. and consumers costs billons of dollar per year. It is a problem that drives up prices of' goods, increases taxes, complicate route transaction, and strains low enforcement resources. Until recently, the only way to attack the problem has been to add expensive screening and administrating procedure; however, steps such as hiring security guards maintaining accurate databases, reviewing identity documents, administering password systems and asking personal question have proven to be costly, stopgap measures that can be defeated by enterprising crooks.

As an example from the financial services industry (but applicable to almost any fraud prevention scenario), criminal are known to exploit weaknesses within present access systems that rely on password or PINs. They are able do this by clandestinely obtaining these codes. The criminal then have access to customer accounts. The customer, financial integrity is compromised due to this unauthorized access to his or personal information. In effect, the customer has suffered an invasion of privacy related to his or her financial integrity. Biometric based system make fraud much more difficult. Therefore it is argued that biometrics technology protects personnel privacy by safeguarding identity and integrity.

Biometric are safe. Biometric devises and software are non Intrusive technologies that have been designed

to work effectively variable and demanding conditions. None of products offered by IBIA (international biometric' industry association) members present health or safety risk to either user or operators. They don't leave marks, don't take physical samples, and require minimal or no contact by user.

An ideal biometric technology generally included4 based on:

A unique biometric characteristic

Non-intrusive data collection.

No or minimal contact between the person being scanned and equipment doing scanning

An automated system i.e. no-human decision maker in the decision loop.

Very high accuracy.

High speed,

33

In sum, a idle biometric system I is fast, accurate, user Friendly and low cost.Disadvantages:

Biometric - based security is a highly advanced security mechanism. But there are several hurdles, which come in the way of its wide spared deployment. These issues range from technical, to financial, to privacy, to usability and affect the use and deployment of biometric authentication systems. The following are some major disadvantages:

Cost:

One of the major objects, in the widespread deployment of biometric authentication is the high cost of the devices and equipment needed. Other than the basic infrastructure needed to perform authentication and data storage, biometric authentication systems required -devises to capture users’ biometric characteristics.

Remote or personal authentication:

Generally biometric systems are deployed 'at central locations. If bank mandates its Internet banking customer to use biometric authentication" then cost and practical deployment issues will arise. Additional equipment will have to be installed with each personal computer.

Integration with exiting application:

Converting any existing system to biometric authentication is not a straightforward process, since it requires the integration of a biometric system with the existing application.

User issues-:

Sometimes users psychology creates problems with biometric systems. Can a person stand steady, without blinking his eyes, when the retina is scanned? User hesitation and discomfort makes biometric system less usable in some cases.

System effectiveness:

Biometric authentication systems are not 100% effective. This effectiveness is measured in terms of false acceptance and false rejection. Unlike other authentication methods, such as password -based authentication, where authentication is based on bit-by-bit matching of information, biometric authentication is a heuristic approach.

Privacy issues:-Biometrics system may revel a lot of medical and personal information but the end-

users. Many users may not like their privacy to be compromised for the sake of authentication.

34

APPLICATION OF BIOMETRICS

Biometric authentication systems seem to be the first choice for producer and directors of sci-fi movies. 'Charlie's angles' the James bonds movies and 'mission impossible' are good case studies of biometric authentication systems. biometric application become popular in- many area are as follows:

Physical access control:

The richest temple in India, Tirupati, claims to implement the word's largest biometric solution. An average of 50,000 people visits the temple daily. Each person issued a ticket, capturing his fingerprints. These fingerprints are verified at the time the user enter the temple.

Financial services:

It includes ATMs and kiosks for online banking. The banking sector also uses voice recognition for telephone banking.

Immigration and border control:

Recently the US consulate in India has made it mandatory for any person seeking a US visa to register himself at the visa office with fingerprints. Such authentication methods are used while entering the country, and for tracking visitors.

Law enforcement:

A digital version of the ink and paper type fingerprint is the most preferred way of tracking criminals. Biometric technology is also use in hi-tech prisons, smart guns etc.

Defense\nuclear centers:-

These establishments are highly secured area. Such place. Use a robust authentication system, such as retinal scan, to control access to the facilities.

Computer security:

PC security is one area were biometric has -become to be use. typical deployment are based on keystroke dynamics, voice or finger pressure and the like, for granting access to personal computer.

Time and attendance:

As a replacement for traditional punch card, biometric system are being deployed to handle reporting time and attendance of worker.

35

Events:

The biometric is being used for access control during events, such as big sports events, Access to different special areas is restricted using authentication such as hand geometry, etc.

Healthcare and shop:

Biometric system are use to safeguard medical records and to control purchase and payments at shops.

36

CONCLUSIONWith the increasing use of computer as vehicles of information technology, it is

necessary to access to sensitive or personal data. Whenever you are using other authentication systems like password base and token base system which required to something you have, such as a license or a passport. Sometimes it also required something you know, such as a password or a PIN. As we move into a time when we need more secure and accurate measures, we begin to look at using something you are that is biometrics.

While to possibility for biometric are great, biometric technology may not be the answer for everyone. The cost for user for some solutions may still be too high. Also to be consider are the legal consideration of using biometric specifically privacy issues, how ever for some biometric may be the answer.

There are some shortcoming for biometrics we all know that,

"Passwords are like bubble gum: strongest when fresh, should be use by individuals and not groups, it left lying around will create a sticky mess"

At last but not list biometric authentication makes use of the fact that each individual has certain unique characteristics. This emerging technology has given a whole new dimension to security, helping to make it more foolproof.

37

BIBLOGRAPHY

In preparing this report I have come across many knowledgeable website from them I would like to share some of them like….

www.google.com www.findbiometric.com www.fingerprint.com www.biometrics.org. www.biometricsinfo.org. www.btninfoech.com. www.computer.howstuffworks.com www.magestechnologies.com. www.biometrics.sce.msu.edu/figerprint.html. www.javacard.org/others/biometrics. www.ask.com.

There are some magazines also which has provided me useful information like…

Information technology. Electronics for you. Safari.

38