Biometrics FAQ
BIOIDENTIFICATION
Permanent
address: urn:nbn:de:0125-2008070901
Frequently Asked Questions
Last
Change: 2008-09-12
Biometrics
Deutsch
English
Biometrics
Fingerprint
Background
Implementation
Performance
Security
Keywords
Publications
Links
Author
This FAQ
has been adapted to the ISO/IEC "Harmonized Biometric
Vocabulary".
Background
Basic
Terms
What
is biometrics?
extended
(ISO/IEC)
What
is biometric recognition?
changed
(ISO/IEC)
What
is a biometric characteristic?
new
(ISO/IEC)
What
is a biometric sample?
new
(ISO/IEC)
What
are biometric features?
new
(ISO/IEC)
What
is a biometric reference?
new
(ISO/IEC)
What
is a biometric template?
new
(ISO/IEC)
What
is enrolment?
new
(ISO/IEC)
How
does biometric recognition work?
new
(ISO/IEC)
Biometric
Characteristics
What
are the requirements for a biometric characteristic?
changed
(ISO/IEC)
What
are the most well known biometric characteristics?
changed
(ISO/IEC)
What
factors contribute to a biometric characteristic's development?
footnote
corrected
How
does the manner of formation influence the usefulness of biometric characteristics?
changed
(ISO/IEC)
How
does one recognize randotypic characteristics?
changed
(ISO/IEC)
Which
biometric characteristics are most constant over time?
changed
(ISO/IEC)
Which
biometric characteristics are most suitable for recognition purposes?
changed
(ISO/IEC)
Authentication
What
is authentication, identification, and verification?
new
What
is biometric authentication?
new
What
are the fundamental methods of authentication?
changed
(ISO/IEC)
What
are the advantages of biometric systems for authentication?
changed
(ISO/IEC)
What
are the characteristics of the various authentication methods?
changed
(ISO/IEC)
What
is the difference between biometric identification and biometric verification?
corrected
(thanks, Dias!)
What
are the advantages of biometric verification over biometric identification?
changed
(ISO/IEC)
What
is the difference between positive and negative identification?
changed
(ISO/IEC)
What
are the main uses of biometric identification and biometric verification?
changed
(ISO/IEC)
Standardization
Which
organizations attend to standardizing biometric systems?
Which
biometric standards are available now?
updated
2008-09-12
Is
there any standard for biometric terms?
new
(ISO/IEC)
Implementation
What
capturess biometric characteristics?
changed
(ISO/IEC)
What
makes up a biometric authentication system?
changed
(ISO/IEC)
What
computation speeds are required by a biometric authentication system?
changed
(ISO/IEC)
How
do enrolment and biometric authentication work?
changed
(ISO/IEC)
What
are the advantages of using a combination of chip card and biometrics?
changed
(ISO/IEC)
What
is "Template on Card"?
changed
(ISO/IEC)
How
may a PC access control with "Template on Card" look like?
changed
(ISO/IEC)
What
is "Matcher on Card"?
changed
(ISO/IEC)
What
are the features of Matcher on Card?
changed
(ISO/IEC)
Performance
Definitions
Which
measures reflect the effectiveness of a biometric authentication system?
changed
How
is the Failure-to-Enrol rate (FER/FTE) defined in detail?
changed
What
needs to be considered in the definition of FRR?
changed
How
is FRR defined in detail?
changed
What
needs to be considered in the definition of FAR?
changed
How
is FAR defined in detail?
changed
Performance
Determination (for Specialists)
How
is the probability distribution function measured for a biometric system's
authorized and unauthorized users?
changed
How
do the FAR/FRR paired graphs affect a biometric system?
changed
How
does one determine the "Receiver Operating Characteristic" (ROC) of a biometric
system?
changed
How
does a transition from verification to identification affect the FAR?
changed
How
does a transition from verification to identification affect the FRR?
changed
How
is the False Identification Rate (FIR) calculated?
changed
When
are FAR and FRR values statistically significant?
changed
What
is essential when comparing the ROC performance of biometric systems?
changed
What
does separability of a biometric system mean?
changed
Practical
Hints
What
does one need to be aware of regarding the FAR/FRR?
changed
Is
a biometric system's performance dependent upon the user?
changed
Is
Failure to Enrol a typical problem for biometric systems?
changed
How
are the FAR and FRR minimized in a biometric system?
changed
Is
the Equal Error Rate a robust measure for system performance?
new
Security
What
does security mean for an authentication system?
changed
What
is compromisation of a biometric characteristic?
revised
Is
the compromisation of biometric characteristics a problem?
clarified
What
can be done against compromisation of one's biometric characteristics?
revised
What
must be observed with respect to security when dealing with "Template on
Card"?
changed
Is
biometrics a privacy-enhancing or a privacy-threatening technology?
changed
Is
biometrics more "secure" than passwords?
changed
Keyword search
Accuracy
Data security
genotypic
Password
Tablet
Authentication
Data
circulation
Performance
TeleTrust
Authentication
methods
DNA
Hand geometry
Permanence
Template
Authentication systems
Phenotypic
Theft
Availability
Ear form
Identification
Property
EER
Iris
BioAPI
Enrolment
Randotypic
Universality
Biometrics
Keystrokes
Recognition
Uniqueness
Keyboard
Reference Features
User friendliness
Camera
Facial Geometry
Knowledge
Retina
Changeability
False Acceptance
Rate
ROC
Vein structure
CBEFF
False Rejection
Rate
Loss
Verification
Chemical sensors
FAR
Voice
Chip card
Features, biometric
Matcher
Comfort
FER
Measurability
Score
Compromisation
Finger geometry
Measuring
Sensor
Computation
speeds
Fingerprint
Security
FIR
Significance
Conditioning
FNMR
NIST
Signature (dynamic)
Copying
FMR
Standardization
Costs
FRR
Odor
FTA
FTE (Failure to
Enrol)
If looking for further keywords, press "Control
+ F" then enter the desired keyword.
What
is biometrics?
(1) General:
Biometrics is the science of measuring physical properties of living beings.
(2) ISO/IEC:
Biometrics is the automated recognition of individuals based on their behavioral
and biological characteristics.
What
is biometric recognition?
By measuring
an individual's suitable behavioral and biological characteristics in a
recognition inquiry and comparing these data with the biometric reference
data which had been stored during a learning procedure, the identity of
a specific user is determined.
What
is a biometric characteristic?
A biometric
characteristic is biological or behavioural property of an individual that
can be measured and from which distinguishing, repeatable biometric features
can be extracted for the purpose of automated recognition of individuals.
Example:
face.
What
is a biometric sample?
A biometric
sample is the analog or digital representation of biometric characteristics
prior to the biometric feature extraction process and obtained from a biometric
capture device or a biometric capture subsystem. Example: electronic
face photograph.
A biometric sample
usually is delivered from a sensor, the main component of a biometric capture
device. Generally, the biometric sample, often called raw data,
comprises more information than is necessary for recognition. In many cases,
the biometric sample is a direct image of the biometric characteristic
such as a photograph.
What
are biometric features?
Biometric
features are information extracted from biometric samples which can be
used for comparison with a biometric reference.
Example: characteristic
measures extracted from a face photograph such as eye distance or nose
size etc.
The aim of the extraction
of biometric features from a biometric sample is to remove any superfluous
information which does not contribute to biometric recognition. This enables
a fast comparison, an improved biometric performance, and may have privacy
advantages.
What
is a biometric reference?
A biometric
reference comprises one or more stored biometric samples, biometric templates,
or biometric models attributed to a biometric data subject which can be
used for comparison.
Stored biometric
features are called a biometric template. A biometric model is a stored
function (dependent on the biometric data subject) generated from biometric
features which is applied to the biometric features of a recognition biometric
sample during a comparison to give a comparison result.
What
is a biometric template?
A biometric
template is a special case of a biometric reference, where biometric features
have been stored for the purpose of a comparison. (The comparison is done
during the recognition process between the stored biometric template and
the actual biometric features which have been extracted from the biometric
data coming from the biometric capture device resp. sensor.)
What
is enrolment?
To be able
to recognize a person by their biometric characteristics and the derived
biometric features, first a learning phase must take place. The procedure
is called enrolment and comprehends the creation of an enrolment data record
of the biometric data subject (the person to be enroled) and to store it
in a biometric enrolment database. The enrolment data record comprises
one or multiple biometric references and arbitray non-biometric data such
as a name or a personnel number.
Biometric
sample
Biometric
features
Biometric
characteristic
Biometric
capture device
Biometric
feature extraction
Biometric
enrolment database
Typical
internal enrolment process
How
does biometric recognition work?
For the
purpose of recognition, the biometric data subject (the person to be recognized)
presents his or her biometric characteristic to the biometric capture device
which generates a recognition biometric sample from it. From the recognition
biometric sample the biometric feature extraction creates biometric features
which are compared with one or multiple biometric templates from the biometric
enrolment database. Due to the statistical nature of biometric samples
there is generally no exact match possible. For that reason, the decision
process will only assign the biometric data subject to a biometric template
and confirm recognition if the comparison score exceeds an adjustable threshold.
Biometric
sample
Biometric
features
Biometric
characteristic
Biometric
capture device
Biometric
feature extraction
Comparison
& decision
Biometric
enrolment database
Biometric
templates
Typical
biometric recognition system
What
are the requirements for a biometric characteristic?
In the development
of biometric identification systems, physical and behavioral characteristics
for recognition are required
which dispose of biometric
features which are as unique as possible, i.e., which do not reappear at
any other person: Uniqueness
which occur in as many
people as possible: Universality
whose biometric features
don't change over time:
Permanence
which are measurable
with simple technical instruments:
Measurability
which are easy and comfortable
to measure: User friendliness
What
are the most well known biometric characteristics?
Biometric
characteristic
Description of the
features
Fingerprint
Finger lines, pore structure
Signature
(dynamic)
Writing with pressure and
speed differentials
Facial
geometry
Distance of specific facial
features (eyes, nose, mouth)
Iris
Iris pattern
Retina
Eye background (pattern
of the vein structure)
Hand geometry
Measurement of fingers and
palm
Finger
geometry
Finger measurement
Vein structure
of hand
Vein structure of the back
or palm of the hand or a finger
Ear form
Dimensions of the visible
ear
Voice
Tone or timbre
DNA
DNA code as the carrier
of human hereditary
Odor
Chemical composition of
the one's odor
Keyboard
strokes
Rhythm of keyboard strokes
(PC or other keyboard)
What
factors contribute to a biometric characteristic's development?
Biometric
characteristics develop:
through genetics: genotypic
through random variations
in the early phases of an embryo's development: randotypic (often
called phenotypic)
or through training:
behavioral
As a rule, all three
factors contribute to a biometric characteristic's development, although
to varying degrees. The following table rates the relative importance
of each factor (o is small, ooo is large):
Biometric characteristic
genotypic*
randotypic*
behavioral**
Fingerprint
(only minutia)
o
ooo
o
Signature
(dynamic)
oo
o
ooo
Facial
geometry
ooo
o
o
Iris pattern
o
ooo
o
Retina
(Vein structure)
o
ooo
o
Hand geometry
ooo
o
o
Finger
geometry
ooo
o
o
Vein structure
of the hand
o
ooo
o
Ear form
ooo
o
o
Voice
(Tone)
ooo
o
oo
DNA
ooo
o
o
Odor
ooo
o
o
Keyboard
Strokes
o
o
ooo
Comparison:
Password
(ooo)
*Randotypic
patterns often show genotypic traits in their overall structure.
These genotypic traits may disappear with increasing refinement (e.g.,
development of branches on a tree).
**Most
implementations react to learn effects to various degrees, and therefore
do have behavioral contributions which cannot be neglected.
How
does the manner of formation influence the usefulness of biometric characteristics?
Even though
the type of developmental factor does not solely determine a biometric
characteristic's usefulness, there are a few things to take into account:
pure genotypic characteristics
can't differentiate between monozygotic (identical) twins or clones
purely behavioral characteristics
are, by definition, easiest to imitate
behavioral characteristics
are strongly affected by external influences and the disposition of the
user
normally for identification
purposes, randotypic contributions are essential due to their necessity
for creating absolute uniqueness
How
does one recognize randotypic characteristics?
The following
must be considered:
Even monozygotic twins
have obviously differing randotypic characteristics.
As a rule of thumb,
random variations do NOT follow bodily symmetry. For example, the
right and left iris have different details, and are not mirror symmetrical
to each other.
Which
biometric characteristics are most constant over time?
Reasons
for variation over time:
Growth
Wear and tear
Aging
Dirt and grime
Injury and subsequent
regeneration
etc.
Biometric characteristics,
which are minimally affected by such variation are preferred. The
degree to which this is possible is shown in the following table.
Easily changed effects such as dirt and quickly healing injuries such as
an abrasion, are not taken into consideration.
Biometric characteristic
Permanence over time
Fingerprint
(Minutia)
oooooo
Signature
(dynamic)
oooo
Facial
structure
ooooo
Iris pattern
ooooooooo
Retina
oooooooo
Hand geometry
ooooooo
Finger
geometry
ooooooo
Vein structure
of the hand
oooooo
Ear form
oooooo
Voice
(Tone)
ooo
DNA
ooooooooo
Odor
oooooo?
Keyboard
strokes
oooo
Comparison:
Password
ooooo
Which
biometric characteristics are most suitable for recognition purposes?
Prior to
comparing the relative worth of different biometric characteristics, we
must define the appropriate criteria to be used. For these purposes,
we will use four categories:
Comfort: duration
of verification and the ease of use
Accuracy: minimal
error rates (clarity, consistency, measurability)
Availability: the
portion of a potential user group who can use biometrics for technical
recognition purposes (universal, measurable)
Costs: essentially
due to the biometric capture device incl. sensors.
Note that some of the
following ratings are based on current versions (status: March 2000) which
could change drastically with new solutions.
Biometric characteristic
Comfort
Accuracy
Availability
Costs
Fingerprint
ooooooo
ooooooo
oooo
ooo
Signature
(dynamic)
ooo
oooo
ooooo
oooo
Facial
geometry
ooooooooo
oooo
ooooooo
ooooo
Iris
oooooooo
ooooooooo
oooooooo
oooooooo
Retina
oooooo
oooooooo
ooooo
ooooooo
Hand geometry
oooooo
ooooo
oooooo
ooooo
Finger
geometry
ooooooo
ooo
ooooooo
oooo
Vein Structure
of the hand
oooooo
oooooo
oooooo
ooooo
Ear form
ooooo
oooo
ooooooo
ooooo
Voice
oooo
oo
ooo
oo
DNA
o
ooooooo
ooooooooo
ooooooooo
Odor
?
oo
ooooooo
?
Keyboard
strokes
oooo
o
oo
o
Comparison:
Password
ooooo
oo
oooooooo
o
green = best
red
= worst
As one can
see, determining an 'optimal' biometric characteristic is hardly possible.
For biometric characteristics ranking high in accuracy, fingerprints currently
have the lowest costs. The iris rates high in all categories, unfortunately
including cost. If the costs would sink significantly, the iris would
be ideal. DNA loses points in accuracy, because it can't differentiate
between monozygotic twins today.
What
is authentication, identification, and verification?
Here we define authentication
as the process of determining the identity of a person and confirming his
or her authenticity.
In multi-user systems, authentication regularly
accomplishes an identification and a verification. The identification
part confirms that the identity, usually given by a unique identifier
such as a user name, is known to the system. If identification was
successful, in a next step the identity is verified using a verifier
such as something like a secret, shared between the person to be authenticated
and the authenticating system.
Usually, identifiers are considered as
public whereas verifiers are secrets like a key pattern or a password.
Authentication often is combined with authorization.
Authorization is the process of assigning certain rights or permissions
to a person.
What
is biometric authentication?
Authentication may take advantage
of biometrics by using a biometric characteristic as identifier or as verifier.
When using biometrics as an identifier, uniqueness (very low FAR)
is an essential requirement especially for large user numbers. When using
biometrics as a verifier, the biometric characteristic may be either viewed
as a secret or as public. In the latter case, it is essential that a fake
detection is provided against mechanical copies of the biometric characteristic.
What
are the fundamental methods of authentication?
Biometrics
"Who
I am"
Biometrics
uses nature's oldest system to identify people -- via unforgettable and
unchanging physical characteristics. From time immemorial, humans
have had to perform recognition tasks themselves. Today, technology
is advanced enough to assist us or even relieve us of recognition tasks.
Secret Knowledge
"What
I know"
Here authentication
takes the form of secret PINs and passwords, which the user has to keep
track of. The person to be authenticated has to share the secret knowledge
with the authenticator. Previously, this was the simplest method of authentication
for machines. Secret knowledge can be applied also where several
persons have to be authenticated in a simple way without distinction.
Personal Possession
"What
I have"
Examples
for authentication are having a key, ID card, passport (with or without
a chip), or more generally a token, which allows entrance, for example,
into a private room. Essential for this method is the existence of secret
features which are to be shared between token and the authenticator (or
at least the inability to get the token copied combined with a copy detection).
Combination Systems
For security
reasons, often two or all three of the above methods are combined, e.g.,
a bank card with a PIN. Only combined systems are able to fulfill the requirements
of "strong" authentication.
What
are the advantages of biometric systems for authentication?
Advancing
automation and the development of new technological systems, such as the
internet and cellular phones, have led users to more frequent use of technical
means rather than human beings in receiving authentication. Personal
identification has taken the form of secret passwords and PINs. Everyday
examples requiring a password include the ATM, the cellular phone, or internet
access on a personal computer. In order that a password cannot be guessed,
it should be as long as possible, not appear in a dictionary, and include
special symbols such as +, -, %, or #. Moreover, for security purposes,
a password should never be written down, never be given to another person,
and should be changed at least every three months. When one considers
that many people today need up to 30 passwords, most of which are rarely
used, and that the expense and annoyance of a forgotten password is enormous,
it is clear that users are forced to sacrifice security due to memory limitations.
While the password is very machine friendly, it is far from user-friendly.
There is a solution
that returns to the ways of nature. In order to identify an individual,
humans differentiate between physical characteristics such as facial structure
or sound of the voice. Biometrics, as the science of measuring and
compiling distinguishing physical characteristics, now recognizes many
further features as ideal for the definite identification of even an identical
twin. Examples include a fingerprint, the iris, and vein structure.
In order to perform recognition tasks at the level of the human brain (assuming
that the brain would only use one single biometric charactreistic), 100
million computations per second are required. Only recently have
standard PCs reached this speed, and at the same time, the sensors required
to measure characteristics are becoming cheaper and cheaper. Therefore,
the time has come to complement the password with a more user friendly
solution - biometric authentication.
What
are the characteristics of the various authentication methods?
Secret Knowledge
Personal Possession
Biometrics
Examples
Password, PIN
Key, ID card/ pass
Fingerprint, Face, DNA
Copied
"Software"
easy to very difficult*
easy to difficult*
Lost
"forgotten"
easy
very difficult
Stolen
spied
possible
difficult
Circulated
easy
easy
easy to difficult
Changed
easy
easy
easy to very difficult
*also
depends on the quality of a copy detection within the authenticator
What
is the difference between biometric identification and biometric verification?
In a biometric
identification,
the recognition biometric features are compared to many or all biometric
references stored in the system.
In a biometric verification,
the recognition biometric features are only compared to one
biometric
reference stored in the system.
If a system has only
one saved biometric reference, identification is similar to verification.
Otherwise, biometric verification is a limit case of biometric identification.
What
are the advantages of biometric verification over biometric identification?
Biometric verification
is much faster than biometric identification
when the number of biometric references
is very high.
Biometric verification
shows a better biometric performance than biometric
identification when the number of biometric
references is very high.
What
is the difference between positive and negative identification?
In a positive identification the
user is interested to be identified, in the negative case the user tries
to avoid successful identification. For example, the thief is not interested
in being identified by comparing the latent prints from the scene of crime
with his fingerprints. This is a negative identification. If I am authorized
to get access to my office, I am strongly interested to be identified,
e.g., by iris recognition. This is a positive identification.
The main impact of positive versus negative
identification regards user cooperation. In the negative case the user
is not willing to cooperate (even if he is "innocent") at the stage of
feature acquisition. Therefore, a negative identification often needs observation.
Even the sensor may be affected by the type of identification: For example,
negative fingerprint identification needs full size sensors and ten-print
treatment at least for the enrolment process.
What
are the main uses of biometric identification and biometric verification?
Fighting
Crime
Comparing evidence from
a crime scene with previously or subsequently recorded biometric
data
Examples: fingerprint,
DNA
Security
Authentication for computer,
network, and physical access and rights management
Example: logon to PCs
by user name and smartcard
Comfort
Identifying a person
and changing personal settings accordingly
For example, setting
the seat, mirrors, etc. in a multi-user car by facial recognition
Which
organizations attend to standardizing biometric systems?
ISO/IEC JTC1 SC 37 (world)
DIN NI-37 (Germany)
Which
biometric standards are available now?
At the moment,
biometric standardization is still in progress. Finalized projects with
IS status (International Standard) are shown in bold. Among the topics
treated at ISO SC 37 are (status 2008-09-12):
Working number
Titel
19784-1
Biometric
Application Programming Interface Part 1: The BioAPI Specification
19784-2
Biometric
Application Programming Interface Part 2: Biometric Archive Function Provider
Interface
19784-3
Biometric
Application Programming Interface Part 3: BioAPI Lite
19784-4
Biometric
Application Programming Interface Part 4: Biometric Sensor Function Provider
Interface.
19785-1
Common
Biometric Exchange Framework Format - Part 1: Data Element Specification
19785-2
Common
Biometric Exchange Framework Format - Part 2: Procedures for the operation
of the biometric registration authority
19785-3
Common
Biometric Exchange Framework Format - Part 3: Patron Format Specification
19785-4
Common
Biometric Exchange Framework Format - Part 4: Security Block Format Specification
19794-1
Biometric
data interchange formats Part 1: Framework
19794-2
Biometric
data interchange formats Part 2: Finger Minutiae Data
19794-3
Biometric
data interchange formats Part 3: Finger Pattern Spectral Data
19794-4
Biometric
data interchange formats Part 4: Finger Image Data
19794-5
Biometric
data interchange formats Part 5: Face Image Data
19794-6
Biometric
data interchange formats Part 6: Iris Image Data
19794-7
Biometric
data interchange formats Part 7: Signature/Sign Time Series Data
19794-8
Biometric
data interchange formats Part 8: Finger Pattern Skeletal Data
19794-9
Biometric
data interchange formats Part 9: Vascular Biometric Image Data
19794-10
Biometric
data interchange formats Part 10: Hand Geometry Silhouette Data
19794-11
Biometric
data interchange formats Part 11: Signature/Sign Processed Dynamic Data
19794-12
Biometric
data interchange formats Part 12: Face Identity Data
19794-13
Biometric
data interchange formats Part 13: Voice Data
19794-14
Biometric
data interchange formats Part 14: DNA Data
19795-1
Biometric
Performance Testing and Reporting - Part 1: Principles and Framework
19795-2
Biometric
Performance Testing and Reporting - Part 2: Testing Methodologies for Technology
and Scenario Testing
19795-3
Biometric
Performance Testing and Reporting - Part 3: Modality-Specific Testing
19795-4
Biometric
Performance Testing and Reporting - Part 4: Interoperability Performance
Testing
19795-5
Biometric
Performance Testing and Reporting - Part 5: Scenario Evaluation of Biometric
Access Control Systems
19795-6
Biometric
Performance Testing and Reporting - Part 6: Testing Methodologies for Operational
Evaluation
19795-7
Biometric
Performance Testing and Reporting - Part 7: Testing of ISO/IEC 7816-based
Verification Algorithms
24708
Biometric
Interworking Protocol (BIP)
24709-1
BioAPI
Conformance Testing Part 1: Methods and Procedures
24709-2
BioAPI
Conformance Testing Part 2: Test Assertions for Biometric Service Providers
24709-3
BioAPI
Conformance Testing Part 3: Test Assertions for BioAPI Frameworks
24709-4
BioAPI
Conformance Testing Part 4: Test Assertions for Biometric Applications
24713-1
Biometric
Profiles for Interoperability and Data Interchange - Part 1: Overview of
biometric systems and
biometric profiles
24713-2
Biometric
Profiles for Interoperability and Data Interchange - Part 2: Physical Access
Control for Employees at Airports
24713-3
Biometric
Profiles for Interoperability and Data Interchange - Part 3: Biometric-Based
Verification and Identification of Seafarers
24714-1
Technical
Report on Cross-Jurisdictional and Societal Aspects of Implementation of
Biometric Technologies - Part 1: Guide to the Accessibility, Privacy, and
Health and Safety Issues in the Deployment of Biometric Systems for Commercial
Application
24714-2
Technical
Report on Cross-Jurisdictional and Societal Aspects of Implementation of
Biometric Technologies - Part 2: Practical Application to Specific Contexts
24722
Technical
Report on Multi-Modal and Other Multi-Biometric Fusion
24741
Technical
Report For a Biometric Tutorial
24745
Biometric
template protection
24779-1
Cross-Jurisdictional
and Societal Aspects of Implementation of Biometric Technologies - Pictograms,
Icons and Symbols for Use with Biometric Systems - Part 1
24779-2
Cross-Jurisdictional
and Societal Aspects of Implementation of Biometric Technologies - Pictograms,
Icons and Symbols for Use with Biometric Systems Part 2: Fingerprint
applications
29109-1
Conformance
Testing Methodology for Biometric Data Interchange Records as defined in
ISO/IEC 19794 Biometric Data Interchange Format Standard - Part 1: Generalized
Conformance Testing Methodology
29109-2
Conformance
Testing Methodology for Biometric Data Interchange Records as defined in
ISO/IEC 19794 Biometric Data Interchange Format Standard - Part 2: Finger
Minutiae Data
29109-4
Conformance
Testing Methodology for Biometric Data Interchange Records as defined in
ISO/IEC 19794 Biometric Data Interchange Format Standard - Part 4: Finger
Image Data
29109-5
Conformance
Testing Methodology for Biometric Data Interchange Records as defined in
ISO/IEC 19794 Biometric Data Interchange Format Standard - Part 5: Face
Image Data
29109-6
Conformance
Testing Methodology for Biometric Data Interchange Records as defined in
ISO/IEC 19794 Biometric Data Interchange Format Standard - Part 6: Iris
Image Data
29109-7
Conformance
Testing Methodology for Biometric Data Interchange Records as defined in
ISO/IEC 19794 Biometric Data Interchange Format Standard - Part 7: Signature/Sign
Series Data
29109-8
Conformance
Testing Methodology for Biometric Data Interchange Records as defined in
ISO/IEC 19794 Biometric Data Interchange Format Standard - Part 8: Finger
Pattern Skeletal Data
29109-9
Conformance
Testing Methodology for Biometric Data Interchange Records as defined in
ISO/IEC 19794 Biometric Data Interchange Format Standard - Part 9: Vascular
image data
29109-10
Conformance
Testing Methodology for Biometric Data Interchange Records as defined in
ISO/IEC 19794 Biometric Data Interchange Format Standard - Part 10: Hand
Geometry Silhouette Data
29109-13
Conformance
Testing Methodology for Biometric Data Interchange Records as defined in
ISO/IEC 19794 Biometric Data Interchange Format Standard - Part 13: Voice
Data
29109-14
Conformance
Testing Methodology for Biometric Data Interchange Records as defined in
ISO/IEC 19794 Biometric Data Interchange Format Standard - Part 14: DNA
Data
29120-1
Machine
readable test data for biometric testing and reporting
29129
Tenprint
Capture Using BioAPI
29159-1
Biometric
Calibration and Augmentation Data - Part 1: Fusion Information Format
29164
BioAPI
Lite
29794-1
Biometric
Sample Quality Standard Part 1: Framework
29794-4
Biometric
Sample Quality Standard Part 4: Finger Image
29794-5
Biometric
Sample Quality Standard Part 5: Face Image
Is
there any standard for biometric terms?
No. But within working group 1
of ISO/IEC JTC 1 SC37 currently a document called "Harmonized Biometric
Vocabulary" is being prepared. An intermediate version of this vocabulary
which is occasionally updated will be found under Information
Sources. For translations the national bodies are responsible.
What
captures biometric characteristics?
For recording
and converting biometric characteristics
to usable computer data, one needs a biometric
capture device with an appropriate sensor
(see table). Of course, costs can greatly vary for different sensors.
However, we can't forget that many technical devices already have sensors
built in, and therefore, offer possibilities to measure biometric
characteristics nearly free of cost.
Biometric characteristic
Sensor
Fingerprint
(Minutia)
capacitive,
optic, thermal, acoustic, pressure sensitive
Signature
(dynamic)
Tablet
Facial
Structure
Camera
Iris pattern
Camera
Retina
Camera
Hand geometry
Camera
Finger
geometry
Camera
Vein structure
of the the hand
Camera (infrared)
Ear form
Camera
Voice
(Timbre)
Microphone
DNA
Chemical Lab
Odor
Chemical sensors
Keyboard
Strokes
Keyboard
Comparison:
Password
Keyboard
What
makes up a biometric authentication system?
A basic
biometric system is made up of:
a sensor to capture
the biometric characteristic
a computer unit to process
and eventually save the biometric data
an application, for
which the user's authentication is necessary
In detail, the
processing unit comprises (see also biometric recognition)
a "feature extraction
unit" which filters the uniqueness data out of the raw data coming from
the sensor (called biometric sample)
and combines them into the biometric feature,
a "comparator" which
compares the biometric features
with the biometric reference
and delivers a "score"
value as result,
and a "decision unit"
which takes the score
value (or values) as well as the threshold to derive a two-valued decision
(authorized or non-authorized).
What
computation speeds are required by a biometric authentication system?
Generally,
computation speeds adequate for pattern recognition [Wikipedia]
are required. This is about 100 million operations per second, which
have been attained by affordable hardware (PC, DSP [Wikipedia])
since about 1998.
How
do enrolment and biometric authentication work?
A prerequisite
for authentication is enrolment,
in which the biometric features
are saved as a personal reference either decentrally on a chip card or
PC, or centrally in a data base. Since the quality of the enrolment
essentially determines the performance of the authentication, it must be
implemented carefully. It is obvious that enrolment
must take place in a trustworthy environment.
During an authentication,
a new scanning of the biometric characteristic
is required. This time it is not saved; instead, it is compared to
the biometric reference(s).
If the comparison shows sufficient similarity, for example, access to the
appropriate applications can be granted.
Most biometric systems
show the following procedure in detail:
Capturing a data set
(e.g., image or sound, called biometric sample)
which includes the biometric features
to be extracted using an appropriate biometric
capture device incl. the sensor
Examination of the data
quality; if it is insufficient, the data are rejected immediately or appropriate
user guidance is given how to improve the quality
Extraction of the desired
biometric
features from the biometric
sample
For enrolment: Storage
of the biometric features
as a biometric reference
in the "reference archive"
For authentication:
Comparison of the actual (request) biometric
features with the biometric
reference using a "comparator" and generation
of a score value which determines the degree of coincidence
For authentication:
Exceeds the score value a predetermined threshold, access is granted, otherwise
the request is rejected
What
are the advantages of using a combination of chip card and biometrics?
In authentication,
possession of a chip card combined with biometric methods may further increase
reliability. Not only are biometric
references saved on the chip card, but also
identity data of the user. For authentication, chip card plus capturing
of the biometric characteristic
is required. The following advantages result:
entry of a user ID via
keypad is unnecessary
no central data base
storing references is necessary
compromisation of the
biometric
characteristic without the possession of the
card is not critical
when using a chip card
with an integrated crypto processor and biometric comparator, systems allowing
possible compromisation by decrypting a readout are rendered nearly impossible.
if a normal chip card
is stolen, it may be blocked and a new card issued. With a crypto
card on the other hand, only the saved, non displayed secret key must be
changed.
Still higher protection
is achieved when using a crypto card which integrates biometric sensors
in the card. This offers more effective protection against input
of compromised data records, as this sensor cannot be externally intercepted
when it is the only interface for the input of biometric data. Today's
chip cards, however, don't yet offer the computational power required to
extract the biometric sample's data directly on the card.
What
is "Template on Card"?
Regarding
"Template on Card", a chip card stores the extracted biometric
template as biometric
reference electronically. There are different
ways of realization:
The chip card is a simple
memory card, the storage is done without encryption
same as 1., however
with encrypted template
The chip card is a processing
card (and offers secret storage capabilities)
The chip card is a processing
card with cryptographic functions
These possibilities
fulfill increasing security requirements with increasing order. In all
cases it must be noticed the communication partners of the chip card codetermine
the security of the whole system.
How
may a PC access control with "Template on Card" look like?
We consider the following implementation
possibilities:
The chip card is a pure memory card, storage
is unencrypted
During enrolment, a PC connected to a biometric
sensor extracts the biometric features, and subsequently stores them as
biometric reference on chip card. At verification, the access seeker inserts
her chip card into the chip card reader and then her biometric characteristic
is again scanned. The scanned biometric characteristic is then compared
to the reference stored on the chip card at the PC. If the comparison exceeds
a certain level of similarity, full clearance is
granted to the network by sending the decrypted password (which is stored
on the PC encrypted) from the PC to the server.
The chip card is a pure memory card, storage
is encrypted.
See above. Additionally, however, decryption
of the reference from the card is done on the PC or better yet on the server
with a securely stored key. Alternatively, the comparison process should
likewise occur on the server. Thereby, the current extracted biometric
features are transmitted securely from the PC to the server.
The chip card is a processor card (smart
card) with crypto function
The communication partners of the crypto card
are a PC, a biometric sensor and a protected server. During a log-on trial,
the crypto card and the server create a secured connection. The server
retrieves the reference data from the crypto card. Simultaneously, the
PC extracts the biometric features from the sensor's raw data (biometric
sample) and sends them (potentially secured by a one-time
key) to the server where it is compared to the card's biometric
reference. If the comparison is positive, the PC grants access to the network
drives.
What
is "Matcher on Card"?
Chip cards
with integrated biometric comparator do not only store the reference, they
also compare the biometric template with the incoming biometric features.
For that reason the card needs an internal processor ("smartcard").
What
are the features of Matcher on Card?
Advantage against other
solutions
Applications which use
a PIN authentication on a smart card, may be extended to biometric authentication
without changing the infra structure. Example: SIM card for mobile phones.
Even in the case of a loss of the phone and/or the SIM card no unauthorized
access to the net is to be feared.
As the reference template
need not leave the card, more privacy is guaranteed
- but only if the fingerprint acquisiton system is under full control of
the user (example: cell phone).
Drawback
There is only limited
processing power and memory space available on the smart card. This requires
some compromises with regard to biometric recognition performance.
Which
measures reflect the effectiveness of a biometric authentication system?
False
Acceptance Rate (FAR)
The FAR
is the frequency that a non authorized person is accepted
as authorized. Because a false acceptance can often lead to damages,
FAR is generally a security relevant measure. FAR is a non-stationary statistical
quantity which does not only show a personal correlation, it can even be
determined for each individual biometric characteristic (called personal
FAR).
False Rejection Rate
(FRR)
The FRR
is the frequency that an authorized person is rejected access.
FRR is generally thought of as a comfort criteria, because a false rejection
is most of all annoying. FRR is a non-stationary statistical quantity which
does not only show a strong personal correlation, it can even be determined
for each individual biometric characteristic (called personal FRR).
Failure To Enrol
rate (FTE, also FER)
The FER
is the proportion of people who fail to be enroled successfully. FER is
a non-stationary statistical quantity which does not only show a strong
personal correlation, it can even be determined for each individual biometric
characteristic (called personal FER).
Those who are enroled
yet but are mistakenly rejected after many verification/identification
attempts count for the Failure To Acquire (FTA) rate. FTA can originate
through temporarily not measurable features ("bandage", non-sufficient
sensor image quality, etc.). The FTA usually is considered within the FRR
and need not be calculated separately, see also FNMR and FMR.
False Identification Rate (FIR)
The False Identification Rate
is the probability in an identification that the biometric features are
falsely assigned to a reference. The exact definition depends on the assignment
strategy; namely, after feature comparison, often more than one reference
will exceed the decision threshold.
Further Implicit Measures
False Match Rate (FMR).
The FMR is the rate which non-authorized people are falsely recognized
during the feature comparison. In contrast to the
FAR, attempts previously rejected due to poor (image-) quality (Failure
to Acquire, FTA) are not accounted for. Whether a falsely recognized
biometric characteristic leads to increases in FAR or FRR depends upon
the application. (There are applications, which define a successful recognition
as a rejection, when, for example, double release of identification cards
for a person with a false identity is prevented by comparing the actual
reference features with the centrally stored reference features of all
cards released so far.)
False Non-Match
Rate (FNMR). The FNMR is the rate that authorized people are falsely
not
recognized during feature comparison. In contrast to the FRR, attempts
previously rejected due to poor (image-) quality (Failure to Acquire, FTA)
are not accounted for. Whether a falsely recognized biometric characteristic
leads to increases in FAR or FRR depends upon the application.
How
is the Failure-to-Enrol Rate (FER/FTE) defined in detail?
Due to the
statistical nature of the failure-to-enrol rate, a large number of enrolment
attempts have to be undertaken to get statistical reliable results. The
enrolment can be successful or unsuccessful. The probability for lack of
success (FER(n)) for a certain person is measured:
FER(n) =
Number of unsuccessful
enrolment attempts for a person (or feature) n
Number of all enrolment attempts for a
person (or feature) n
These values are
better with more independent attempts per person/feature. The overall FER
for N participants is defined as the average of FER(n):
FER =
1
N
N
n=1
FER(n)
The values are more
accurate with higher numbers of participants (N). Alternatively, the median
value may be calculated.
Finally, the result
of an enrolment attempt has to be defined exactly:
An enrolment attempt
is successful if the user interface of the application provides
a "successful"- or "finished" message.
An enrolment
attempt is unsuccessful if the user interface of the application
provides an "unsuccessful" message.
In cases where
no defined completion is available, a fixed enrolment time interval has
to be given to ensure comparability. If the time interval has expired the
enrolment attempt is counted unsuccessful.
What
needs to be considered in the definition of FRR?
Even though
the false rejection rate, FRR, is intuitively easy to understand, there
can be many problems when trying to fix an unequivocal or universal definition.
The following must be taken into account:
The FRR is a statistical
value whose measurement accuracy depends on the number of measurements.
Now the FRR is not only dependent on the biometric system, but on the users
as well. There is thus a personal FRR. If one wants
to deal with large numbers of people, it is important that the end result
is not negatively affected by an individual. Such could occur when
the number of attempts per person differs. This problem can be avoided,
if one first identifies each personal FRR curve and calculates the mean
from those (or uses the median, but this provides different values!).
The exact meaning of
rejection must be clarified. Here for example, the total number of
recognition attempts before the final assessment of a failed recognition
play a role. There are systems, which can continuously process a
verification in real time. Here a verification time slot is offered.
Many biometric systems
reject a verification due to poor picture quality (e.g., dirty or worn
down fingers in a fingerprint verification, noisy surroundings in a voice
recognition, poor lighting in a facial recognition, or sensor problems).
When such problems are not due to a faulty operation, rejections due to
picture quality problems are still false rejections. The user is
indifferent to the reason for false rejections.
Even the personal FRR
can vary with time. It sinks, for example, when one frequently uses
the system, which can learn to avoid false rejections. In such cases,
it is only reasonable for comparisons to determine FRR during learning
phases.
In the case that
a liveness/fake recognition is also used, this needs to be considered when
determining the FRR.
How
is FRR defined in detail?
Due to the
statistical nature of the false rejection rate, a large number of verification
attempts have to be undertaken to get statistical reliable results. The
verification can be successful or unsuccessful. In determining the FRR,
only fingerprints from successfully enroled users are considered. The probability
for lack of success (FRR(n)) for a certain person is measured:
FRR(n)
=
Number of rejected
verification attempts for a qualified person (or feature) n
Number of all verification attempts for
a qualified person (or feature) n
These values are
better with more independent attempts per person/feature. The overall FRR
for N participants is defined as the average of FRR(n):
FRR =
1
N
N
n=1
FRR(n)
The values are more
accurate with higher numbers of participants (N). Alternatively, the median
value may be calculated.
Important: the determined
FRR includes both poor picture quality and other rejection reasons such
as finger position, rotation, etc. in the reasons for rejection.
In many systems, however, rejections due to bad quality are generally independent
of the threshold. The FRR after quality filtering is similarly defined:
Number of rejected
"qualified" attempts
Total number of "qualified" attempts
An FRR defined as
such, generally yields better data sheet values, but these lower numbers
are not reflected in reality from a user's perspective.
Finally, the result
of a verification attempt has to be defined exactly:
A verification
attempt is successful if the user interface of the application provides
a "successful" message or if the desired access is granted.
A verification
attempt counts as rejected if the user interface of the application
provides an "unsuccessful" message.
In cases of no
reaction, a verification time interval has to be given to ensure comparability.
If the time interval has expired the verification attempt is counted unsuccessful.
What
needs to be considered in the definition of FAR?
Similar
to the FRR, the false acceptance rate can be defined differently.
The FAR is a statistical
value, whose measurement accuracy depends on the number of measurements.
The FAR depends not only on the biometric system, but on the user as well.
There is also a personal FAR.
If one wants to deal with large numbers
of people, it is important that one individual does not negatively affect
the end result. Such could occur when the number of attempts per
person differs. This problem can be avoided, if one first identifies
each personal FAR curve and calculates the mean from those (or uses the
median, but this provides different values!). In determining FAR,
it is generally easier to limit the number of recognition attempts to 1
per person. Further attempts per person will smooth out the ROC graph,
but add little to the statistical significance.
If the biometric system
has picture quality management, which happens to reject a false user due
to poor picture quality (click
here for
example) already before verification, this is of course a correct rejection,
and leads to an improved FAR.
Strong behavioral biometric
features (e.g., voice or signature) are often purposefully forged or copied.
In investigating FAR, it needs to be determined whether tests simply recognize
foreign features or also attempted forgeries. This difference can
be serious.
How
is FAR defined in detail?
Due to the
statistical nature of the false acceptance rate, a large number of fraud
attempts have to be undertaken to get statistical reliable results. The
fraud trial can be successful or unsuccessful. The probability for success
(FAR(n)) against a certain enroled person n is measured:
FAR(n) =
Number of successful
fraud attempts against a person (or feature) n
Number of all fraud attempts against a
person (or feature) n
These values are
more reliable with more independent attempts per person/feature. The overall
FAR for N participants is defined as the average of FAR(n):
FAR =
1
N
N
n=1
FAR(n)
The values are more
accurate with higher numbers of participants (N). Alternatively, the median
value may be calculated.
Whether a correct
rejection is due to poor picture quality or really to a person's unauthorized
status, remains (just like in practice) extraneous.
The crucial number
for the determination of statistic significance is the number of independent
attempts. Obviously, two attempts in which alternately one person
is the reference and another places the request, are not independent of
each other. Likewise, multiple attempts from one unauthorized user are
considered dependent and therefore have less meaning for statistical significance.
Finally, the following
items have to be settled, or defined, respectively:
What is a fraud attempt?
How is the result of
a fraud attempt defined exactly?
Usually, during FAR
determination, a fraud attempt is an attack using the features of a non-authorized
person. This, however, pretends a high security which is not present since
there are a lot of further possibilities for promising attacks.
A fraud attempt
is successful if the user interface of the application provides
a "successful" message or if the desired access is granted.
A fraud attempt
counts as rejected if the user interface of the application provides
an "unsuccessful" message.
In cases where
no "unsuccessful" message is available, a verification time interval has
to be given to ensure comparability. If the verification time interval
has expired the fraud attempt is counted
unsuccessful.
How
is the probability distribution function measured for a biometric system's
authorized and unauthorized users?
In order
to investigate the performance of a biometric verification system, one
looks at how the system reacts to a large number of inquires for biometric
features from authorized as well as unauthorized users. Due to natural
fluctuations and measurement imperfections, the results of such an investigation
are never absolutely certain, instead are only predictable to a certain
extent. In order to determine the error rates, "false acceptance"
and "false rejection," the yes/no decisions of "authorized/unauthorized"
are not used, instead the underlying degree of similarity between an inquiry
and the saved reference feature. In a series of measurements, similarity
ratings ("score values") are collected for authorized and unauthorized
users. Then the frequency of incidence is counted for every similarity
rating. After being normalized with the total number of inquiries,
both resulting histograms make up the probability distribution function.
They show the measured estimation of a certain similarity rating's (n)
probability of occurring for authorized users (pB(n)) and unauthorized
users (pN(n)):
pB(n) =
Number of measurements with similarity
rating n for authorized user
Total number of measurements for authorized
users
pN(n) =
Number of measurements with the similarity
rating n for unauthorized
Total number of measurements for unauthorized
users
The higher the total
number of measurements, the more accurate the estimation. (See
"Statistical Significance" . A mathematical
determination of probabilities as a relationship between the relevant possibilities
and the total number of possibilities fails because as opposed to dice,
there are simply too many different possibilities to be able to include.)
In an ideal case
(unfortunately unachievable), both distribution curves do not overlap.
That means, inquiries for unauthorized users have the low similarity ratings,
whereas all the high similarity ratings are for authorized users.
In such a case it is easy to define a decision threshold, that clearly
differentiates between authorized and unauthorized users. In practice,
however, there is always an overlap when the number of users is high enough.
Here comes a typical diagram:
How
do the FAR/FRR paired graphs affect a biometric system?
The error
graphs of FAR and FRR are respectively defined as the probability that
an unauthorized user is accepted as authorized, and that an authorized
user is rejected as unauthorized. The curves are dependent upon an
adjustable decision threshold for the similarity of a scanned biometric
characteristic to a saved reference. The following derivations apply
under the assumption that a similarity rating value can be any whole number
between 0 and K, and that, for simplicity's sake, the probability of value
K occurring is 0. It also makes sense in practical applications, when we
first consider the FMR and the FNMR and later extract the threshold-independent
rejections due to insufficient image quality from the FAR and FRR. Furthermore,
we assume that for acceptance the coincidence of two features and for rejection
the non-coincidence is required.
If a general probability
distribution function p is given for discrete similarity values n,
the probability PM(th) that the scanned biometric characteristic
with similarity rating n falls below threshold th ("misses") is:
PM(0)
:=
0
PM(th)
=
th-1
n=0
p(n)
th
= 1, 2, 3, ..., K
The sum of correct
matches and mismatches must equal the number of total events. For
that reason, the probability PH(th) that the similarity rating
of the scanned trait reaches or exceeds threshold th ("hits") will be:
PH(th)
= 1 - PM(th) =
K
n=th
p(n)
th
= 0, 1, 2, ..., K
The False Match Rate FMR(th) is the probability
that the similarity of two non-identical features does not reach or exceed
a certain threshold value th. Therefore:
FMR(th) := PH(th)=
1 -
th-1
n=0
pN(n)
th
= 1, 2, 3, ..., K
For the False Non-Match Rate FNMR (th),
applies the analogous:
FNMR(th)
:= PM(th)
=
th-1
n=0
pB(n)
th
= 1, 2, 3, ..., K
where pN is the probability
frequency function for non authorized users and pB
is
for authorized users. The limit values are:
FMR(0) = 1
FMR(K) = 0
FNMR(0) = 0
FNMR(K) = 1
To calculate FAR
and FRR, the threshold-independent quality rejection rate QRR (equals FTA,
depending on definition) has to be taken into consideration. Provided that
a false acceptance is assigned to a false match, we obtain:
FAR(th)
= (1 - QRR) FMR(th)
FRR(th)
= QRR + (1 - QRR) FNMR(th)
For the border values
we then get:
FAR(0)
= 1 - QRR
FAR(K)
= 0
FRR(0)
= QRR
FRR(K)
= 1
Setting a similarity
rating th as the threshold to differentiate between authorized and non
authorized users, results in the experimental estimation of false acceptance
rate FAR(th), as the number of similarity ratings of non authorized users
that fall above this threshold in comparison to all trials / number of
similarity ratings. Conversely, the false rejection rate FRR is the
number of authorized user's similarity ratings which fall below this same
threshold compared with the total inquiries. Through integration
(in practice, successive summation) of the probability distribution curves,
FAR and FRR graphs are determined, which are dependent on the adjustable
adopted threshold th. The following diagrams show typical results in linear
and logarithmic scale:
How
does one determine the Receiver Operating Characteristic (ROC) of a biometric
system?
The FAR/FRR
curve pair is excellently suited to set an optimal threshold for the biometric
system. Further predictors of a system's performance, however, are
limited. This is partially due to the interpretation of the threshold
and similarity measures. The definition of the similarity measures
is a question of implementation. Almost arbitrary scaling and transformations
are possible, which affect the appearance of FAR/FRR curves but not the
FAR-FRR values at a certain threshold. A popular example is the use of
a "distance measure" between the biometric reference and the scanned biometric
features. The greater the similarity, the smaller the distance.
The result is a mirror image of the FAR/FRR curves. A favorite trick
is to stretch the scale of FAR/FRR curves near the EER (Equal Error Rate:
FAR(th) = FRR(th)), (i.e., using more threshold values) thus making the
system appear less sensitive to threshold changes.
In order to reach
an effective comparison of different systems, a description independent
of threshold scaling is required. One such example from the radar
technology is the Receiver Operating Characteristic (ROC), which
plots FRR values directly against FAR values, thereby eliminating threshold
parameters. The ROC, like the FRR, can only take on values between
0 and 1 and is limited to values between 0 and 1 on the x axis (FAR).
It has the following characteristics:
The ideal ROC
only have values that lie either on the x axis (FAR) or the y axis (FRR);
i.e., when the FRR is not 0, the FAR is 1, or vice versa.
The highest point (linear
scale under the definitions used here) is for all systems given by FAR=0
and FRR=1.
The ROC cannot increase
As the ROC curves for
good systems lie very near the coordinate axis, it is reasonable for one
or both axis to use a logarithmic scale:
Remark: Instead
of "ROC", sometimes the term "DET" (Detection Error Tradeoff) is used.
In those cases, the term "ROC" is reserved for the complimentary plot 1
- FRR against FAR.
How
does a transition from verification to identification affect the FAR?
In a verification
a biometric feature is compared with only one reference, whereas
in an identification, it is compared with N (N>1) different references.
This transition to an identification results in higher FAR, and in an ideal
case is as follows:
FARN
= 1 - (1 - FAR1)N
where FARN
is the false acceptance rate for N different stored references. The formula
is restricted to the "access control" case where the correct assignment
to an identity is not essential. For an N·FAR1 significantly
smaller than 1, we have approximated:
FARN
~ N·FAR1
Example:
A data base has 100 000 different references. In an identification,
FAR is raised from 10-7 to about 10-2!
If in an application the correct assignment
of ID data is essential (e.g., for bank transactions), other methods have
to be used, as explained under Determination of FIR.
How
does a transition from verification to identification affect the FRR?
During identification
the recognition biometric features are compared to all references. Obviously,
in contrast to a verification, more than one similarity value (score) is
generated. This fact complicates the decision, whether a biometric characteristicis
to be accepted, or not. In particular, there are multiple ways to decide,
if, e.g., several scores exceed a threshold. As a result, each decision
procedure needs its own definition for a false rejection. Two examples
are given:
One must differentiate
between applications which allow access to personal data after a successful
identification (e.g., access to a personal bank account), and applications
which grant general access not dependent on one's identity (e.g., entrance
to a room without a protocol of an identified person's presence). In the
first case an assignment of a biometric characteristic to a false identity
may happen. This is called a false identification, characterized by the
False Identification Rate FIR. Furthermore, it is conceivable that more
than one reference template will generate a score above the threshold.
This case is treated in Determination of FIR, showing
that different decision strategies may yield different results.
In the second case,
with increasing numbers of different references, the false rejection rate
FRR decreases! How can that be? Very simply: it increases
the probability that a justified user is "identified" not only from his
or her own personal features, but also those of others, as normally would
be considered a false acceptance. The user, however, does not notice
the system's mistake. Mathematically, under ideal conditions this
appears:
FRRN
= FRR1(1-FAR1)N-1
How
is the False Identification Rate (FIR) calculated?
During an identification, the
recognition biometric features are compared to many references and possibly,
the similarity value will exceed the threshold for more than one reference.
This is non-critical if only granting access, but can be very problematic
if the correct assignment of personal data to the biometric characteristic
is required (Example: access to a bank account via ATM).
The probability for the identification
of further (by definition false) candidates (independent of the correct
reference) can be calculated from the FAR since these candidates would
represent false acceptances in the case of verification. Its value is given
by:
1 - (1 - FAR1)N-1
~ (N - 1) FAR1
whereby FAR1 is the False Acceptance
Rate for a system with one reference. N represents the number of references.
The approximation (right side) applies in the case that the resulting value
lies considerably
under 1.
The False Identification Rate can first
be calculated after selecting one of the candidates. One standard, which
is often found in practical applications, could be, for example, that the
candidate with the highest similarity value is chosen (presuming that there
is only one). Unfortunately, the FIR is only ascertainable when the probability
density functions are available for false acceptance as well as false rejection.
Easier to calculate is the rule that multiple
candidates are completely rejected, which raises the FRR and lowers FAR.
The following definitions apply here:
FAR
probability that a non-authorized person
is identified
FRR
probability that an authorized person
is not identified
FIR
probability that an authorized person
is identified, but is assigned a false ID
These definitions result in the following
formulas under ideal conditions (statistic independence, same error rates
for all people, ...); where the index N is again the number of references:
FARN
= N FAR1 (1 - FAR1)N-1
FRRN
= 1 - (1 - FRR1 - FAR1 + N FRR1 FAR1)
(1 - FAR1)N-2
FIRN
= (N - 1) FRR1 FAR1
(1 - FAR1)N-2
When
are FAR and FRR values statistically significant?
A value
is considered statistically significant when it is likely that is falls
within a given error interval and the probability of falling outside this
area by chance is relatively low. Statistical significance is dependent
upon the number of trials or sample size. Because biometric values
are difficult to model, the existence of statistical significance is hard
to estimate. As a rule of thumb ("Doddington's rule"), one must conduct
enough tests that a minimum of 30 erroneous cases occur [Porter
1977]. Example: An FAR of 10-6 can be considered reliable,
when 30 errors occur in 30 million trials.
One error in a million
trials also has an FAR of 10-6, but statistically is far less
significant. One can see that biometric tests are very expensive
if performance needs to be very high. The situation would be easier,
if further information could be considered along with the yes/no questions
(or accept/reject), as for example the proximity of a decision to the acceptance
threshold.
What
is essential when comparing the ROC performance of biometric systems?
The accuracy
performance of a verification system can be determined by exactly three
statistical quantities: FAR, FER, and FRR. Since these three quantities
influence each other when parameters (e.g., quality acceptance thresholds
for enrolment and authentication) are changed, a comparison of one quantity
between two systems makes only sense when the other two quantities are
mutually equal. For example, let the FARs of different systems be compared.
Then the corresponding FRRs must be equal, and the FERs must be equal,
too. Regarding a ROC diagram, this condition can be easily fulfilled for
all FRRs for which the curve has been measured, provided that the FERs
of all curves are constant and the same. However, this is often violated
since the FERs are actually different!
A solution to this
problem comes from the procedure used, e.g., in the Fingerprint
Verification Competition FVC2002, where different algorithms for fingerprint
recognition have been tested. The idea is to consider a failure-to-enrol
case as a virtual "FTE user" with the properties:
If the virtual FTE user
tries a (virtual!) authentication, the result is always a rejection, thus
increasing the FRR.
If an impostor tries
an authentication attempt against a virtual FTE user, always a rejection
is supposed, thus decreasing the FAR.
This way, the FER is
eliminated and the ROC curves as well as the FAR/FRR values are forced
to become comparable. Mathematically, we implement this method by introducing
a Generalized FRR (GFRR) and a Generalized FAR (GFAR). (It will be a matter
of standardization to fix these terms. Here they are used until standardization
is finalized.) The calculation of GFRR and GFAR is quite simple, if we
assume that each authentication trial is preceded by its own enrolment
trial. This should make sense because authentication performance is not
independent of enrolment: a good enrolment delivers better FRR values than
a worse one. Therefore it seems to be statistically more accurate not to
base a whole FRR statistics on a single enrolment!
GFAR(th)
= (1 - FER) FAR(th)
GFRR(th)
= FER + (1 - FER) FRR(th)
Here (th) denotes
the dependency on the decision threshold parameter th which is assumed
to range between 0 and K (arbitrary), see "How do
the FAR/FRR paired graphs affect a biometric system?". These formulas
show a strong relationship to those derived for FAR and FRR when including
the FTA (Failure-to-Acquire).
Similarly, we get
for the border values:
GFAR(0)
= (1 - FER)(1 - QRR)
GFAR(K)
= 0
GFRR(0)
= FER + (1 - FER) QRR
GFRR(K)
= 1
Both formulas are
symmetric in QRR (= FTA) and FER (= FTE), showing the strong relationship
between Failure to Enrol and Failure to Acquire. In some cases these two
values are even equal. This happens when the biometric system uses the
same quality rejection mechanisms and levels for enrolment and for authentication.
In practice, higher quality requirements during enrolment, leading to a
higher FTE, might be quite reasonable to prevent enrolment of nonsense
features. Furthermore, too low an enrolment quality will decrease usability
of the authentication systems in daily use. In many applications it is
better to spend more time during enrolment than losing time by multiple
authentication trials.
A ROC diagram using
GFAR and GFRR will be called Generalized ROC (GROC) diagram for consistency.
What
does separability of a biometric system mean?
The Receiver
Operating Characteristic (ROC) offers an objective comparison of different
biometric systems, in the form of a graph. More practical would be
the specification of one single measured value, which forms a kind of average
of all the systems settings. Therewith, only a global description
of the system would be possible. One must therefore understand that
a system can be better overall, despite worse local functioning, for example
in an operating point.
Separability is intuitively
the ability of a biometric system to differentiate authorized and unauthorized
users on the basis of a biometric feature. The higher the separability,
the fewer the errors while differentiating authorized and unauthorized
users. The measure of the separability, like that of the ROC, cannot
be dependent on implementation specific scales. Additionally, a separability
measure should be easy to calculate.
A well known measure
for the (inverse) separability is the Equal Error Rate (EER). Unfortunately,
the EER describes only one single point of the ROC. While the definition
is simple, the calculation is not so easy; the EER point does not exist
as a measurement, instead it is derived through decision and approximation.
An (inverse) separability
measure, which also prevents the EER disadvantages, is the area below the
ROC graph. It allows easy calculation of all ROC values through summation.
The only difficulty is the fact that the ROC values are not equidistant.
Therefore, every y value (FAR) must be weighted by the distance between
its corresponding x value (FRR) and the next value. This distance
for every ROC point is just the difference (that is, the gradient) of two
consecutive values in the FAR graph. As a result, the distance is
given by the probability distribution graph of non authorized users.
(For continuous functions, in which the sum can be replaced by an integral,
this would be a consequence of the substitution rule for integrals!)
The ROC area, here called ROCA, is (K+1 is the number of similarity ratings
considered):
ROCA =
K
n=1
FRR(n)pN(n-1)
pN: Probability
distribution function
for unauthorized users
This formula simply
needs additions and multiplications of existing measured values.
Even though implementation specific similarity ratings n are summed, the
ROCA is still independent of their definition. However, one must assume
that no threshold-independent rejections occurs, i.e., FRR = FNMR and FAR
= FMR.
Both EER and ROCA
can take on values between 0 and 1. Ideal separability of a biometric
system and therewith the distribution pB and pN obviously
result in EER and ROCA values of 0. But what value belongs to the
ideal non separability. Intuitively, ideal non separability can only
mean that both distributions pB and pN are exactly
the same. But in the case:
pN = pB
=>
FAR = 1 - FRR
=>
EER = ½
and:
pN = pB
=>
ROCA =
K
n=1
FRR(n)pB(n-1)
~ ½
(Proof for the approximation: one replaces
the sum with an integral and considers pB as the derivative
of FRR. Now, only the rules for partial integration are needed.)
Reasonable vales for EER and ROCA lie between
the extremes: 0 for perfect separability and ½ for perfect non separability.
What do values between ½ and 1 then mean? This range is left
for cases, in which distributions pB and pN trade
roles and change places in the diagram. For separability, this range
has practically no meaning in biometrics.
What
does one need to be aware of regarding the FAR/FRR?
The measurement
of biometric features as well as the features themselves are subject to
statistical fluctuations. Therefore, every biometric recognition system
has a built-in acceptance threshold, which when raised both decreases FAR
and increases FRR. It should be clear that the given FAR and FRR
values are belonging to the same threshold value. Stating only the FAR
or only the FRR is thus misleading.
Additionally, even
the Failure-to-Enrol Rate FER must be considered when comparing the FAR/FRR
values of different systems. This is because the enrolment procedure can
be parametrized in such a way that only best quality biometric features
are approved for biometric templates while lower quality samples are dropped,
thus contributing to a higher FER. Normally, the higher the FER forced
by the biometric system, the better the FAR and FRR values, and vice versa!
In biometrics FAR/FRR
are not theoretically ascertainable, instead they must be determined statistically
in costly tests. Determining statistical significance is equally difficult.
There were no standardized techniques, therefore results could vary due
to differences in test conditions and sample size. Clarity was only
provided by disclosure of the test conditions.
Is
a biometric system's performance dependent upon the user?
Generally,
yes. This applies for false acceptance rate (FAR) as well as for
false rejection rate (FRR). We experience this in our everyday lives
-- some faces are easy to recognize and remember, whereas others are difficult.
Therefore, the statistical means of FAR and FRR, typical indicators, are
not very helpful for individual users. This dependence on the individual
user is also responsible for the fact that statistical properties of FAR
and FRR measurements are very difficult to quantify.
Is
Failure to Enrol a typical problem for biometric systems?
Every biometric
characteristic can occasionally or permanently fail. Examples of
temporary failures can be caused by worn down or sticky fingertips for
fingerprints, medicine intake in iris identification (Atropin), hoarseness
in voice recognition, or a broken arm affecting one's signature.
Well known permanent failures are, for example, cataract, which makes retina
identification impossible, or rare skin diseases which permanently destroy
a fingerprint. Therefore, every biometric system needs a fall-back
process. One also needs a fall-back if a key is lost or a PIN is
forgotten; so not only are biometric systems affected by user failure,
rather all authentication systems. In fact one can see that also
here, biometric systems are preferable to conventional methods.
How
are the FAR and FRR minimized in a biometric system?
The false
acceptance rate (FAR) can be adjusted in the recognition algorithm via
the acceptance threshold - the higher the acceptance threshold, the lower
the FAR. Raising the acceptance threshold, however also raises the
FRR. Therefore, the goal must be to have as small an FAR as possible
for any given FRR, and vice versa. There are certain factors which
primarily influence the FAR, while others mainly affect the FRR.
For a fixed FRR, FAR is dependent on the following factors:
type of biometric feature
quality of the sensors
user behavior
effectiveness of the
recognition algorithm
the number of biometric
references in an identification system
Therewith, the optimization
possibilities are clear:
determine suitable biometric
characteristics: here the uniqueness of the biometric characteristics essentially
affects the FAR, whereas permanence and measurability affect the FRR
choose the sensor with
the best (picture) quality: this mainly reduces the FRR
eliminate false operations
of the user: this also reduces the FRR
optimize the recognition
algorithm
limit the number of
biometric references in an identification system: this reduces the FAR
and increases the FRR
Is
the Equal Error Rate a robust measure for system performance?
No.
Using the threshold parameter, most practical biometric systems are not
adjusted for FAR = FRR which defines the EER but for FAR << FRR.
Since ROCs of different systems may behave completely
different, two systems with the same EER may even differ by decades for
other ROC points. To avoid such large errors, only the FAR - FRR pairs
in the operating point are to be considered, e.g., by comparing the FARs
at a common FRR. A consideration of the EER is only reasonable in those
rare cases where the system uses the EER as operating point.
What
does security mean for an authentication system?
Often "security"
is said when the ability to prevent false authentication is meant.
False authentication could happen through:
too high a false acceptance
rate (FAR)
fraud or forgery attempts
technical deficiencies
Perfect protection
cannot exist. However, one can try to make the FAR as small as possible,
forgery attempts as costly as possible, and through intensive testing minimize
the technical deficiencies.
The security realm
also includes protecting biometric and other personal data against misuse.
What
is compromisation of a biometric characteristic?
In this
case, compromisation is the exposure of one or more biometric characteristics
of a person allowing use for forgery purposes.
Is
the compromisation of biometric characteristics a problem?
Biometric
characteristics should be as unique and permanent as possible. If
compromised, it is argued that biometric characteristics could be misused
and then, like a password, rendered unusable, except that a password is
always exchangeable whereas a biometric characteristic isn't. The
actual danger depends upon the application and the associated precautions.
Yes - if the compromising
in a statistical sense is able to create a mean total damage that is larger
than the anticipated mean total benefit of a specific biometric application.
Generally, one should expect this, when measures against compromisation
are in no reasonable proportion to the possible amount of damage. Especially,
this affects biometric systems which regard the biometric characteristic
solely as secret, although it is easy to compromise and a fake copy can
be assembled from it in a simple way.
Yes - if properties
of the affected person can be extracted from the biometric characteristic
which could prove unfavorable for him or her. Example: genetic disease
information from DNA.
No - if the biometric
system is able to "doubtlessly" establish the difference between the original
of the biometric characteristic and the fake copy assembled from the compromised
biometric characteristic. In biometric systems this is achievable up to
a certain degree by a multitude of organizational and technical measures
and strongly depends on the selected biometric characteristic.
Sometimes it is
said to be important that the original picture (e.g., the finger line picture)
is not reconstructible from the characteristics' data record. But
this doesn't help much because any reconstruction trial of a person's biometric
characteristic which produces the same data record as the original is sufficient
for misuse [Bromba 2003].
What
can be done against compromisation of one's biometric characteristics?
Provide
your biometric characteristics only to trustworthy applications of trustworthy
system operators. The operator must commit not to pass the biometric data
to third parties but to store them with sufficient protection, at best
encrypted.
Favor biometric applications
which are exclusively able to utilize your biometric data if you present
a chip card which is under your control. (On this chip card the biometric
references may be stored, or a secret personal key which allows a temporary
decryption of your biometric data stored in the biometric system in encrypted
form.)
Do not publish your
biometric characteristics, if these are inherently difficult to compromise
and therefore could be regarded as secrets by a certain biometric application.
Examples are fingerprint, iris, or vein patterns. This is critical especially
in those cases where a forger is able to assign the biometric data to a
designated person.
What
must be observed with respect to security when dealing with "Template on
Card"?
We consider the following possibilities
for storage of biometric references on a chip card:
The chip card is a pure memory card, storage
is unencrypted.
The chip card can be read by anyone who finds
it.
The chip card can be duplicated by anyone;
however, only the authorized can use it.
In principle, cards with references of non-authorized
users can be produced which grant access to the system.
If the authorized user's (non-biometric) data
is saved on the card, the danger of compromisation when lost is high.
The chip card is a pure memory card, storage
is encrypted.
The chip card can be read by anyone who finds
it, but the contents cannot be interpreted.
The chip card can be duplicated by anyone;
however, only the authorized can use it.
Authentication via cards with references of
non-authorized users is generally prevented.
Compromisation of data is prevented.
The chip card is a processor card (smart
card) with crypto function
The chip card's stored data can only be read
and interpreted by a trustworthy communication partner (e.g., a protected
PC or a protected server via a non-protected PC)
Duplication of the chip card is preventable
Authentication via cards with references of
non-authorized users is generally prevented
Compromisation of data is prevented
It depends on a specific application which
security level is necessary and what will be the possible solution.
Is
biometrics a privacy-enhancing or a privacy-threatening technology?
Recent concerns
with the possible uses and misuses of biometrics has led to a discussion
whether biometrics is privacy-enhancing or privacy threatening. A
central question, according to Woodward (1999),
is whether a user has full control over his data, knowing when, where,
and why submitted biometric data are used. Non-intended reuse is
possible in non-biometric systems, but fear is increased due to the highly
personal nature of biometric data, as opposed to simply an ID number.
Some biometric data, such as DNA, showing medical information can be passed
along to commercial systems, insurance companies, or the government.
Privacy concerns with biometrics as summarized by Wirtz
(2000) are:
Unauthorized access
to biometric data
Unauthorized disclosure
of biometric data to third parties
Use of biometric data
for other than intended purpose
Collection of biometric
data without the knowledge of the individual
Meeting privacy and
data protection requirements is a central concern to the success of biometric
systems. Legal concerns can help ensure that biometrics are properly applied
and therefore increase an individual's security.
Is
biometrics more "secure" than passwords?
This question
at least poses two problems: biometrics is not equal to biometrics, and
the term "secure" is in fact commonly used, but it is not exactly defined.
However, we can try to collect pros and cons in order to find at least
an intuitive answer.
It is a matter of
fact that the security of password protected values in particular depends
on the user. If the user has to memorize too many passwords, he will use
the same passwords for as many applications as possible. If this is not
possible, he will go to construct very simple passwords. If this will also
fail (e.g., if the construction rules are too complex), the next fall-back
stage is to notify the password on paper. This would transform "secret
knowledge" into "personal possession". Of course, not every user will react
this way. Rather the personal motivation plays an important role: is he
aware of the potential loss caused by careless handling of the password?
It is easy if the user is the owner. But often foreign possession (e.g.,
that of the employer) has to be guarded, whose value one often can hardly
estimate. If motivation is missing, any password primarily tends to be
felt bothersome. In this case, and that seems to be the normal case, it
is assumed that biometrics has considerable advantages.
Contrariwise, passwords feature an unbeatable
theoretic protection ability: an eight-digit password which is allowed
to contain any symbol from an 8-bit alphabet offers
1020 possible combinations! This is a real challenge
for any biometric feature. The requirements are obvious: such a password
is maximally difficult to learn, it must not be written down, it must not
be passed to anyone, the input must take place absolutely secret, it must
not be extorted, and the technical implementations must be perfect. This
leads us to the practical aspects: the implementation must be protected
against replay attacks, keyboard dummies (e.g., false ATMs), wiretapping
etc. Even biometric features have to cope with such problems. However,
it can be assumed that hijacking biometric features is not easier than
sniffing a password, provided the implementation expense is comparable!
Conclusion: Surely, there are cases
where passwords offer more security than biometric features. However, these
cases are not common!
Publications
Albrecht, A. "Biometrische
Verfahren im Spannungsfeld von Authentizität im elektronischen Rechtsverkehr
und Persönlichkeitsschutz", Frankfurter Studien zum Datenschutz, Nomos,
2003.
Behrens, M.; Roth, R.
(Editors) "Biometrische Identifikation - Grundlagen, Verfahren, Perspektiven",
Vieweg, 2001.
Bromba, M. U. A. "On
the reconstruction of biometric raw data from template data", 2003-04-20
Jain, A.; Bolle. R.; Pankanti;
S. (Editors); "Biometrics: Personal Identification in Networked Society",
Kluwer Academic Publishers, 1999.
Lenz, J.-M.; Schmidt, C.;
"Die elektronische Signatur", Deutscher Sparkassenverlag, ISBN 3-09-305705-1,
2004.
Petermann, Thomas;
Sauter, Arnold; "Biometrische
Identifikationssysteme", TAB-Arbeitsbericht,
2002.
Porter, J. E. "On the
"30 error" criterion", in: "National
Biometric Test Center - Collected Works - 1997-2000 - San
Jose State University ".
Wirtz,
B. "Biometric Systems 101 and Beyond", in: Secure - The Silicon Trust Quarterly
Report, Autumn 2000, 12-17.
Woodward,
J.D.; "Biometrics: identifying law and policy concerns", in: Jain,
A.; Bolle. R.; Pankanti; S. (Editors); "Biometrics: Personal Identification
in Networked Society",
Kluwer Academic Publishers,
1999, 385-405.
Links
Information Sources
Biometrics site of Jan Krissler and Lisa Thalheim
(http://www.biometrische-systeme.org/)
(Currently not available)
Avanti Biometrics Site (http://www.avanti.1to1.org/)
(This website no longer exists.)
Central USG site for information about biometrics
(http://www.biometrics.gov)
Biometrics Catalog (http://www.biometricscatalog.org/)
Biometric Bits (http://www.biometricbits.com)
Harmonized Biometric
Vocabulary (http://www.3dface.org/media/vocabulary.html)
Non-profit Organizations
TeleTrusT Deutschland e.V. (http://www.teletrust.de/)
VfS Verband für Sicherheitstechnik (http://www.vfs-hh.de/)
European Biometric Forum
(http://www.eubiometricforum.com/)
Unabhängiges Landeszentrum
für Datenschutz Schleswig-Holstein (http://www.datenschutzzentrum.de/projekte/biometrie/biolinks.htm)
Biometric Consortium
(http://www.biometrics.org)
The Biometrics Discussion
Group (http://www.biometricbits.com/biometrics_discussion_group.htm)
Universities and Institutes
IBIS Institute for Biometric Identification
Systems (University of Friedberg-Giessen) (http://www.biometrie-info.de/)
IGD Fraunhofer Institut für Graphische
Datenverarbeitung (http://www.igd.fhg.de/)
DIN Deutsches Institut für Normung e.V.
(http://www2.din.de/)
Biometrics Research Homepage at Michigan State
University (http://biometrics.cse.msu.edu/)
NIST National Institute of Standards and Technology
(http://www.nist.gov/biometrics)
Resource Guides
findBiometrics (http://www.findbiometrics.com/)
Evaluations, Testing, Certifications
TÜV Informationstechnik GmbH, Essen (http://www.tuvit.de)
International Biometric Group (http://www.biometricgroup.com/)
BSI Bundesamt für Sicherheit in der Informationestechnik
(http://www.bsi.de/)
National Biometric Test Center at San Jose
State University (http://www.engr.sjsu.edu/biometrics/)
Author
In 1968, Manfred U.
A. Bromba began an education as electronic technician at the company Nixdorf
Computer AG. It followed a study of electrical engineering and physics
at Paderborn University. After obtaining a "Dr. rer. nat." degree, he researched
another two years in the field of digital signal processing. In 1983, he
changed to the semiconductor division of Siemens AG where he was responsible
for a series of multimedia innovations:
First IC set for flicker-free
100 Hz-TV (1987)
First Embedded DRAM
-IC for TV sets (1988)
Multiport Serial Access
Memory for TV (TV-SAM)
High-End graphics IC
for Teletext (MEGATEXTTM)
MultiMediaCardTM
First fully working
prototype of a MP3 players with memory card (1995) (implemented by Pontis)
In 1986, the company
"Dr. Bromba Infrarotindikatoren" was founded.
In 1997, Bromba assumed
the biometrics activities of the Siemens division "Private Networks". 1999
the worldwide first prototypes of a cell phone with fingerprint authentication
and an ID card with complete sensing and processing on card had been finished
and shown at the CeBIT fair.
As a member of TeleTrusT
e.V., CAST Forum, and the biometrics working group NI-AHGB/NI-37 of the
DIN e.V., he actively participates in the promotion and standardization
of biometric systems. Manfred Bromba is author of numerous publications
and inventions.
Responsible
for the Biometrics FAQ's content: Dr. Manfred Bromba (http://www.bromba.com/contacte.htm)
Security,
Privacy, Disclaimer, Copyright
|
|
