Part 1: Overview of Biometric Technology and Verification Systems

Part 1: Overview of Biometric Technology and Verification Systems

What Is Biometrics? 1 Once a tool primarily used by law enforcement, biometric technologies increasingly are being used by government agencies and private industry to verify a person s identity, secure the nation s borders (as possible), and to restrict access to secure sites including buildings and computer networks. Biometric systems recognize a person based on physiological characteristics, such as fingerprints, hand and facial features, and iris patterns, or behavioral characteristics that are learned or acquired, such as how a person signs his name, types, or even walks (see sidebar Definition of Biometrics ) [1]. Definition of Biometrics Biometrics are automated methods of recognizing a person based on a physiological or behavioral characteristic. Biometric technologies are becoming the foundation of an extensive array of highly secure identification and personal verification solutions. Examples of physiological characteristics include hand or finger images, facial characteristics, and iris recognition. Behavioral characteristics are traits that are learned or acquired. Dynamic signature verification, speaker verification, and keystroke dynamics are examples of behavioral characteristics. Biometrics is expected to be incorporated in solutions to provide for increased homeland security, including applications for improving airport security, strengthening our national borders, in travel documents and visas, and preventing ID theft. Now, more than ever, there is a wide range of interest in biometrics across federal, state, and local governments. Congressional offices and a large number of organizations involved in many markets are addressing the important role that biometrics will play in identifying and verifying the identity of individuals and protecting national assets. There are many needs for biometrics beyond homeland security. Enterprise-wide network security infrastructures, secure electronic banking, investing and other financial transactions, retail sales, law enforcement, and health and social services are already benefiting from these technologies. A range of new applications can be found in such diverse environments as amusement parks, banks, credit unions, and other financial organizations, enterprise and government networks, passport programs 3

4 Definition of Biometrics and driver licenses, colleges, physical access to multiple facilities (nightclubs), and school lunch programs. Biometric-based verification applications include workstation, network, and domain access, single sign-on, application logon, data protection, remote access to resources, transaction security, and Web security. Trust in these electronic transactions is essential to the healthy growth of the global economy especially in the area of outsourced American jobs. Utilized alone or integrated with other technologies such as smart cards, encryption keys [9], and digital signatures, biometrics are set to pervade nearly all aspects of the economy and our daily lives. Utilizing biometrics for personal verification is becoming convenient and considerably more accurate than current methods (such as the utilization of passwords or PINs). This is because biometrics links the event to a particular individual (a password or token may be used by someone other than the authorized user); is convenient (nothing to carry or remember); accurate (it provides for positive verification); can provide an audit trail; and is becoming socially acceptable and inexpensive [2]. The successful use of the classic biometric, fingerprints, owes much to government and private industry research and development. For more than 30 years, computer scientists have helped the Federal Bureau of Investigation (FBI) improve the automation process for matching rolled fingerprints taken by law enforcement agencies or latent prints found at crime scenes against the FBI s master file of fingerprints. Test data have been used to develop automated systems that can correctly match fingerprints by the minutiae, or tiny details, that investigators previously had to read by hand. In cooperation with the American National Standards Institute (ANSI), the Commerce Department s National Institute of Standards and Technology (NIST) also developed a uniform way for fingerprint, facial, scar, mark, and tattoo data to be exchanged between different jurisdictions and between dissimilar systems made by different manufacturers [1]. In conjunction with the FBI, NIST has developed several databases, including one consisting of 858 latent fingerprints and their matching rolled file prints. This database can be used by researchers and commercial developers to create and test new fingerprint identification algorithms, test commercial and research systems that conform to the NIST/ANSI standard, and assist in training latent fingerprint examiners. The increasing use of specialized live fingerprint scanners will help ensure that a high-quality fingerprint can be captured quickly and added to the FBI s current files. Use of these scanners also should speed up the matching of fingerprints against the FBI database of more than 80 million prints [1].

Improved Biometrics Is Critical to Security! But Is It? 5 Improved Biometrics Is Critical to Security! But Is It? Under the unpopular Patriot Act and the Enhanced Border Security and Visa Entry Reform Act (such as it is), the U.S. government is evaluating the ability of biometrics to enhance border security. But, that s all it is doing: still evaluating, with no promise of actual implementation in this present political climate of insecure borders and nonenforcement of deportation of illegal aliens. Nevertheless, these acts, when legally enforced, call for developing and certifying a technology standard for verifying the identity of individuals and determining the accuracy of biometric technologies, including fingerprints, facial recognition, and iris recognition [1]. For example, NIST recently tested both face and fingerprint recognition technologies using large realistic samples of biometric images obtained from several federal, state, and county agencies. Testing showed that fingerprints provide higher accuracy than facial recognition systems [1]. This program is producing standard measurements of accuracy for biometric systems, standard scoring software, and accuracy measurements for specific biometrics required for the system scenarios mandated under the Border Security Act. This work will have wide impact beyond the mandated systems when the present political climate changes, and border security is enforced. Standard test methods are likely to be accepted as international standards. Presently, discussions are still under way concerning the use of these same standards for airport security [1]. In November 2003, NIST submitted its report on this work to the State and Justice Departments for transmittal to the U.S. Congress in February 2004. The report recommended a dual approach that employs both fingerprint and facial recognition technology for a biometrics system to make the nation s borders more secure. Additional NIST studies evaluated the effectiveness and reliability of computerized facial recognition and fingerprint matching systems [1]. The Department of Homeland Security announced in July 2005 that to ensure the highest levels of accuracy in identifying people entering and exiting the United States, the United States Visitor and Immigrant Status Indicator Technology (US-VISIT) program will require a one-time 10-fingerscan capture for all first-time visitors. Subsequent entries will require two-print verification [1]. In addition to fingerprint systems, computer scientists at NIST have extensive experience working with systems that match facial images. While facial Chapter 1

6 Different Biometric Standards recognition systems employ different algorithms than fingerprint systems, many of the underlying methods for testing the accuracy of these systems are the same. Researchers have designed tests to measure the accuracy and reliability of software programs in matching facial patterns, using both still and video images [1]. Iris recognition is another potentially valuable biometric, but before its use is widespread, more testing is needed to determine its accuracy in operation. Researchers recently began the first large-scale evaluation to measure the accuracy of the underlying technology that makes iris recognition possible [1]. Different Biometric Standards Open consensus standards, and associated testing, are critical for providing higher levels of security through biometric identification systems. For decades, NIST has been involved with the law enforcement community in biometric testing and standardization, and NIST has intensified its work in biometric standardization over the past nine years. For example, following the terrorist attacks of Sept. 11, 2001, NIST championed the establishment of formal national and international biometric standards development bodies to support deployment of standards-based solutions and to accelerate the development of voluntary consensus standards. These standards bodies are the Technical Committee M1 on Biometrics (established in November 2001 by the executive board of the International Committee for Information Technology Standards (INCITS)) as shown in sidebar INCITS ; and the International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) Joint Technical Committee 1 Subcommittee on biometrics (known as JTC 1 SC 37-Biometrics, created in June 2002 (http:// www.iso.org/iso/en/stdsdevelopment/tc/tclist/technicalcommitteedetailpage. TechnicalCommitteeDetail?COMMID=5537)). NIST chairs both the INCITS committee and the JTC 1 SC 37-Biometrics and contributes to the work of these standard development bodies with technical expertise. INCITS has approved seven standards for the exchange of biometric data: two biometric application profiles, two biometric interface standards, and the Common Biometric Exchange Formats Framework (discussed later in this chapter). In 2005, ISO approved four biometric data interchange standards developed by the JTC 1 SC 37-Biometrics. These standards are being adopted both in the United States and abroad. Also, NIST has been charged with developing a Personal Identity Verification standard for secure and reliable forms of identification issued by the federal government to its employees and contractors [1].

Different Biometric Standards 7 Warning: URLs are subject to change without notice. INCITS The Executive Board of INCITS established Technical Committee M1, Biometrics, in November 2001 to ensure a high-priority, focused, and comprehensive approach in the United States for the rapid development and approval of formal national and international generic biometric standards. The M1 program of work includes biometric standards for data interchange formats, common file formats, application program interfaces, profiles, and performance testing and reporting. The goal of M1 s work is to accelerate the deployment of significantly better, standards-based security solutions for purposes such as homeland defense and the prevention of identity theft [5], as well as other government and commercial applications based on biometric personal authentication. M1 serves as the U.S. Technical Advisory Group (U.S. TAG) for the international organization ISO/IEC JTC 1/SC 37 on Biometrics, which was established in June 2002. As the U.S. TAG to SC 37, M1 is responsible for establishing U.S. positions and contributions to SC 37, as well as representing the U.S. at SC 37 meetings. M1 Ad-Hoc Group: This is the Ad-Hoc Group on Evaluating Multi-Biometric Systems (AHGEMS). The Ad-Hoc Group is responsible for a Study Project on the concepts of operation and methods of performance evaluation for multi-biometric systems. The Ad-Hoc Group concluded its work at its October 2005 meeting. The Final Report developed by AHGEMS can be found at: http://www.incits.org/tc_home/m1htm/docs/ m1050676.pdf M1 has created five new Task Groups to handle increased activity in biometrics. The purview of the five Task Groups is as follows: M1.2 M1.2 M1.3 M1.4 M1.5 M1.6 M1.2, the Task Group on Biometric Technical Interfaces, covers the standardization of all necessary interfaces and interactions between biometric components and subsystems, including the possible use of Chapter 1

8 Different Biometric Standards security mechanisms to protect stored data [6] and data transferred between systems. M1.2 will also consider the need for a reference model for the architecture and operation of biometric systems in order to identify the standards that are needed to support multivendor systems and their applications. M1.3 M1.3, the Task Group on Biometric Data Interchange Formats, focuses on the standardization of the content, meaning, and representation of biometric data interchange formats. Currently, assigned projects are: Finger Pattern Based Interchange Format Finger Minutiae Format for Data Interchange Face Recognition Format for Data Interchange Iris Interchange Format Finger Image Based Interchange Format Signature/Sign Image Based Interchange Format Hand Geometry Interchange Format M1.3 Ad-Hoc Group: This is the Ad-Hoc Group on Data Quality. The Ad-Hoc is addressing means of quality and ways of expressing and interpreting the quality of a biometric sample. M1.4 M1.4, the Task Group on Biometric Profiles, covers the standardization of Application Profile projects. Currently, assigned projects are: Application Profile for Interoperability and Data Interchange: Biometric Based Verification and Identification of Transportation Workers Application Profile for Interoperability, Data Interchange and Data Integrity: Biometric Based Personal Identification for Border Management Application Profile for Point-of-Sale Biometric Verification/Identification M1.4 Ad-Hoc Group: The M1.4 Ad-Hoc Group on Biometrics and E-Authentication (AHGBEA) is responsible for developing a technical report describing suitability of biometric architectures, security requirements, and recommendations for the use of biometrics for e-authentication. AHGBEA is also responsible for examining related biometrics and security issues related to the topics addressed in the Ad-Hoc Group s Terms of Reference.

Consortium Helps Advance Biometric Technologies 9 M1.5 M1.5 is the Task Group on Biometric Performance Testing and Reporting. It handles the standardization of biometric performance metric definitions and calculations. These are approaches to test performance and requirements for reporting the results of these tests. M1.5 is responsible for the development of a Multi-Part Standard on Biometric Performance Testing and Reporting. M1.6 M1.6, the Task Group on Cross Jurisdictional and Societal Issues, addresses study and standardization of technical solutions to societal aspects of biometric implementations. Excluded from the TG s scope is the specification of policies, the limitation of usage, or imposition of nontechnical requirements on the implementations of biometric technologies, applications, or systems. M1.6 is responsible for U.S. technical contributions to JTC1 SC 37 WG 6 on Cross-Jurisdictional and Societal Issues. Membership on M1 and its Task Groups: Membership on M1 and its Task Groups is open to all materially affected parties. There are two current Ad-Hoc Groups of M1 and its Task Groups. First, is the Ad-Hoc Group on Evaluating Multi-Biometric Systems. This Ad-Hoc Group is responsible for a Study Project on the concepts of operation and methods of performance evaluation for multibiometric systems. Second, is the Ad-Hoc Group on Issues for Harmonizing Conformity Assessment to Biometric Standards. This Ad-Hoc Group is developing a taxonomy that identifies and defines the possible types of activities that may occur under Conformity Assessment schemes. The Terms of Reference for this Ad-Hoc Group includes identifying the standards that M1 could develop for use in biometric standards based conformance testing programs [3]. Consortium Helps Advance Biometric Technologies The Biometric Consortium serves as a focal point for the federal government s research, development, testing, evaluation, and application of biometric-based personal identification and verification technology (see sidebar, Biometric Consortium ). The consortium now has more than 1,500 members, including 60 government agencies. NIST and the National Security Agency co-chair the consortium (no big surprise there, with regards to NSA). NIST has collaborated with the consortium, the biometric industry, and other biometric organizations to create a Common Biometric Exchange Formats Framework (CBEFF). The format already is part of government requirements for data interchange and Chapter 1

10 Consortium Helps Advance Biometric Technologies is being adopted by the biometric industry. The specification defines biometric data structures that allow for exchange of many types of biometric data files, including data on fingerprints, faces, palm prints, retinas, and iris and voice patterns. NIST co-chaired the CBEFF Technical Development Team [1]. Biometric Consortium As previously mentioned, the Biometric Consortium [4] serves as a focal point for research, development, testing, evaluation, and application of biometric-based personal identification/verification systems. The Biometric Consortium now has over 1,500 members from government, industry, and academia. Over 60 different federal agencies and members from 140 other organizations participate in the Biometric Consortium. Approximately 60% of the members are from industry. An electronic discussion list is maintained for Biometric Consortium members. This electronic discussion list provides an on-line environment for technical discussions among the members on all things biometric. The National Institute of Standards and Technology (NIST) [4] and the National Security Agency (NSA) [4] co-chair the Biometric Consortium (BC) and co-sponsor most of the BC activities. Recently NIST and NSA have co-sponsored and spearheaded a number of biometric-related activities, including the development of a Common Biometric Exchange File Format (CBEFF) [4], NIST Biometric Interoperability, Performance, and Assurance Working Group [4], a BioAPI Users and Developers Seminar [4], and the NIST BioAPI Interoperability Test Bed. CBEFF describes a set of data elements necessary to support biometric technologies in a common way independently of the application and the domain of use (mobile devices, smart cards, protection of digital data, biometric data storage). CBEFF facilitates biometric data interchange between different system components or between systems; promotes interoperability of biometric-based application programs and systems; provides forward compatibility for technology improvements; and simplifies the software and hardware integration process. CBEFF was developed by a Technical Development Team comprised of members from industry, NIST, and NSA, and in coordination with industry consortiums (BioAPI Consortium [4] and TeleTrusT [4]) and a standards development group (ANSI/ASC X9F4 Working Group [4]). The International Biometric Industry Association (IBIA) [4] is the Registration Authority for CBEFF format owner and format type values for organizations and vendors that require them. The NIST Biometric Interoperability, Performance and Assurance Working Group supports advancement of technically efficient and compatible biometric technology solutions on a national and international basis. It promotes and encourages exchange of information and collaborative efforts between users and private industry in all things biometric. The Working Group consists of 105 organizations representing biometric universities, government agencies, national labs, and industry organizations. The Working Group is currently addressing development of a simple testing methodology for biometric systems as well as addressing

How Biometric Verification Systems Work 11 issues of biometric assurance. In addition, the Working Group is addressing the utilization of biometric data in smart card applications by developing a smart card format compliant with the Common Biometric Exchange File Format (CBEFF). NIST and NSA also provide advice to other government agencies such as the General Services Administration (GSA) Office of Smart Cards Initiatives and DoD s Biometric Management Office. The Biometric Consortium (BC) holds annual conferences for its members and the general public. The BC website is http://www.biometrics.org. It contains a variety of information on biometric technology, research results, federal and state applications, and other topics. With over 780,000 hits per month, it is one of the most used reference sources on biometrics. There is no cost to join the Biometric Consortium [4]. How Biometric Verification Systems Work A door silently opens, activated by a video camera and a face recognition system. Computer access is granted by checking a fingerprint. Access to a security vault is allowed after an iris check. Are these scenes from the TV shows 24 or Alias, or the latest spy thriller movie? Perhaps, but soon this scenario could be in your office or on your desktop. Biometric verification technologies such as face, finger, hand, iris, and speaker recognition are commercially available today and are already coming into wide use. Recent advances in reliability and performance and declines in cost make these technologies attractive solutions for many computer and network access, protection of digital content, and physical access control problems [4]. What Is Biometric Verification? Biometric verification requires comparing a registered or enrolled biometric sample (biometric template or identifier) against a newly captured biometric sample (for example, a fingerprint captured during a login). During enrollment, as shown in Figure 1-1, a sample of the biometric trait is captured, processed by a computer, and stored for later comparison [4]. Biometric recognition can be used in identification mode, where the biometric system identifies a person from the entire enrolled population by searching a database for a match based solely on the biometric. For example, an entire database can be searched to verify a person has not applied for entitlement benefits under two different names. This is sometimes called one-to-many matching. A system can also be used in verification mode in which the biometric Chapter 1

12 How Biometric Verification Systems Work Figure 1-1 Capturing, processing and storing a biometric trait during enrollment. Enrollment Present Biometric Capture Process Store Compare No Match Verification: Match Present Biometric Capture Process system verifies a person s claimed identity from their previously enrolled pattern. This is also called one-to-one matching. In most computer access or network access environments, verification mode would be used. A user enters an account number user name, or inserts a token such as a smart card, but instead of entering a password, a simple touch with a finger or a glance at a camera is enough to authenticate the user [4]. Uses for Biometrics Biometric-based verification applications include workstation and network access, single sign-on, application logon, data protection, remote access to resources, transaction security, and Web security. The promises of e-commerce and e-government can be achieved through the utilization of strong personal verification procedures. Secure electronic banking, investing, and other financial transactions, retail sales, law enforcement, and health and social services are already benefiting from these technologies. Biometric technologies are expected to play a key role in personal verification for large-scale enterprise network verification environments, for point-of-sale and for the protection of all types of digital content such as in digital rights management and healthcare applications. Utilized alone or integrated with other technologies such as smart cards, encryption keys, and digital signatures, biometrics are anticipated to pervade nearly all aspects of the economy and our daily lives. For example, biometrics is used in various schools, such as in lunch programs in Pennsylvania [4] and a school library in Minnesota [4]. Examples of other current applications include verification of annual pass holders in an amusement park, speaker verification for television home shopping, Internet banking, and users verification in a variety of social services [4].

How Biometric Verification Systems Work 13 Types of Biometrics There are many types of biometrics currently in use, and many more types to come in the very near future (DNA, holograms [8], etc....). Today, some of the most common ones in use are: Fingerprints Face recognition Speaker recognition Iris recognition Hand and finger geometry Signature verification Fingerprints The patterns of friction ridges and valleys on an individual s fingertips are unique to that individual. For decades, law enforcement has been classifying and determining identity by matching key points of ridge endings and bifurcations. Fingerprints are unique for each finger of every person, including identical twins. One of the most commercially available biometric technologies, fingerprint recognition devices for desktop and laptop access are now widely available from many different vendors at a low cost. With these devices, users no longer need to type passwords instead, a touch provides instant access. Fingerprint systems can also be used in identification mode. Several states check fingerprints for new applicants to social services benefits to ensure recipients do not fraudulently obtain benefits under fake names. New York state has over 1,500,000 people enrolled in such a system [4]. Face Recognition The identification of a person by their facial image can be done in a number of different ways, such as by capturing an image of the face in the visible spectrum using an inexpensive camera or by using the infrared patterns of facial heat emission. Facial recognition in visible light typically models key features from the central portion of a facial image. Using a wide assortment of cameras, the visible light systems extract features from the captured image(s) that do not change over time, while avoiding superficial features such as facial expressions or hair. Several approaches to modeling facial images in the visible spectrum are principal component analysis, local feature analysis, neural networks, elastic graph theory, and multi-resolution analysis [4]. Chapter 1

14 How Biometric Verification Systems Work Some of the challenges of facial recognition in the visual spectrum include reducing the impact of variable lighting and detecting a mask or photograph. Some facial recognition systems may require a stationary or posed user in order to capture the image, though many systems use a real-time process to detect a person s head and locate the face automatically. Major benefits of facial recognition are that it is nonintrusive, hands-free, continuous, and accepted by most users [4]. Speaker Recognition Speaker recognition has a history dating back some four decades, where the output of several analog filters were averaged over time for matching. Speaker recognition uses the acoustic features of speech that have been found to differ between individuals. These acoustic patterns reflect both anatomy (size and shape of the throat and mouth) and learned behavioral patterns (voice pitch, speaking style). This incorporation of learned patterns into the voice templates (the latter called voiceprints) has earned speaker recognition its classification as a behavioral biometric. Speaker recognition systems employ three styles of spoken input: textdependent, text-prompted, and text-independent. Most speaker verification applications use text-dependent input, which involves selection and enrollment of one or more voice passwords. Text-prompted input is used whenever there is concern of imposters. The various technologies used to process and store voiceprints includes hidden Markov models, pattern-matching algorithms, neural networks, matrix representation, and decision trees. Some systems also use anti-speaker techniques, such as cohort models, and world models. Ambient noise levels can impede both collection of the initial and subsequent voice samples. Performance degradation can result from changes in behavioral attributes of the voice and from enrollment using one telephone and verification on another telephone. Voice changes due to aging also need to be addressed by recognition systems. Many enterprises market speaker recognition engines, often as part of large voice processing, control, and switching systems. Capture of the biometric is seen as noninvasive. The technology needs little additional hardware by using existing microphones and voice-transmission technology, allowing recognition over long distances via ordinary telephones (wire line or wireless [7]) [4]. Iris Recognition This recognition method uses the iris of the eye, which is the colored area that surrounds the pupil. Iris patterns are thought to be unique. The iris patterns are obtained through a video-based image acquisition system. Iris scanning

How Biometric Verification Systems Work 15 devices have been used in personal authentication applications for several years. Systems based on iris recognition have substantially decreased in price, and this trend is expected to continue. The technology works well in both verification and identification modes (in systems performing one-to-many searches in a database). Current systems can be used even in the presence of eyeglasses and contact lenses. The technology is not intrusive. It does not require physical contact with a scanner. Iris recognition has been demonstrated to work with individuals from different ethnic groups and nationalities [4]. Hand and Finger Geometry These methods of personal verification are well established. Hand recognition has been available for over 30 years. To achieve personal verification, a system may measure physical characteristics of either the fingers or the hands. These include length, width, thickness, and surface area of the hand. One interesting characteristic is that some systems require a small biometric sample (a few bytes). Hand geometry has gained acceptance in a range of applications. It can frequently be found in physical access control in commercial and residential applications, in time and attendance systems, and in general personal authentication applications [4]. Signature Verification This technology uses the dynamic analysis of a signature to verify a person. The technology is based on measuring speed, pressure, and angle used by the person when a signature is produced. One focus for this technology has been e-business applications and other applications where signature is an accepted method of personal verification [4]. Why Use Biometrics? Using biometrics for identifying human beings offers some unique advantages. Biometrics can be used to identify you as you. Tokens, such as smart cards, magnetic stripe cards, photo ID cards, physical keys and so forth, can be lost, stolen, duplicated, or left at home. Passwords can be forgotten, shared, or observed. Moreover, today s fast-paced electronic world means people are asked to remember a multitude of passwords and personal identification numbers for computer accounts, bank ATMs, e-mail accounts, wireless phones [7], websites and so forth. Biometrics holds the promise of fast, easy-to-use, accurate, reliable, and less expensive authentication for a variety of applications [4]. There is no one perfect biometric that fits all needs. Each biometric system has its own advantages and disadvantages. There are, however, some common Chapter 1

16 Summary/Conclusion characteristics needed to make a biometric system usable. First, the biometric must be based upon a distinguishable trait. For example, for over a century, law enforcement has used fingerprints to identify people. There is a great deal of scientific data supporting the idea that no two fingerprints are alike. Technologies such as hand geometry have been used for many years, and technologies such as face or iris recognition have come into widespread use. Some newer biometric methods may be just as accurate, but may require more research to establish their uniqueness [4]. Another key aspect is how user-friendly a system is. The process should be quick and easy, such as having a picture taken by a video camera, speaking into a microphone, or touching a fingerprint scanner. Low cost is important, but most implementers understand that it is not only the initial cost of the sensor or the matching software that is involved. Often, the life cycle support cost of providing system administration and an enrollment operator can overtake the initial cost of the biometric hardware [4]. Finally, the advantage that biometric verification provides is the ability to require more instances of verification in such a quick and easy manner that users are not bothered by the additional requirements. As biometric technologies mature and come into wide commercial use, dealing with multiple levels of verification or multiple instances of verification will become less of a burden for users. Summary/Conclusion Recent advances in biometric technology have resulted in increased accuracy at reduced cost. Biometric technologies are positioning themselves as the foundation for many highly secure identification and personal verification solutions. Today s biometric solutions provide a means to achieve fast, user-friendly verification with a high level of accuracy and cost savings. Many areas will benefit from biometric technologies. Highly secure and trustworthy electronic commerce, for example, will be essential to the healthy growth of the global Internet economy. Many biometric technology providers are already delivering biometric verification for a variety of Web-based and client/server-based applications to meet these and other needs. Continued improvements in technology will bring increased performance at a lower cost [4]. Finally, interest in biometrics is growing substantially. Evidence of the growing acceptance of biometrics is the availability in the marketplace of biometric-based verification solutions that are becoming more accurate, less expensive, faster, and easier to use. The Biometric Consortium, NIST, and

References 17 NSA are supporting this growth. While biometric verification is not a magical solution that solves all authentication concerns, it will make it easier and cheaper for you to use a variety of automated information systems even if you re not a secret agent [4]. References 1. NIST and Biometrics, NIST, 100 Bureau Drive, Stop 1070, Gaithersburg, MD 20899-1070 [US Department of Commerce, 1401 Constitution Avenue, NW, Washington, DC 20230], 2006. 2. About Biometrics, NIST, 100 Bureau Drive, Stop 1070, Gaithersburg, MD 20899-1070 [US Department of Commerce, 1401 Constitution Avenue, NW, Washington, DC 20230], 2006. 3. M1-Biometrics, INCITS Secretariat, c/o Information Technology Industry Council, 1250 Eye Street NW, Suite 200, Washington, DC 20005, 2006. Copyright 2004 Information Technology Industry Council. 4. Fernando L. Podio and Jeffrey S. Dunn. Biometric Authentication Technology: From the Movies to Your Desktop, NIST, 100 Bureau Drive, Stop 1070, Gaithersburg, MD 20899-1070 [US Department of Commerce, 1401 Constitution Avenue, NW, Washington, DC 20230], 2005. 5. John R. Vacca, Identity Theft, Prentice Hall (2002). 6. John R. Vacca, The Essentials Guide to Storage Area Networks, Prentice Hall, Professional Technical Reference, Pearson Education (2001). 7. John R. Vacca, Guide to Wireless Network Security, Springer (2006). 8. John R. Vacca, Holograms: Design, Techniques, and Commercial Applications, Charles River Media (2001). 9. John R. Vacca, Public Key Infrastructure: Building Trusted Applications and Web Services, CRC Press (2005). Chapter 1