This system was developed in November 2010. No use of this material except reference is made please!!
1.1 Introduction to Literature Review
Important highlights and explanations are presented in this topic to properly give an insight of the technology under discussion. It has been sub-sectioned for easy understanding and to differentiate between identification and authentication which are keywords used in this section. Identification which means having a stored biometric and ensuring that a number of user’s biometric match with the template while authentication is to ensure that the user is who they claim to be. Further explanations on these terms are given under appropriate headings. A gradual explanation of the importance to change from knowledge based identification to token based is analysed.
1.2 Biometric Technology
Pons and Polak (2008) discussed biometric technologies in terms of problems such as degradation of biometric features over time, changes in characteristics and biometric threshold values. They added that biometric technology obstacles are based on user acceptance, habits etc., which makes implementation difficult. Bhargav et al (2006) discussed the issues involved with biometric technologies in relation to biometric identification and authentication. Biometric authentication was analysed as developing some inherent features of the collected biometric data, ibid. They further analysed the probabilistic decryption method before matching the results therefore increasing vulnerability of the technology. An expression of the difficulty in revoking changes in biometrics and also its use in a distributed system was highlighted, ibid. It poses the risk of spoofing in a distributed environment. Pons and Polak (2008) identified key factors involved in a successful biometric system. The effect of user acceptance which is an important factor in software engineering is not excluded from this technology. It is a major device to the success of biometric systems coupled with the authentication processes.
1.2.1 Authentication, Identification and Matching
Woodward et al (2003) identified means of reducing the risk of impersonation in biometric which was termed “trial and error”, by reducing the False Accept Rate (FAR) or False Match Rate (FMR). Bolle et al (2000) distinguished between authentication and identification in biometrics using the match rates. They examined the authentication involved as 1:1 match rate which means that the user having registered is who they say they are. While in identification it is a 1: N match rates, being that users try to find out who the actual person is. Where a person P with fingerprint hypothesis testing is Ho should be equal to the inverse of person P for the match rate to be genuine. In some cases, ibid, the similarity may be difficult to decide where the hypothesis testing is decided if the similarity is greater or equal to the stored template, then the hypothesis testing is said to give a false accept. E.g. Ho is true if it is difficult to decide the similarity sim >= T (where T is the test data), then Hi is decided as sim < T. If Ho is true when Hi is true gives a false reject and vice versa gives a false accept, ibid.
In accordance to Woodward et al (2003), Bolle et al (2000) highlighted two components to evaluate performance as the “test data set” and the “matcher”. The characteristics of the matcher being the False Accept Rate (FAR) and the False Reject Rate (FRR) could be identified analytically. Other ways for evaluation authentication were determined thus: by tightening the FAR in order to capture the number of illegitimate matches accepted and at some point the system rejects any further attempts until the right biometric is captured, ibid. In respect to the method determined, Bolle et al (2000) gave a more intrinsic view which has to do with the threshold as being an important parameter in authentication evaluation. FRR and FAR are function of the threshold and the error rates are not reported often (Bolle et al, 2000) instead claims are reported on the system as being 100% effective. The equal error rate of FRR and FAR should be reported at least, ibid, using the Receiver Operating Curve (ROC).
Zhang (2002) further defined the match rates by explaining the three kinds of tasks which take place in a biometric technology: verification (authentication) and identification were defined and in agreement to Woodward et al (2003) and Bolle et al (2000). In addition to the tasks identified, classification is also important, ibid. A simple biometric is taken as an input and the class is identified commonly the Henry classes which is used in finger print identification, usually involves three finger print patterns: the loop, whorl and arch (which is broken down into tented arch or plain arches. The loops are radial or ulna while the whorls are classified into plain, accidental, composite and central pocket loop and double loop whorls, and peacock’s eye. An important advantage with classification is its help in the reduction of the number of entries to be searched in the database which enables a faster match rate. Analysis was made on the distributions of genuine attempt considering the threshold not being able to completely separate the impostor attempts from the genuine attempts, hence an overlap occurs causing an error in the match rate, ibid. The diagram below is used to describe it further.
Match and non-match distributions and Receiver Operating Curve Diagram
(Source: Zhang, 2002)
An analysis was made on commercial systems operating high quality databases having FAR as 10-4 and FRR as 10-2 although FAR may drop below these rates on small systems. In agreement with Zhang (2002) and Bolle et al (2000), threshold is the parameter that can be used to separate match rates and every error should be recorded and FAR plotted against FRR in the ROC. Further explanation was given based on the threshold improvements. The threshold could be tuned to meet up with the application’s requirements, ibid. Although, the FAR and FRR is based on the type of system and application built, low FAR and low FRR can be achieved mostly in high security systems.
1.3 Application of Biometric Technology
Biometric application designs are based on physical or behavioural characteristics. Physical characteristics such as facial features (e.g. iris), finger prints, palm-print, hand geometry, skin pores etc. Behavioural characteristics such as handwritten signature, voice, typing, gait or gesture could also be used (Zhang, 2000).
Zhang (2000) divided biometric applications into four categories namely:
- Personal authentication
- Medical diagnosis (e.g. heart beat)
- Future expectation (e.g. expression or palm reading) and
- Ethnology exploration (ethnicity)
Based on the four categories mentioned and the characteristics a biometric application is designed. The implementation of this application is going to be discussed using the Characteristics.
1.1.1 Finger Print
One of the oldest forms of identification used in the prison world became useful to fight crime in the business world and today, is used for most secure systems.
Dunstone and Yager (2009) explained that finger prints are usually taken and matched against fingerprints held in a database. This explains its biometric nature as described in previous section explaining how the technology works. This technology used for authentication is made possible by the use of special scanners called finger print scanners or readers which gets the image of the finger for matching to be made possible, ibid. A common hardware used in for this technology is optical sensor, ibid. Although, Ratha and Govindaraju (2008) identified that the collection of an appropriate image is due to two factors and are not limited to users and environmental variation. They also identified different ways of capturing a finger print image: optical, capacitive, radio frequency, ultrasound and thermal captures.