University of Padova

Department of Information Engineering - DEI

Biometrics
Introduction

Stefano Bonaldo

Introduction 1
 Identity and authentication

Representations of identity such as PIN/passwords, prevalent in electronic access control,

and cards, prevalent in banking and government applications, cannot be fully trusted to
establish a person identity. Cards can be lost or stolen and passwords can be guessed in
most cases. Further, passwords and cards can be easily shared and so they do not provide
non-repudiation.
The ways a user can be authenticated may be
grouped in three basic categories:
▪ Knowledge factors: something the user knows
and hopefully remembers, e.g. password
▪ Ownership factors: something the user has, e.g.
security token and smartphone
▪ Inherence factors: something the user is or does
→ BIOMETRICS!

Introduction 2
 Biometrics definition

The term BIOMETRICS is originally Greek, “bios” and “metron”, literally meaning
“measurement of life”. In its first meaning, it was defined as a part of biological science
which applies statistical methods and probabilistic formulas to living beings.

In cybersecurity, biometrics refers to authentication techniques that use distinctive

anatomical (e.g., fingerprints, face, iris) and behavioral (e.g., speech) characteristics, called
biometric identifiers or traits, for automatically recognizing individuals. Biometric
identifiers cannot be shared or misplaced, and they intrinsically represent the individual
identity.

Introduction 3
 Why biometrics?

Biometric identifiers cannot be easily misplaced, forged, or shared. They are considered more
reliable for person recognition than traditional token (ID cards) or knowledge-based
(passwords or PIN) methods. The objectives of biometric recognition are:
▪ User convenience: e.g., rapid identity and impossible to forget
▪ Improved security: e.g., only authorized person can access in the facility
▪ Better accountability: e.g., by having accessed records
▪ Higher efficiency: e.g., lower overhead for password maintenance
The recent success of biometric recognition technology, the decreasing cost of sensing
devices, the increasing availability of inexpensive computational power, and the growing
identity fraud/theft have resulted in a general interest in the use of biometric person
recognition in commercial, government, civilian, and financial domains.

Introduction 4
 Biometrics technology market

With biometrics technology, there are reduced frauds and security breaches as compared to traditional
methods such as use of tokens and passwords. A biometrics system uses a reader, related software, and a
database to compare, thus providing a high degree of accuracy and security. The market of biometrics
technology is in continuous growth, in particular the forecast expects a great expansion in:
▪ e-commerce industry for secure
payments
▪ government and private sectors for
employee identification and
attendance
▪ the BFSI sector for securing financial
transactions across the globe
▪ smartphones and tablets, thanks to
the recent increase of integrated
biometrics for authentication and
recognition
▪ multimodal biometrics technology
Introduction 5
 Biometrics market size by region

In 2020, the market size value of biometric technology worldwide was USD 24B with
an estimated growth rate of 19.5% per year in the future.
The major international
markets are North
GrandView Research, Biometrics Market Report, 2019
America, China, and the
UK.
This is not too
surprising, since the US,
China, and UK are
leading the world in
biometric
deployments.

Introduction 6
 Biometrics market by application

The fingerprint scanning is the most widely used biometric authentication technique for the Automated
Fingerprint Identification System (AFIS) and non-AFIS applications. AFIS is primarily used by law enforcement
agencies for criminal identification purposes, the most important of which is the identification of a person
suspected of committing a crime or linking a suspect to other unsolved crimes. Non-AFIS are user-friendly and
more economical as compared to AFIS and are, therefore, widely used in smartphones and laptops.
One of the key users of the fingerprint biometric
technique is the private sector, using it for
attendance and background check of employees.
Iris-based surveillance, identity recognition, and
access controls are projected to become integral
parts of the industry. They are used in
government programs, ATM facilities,
transaction securities, financial institutions, and
military intelligence. A key benefit of Iris
technology is convenience and safety, as the user
does not have to be in physical contact with the
reader.

Introduction 7
 Biometric market during the COVID-19 period

The outbreak of COVID-19 was the key cause for the development and acceptance of contactless
biometric technologies. Institutions and governments are focused on hygiene with the spread of COVID-
19 around the world. Contactless biometrics technology plays a crucial role in verifying personal identities
by providing users with access controls without any physical contact with the scanner
Worldwide governments have adopted
contactless biometric technologies to
respond quickly to the crisis due to
COVID-19. This has increased the
demand for contactless biometrics
technologies among government
agencies for public safety surveillance.
The Contactless Biometrics Technology
Market is expected to reach 18.6 B$ by
2026 with a market growth of 19.1%
per year.
www.cbinsights.com

Introduction 8
 Contactless biometrics during the COVID-19 period

Contactless solutions are helping to enforce social distancing, monitor body temperatures, and
reduce the spread of germs with touch-free applications. For example, contactless fingerprint scans
have been used to verify employees as they clock in at work. Iris and face scans are used in airport
check-ins. Temperature-detecting cameras identify people with fevers in crowded or enclosed spaces.

Introduction 9
 Extending the vision of biometrics: at the edge of
biometrics and biosensors
Biometrics in its definition is used also for biomedical applications through wearable devices that can measure
the biometric data associated to the individual.

Heart rate (RHR), heart rate variability (HRV),

respiratory rate (RR), and sleep architecture. These
physiological measures were normalized to the same
day of the week, 1 wk before vaccination.

The MiRadar 8 by Sakura Tech is a handy size vital sensor

that uses 24GHz and MIMO radar technology. The radar
platform enables contactless sensing even through blankets
and clothing or through a door. The display shows the heart
and respiration rates in real time.

Introduction 10
 Generic structure of a biometric system - I

The generic structure of a biometric system consists of five main modules:

1. Capture module: The biometric raw data is acquired by a sensor, which gives a numerical
representation of the biometric trait.
2. Signal processing module: the raw
data is processed and analyzed in
order to extract an optimized
numerical representation of the
biometric trait, to be stored during
the enrollment phase, or to
facilitate the processing time
during the verification and
identification phases. This module
can have a quality test to control
the captured biometric data.
Introduction 11
 Generic structure of a biometric system - II

4. Storage module: It is used to store biometric templates of the users.

5. Matching module: It is used to
compare the extracted biometric
data to one or more previously
stored biometric templates. The
module therefore determines the
degree of similarity (or
divergence) between two
biometric vectors.
6. Decision module: It is used to
check if the returned index of
similarity is sufficient to
determine the identity of an
individual.
Introduction 12
 The enrollment process

The first required process in a biometric system is the user enrollment, which registers the
traits of individuals in the biometric storage system. The biometric trait of a subject is
captured by a suitable biometric scanner to produce a sample. A quality check is performed
to ensure the quality of the acquired sample. A feature extraction module is then used to
produce a feature set, which is elaborated by the template creation module to produce an
enrollment template. Some systems collect multiple samples of a user and then either
select the best feature set or merge multiple sets to create a composite template.
The enrollment process then
takes the enrollment template
and stores it in the system
storage together with the
demographic information
about the user, e.g., name,
gender, etc.

Introduction 13
 Examples of enrollment process

Fingerprint enrollment at the police Face enrollment when setting the

station to obtain the passport unlock feature with facial recognition

Introduction 14
 Verification or identification biometric systems

When designing a biometric system, it is important to determine how the individual is going
to be recognized. Depending on the application, a biometric system may operate as a
verification system or an identification system.
▪ Verification system. It authenticates a person identity by comparing the captured
biometric characteristic with his/her previously captured (enrolled) biometric reference
template pre-stored in the system. It conducts one-to-one comparison to confirm
whether the claim of identity by the individual is true. A verification system either rejects
or accepts the submitted claim of identity.
▪ Identification system. It recognizes an individual by searching the entire enrollment
template database for a possible match. It conducts one-to-many comparisons to
establish if the individual is present in the database and, if so, returns the matched
identifier of the enrollment reference. In an identification system, the system establishes
a subject’s identity (or determines that the subject is not enrolled in the system
database) without the subject having to claim an identity.
Introduction 15
 The verification process

During a verification process, an identifier of the subject (such as username or PIN) is

provided to claim an identity through a keyboard or a keypad or a proximity card. The
biometric trait is captured and processed to produce a feature set. The resulting feature set is
fed to the matcher, where it is compared against the enrollment template of that subject
(retrieved from the system storage based on the subject’s identifier). The verification process
produces a match/non-match decision.

Introduction 16
 The identification process

During an identification process, the subject identity is unknown, and the feature set of the
captured biometric sample is compared against the templates saved in the storage. The output
is the subject identifier. A “not identified” output is generated if no match is found, or a list of
candidates is generated when multiple enrollment templates match the subject feature set. As
the identification in large databases is computationally expensive, a pre-selection stage is often
used to filter the number of enrollment templates to be compared with the input feature set.

Introduction 17
 Examples of verification and identification systems

Pool
When travelling to Extra-UE countries, you must have a
passport. Moreover, you may need to pass through facial
recognition at the immigration.
A facial scanner used at the immigration is considered a:
a) Verification system
b) Identification system

Introduction 18
 Biometric passports

A biometric passport, also known as e-passport or digital passport,

has an embedded electronic microprocessor contains biometric
information that can be used to authenticate the identity of the
passport holder. It uses contactless smart card technology, including
a microprocessor chip and antenna for both power the chip and
communication. The chip is embedded in the front or back cover. The
critical information is printed on the data page of the passport,
repeated on the machine readable lines and stored in the chip (32
kilobytes of EEPROM storage memory). Public key
infrastructure (PKI) is used to authenticate the data stored
electronically in the passport chip, making it expensive and difficult
to forge when all security mechanisms are fully and correctly
implemented.

Introduction 19
 Examples of verification and identification systems

Pool

Personal smartphones contains high number

of sensors, among which biometric sensors
that can be used to unlock smartphone, e. g.
by fingerprint, face recognition.

The fingerprint recognition used to unlock

your personal smartphone is based on:
a) Verification system
b) Identification system
c) Both of them

Introduction 20
 Examples of verification and identification systems

Pool
Let’s suppose to take a photo of yourself
with the camera of your smartphone and
publish it on a social network, i.e.
Facebook.

The automatic tag system is considered a:

a) Verification system
b) Identification system
c) Both of them

Introduction 21
 Examples of verification and identification systems

Automotive

Some recent models of cars or some prototipes have

integrated a face/fingerprint recognition system to unlock
and start he car, or automatically set the driver seat.

A fingerprint scanner used in the automotive sector is

considered a:
a) Verification system
b) Identification system

Introduction 22
 Examples of verification and identification systems

Biometric passport Forensic fingerprint

in crime scene

Verification Identification
systems systems
Automotive
Smartphones

Introduction 23
 Online and offline biometric systems

Depending on the application, a biometric system works either as an online system or an

off-line system.
In on-line systems, the recognition is performed quickly as an immediate response is
required, e.g., a computer network logon application. On-line systems are often fully
automatic. They require that biometric characteristics are captured using a live-scan
scanner, the enrollment process be unattended, there be no (manual) quality control, and
the matching and decision making be fully automatic.
In off-line systems, a relatively long response delay is allowed, e.g., background check of an
applicant. Off-line systems are often semi-automatic, where the biometric acquisition could
be through an offline scanner (e.g., scanning a fingerprint image from a latent or inked
fingerprint card), the enrollment may be supervised (e.g., when a suspect is “booked,” a
police officer guides the fingerprint acquisition process), a manual check may be performed
to ensure good quality acquisition, and the matcher may return a list of candidates, which
are then manually examined by a forensic expert to get a final decision.
Introduction 24