Fundamentals of Biometric System Design. Chapter 1 Introduction

Fundamentals of Biometric System Design by S. N. Yanushkevich Chapter 1 Introduction Biometric sensor Biometric sensor Computer platform Biometric sensor Biometric sensor Verification: Am I whom I claim to be? Identification: Who am I? Verification and identification Positive recognition Negative recognition Leading biometric technologies Biometric systems Applications Historical perspectives Advanced topics Further reading Problems

S.N. Yanushkevich, Fundamentals of Biometric Systems Design 2 Preface Biometric is understood as a measurable physiological and/or behavioral trait that can be captured and compared with another instance at the time of verification. Biometric data is unprocessed or raw biometric data. This data cannot be used to perform biometric matches. Biometric system do not store biometric data. The process by which a user s biometric data is initially acquired, assessed, processed, and stored in the form of a template is called enrollment. Biometrics is the science of the measurement of unique human characteristics, both physical and behavioral. Biometric technology refers to any technique that reliably uses measurable physiological or behavioral characteristics to distinguish one person from another. The roots of biometric technology go back a long way, about several thousands of years. This lecture is the base for the implementation issue of biometric technology. We follow a three phase scheme: biometric data acquisition, biometric techniques, and computing platform, that is: Biometric data } {{ } From sensors Biometric techniques } {{ } Interdisciplinary methodology Computing platform } {{ } Hardware and software Biometric data are generated by humans and can be analyzed by biometric system in various bands (visible light, infrared, and acoustic). The purpose of this analysis can be defined as the identification of person, illness diagnostic (recognition), behavior state recognition, and human-machine interface design. Common physiological biometric traits include, for instance, Fingerprints, Retina, Iris, Facial images, and Hand geometry. Whereas, common behavioral biometric traits include, in particular, signature, gait, voice recordings, and keystroke rhythms. A biometric system should meet the specified recognition accuracy, speed, and resource requirements, be harmless to the users, be

S.N. Yanushkevich, Fundamentals of Biometric Systems Design 3 accepted by the intended population, and be sufficiently robust to various fraudulent methods and attacks to the system. Biometric system is an application-specific computer system. Application-specific techniques (pattern recognition methods, algorithms, and programs) are implemented using efficiency organized hardware platform. Biometric data are characterized by the following features: Universality, Distinctiveness, Permanency, Contestability, Reliability, and Acceptability. Biometric system operates as follows: Acquiring biometric data } {{ } From an individual Processing } {{ } Comparing against the templates } {{ } From the acquired data From the database Essentials of this lecture Multidisciplinary methodology and techniques of the biometric system design. The lecture outlines the consequences of adopting various design platforms such as distributed systems, fault tolerant systems, parallel computer architecture, mobile systems, and portable systems and devices. Biometric system design is appear relevant to these platforms but within the constraints of specific-area applications (security, attack-tolerance, etc.). Self-study. This lecture provides a(future) designer of a biometric system with necessary background information. Use as reference. A designer faced with newly developed technologies needs to consult the research literature and other more specialized texts; the many references provided can aid such a search. Dr. S. Yanushkevich

S.N. Yanushkevich, Fundamentals of Biometric Systems Design 4 Introduction to Biometric System Design Information necessitating a change of design will be conveyed to the designer after - and only after - the plans are complete. Murphy s Law (First Law of Revision) a a 2009 Calendar by A. Bloch, Andrews McMeel Publishing, Kansas City Biometrics is the science of the measurement of unique human characteristics, both physical and behavioral. The word biometrics is a combination of the Greek words bio and metric. When combined, it means life measurement. Biometric technology refers to any technique that reliably uses measurable physiological or behavioral characteristics to distinguish one person from another. Common physiological biometric traits include, for instance, fingerprints, retina, iris, facial images, hand geometry. Whereas, common behavioral biometric traits include, in particular, signature, gait, voice recordings, and keystroke rhythms. This lecture focuses on the role of biometric information in state-ofthe-art biometric systems. 1 Biometric system as an application-specific computer system Biometric system is an application-specific computer system. The design of a biometric system is considered as an efficient implementation of application-specific techniques (methods, algorithms, and programs) using some computing platform (Fig. 1). Application-specific techniques Application-specific hardware platform Biometric techniques Computer platform Application-specific software platform Application-specific I/O interfaces Fig. 1: Biometric system is an application-specific computer system consisting of the specific-purpose programs and computing platform.

S.N. Yanushkevich, Fundamentals of Biometric Systems Design 5 The key components of biometric system are: Component 1: Biometric data sensors. Generation of biometric data in the form of signals such as visual, acoustic, and other electromagnetic spectrum signals (Fig. 2)is a nature of humans. 1 µm 1 mm 1 m 1 km Visible light Infra red Voice Fig. 2: Generation of biometric data. This data can be used for various purposes, such as illness diagnostic and recognition, behavior state recognition, human-machine interface design, and identification. In this lecture, the goal of manipulation of biometric data is the identification of persons. Biometric data used for person identification must satisfy various criteria discussed in this chapter. Additional constraints are applied to biometric data at the state of implementation. Component 2: Techniques for manipulation of biometric data include various algorithms for filtering, transforms, and pattern recognition. Also decision-making algorithms are used at various phases of biometric data manipulation. Component 3: Hardware platform for the implementation of these techniques. Often the application-specific instruction-set processors are used as a hardware platform for biometric devices and systems. The instruction set of these processors is tailored to benefit a specific (biometric) application. This specialization of the core provides a tradeoff between the flexibility of a general purpose CPU and the performance of application-specific instruction-set processors. Applications-specific systems, such as biometric systems, have constraints on latency; that is, for the system to work, the specific-purpose programs must be completed within some time constraint. A specialized digital signal processor (DSP) for digital signal processing is a typical example of an application-specific design using special architecture. Another examples of applications-specific systems are high definition digital TV systems, encryption and decryption, private property protection, automobile control systems, and personal assistances.

S.N. Yanushkevich, Fundamentals of Biometric Systems Design 6 Advanced methodologies for designing application-specific computer systems are Application - Specific Integrated Circuits (ASIC) and System-on-Chip (SoC). A typical platform design flow is given in Fig. 4. The design begins with the exploration of the biometric application requirements (the first phase). Requirements such as execution time, resource utilization, power dissipation, etc., are derived and their mutual dependencies specified. Information about appearance of special functions and function sequences calling for hardware acceleration is also needed. Biometric system can have different configurations. These configurations can be characterized as centralized and distributed architectural designs. Example 1: (Biometric system configurations.)in Fig. 3, the distributed biometric system is shown. Biometric sensor Computer platform Biometric sensor Computer platform Biometric sensor Computer platform Biometric sensor Computer platform Biometric sensor Biometric sensor Computer platform Biometric sensor Biometric sensor (a) (b) Fig. 3: Example of configuration of biometric systems: distributed architecture (a) and centralized architecture (star-like configuration) (b). 2 Biometric data specification Any human physiological and/or behavioral characteristic can be used as a biometric data as long as it satisfies the following requirements 1 : 1 A. Jain, R. Bolle, and S. Pankanti, Eds., Biometrics: Personal Identification in a Networked Society, Kluwer, 1999

S.N. Yanushkevich, Fundamentals of Biometric Systems Design 7 Requirements to biometric data Requirement 1: Universal (every person should have that characteristic), Requirement 2: Unique (no two people should be exactly the same in terms of that characteristic) Requirement 3: Permanent (invariant with time) Requirement 4: Collectable (can be measured quantitatively) Requirement 5: Reliable (must be safe and operate at a satisfactory performance level) Requirement 6: Acceptable (non-invasive and socially tolerable). In a biometric system, that is, a computer system that employs biometrics for personal recognition, there is a number of other issues that should be considered, in particular: Performance, which refers to the achievable recognition accuracy and speed, the characteristics of required resources, as well as the operational and environmental factors; Acceptability, which refers to the extent to which people are willing to accept the use of a particular biometric identifier (characteristic) in their daily lives. In addition, the characteristic called a circumvention introduces the behavior of a biometric system for particular scenarios: how easily the system can be fooled using fraudulent methods. 3 Application-specific techniques for biometric data manipulation Techniques for manipulation of biometric data include various algorithms such as filtering, convolution, Fourier transforms, and pattern classification and recognition. Decisionmaking techniques are applied in most simple form, such as threshold, at the lowest level. Sophisticated algorithms for decision making under uncertainty are used at the highest levels of the system such as human-machine interface. In this section, we consider the verification and identification. 3.1 Verification and identification An application-specific techniques biometric system is essentially a pattern recognition system that operates by acquiring biometric data from an individual, extracting a feature

S.N. Yanushkevich, Fundamentals of Biometric Systems Design 8 1 Application domain exploration Characterization of: Deployed biometric system Deployed terminals Re-design if needed 2 Functional block selection Computational complexity estimation Functional block specification Re-design if needed 3 Communication network design Scheduling tasks Deriving communication constraints Communication protocols 4 Floor planning Physical characterization Communication network Optimization Verification Algorithm implementation Re-design if needed Fig. 4: Platform-based design flow.

S.N. Yanushkevich, Fundamentals of Biometric Systems Design 9 set from the acquired data, and comparing this feature set against the template set in the database. Identification and verification (also known as authentication) are both used to declare the identity of a user. Depending on the application context, a biometric system may operate either in verification mode or identification mode. Before a system is able to verify/identify the specific biometrics of a person, the system requires something to compare it with. Therefore, a profile, or template, containing the biometric properties, is stored in the system. Recording the characteristics of a person is called enrollment. As a user, you can be identified or verified on the basis of: Something you know, for example, a password or a PIN. Something you hold, for example, a credit card, a key, or a passport. Something you are (biometrics), for example, a fingerprint or iris patterns Using something you know and hold are two easy identification/verification solutions widely used today. Using something you know only requires memorization of some data (passwords, etc.), but can, on the other hand, be easily overheard, seen, or even guessed. An item you hold can be stolen and later on used or copied. Using biometrics might, at first, seem to overcome these problems, since fingerprints, iris patterns, etc. are part of your body and thus are not easily misplaced, stolen, forged, or shared. This report might, however, give you some new insight about this subject. One way to increase security in an identification/verification system is to combine two or more different identification/verification methods. Depending on the application context, a biometric system may operate either in: Verification mode or Identification mode. 3.2 Verification: Am I whom I claim to be? In the verification mode, the system validates a persons identity by comparing the captured biometric data with his or her own biometric template(s) stored in the system database. In such a system, an individual who desires to be recognized claims an identity, usually via a personal identification number (PIN), a user name, or a smart card, and the system conducts a one-to-one comparison to determine whether the claim is true or not (Am I whom I claim to be?) Identity verification is typically used for positive recognition, where the aim is to prevent multiple people from using the same identity. Let: Input feature vector X Q extracted from the biometric data,

S.N. Yanushkevich, Fundamentals of Biometric Systems Design 10 I be a claimed identity, w 1 be the class that indicates that the claim is true (a genuine user), w 2 be the class that indicates that the claim is false (an impostor), S(X Q,X I ) be the function that measures the similarity between feature vectors X Q and X I, t is a predefined threshold. The verification problem is formulated as follows: Given X Q, determine if (I,X Q ) belongs to class w 1 or w 2. The verification problem can be described in the form Class w 1, if S(X Q,X I ) t Verification (I,X Q ) Class w 2, otherwise (1) Typically, X Q is matched against X I, the biometric template corresponding to user I, in order to determine its category. The value S(X Q,X I ) is termed as a similarity or matching score between the biometric measurements of the user and the claimed identity. Therefore,everyclaimedidentityisclassifiedintow 1 orw 2 basedonthevariablesx Q,X I, I, and t, and the function S. Note that biometric measurements of the same individual taken at different times are almost never identical. This is the reason for introducing the threshold t. 3.3 Identification: Who am I? In the identification mode, the system recognizes an individual by searching the templates of all the users in the database for a match. Therefore, the system conducts a one-tomany comparison to establish an individuals identity(or fails if the subject is not enrolled in the system database) without the subject having to claim an identity (Who am I?) Let: I k, k 1,2,...,N,N +1 be the identity. Suppose that I 1,I 2,...,I N are the identities enrolled in the system and I N+1 indicates the reject case where no suitable identity can be determined for the user. X Ik be the biometric template corresponding to identity I k, and t is a predefined threshold. The identification problem is formulated as follows: given an input feature vector X Q, determine the identity I k, k 1,2,...,N,N +1. This can be described in the form

S.N. Yanushkevich, Fundamentals of Biometric Systems Design 11 I k, if max S(X Q,X Ik ) t k Identification I Q I N+1, otherwise (2) Identification is a critical component in both positive and negative recognition applications. 4 Person identification: Positive and Negative Positive and negative recognition The purpose of positive recognition is to prevent multiple people from using the same identity. The purpose of negative recognition is to prevent a single person from using multiple identities. There is actually nothing in your voice, hand shape or any biometric measure to tell the computer your name, age or citizenship, or to establish your eligibility to vote. External documents (passport, birth certificate, naturalization papers) or your good word establishing these facts must be supplied at the time you initially present yourself to the biometric system for enrollment. At this initial session, your biometric characteristic, such as an eye scan, is recorded and linked to this externally-supplied personal information. At future sessions, the computer links you to the previously supplied information using the same physical characteristic. Even if the biometric system works perfectly, the personal data in the computer, such as your voting eligibility, is only as reliable as the original source documentation supplied. Once the computer knows your claimed identity, it can usually recognize you whenever you present the required biometric characteristic. No biometric identification system, however, works perfectly. Problems are generally caused by changes in the physical characteristic. Example 2: (Physical characteristic changes.) Even fingerprints change as cuts, cracks and dryness in the skin come and go. It is far more likely that the computer will not recognize your enrollment characteristic than link you to the characteristic of someone else, but both types of errors do occur. To minimize the possibility that you will be linked to another record, positive identification systems ask you to identify yourself. Your biometric characteristic is then compared to the characteristic stored at the time you enrolled. Biometric measures

S.N. Yanushkevich, Fundamentals of Biometric Systems Design 12 are always fuzzy to some extent, changing over time and circumstance of collection. If the submitted and stored biometric measures are close enough, it is assumed that you are indeed the person enrolled under the identity you claimed. If the presented and enrolled characteristics are not close enough, you will generally be allowed to try again. If multiple attempts are allowed, the number of users falsely rejected can be under 1%, although there are always some people chronically unable to use any system who must be given alternate means of identification. The possibility that an impostor will be judged close enough, even given multiple attempts, is usually less than one in ten. Example 3: (Multiple attempts.) The threat of being caught in 9 out of 10 attempts is enough to deter most impostors, particularly if penalties for fraud are involved. Positive identification using biometrics can be made totally voluntary (Fig. 5). People not wishing to use the system can instead supply the source documents to human examiners each time they access the system. Many biometric methods have been used in public systems for positive identification: hand and finger geometry, iris and retinal scanning, voice and face recognition, and fingerprinting. There is a another way some biometric systems can be used: negative identification. In these applications, found in driver licensing and social service eligibility systems where multiple enrollments are illegal, the user claims not to be enrolled. Apart from the honor system, where each persons word is accepted, there are no alternatives to biometrics for negative identification. During enrollment, the system must compare the presented characteristic to all characteristics in the database to verify that no match exists. Because of the ongoing changes in everyones body, errors can occur in the direction of failing to recognize an existing enrollment, perhaps at a rate of a few percent. But again, only the most determined fraudster, unconcerned about penalties, would take on a system weighted against him/her with these odds. False matches of a submitted biometric measure to one connected to another person in the database are extremely rare and can always be resolved by the people operating the system. Negative identification applications cannot be made voluntary. Each person wishing to establish an identity in the system must present the required biometric measure. If this were not so, fraudsters could establish multiple enrollments simply by declining to use the biometric system. On the other hand, negative identification can be accomplished perfectly well without linkage to any external information, such as name or age. This information is not directly necessary to prove you are not already known to the system, although it may be helpful if identification errors occur.

S.N. Yanushkevich, Fundamentals of Biometric Systems Design 13 Positive identification To prove I am someone known to the system Negative identification To prove I am not someone known to the system Comparison of submitted sample to single claimed template Comparison of submitted sample to all enrolled templates Alternative identification methods exist No alternative methods exist Can be voluntary Must be mandatory for all Biometric measures linked to personal information (name, age, citizenship) only through external source documents. Linkage to personal information not required. Fig. 5: Positive and negative identification using biometrics. and corresponding technologies demonstrated in public systems. While traditional methods of personal recognition such as passwords, PINs, keys, and tokens may work for positive recognition, negative recognition can only be established through biometrics. In positive identification systems, a false match is called a false acceptance, and a false non-match is called a false rejection. In negative identification systems, the terminology is reversed. Regardless of whether a system is for positive or negative identification, false acceptances allow for fraud and false rejection. Those are inconvenient and require exception handling. The false rejection rate is immediately measurable from user demands for exception handling. Instances of false acceptance are almost never reported. The perceived rate, however, must be kept low enough to maintain deterrence.

S.N. Yanushkevich, Fundamentals of Biometric Systems Design 14 5 Biometric data Any human physiological and/or behavioral measurements represent some biometric data. Although many types of data the human body carries or generates various types of data in different spectral bands, not all biometric data are deployed in biometric systems. Example 4: (Future generation of biometric systems.) Brain activity can be considered as generation of biometric data. This data can be extracted using monitoring brain activity (for example, EEG techniques) and is useful for the brain-machine interface design. But these data cannot be used in biometric system design for two main reasons: (a) high cost of acquisition equipment and processing techniques and, (b) insufficiency of study performed on the data that proves its feasibility for humans identification. By the same reason, DNA-based systems are considered as a future generation of biometric systems. Hence, there are various constraints for using biometric data in biometric system design. These constrains can be introduced in the form of the requirements to biometric data. 5.1 Six basic requirements to biometric data Biometric data can be used as a biometric characteristic for human identification, if it does satisfy the following key requirements: Requirement 1: Permanence. The biometric data should be sufficiently invariant over a period of time. Requirement 2: Distinctiveness. Any two persons should be sufficiently different in terms of the characteristic. Requirement 3: Collectability. The biometric data can be measured quantitatively. These three key requirements are considered while choosing the type of biometric data application for a particular. Example 5: (Requirements to biometric data.) An example of permanent biometric data is fingerprint and iris; the nonpermanent data include face (because of aging, disguise), and voice (aging, illness). The requirements of distinctiveness and collectability of biometric data are concerned assessing the available techniques and tools.

S.N. Yanushkevich, Fundamentals of Biometric Systems Design 15 In addition, the following three requirements to biometric data must be satisfied while developing and implementing various algorithms for biometric data manipulation: Requirement 4: Acceptability which indicates the extent to which people are willing to accept the use of their particular biometric identifiers (characteristics) in their daily lives Requirement 5: Performance. It refers to the achievable accuracy and speed using the reasonable computing resources, as well as the operational and environmental factors that affect the accuracy and speed. If biometric data do not satisfy this requirements, for example, the cost of computing resources is not acceptable to achieve desired accuracy and performance parameters, this data is considered as unacceptable for biometric system design. Requirement 6: Circumvention. It reflects how easily the system can be fooled using fraudulent methods. That is, biometric data and system for its manipulation must be sufficiently robust to various attacks on system. If biometric data do not satisfy these requirements, that is, the fraudulent techniques can be easy developed, these biometric data are considered as unacceptable for biometric system design. Alternative solution is to use multiple biometric data, for example, fingerprints and facial images. Moreover, techniques for biometric data extraction must be harmless to the users and be accepted by the intended population. Example 6: (Biometric data chart.) Consider various types of data and how they satisfy the above requirements. This analysis results are presented in Summary 1, 2, and 3 and the chart in Fig. 6. For example, the row Summary 1 includes three types of biometric data that satisfy all six requirements. 5.2 Properties of biometric data There is a number of additional properties of biometric data, such as distorted data, intra-class variations, distinctiveness, and nonuniversality. Distortion in sensed data. The sensed data might be noisy or internationally distorted. Afingerprintwithascaroravoicealteredbycoldareexamplesofnoisydata. Noisydata could also be the result of defective or improperly maintained sensors (e.g., accumulation of dirt on a fingerprint sensor) or unfavorable ambient conditions (for example, poor

S.N. Yanushkevich, Fundamentals of Biometric Systems Design 16 R e q u i r e m e n t B i o m e t r i c t y p e 1 2 3 4 5 6 7 8 9 10 1 Permanence 2 Distinctiveness 3 Collectability 4 Acceptability 5 Performance 6 Circumvention Summary 1 Summary 2 Summary 3 Fig. 6: Biometric data chart (Example 6). illumination of a user s face in a face recognition system). Noisy biometric data may be incorrectly matched with templates in the database resulting in a user being incorrectly rejected. Intra-class variations. The biometric data acquired from an individual during authentication may be very different from the data that was used to generate the template during enrollment, thereby affecting the matching process. This variation is typically caused by a user who is incorrectly interacting with the sensor or when sensor characteristics are modified (for example, by changing the sensor interoperability) during the verification phase. As another example, the varying psychological makeup of an individual might result in vastly different behavioral traits at various time instances. Distinctiveness. While a biometric trait is expected to vary significantly across individuals, there may be large inter-class similarities in the feature sets used to represent these traits. This limitation restricts the discriminability provided by the biometric trait. Example 7: (Distinctiveness.) The information content (number of distinguishable patterns) in two of the most commonly used representationsofhandgeometryandfaceareonlyoftheorderof 10 5 and 10 3, respectively. Thus, every biometric trait has some theoretical upper bound in terms of its discrimination capability. See, for example, M. Golfarelli, D. Maio, and D. Maltoni, On the errorreject tradeoff in biometric verification systems, IEEE Transactions on Pattern Analysis and Machine Intelligence, vol. 19, pp. 786-796, July 1997.

S.N. Yanushkevich, Fundamentals of Biometric Systems Design 17 Non-universality. While every user is expected to possess the biometric trait being acquired, in reality it is possible for a subset of the users not to possess a particular biometric. Example 8: (Non-universality.) A fingerprint biometric system may be unable to extract features from the fingerprints of certain individuals, due to the poor quality of the ridges. Attacking the biometric identifiers. An impostor may attempt to spoof the biometric trait of a legitimately enrolled user in order to circumvent the system. This type of attack is especially relevant when behavioral traits such as signature and voice are used. However, physical traits are also susceptible to spoof attacks. Example 9: (Attacking biometric identifiers.) It has been demonstrated that it is possible(although difficult and cumbersome and requires the help of a legitimate user) to construct artificial fingers/fingerprints in a reasonable amount of time to circumvent a fingerprint verification system. Thetermspoofing isoftenusedtoindicateasecurityattackwhereanattacker(evena legitimate user of a system), runs a program with a false login screen and the unsuspecting user provides password and ID to an attacker. Several scenarios are possible in this situation, which depend on the attacker s strategy. Example 10: (Spoofing.) The attacker can, after memorizing the password and ID, allow the user to enter the system. The attacker can later re-enter the system using the stolen password and ID. Or, the attacker can refuse to allow the user to continue stating, with a fake error message, that the system cannot allow access at this time. At this point in time, the fake control screen seizes, and the user is logged off. The attacker, at a later point in time, logs onto the screen using the falsely obtained user ID and password. This is spoofing. Intellectual property protection. One of the ways of protection the intellectual property rights using biometric data is known as a watermarking.

S.N. Yanushkevich, Fundamentals of Biometric Systems Design 18 6 Leading biometric technologies Example 11: (Watermarking.) Watermarking is defined as a mechanism for embedding specific data into host data. This specific data must satisfy a number of requirements, in particular: author (source, the used tools, technique, etc.) identification, and being difficult to detect and remove. The goal of watermarking is to protect the intellectual property rights of the data. In certain applications, such as integrated circuit printed boards, as well as some documents, biometric data is used as a watermark. Some of the more traditional uses of physiological and behavioral characteristics are given in Fig. 7. Today biometric systems can achieve the following error rates: Error rates of some biometric systems Fingerprint identification system: of 1 in 10 5 using a single fingerprint, Iris identification system: of 1 in 10 6 using a single iris, Facial identification system: of 1 in 10 3 using a single face appearance. In order to uniquely identify one person in a population, for example, of 50 million, a fingerprint system should use at least four fingers per person, and an iris system should use both eyes. Facial biometrics could not provide a sufficient accuracy of identification of this population. However, facial identification system can be used in one-to-one comparison as an aid to identity checking, for example, for passport holders. The applicability of a specific biometric technique depends heavily on the requirements of the application domain. No single technique can outperform all the others in all operational environments. In this sense, each biometric technique is admissible, and there is no optimal biometric characteristic. Example 12: (Comparison.) It is well known that both the fingerprint-based and iris-based techniques are more accurate than the voice-based technique. However, in a telebanking application, the voice-based technique may be preferred, since it can be integrated seamlessly into the existing telephone system. Advantages and disadvantages of biometrics are discussed in Section 10, Further study.

S.N. Yanushkevich, Fundamentals of Biometric Systems Design 19 LEADING BIOMETRIC TECHNOLOGIES Facial recognition attempts to identify a subject based on facial characteristics (eye socket position, space between cheekbones, etc.). Fingerprint recognition systems rely on the biometric device s ability to distinguish the impressions of ridges and valleys made by an individual s finger. Hand geometry solutions take more than 90 dimensional measurements to record an accurate spatial representation of an individual s hand. The geometry of the hand is not known to be very distinctive and may not be invariant during the growth period of children. The physical size of a hand geometry-based system is large, and it cannot be embedded in certain devices like laptops. Palmprint recognition is based on the palms of the human hands that contain pattern of ridges and valleys(like the fingerprints) and additional distinctive features such as principal lines and wrinkles. When using a high-resolution palmprint scanner, all the features of the palm such as hand geometry, ridge and valley features, principal lines, and wrinkles may be combined to build a highly accurate biometric system. Iris scanning/recognition uses a camera mounted between three and 10 feet away from the person to take a high definition photograph of the individual s eyes. It then analyzes of two-three hundreds different points of data from the trabecular meshwork of the iris. Retina scanning/recognition involves an electronic scan of the retina, the innermost layer of the wall of the eyeball. Signature dynamics/recognition not only compares the signature itself, but also marks changes in speed, pressure and timing that occur during signing. Keystroke dynamic techniques measure dwell time (the length of time a person holds down each key) as well as flight time (the time it takes to move between keys). Taken over the course of several login sessions, these two metrics produce a measurement of rhythm to each user. Voice/speaker recognition techniques digitize a profile of a person s speech into a template voiceprint and stores it as a table of binary numbers. During authentication, the spoken passphrase is compared to the previously stored template. Gait recognition is defined as the identification of a person through the pattern produced by walking. Gait has particular advantages over other biometrics: it can be used at a distance, uses no additional skills on the part of the subject, and may be performed without the subject s awareness or active participation. Gait is not supposed to be very distinctive, but is sufficiently discriminatory to allow verification in some low-security applications. Ear recognition attemptstoidentifyasubjectbasedontheshapeoftheearandthestructure of the cartilegenous tissue of the pinna. Ears are characterized by a stable structure that is preserved from birth well into old age. The features of an ear are not expected to be very distinctive in establishing the identity of an individual. Fig. 7: Leading biometric technologies.

S.N. Yanushkevich, Fundamentals of Biometric Systems Design 20 7 Applications As mention in Section 3, there are two basic applications of biometric technology: Verify if I am someone enrolled in the system (called a positive identification) Verify if I am not someone enrolled in the system (called a negative identification). Recall that for positive identification, the user will generally claim an identity by giving a name or an ID number, then submit a biometric measure. That measure is compared to the previously submitted measure to verify that the current user is the one enrolled under the claimed identity. The purpose of positive identification is to prevent multiple users from claiming a single identity. There are numerous non-biometric alternatives in such applications, such as ID cards, PINs and passwords. Consequently, use of biometrics for positive identification can be made voluntary, and those not wishing to use biometrics can verify identity in other ways. Example 13: (Immigration and naturalization service.) The U.S. Immigration and Naturalization Service Passenger Accelerated Service System (INSPASS), in use at airports, is an example of voluntary, positive-identification biometric system. In negative identification, a user claims not to be previously enrolled in the system and submits a biometric measure, which is compared to all others in the database. If a match is not found, the user s claim of non-enrollment is verified. The purpose of negative identification is to prevent claims of multiple identities by a single user. There are no reliable non-biometric alternatives in such applications. The use of biometrics in negative identification applications must be mandatory. Example 14: (Driver s licensing.) Biometric identification for driver s licensing in many U.S. states and welfare eligibility verification in several states are examples of mandatory, negativeidentification biometric systems. Some biometric systems use both positive and negative identification. The problem of identification of Internet voters is one of both positive and negative identification. Negative identification would be required if we wished to prevent multiple registrations of the same person. Positive identification would be required to identify the person casting the vote as the registered voter.

S.N. Yanushkevich, Fundamentals of Biometric Systems Design 21 Negative identification must be mandatory for all voters. In the case of Internet voting, multiple Internet registrations could be prevented by the mandatory biometric identification of all Internet voters at registration. This would not require mandatory identification of non-internet voters if we were willing to allow for the possibility of fraud through both Internet and paper registration of the same voter under different identities. Internet registration with the submission of a biometric identifier could not be securely done over the Internet, but would require in person registration and the collection of the biometric identifier by trained and trusted persons. This identifier would be placed in a database under the control of the jurisdiction. Upon verification that the registering voter is not already in the database, a voter ID number, code or PIN could be issued. Biometric identification and specialized hardware at the time of voting would not be required for negative identification. Positive identification by Internet voters using biometrics would require that biometric measures be previously registered in person with the jurisdiction and would require standardized biometric collection hardware and software on the computer used for voting. Positive biometric identification might be used on a voluntary basis to replace other types of PIN or password identification. An added problem is the occasional failure of all biometric techniques to recognize properly registered users. 7.1 Privacy issues Example 15: (Security system ID cards and Internet voting.) The State of Connecticut Social Service and Philippine Social Security System ID cards, for instance, require negative identification for issuance, but store fingerprint templates on the card for later positive identification applications. In 1999, the State of California created an Internet Voting Task Force to study the possibility of casting votes over the Internet. The task force found that one of the obstacles to Internet voting would be the identification of the person casting the vote. A biometric sensor takes a signal from a user which is transformed by a computer in some proprietary way to a template. A template is a collection of numbers (a vector) deemed to be adequately different between individuals and adequately stable over time for a single individual. Generally, the original image is discarded, and only the template is stored by the system. In almost all cases, the original image cannot be recreated from the template. Nothing inherent in a biometric system can identify a person by name, citizenship, age or race. If a system must know any of these items, they must be established through

S.N. Yanushkevich, Fundamentals of Biometric Systems Design 22 external means, such as birth certificates and drivers licenses. Consequently, use of biometrics to establish real identities is only as reliable as the source documentation. Example 16: (Applications of biometrics.) Biometric systems cannot be used to establish that social service recipients are eligible for benefits beyond showing that they have not claimed multiple identities (negative identification) or have not falsely claimed the identity of a true beneficiary (positive identification). Because a biometric system cannot know who you really are, use of biometrics to support anonymous transactions becomes real possibility for applications, such as banking. Example 17: (Biometrics to support anonymous transactions.) (a) A credit card could carry one of your biometric measures instead of your name. (b) Images cannot generally be reconstructed from templates (which are just a series of numbers), system administrators cannot generally obtain any information about users in any humanly recognizable form. Consequently, biometric identification technology is, at worst, neutral with regard to privacy. 7.2 Choosing biometrics for business case All security systems require the expenditure of time, energy and money. Biometric systems are certainly no different in this regard. They are not free in any sense. Many failed biometric efforts do so, not because of deficiencies in the technology, but because the business case was not sufficient in the first place to justify the required expenditures. Fascination with the technology is not a sufficient business case. For positive identification applications, alternatives to biometrics exist that might be faster, cheaper and more seamlessly integrated into existing systems. The most successful biometric implementations are those that replace existing systems deemed too expensive or problematic to the administrators, or too cumbersome to the users. Other alternatives exist in these situations, but biometric identification has proved faster, cheaper and easier for all concerned. Other successful implementations occur when the system management has carefully assessed the alternatives and is prepared to do the work necessary to make the systems effective. In Fig. 8, we cite the summary on business case consideration, prepared at the NIST (National Institutes for Standards), USA.

S.N. Yanushkevich, Fundamentals of Biometric Systems Design 23 Preparing the business case Alternatives to biometric identification exist in positive ID applications. All security systems, even biometrics, require time, money and energy to set up and run. In addition to set-up and operational costs, system throughput rates must be carefully considered. Enrollment sessions for all users is almost always required. Not all people will be able to use any biometric system successfully every time. This implies that backup systems for exception handling will always be required. Studies of user attitudes regularly show user acceptance of biometric technology to well exceed 90%. Nonetheless, there will always be a very few people who object to any new technology. Hardware/software integration will prove to be the hardest task. Biometric technologies are not plug and play". Even ideal technologies will fail if the devices cannot talk to the database or open the gate. System integration may require changes in other pieces of hardware not considered at first glance to be part of the biometric technology. Know the history and track record of the technology vendor. Commercial products and vendors are in a continual flux. The technology you invest in today may not have vendor support next year. The addition of biometrics, or substitution for another component, will inevitably lead to a change in your business processes. Beyond the software/hardware integration is the most daunting problem of integrating the use of biometrics into the existing processes. If the finished business system is not more efficient than the alternatives, the use of biometrics will be seen as a mistake. James L. Wayman, Editor, National biometric test center collected works 1997-2000, NIST Institute, p. 280 Fig. 8: Preparing the business case.

S.N. Yanushkevich, Fundamentals of Biometric Systems Design 24 8 Summary of biometrics technologies A biometric system should meet the specified recognition accuracy, speed, and resource requirements, be harmless to the users, be accepted by the intended population, and be sufficiently robust to various fraudulent methods and attacks to the system. The key aspects of this introduction to biometric system design are as follows: (a) Verification and identification (also known as authentication) are both used to declare the identity of a user. (b) Biometric system is an application-specific computer system. Application-specific techniques (pattern recognition methods, algorithms, and programs) are implemented using efficiency organized hardware platform. (c) Biometric data are characterized by the universality, unique, permanency, contestability, reliability, and acceptability. Biometric system operates by acquiring biometric data from an individual, extracting a feature set from the acquired data, and comparing this feature set against the template set in the database. The main conclusions of this lecture are as follows: In a verification (authentication) system, the individual to be identified has to claim his/her identity (Am I whom I claim to be?), and this template is then compared to the individual s biometric characteristics. The system conducts oneto-one comparisons to establish the identity of the individual. In an identification system, an individual is recognized by comparing his/her template with an entire database of templates to find a match. The system conducts one-to-many comparisons to establish the identity of the individual. The person to be identified does not have to claim an identity (Who am I? ). Identity verification is typically used for positive recognition, where the aim is to prevent multiple people from using the same identity. Identification is a critical component in negative recognition applications where the system establishes whether the person is who he/she (implicitly or explicitly) denies to be. The purpose of negative recognition is to prevent a single person from using multiple identities. Biometrics enable a prospective approach to support anonymous transactions. This is because a biometric system cannot know who you really are.

S.N. Yanushkevich, Fundamentals of Biometric Systems Design 25 9 Historical perspective 1880: Alphonse Bertillon, chief of the criminal identification division of the police department in Paris, developed and then practiced the idea of using a number of body measurements to identify criminals, in particular, the potential of the human ear for personal identification. Ears have played a significant role in forensic science for many years, especially in the United States, where an ear classification system based on manual measurements has been developed by Iannarelli, and has been in use for more than 40 years, although the safety of ear-print evidence has recently been challenged in the Courts. 1888: Francis Galton proposed a formal method of classifying faces ( Personal identification and description, in Nature, June 21, 1888, pp. 173 177). He proposed collecting facial profiles as curves, finding their norm, and then classifying other profiles by their deviations from the norm. The classification was to be multi-modal, i.e. resulting in a vector of (hopefully) independent measures that could be compared with other vectors in a database. Early 1970s: Automated systems for fingerprint recognition have been made commercially available. 10 Further study Advanced topics of biometrics The successful installation of a biometric systems in various applications does not imply that it fully solves the problem of individual identification. There is plenty of scope for improvement in biometrics. Researchers are currently addressing issues related to reducing error rates, as well as looking for ways to enhance the usability of biometric systems. Topic 1: Fundamentals. An introduction to biometrics can be found in papers by Jain et. al. [32] and collection of papers edited by Jain et al. [33, 35]. State-of-the-art trends in biometrics are discussed in the book by Zhang [95]. The Guide to Biometrics by Bolle et al. [8] provides the reader with practical aspects and recommendation on development of biometric devices and systems. The authors of [92] introduced their vision on the problem of identity assurance in biometrics. Data fusion is aimed at improvement of the reliability of biometric devices and systems and is of special interest in today s biometrics. Clark and Yuille [17] introduced techniques for data fusion for sensory systems. Prabhakar and Jain [63] proposed an algorithm for decision-level fusion in fingerprint verification. Details of error rates of some biometric systems can be found in [8, 16, 19, 32, 34, 42]. Fundamentals of image processing can be found in [26]. Practical MATLAB implementation useful in synthesis of biometric data can be found in [27].

S.N. Yanushkevich, Fundamentals of Biometric Systems Design 26 Topic 2: Artificial intelligence support of decision making in biometric systems. In collection of papers[35], the biometric techniques based on artificial intelligence paradigm are introduced. Topic 3: Security. Chirillo and Blaul [16] introduced the fundamentals of implementation of biometric security. Jain and Uludag [36] introduced the concept of hiding biometric data. Ratha et al. [66] introduced the technique for enhancing security and privacy in biometrics-based authentication systems based on the concept of cancellable biometrics data. Topic 4: Testing, standards, and synthetic benchmarks. Testing of biometric devices and systems is considered in [45, 46, 47]. Matsumoto et al. Studies on the impact of gummy fingers on fingerprint systems are known too. Tilton [81] discussed various approaches to biometric standards development. Wayman [86] introduces the Federal biometric technology legislation. Topic 5: Signature and keystroke dynamic analysis and synthesis. Modeling of skilled forgers was the focus of many studies. In particular, in 1977 Nagel and Rosenfeld[54] proposed an algorithm for detection of freehand forgeries. Ammar [1] analyzed the progress in this area. Brault and Plamondon [9] studied a modelling of dynamic signature forgery. Rhee et al. [68] proposed an algorithm for on-line signature verification and skilled forgeries modeling. A comprehensive survey on modeling, on-line, and off-line handwriting recognition can be found in a paper by Plamondon and Srihari [62]. Fundamentals of handwriting identification can be found in the book by Huber and Headrick [31]. Comprehensive references to various aspects of signature-based identification system design are included in [43, 55]. Bergadano et al. [4] reported results on application of keystroke dynamics technique. A keystroke-based authentication algorithm has been described by Obaidat and Sadoun [58]. Topic 6: Iris and retina. Various aspects of iris-based identification have been developed, in particular, in [18, 19, 87, 88]. A paper by Hill [30] is useful for design of retinabased identification devises. Each iris has a unique and complex patterns such that even a person s right and left iris patterns are completely different. The iris is stable throughout one s life. As with the iris, the retina forms a unique patterns that begins to decay quickly after death. Topic 7: Fingerprint analysis and synthesis. A paper by Bery [5] introduces the history of fingerprinting. The experience of fingerprint system design reflect the way that fingerprints have been matched manually over the years by seeking to identify minutiae features and their relative position within the print. These days, automatic fingerprint identification (AFIS) computer matching system drastically reduce the time needed to scan very large databases of fingerprints and produce potential matches. Cappelli et al. [12, 13, 14] developed an effective and robust algorithm for generation of

S.N. Yanushkevich, Fundamentals of Biometric Systems Design 27 synthetic fingerprints. Various techniques of fingerprint identification have been studied in [25, 42, 52, 53, 65, 85]. Topic 8: Facial analysis and synthesis. Blanz and Vetter [7] have developed a morphable model for the synthesis of 3D faces. Plenty of techniques that are useful in synthesis and analysis of facial expressions have been proposed in [10, 15, 22, 39, 72, 82, 94]. A facial thermogram uses an infrared camera to scan a person s face. Plastic surgery does not change a thermogram. Time does not alter a thermogram. However, alcohol and drug consumption can radically change a person s thermogram. Topic 9: Voice verification and speech synthesis. Voice verification is one of the early biometric examples as commercially available products. The principle behind voice verification is that the physical construction of an individual s vocal chords, vocal tract, palate, teeth, sinuses, and tissue within the mouth will affect the dynamic of speech. Speech synthesis is, perhaps, the oldest among biometric automated synthesis techniques, and has a vast variety of techniques and implementations. Current trends in design of speech-based biometric systems are discussed by Reynolds [67]. Topic 10: Ear. Unlike faces, ears do not change shape with different expressions or age. Hair is not a problem because infrared band can be used. An introduction to this type of biometrics can be found in the overview by Burge and Burger [11]. Force field model for ear biometrics have been developed by Hurley [29]. Topic 11: Hand geometry is defined as a surface area of the hand or fingers and corresponded measures (length, width, and thickness). Zunkel [97] introduced an algorithm for hand geometry based authentication. This direction is studied by Zhang [95], Sanchez et al. [70], and Kumar et al. [40]. Topic 12: Palmprint. The inner surface of the hand from the wrist to the root of fingers is called the palm. Palmprint is represented on the surface by topological combination of three types of lines: flexure lines, papillary ridges, and tension lines. Automatic palmprint authentication techniques have been developed by Zhang [96], Han et al. [28], Duta et al. [21], Kumar et al. [40], and Shu et al. [75]. The concept of an eigenspace was used by Zhang [96] in modeling of palprints using eigenpalms (a palprint in the training set was represented by an eigenvector). Topic 13: Intellectual property protection. In [36], the security of the biometric data based on encryption have been analyzed. The idea was to apply an encryption to the biometric templates. Pankanti and Yeung [61] proposed an algorithm for verification watermarks based on fingerprint recognition technique. Wolfgang and Delp [89, 90] analyzed image watermarking with biometric data and trends in this direction. Uludag et al. [83] have discussed so-called biometric cryptosystems which are traditional cryptosystems with biometric components. This paper can be recommended as an introduction to biometric cryptosystems. Lach et al. [41] proposed an watermarking algorithm using

S.N. Yanushkevich, Fundamentals of Biometric Systems Design 28 fingerprints for field programmable gate arrays (FPGA). Yu et al. [93] investigated a robust watermarking technique for 3D facial models based on a triangular mesh. In this approach, watermark information is embedded into a 3D facial image by perturbing the distance between the vertices of the model to the center of the model. Bas et al. [3] developed a so-called content based method of watermarking and demonstrated useful properties in design of robust watermarking algorithms. Shieh et al. [73] used an evolutionary strategy (a genetic algorithm) to optimize a watermarked image in the spectral domain with respect to two criteria: quality and robustness 2 Topic 14: Convergent technologies refers to the synergy of various rapidly progressing directions of science and technology, in particular, nanoscience and nanotechnology, biotechnology and biomedicine, and biometric technology. Convergent technologies are fields where synthetic data play a crucial role, particularly, in human-machine interfaces. The idea is to measure and simulate processes observed at the neuron level. The brainmachine interfaces provide the interaction with the neural system, that is a non-muscular communication and control channel for conveying messages and commands to an external world. There are several effects which can be measured to evaluate neuron activity, in particular, cardiovascular and electrophysiological effects. A brain-machine technology might be based on monitoring brain activity using the following measurement techniques: EEG, Magnetoencephalography, Position emission tomography, Functional magnetic resonance imaging, and Video imaging. These techniques can be used in the brain-machine interfaces. However, there are several constraints to the above techniques. For example, because the basic phenomena measured by position emission tomography, functional magnetic resonance imaging, and visualbased methods is blood flow change, it is difficult to achieve real-time communication. Review on brain-machine technology can be found in Wolpaw et al. paper [91]. Details of experimental studies can be found, in particular, in the papers by Millán [49, 50], and Kostov and Polak [38]. Converging technologies for improving human performance have been discussed in [69]. Oliver et al. [60] developed an algorithm for facial expression recognition based on face and lip movement. Sproat [76] proposed a multilingual textto-speech synthesis algorithm. Topic 15: Advantages and disadvantages of biometrics. Advantages and disadvantages of biometrics can be examined with respect to two groups of applications: 2 Robust watermarks should survive various attacks, for example, attacks in the spectral domain (lowpass and/or median filtering, adding white noise, etc.), or attacks in the spatial domain by topological distortions (affine transforms, re-meshing, local deformations, cropping, etc.).

S.N. Yanushkevich, Fundamentals of Biometric Systems Design 29 The commercial positive recognition applications; they may work either in the verification or the identification modes, and Forensic negative recognition applications; they require identification. The traditional technologies for a positive recognition include PINs and passwords, as well as token-based methods (keys and cards). People tend to set their passwords that they can easily remember, such as names and birthdays of family members, favorite events or music stars. Such passwords are easy to guess or social engineering or even a simple brute force attack can be used instead. Although it is advisable, to keep different passwords for different applications and change them frequently. However, many people use the same password across different applications and never change them. If such a password is compromised, it may result in a security breach in many applications. Example. Keys and tokens can be stolen, duplicated, or lost. An attacker may also make a master key that may open many locks. It is significantly more difficult to copy, share, and distribute biometrics. Biometrics cannot be lost or forgotten. When a biometric system is required to be operated in an identification mode instead of the verification mode, for the added convenience of not requiring the users to claim an identity, the speed is considered as the biggest problem while the number of users of an identification application increases. However, the identification accuracy can also become problematic. Example. Consider an identification application with 10 000 users. A fast fingerprint matching algorithm and special purpose hardware capable of making an identification in a few seconds while having 10% of false acceptance. This implies that an impostor has a chance of gaining access to the system by simply using all of the ten fingers on his/her two hands. Therefore, while small- to medium-scale commercial applications (a few hundred users) may still use single biometric identification, building a highly accurate identification system for large scale applications requires using to be a multimodal biometric system. Example. A system may combine face and fingerprint of a person or fingerprints from multiple fingers of a person for recognition. Negative recognition is used in government and forensic applications, in particular, for employee background checking and preventing terrorists from boarding airplanes, the personal recognition is required to be performed in the identification mode. Achieving the same accuracy in an identification system as in a verification system is a much harder problem due to the large number of comparisons that are required to be performed. For example, Although multimodal biometric systems can significantly improve the identification accuracy, exclusively relying on automatic biometric systems for negative identification may be unfeasible. For example, face recognition may be preferred for an airport application

S.N. Yanushkevich, Fundamentals of Biometric Systems Design 30 because faces can be acquired covertly. However, the number of misses and false alarms will be considerably higher than in fingerprint recognition, given the rather poor accuracy of face identification systems, especially in environments with complex background and varying lighting conditions. While biometric systems may not yet be extremely accurate to support large-scale identification applications, they are the only choice for negative recognition applications. Recognition tools such as passwords and PINs are not at all useful for negative recognition applications. In the latter, a semi-automatic mode where a human operator examines all the alarms generated by the biometric system for the final decision, can be quite effective. Example. An automatic fingerprint identification system (AFIS) is typically used by law enforcement agencies only to narrow down the number of fingerprint matches to be performed by a human expert from a few million to a few hundred. The forensic experts always make the final decision. Use of biometrics in negative recognition applications does not infringe upon the civil liberties of individuals since: the recognition system does not keep a record of persons who are not in the criminal database already. Nevertheless, appropriate legislation is required to protect the abuse of such systems. References [1] Ammar M. Progress in verification of skillfully simulated handwritten signatures. Pattern Recognition and Artificial Intelligence, 5:337 351, 1993. [2] Anbar M., Gratt B. M., and Hong D. Thermology and facial telethermology. Part I. History and technical review. Dentomaxillofacial Radiology, 27(2):61 67, 1998. [3] Bas P., Chassery J-M., and Macq B. Image watermarking: an evolution to content based approaches. Pattern Recognition, 35:545 561, 2002. [4] Bergadano F., Gunetti D., and Picardi C. User authentication through keystroke dynamics. ACM Trans. Information and System Security, 5(4):367 397, 2002. [5] Bery J. The history and development of fingerprinting. In Lee H. C. and Gaensslen R. E., Eds. Advances in Fingerprint Technology, pp. 1 38, CRC Press, Boca Raton, FL, 1994. [6] Bharadwaj P. and Carin L. Infrared-image classification using hidden Markov trees. IEEE Trans. Pattern Analysis and Machine Intelligance, 24(10):1394 1398, 2002. [7] Blanz V. and Vetter T. A morphable model for the synthesis of 3D faces, In Rockwood A, Ed., Computer Graphics Proceedings, pp. 187 194, Addison Wesley Longman, Boston, 1999.

S.N. Yanushkevich, Fundamentals of Biometric Systems Design 31 [8] Bolle R., Connell J., Pankanti S., et al. Guide to Biometrics. Springer, Heidelberg, 2004. [9] Brault J. J. and Plamondon R. A complexity measure of handwritten curves: modelling of dynamic signature forgery. IEEE Trans. Systems, Man and Cybernetics, 23:400 413, 1993. [10] Brunelli R. and Poggio T. Face recognition: features versus templates. IEEE Trans. Pattern Analysis and Machine Intelligence, 15(10):1042 1052, 1993. [11] Burge M. and Burger W. Ear biometrics. In Jain A, Bolle R, and Pankanti S, Eds., Biometrics, Personal Identification in Networked Society, pp. 273 285, Kluwer, Dordrecht, 1999. [12] Cappelli R., Lumini A., Maio D., and Maltoni D. Fingerprint classification by directional image partitioning. IEEE Trans. Pattern Analysis and Machine Intelligence, 21(5):402 421, 1997. [13] Cappelli R. Synthetic fingerprint generation. In Maltoni D, Maio D, Jain AK, Prabhakar S, Eds., Handbook of Fingerprint Recognition, pp. 203 232, Springer, Heidelberg, 2003. [14] Cappelli R., Maio D., and Maltoni D. Synthetic fingerprint-database generation. In Proc. 16th Int. Conf. Pattern Recognition, vol. 3, pp. 744 747, Canada, 2002. [15] Chellappa R., Wilson C. L., and Sirohey S. Human and machine recognition of faces: a survey. Proceedings of the IEEE, 83(5):705 740, 1995. [16] Chirillo J. and Blaul S. Implementing Biometric Security, John Wiley & Sons, New York, 2003. [17] Clark J. and Yuille A. Data Fusion for Sensory Information Processing Systems. Kluwer, Dordrecht, 1990. [18] Cui J., Wang Y., Huang J., Tan T., Sun Z., and Ma L. An iris image synthesis method based on PCA and super-resolution, In Proc. Int. Conf.. Pattern Recognition, 2004. [19] Daugman J. Recognizing persons by their iris pattern. In Jain A. K., Bolle R. M., and Pankanti S., Eds., Biometrics: Personal Identification in Networked Society, pp. 103 122. Kluwer, Boston, MA, 1999. [20] Duc B., Fisher S., and Bigun J. Face authentication with Gabor information on deformable graphs. IEEE Trans. Image Processing, 8(4):504 516, 1999. [21] Duta N., Jain A. K., and Mardia K. V. Matching of palmprints, Pattern Recognition Letters, 23(4):477 485, 2001.

S.N. Yanushkevich, Fundamentals of Biometric Systems Design 32 [22] Fua P. and Miccio C. Animated heads from ordinary images: a least-squares approach, Computer Vision and Image Understanding, 75(3):247 259, 1999. [23] Fujimasa I., Chinzei T., and Saito I. Converting far infrared image information to other physiological data. IEEE Engineering in Medicine and Biology Magazine, 19:71 76, May/June 2000. [24] Gaussorgues G. Infrared Thermography. In Microwave Technology Series 5, Chapman and Hall, London, 1994. [25] Germain R. S., Califano A., and Coville S. Fingerprint matching using transformation parameter clustering. IEEE Computational Science and Engineering, pp. 42 49, Oct.- Dec. 1997. [26] GonzalezR.C.,WoodsR.E.,andEddinsS.L. Digital Image Processing Using MATLAB. Pearson, Prentice Hall, 2004. [27] Hamamoto Y. A Gabor filter-based method for identification. In Jain LC, Halici U, Hayashi I, Lee SB, and Tsutsui S, Eds., Intelligent Biometric Techniques in Fingerprint and Face Recognition, pp. 137 151, CRC Press, Boca Raton, FL, 1999. [28] HanC.C., ChenH.L., LinC.L., andfank.c. Personalauthenticationusingpalm-print features. Pattern Recognition, 36(2):371 381, 2003. [29] Hurley D. Force Field Feature Extraction for Ear Biometrics, In: Image Pattern Recognition: Synthesis and Analysis in Biometrics, S. N. Yanushkevich, P. S. P. Wang, M.L. Gavrilova, and S. N. Srihari, Eds., M. S. Nixon, Consulting Ed., World Scientific, 2007, pp. 183 205. [30] Hill R. Retina identification. In Jain A. K., Bolle R. M., and Pankanti S., Eds., Biometrics: Personal Identification in Networked Society, pp. 123 142, Kluwer, Dordrecht, 1999. [31] Huber R. A. and Headrick A. Handwriting Identification: Facts and Fundamentals. CRC Press, Boca Raton, FL, 1999. [32] Jain A. K., Ross A., and Prabhakar S. An introduction to biometric recognition, IEEE Transa. Circuit and Systems for Video Technology, 14(1):4 20, 2004. [33] Jain A., Pankanti S., and Bolle R., Eds., Biometrics: Personal Identification in Networked Society, Kluwer, Dordrecht, 1999. [34] Jain A. K., Hong L., and Bolle R. M. On-line fingerprint verfication. IEEE Trans. Pattern Analysis and Machine Intelligence, 19(04):302 313, 1997.

S.N. Yanushkevich, Fundamentals of Biometric Systems Design 33 [35] Jain L. C, Halici U., Hayashi I., Lee S. B., and Tsutsui S., Eds., Intelligent Biometric Techniques in Fingerprint and Face Recognition, CRC Press, Boca Raton, FL, 1999. [36] Jain A. K. and Uludag U. Hiding biometric data. IEEE Trans. Pattern Analysis and Machine Intelligence, 25(11):1494 1498, 2003. [37] Keyserlingk J., Ahlgren P., Yu E., et al. Functional infrared imaging of the breast. IEEE Engineering in Medicine and Biology Magazine, 19:30 41, May/June 2000. [38] Kostov A. and Polak M. Parallel man-mashine training in development of EEG-based cursor control. IEEE Trans. Rehabilitation Engineering, 8:203 204, 2000. [39] Kumar V. P., Oren M., Osuna E., and Poggio T. Real time analysis and tracking of mouths for expression recognition. In Proceedings DARPA98, pp. 151 155, 1998. [40] Kumar A., Wong D. C. M., Shen H. C., and Jain A. Personal verification using palmprint and hand geometry biometric. Lecture Notes in Computer Science, vol. 2688, pp. 668 678, 2003. [41] Lach J., Mangione-Smith W. H., and Potkonjak M. Fingerprinting techniques for fieldprogrammable gate array intellectual property protection. IEEE Trans. Computer Aided Design of Integrated Circuits and Systems, 20(10):1253 1261, 2001. [42] Lee H. C. and Gaensslen R. E, Eds., Advances in Fingerprint Technology. CRC Press, Boca Raton, FL, 1994. [43] Lee L. L, Berger T., and Aviczer E. Reliable on-line human signature verification systems. IEEE Trans. Pattern Analysis and Machine Intelligence, 18(6):643 647, 1996. [44] Luo Q., Nioka S., and Chance B. Functional near-infrared image. In B. Chance and R. Alfano, Eds., Optical Tomography and Spectroscopy of Tissue: Theory, Instrumentation, Model, and Human Studies, Proceedings SPIE, 2979:84 93, 1997. [45] Maio D., Maltoni D., Cappelli R., et al. FVC2000: fingerprint verification competition. IEEE Trans. Pattern Analysis and Machine Intelligence, 24(3):402 412, 2002. [46] Mansfield T., Kelly G., Chandler D., and Kane G. Biometric product testing final report. Issue 1.0. National Physical Laboratory of UK, 2001. [47] Mansfield A. and Wayman J. Best practice standards for testing and reporting on biometric device performance. National Physical Laboratory of UK, 2002. [48] Matsumoto H., Yamada K., and Hoshino S. Impact of artificial gummy fingers on fingerprint systems, In Proceedings SPIE, Optical Security and Counterfeit Deterrence Techniques IV, 4677:275 289, 2002.

S.N. Yanushkevich, Fundamentals of Biometric Systems Design 34 [49] Millán J. R. Adaptive brain interfaces. Communication of the ACM, 46:74 80, 2003. [50] Millán J. R. Brain-computer interfaces. In Arbib M. A., Ed., Handbook of Brain Theory and Neural Networks, pp. 178 181, MIT Press, Cambridge, Massachusetts, 2002. [51] Hutton M. D., Rose J., Grossman J. P., and Corneil D. G. Characterization and parameterized generation of synthetic combinational benchmark circuits. IEEE Trans. Computer-Aided Design of Integrated Circuits and Systems, 1999. [52] Moayer B. and Fu K. S. A synatactic approach to fingerprint pattern recognition. Pattern Recognition, vol. 7, pp. 1 23, 1975. [53] Moayer B. and Fu K. S. A tree system approach for fingerprint pattern recognition. IEEE Trans. Computers, 25(3):262 274, 1976. [54] Nagel R. N. and Rosenfeld A. Computer detection of freehand forgeries. IEEE Trans. Computers, 26(9):895 905, 1977. [55] Nalwa V. S. Automatic on-line signature verification. Proceedings of the IEEE, 85(2):215 239, 1997. [56] Nanavati S., Thieme M., and Nanavati R. Biometrics. Identity Verification in a Networked World. John Wiley & Sons, New York, 2002. [57] Nashed M. Z. and Scherzer O., Eds., Inverse Problems, Image Analysis, and Medical Imaging. American Mathematical Society, Providence, Rhode Island, 2002. [58] Obaidat M. S. and Sadoun B. Keystroke dynamics based authentication. In Jain A. K., Bolle R. M., and Pankanti S., Eds., Biometrics: Personal Identification in Networked Society, pp. 218 229, Kluwer, Boston, MA, 1999. [59] Oliveira C., Kaestner C., Bortolozzi F., and Sabourin R. Generation of signatures by deformation, In Proceedings of the BSDIA97, pp. 283 298, Curitiba, Brazil, 1997. [60] Oliver N., Pentland A. P., and Berard F. LAFTER: a real-time face and lips tracker with facial expression recognition, Pattern Recognition, 33(8):1369 1382, 2000. [61] Pankanti S. and Yeung M. M. Verification watermarks on fingerprint recognition and retrieval, In Proceedings SPIE 3657:66 78, 1999. [62] Plamondon R. and Srihari S. N. On-line and off-line handwriting recognition: a comprehensive survey. IEEE Trans. Pattern Analysis and Machine Intelligence, 22:63 84, 2000. [63] Prabhakar S. and Jain A. K. Decision-level fusion in fingerprint verification. Pattern Recognition, 35(4):861 874, 2002.

S.N. Yanushkevich, Fundamentals of Biometric Systems Design 35 [64] Prokoski F. J. and Riedel R. B. Infrared identification of faces and body parts. In Jain A., Bolle R., and Pankanti S., Eds., Biometrics: Personal Identification in Networked Society, Kluwer, Dordrecht, 1999, pp. 191 212. [65] Ratha N. K., Karu K., Chen S., and Jain A. K. A real-time matching system for large fingerprint database. IEEE Trans. Pattern Analysis and Machine Intelligence, 18(8):799 813, 1996. [66] Ratha N., Connell J., and Bolle R. Enhancing security and privacy in biometrics-based authentication systems. IBM Systems Journal, 40(3):614 634, 2001. [67] Reynolds D. A. Automatic speaker recognition: current approaches and future trends. In Proceedings of the IEEE AutoID2002, pp. 103 108, Tarrytown, NY, 2002. [68] Rhee T. H., Cho S. J., and Kim J. H. On-line signature verification using model-guided segmentation and discriminative feature selection for skilled forgeries. In Proc. 6th Int. Conf. on Document Analysis and Recognition, pp. 645 649, 2001. [69] Roco M. C. and Bainbridge W. S., Eds., Converging Technologies for Improving Human Performance: Nanotechnology, Biotechnology, Information Technology and Cognitive Science. Kluwer, Dordrecht, 2003. [70] Sanchez-Reillo R., Sanchez-Avilla C., and Gonzalez-Marcos A. Biometric identification through hand geometry measurements. IEEE Trans. Pattern Analysis and Machine Intelligence, 22(10):1168 1171, 2000. [71] Sekanina L. and Ružička R., Easily testable image operators: the class of circuits where evolution beats engineers. In Lohn J, Zebulum R., Steincamp J., et al. Eds. Proc. 2003 NASA/DoD Conf. Evolvable Hardware, Chicago, IL, pp. 135 144, IEEE Computer Press, 2003. [72] Senior A. A combintation fingerprint classifier. IEEE Trans. Pattern Analysis and Machine Intelligence, 23(10):1165 1174, 2001. [73] Shieh C. S., Huang H. C., Wang F. H., and Pan J. S. Genetic watermarking based on transform-domain techniques. Pattern Recognition, 37:555 565, 2004. [74] Shmerko V., Perkowski M., Rogers W., Dueck G., and Yanushkevich S. Bio-technologies in computing: the promises and the reality. In Proc. Int. Conf. Computational Intelligence Multimedia Applications, pp. 396 409, Australia, 1998. [75] Shu W., Rong G., and Bian Z. Automatic palmprint verification, Int. J. of Image and Graphics, 1(1):135 151, 2001. [76] Sproat R. W. Multilingual Text-to-Speech Synthesis: The Bell Labs Approach, Kluwer, Dordrecht, 1997.

S.N. Yanushkevich, Fundamentals of Biometric Systems Design 36 [77] Stoica A., Lohn J., Katz R., et al. Eds. Proc. 2002 NASA/DoD Conf. Evolvable Hardware, Alexandria, VA, IEEE Computer Press, 2002. [78] Stoica A. Robot fostering techniques for sensory-motor development of humanoid robots. J. Robotics and Autonomous Systems, Special Issue on Humanoid Robots, 37:127 143, 2001. [79] Stoica A. Learning eye-arm coordination using neural and fuzzy neural techniques. In Teodorescu H. N., Kandel A., and Jain L., Eds., Soft Computing in Human-Related Sciences, pp. 31 61, CRC Press, Boca Raton, FL, 1999. [80] Terzopolous D. T. Regularization of inverse visual problems involving discontinuities. IEEE Trans. Pattern Analysis and Machine Intelligence, 8(4):413 424, 1986. [81] Tilton C. J. An emergin biometric standards. IEEE Computer Magazine. Special Issue on Biometrics, 1:130 135, 2001. [82] Turk M. and Pentland A. Eigenfaces for recognition. J. Cognitive Neuro Science, 3(1):71 86, 1991. [83] Uludag U., Pankanti S., Prabhakar S. B., and Jain A. K. Biometric cryptosystems: issues and challenges Proceedings of the IEEE, 92(6):948 960, 2004. [84] Villringer A. and Chance B. Noninvasive optical spectroscopy and imaging of human brain functions. Trends in Neuroscience, 20:435 442, 1997. [85] Wang R., Hua T. J., Wang J., and Fan Y. J. Combining of Fourier transform and wavelet transform for fingerprint recognition. In Proceedings SPIE, vol. 2242, Wavelet Applications, pp. 260 270, 1994. [86] Wayman J. L. Federal biometric technology legislation. IEEE Computer 33(2):76 80, 2000. [87] Wildes R. P., Asmuth J. C., Green G. L., et al.a machine-vision system for iris recognition. Machine Vision and Applications, 9:1 8, 1996. [88] Wildes R. P. Iris recognition: an emerging biometric technology. Proceedings of the IEEE, 85(9):1348 1363, 1997. [89] Wolfgang R. B. and Delp E. J. A watermark for digital images. In Proc. IEEE Int. Conf. Image Processing, pp. 219 222, Lausanne, Switzerland, 1996. [90] Wolfgang R. B. and Delp E. J. A Watermarking technique for digital imagery: further studies. In Proc. Int. Conf. Imaging Science, Systems, and Technology, pp. 279 287, Las Vegas, 1997.

S.N. Yanushkevich, Fundamentals of Biometric Systems Design 37 [91] Wolpaw J. R., Birbaumer N., McFarland D. J., et al. Brain-computer interfaces for communication and control. Clinical Neurophysiology, 113:767 791, 2002. [92] Woodward D. Jr. J., Orlands N. M., and Higgins P. T. Biometrics: Identity Assurance in the Information Age. McGraw-Hill/Osborne, Emeryville, CA, 2003. [93] Yu Z., Ip H. H. S., and Kwok L. F. A robast watermarking scheme for 3D triangular mesh models. Pattern Recognition, 36:2603 2614, 2003. [94] Zhang C. and Cohen F. S. 3-D face structure extraction and recognition from images using 3-D morphing and distance mapping. IEEE Trans. Image Processing, 11(11):1249 1259, 2002. [95] Zhang D. Automated Biometrics: Technologies and Systems. Kluwer, Dordrecht, 2000. [96] Zhang D. Palmprint Authentication. Kluwer, Dordrecht, 2004. [97] Zunkel R. Hand geometry based authentication. In Jain AK, Bolle RM, and Pankanti S, Eds., Biometrics: Personal Identification in Networked Society, pp. 87 102, Kluwer, Dordrecht, 1999. 11 Problems Problem 1: Give an example of biometric data with the following properties: (a) Universal but not unique (b) Universal and unique, but not permanent (c) Permanent, universal, and unique, but not collectable (d) Collectable and reliable, but not acceptable (e) Collectable but not reliable (f) Acceptable but not reliable Problem 2: Answer the following questions, if you have used or seen others using a biometric device: (a) Was the use of the device acceptable for you as a customer? Propose your ideas for service improvement using these biometric devices. (b) Call at least three reasons why biometric-based documents, such as passports and drive licences, are more preferable in social infrastructure than traditional documents. Call at least two reasons why biometric-based documents are not acceptable for society. (c) Provide your vision on the following three basic characteristics of biometric devices and systems: Performance, Acceptability, and Circumvention.

S.N. Yanushkevich, Fundamentals of Biometric Systems Design 38 (d) Explain the affects of bad performance, unsatisfactory acceptability, and bad circumvention on a biometric system. Problem 3: Define at least three advantages and three disadvantages of the following biometrics: (a) palmprint; (b) hand geometry; (c) retina;(d) signature; (e) ear; (f)] gait dynamic; (g) voice and speech. Problem 4: Consider biometric device for person identification using iris patterns. The device fails to identify a person. List possible reasons why. HINT: the contact lenses or physical treatment of iris can be considered. Problem 5: Given the sample of biometric features [2.5; 0.0; 1.3; 0.6], calculate: (a) The sample mean, (b) The sample variance and standard deviation, (c) The sample median. Problem 6: Recall the differences between identification and verification (authentication): (a) Provide real-world examples from your life when you were identified or verified. (b) Provide examples of applications in social infrastructure where verification is extremely important. (c) Recall the ethical problems of identification. Problem 7: Use your knowledge of statistics to consider the following problem. The face of a person that crosses the border check-point is represented in the face authentication system by the vector of features, which includes 30 numbers (the size of the vector is 30), each represent an encoded feature. In a data base, the face of a person is represented by the vector of features of size 50. Propose approaches to compare these two vectors. Problem 8: Explain what kind of knowledge about the applications is required to develop a biometric system? Problem 9: What kind of techniques are called the artificial intelligent techniques? Problem 10: Recall the possible ways to enhance security and privacy in biometrics-based authentication systems. Problem 11: Consider the following question on testing of biometric devices and systems: (a) Why the standardization of biometric systems is important? (b) Formulate some requirements to synthetic benchmarks for testing biometric devices and systems. Problem 12: Provide the arguments about using biometrics against password and PIN based technology.