Such a circumstance may be the level of technological
development or the properties of the particular feature. For
example, of all the biometric features available, the DNA
sequence is one of the most accurate ones. Given our
current technical development levels, however, it is
unsuited for automatized identification, as even the fastest
sequencing machines require 10 minutes
to produce
results (with the average being 90 minutes) and it may not
be ensured that the DNA is introduced to the system by
the authorised owner. A strand of hair or a dead skin flake
from a keyboard may all be used for identification.
The future, however, points unequivocally into the
direction of automatized biometric identification, since
this is the only method where identifying the actual
authorised user may be ensured.
II.
T
HE PROBLEM
At a 30 employee micro company manufacturing cleaning
products, there were 10 office and 20 production
employees. Secure access and attendance tracking were
performed by a fingerprint recognition system. The
system was reliable, false rejections and false acceptances
were virtually non-existent. Due to the transparent and
accurate registry, the profitability the company surpassed
the industrial average, and this lead to acquisition by the
Hungarian daughter a multi-national company. As
employee numbers rose tenfold in just a few months, the
false rejection rate increased in the current system to about
15% and at least 10% of the employees couldn’t use the
system at all. These problems led to the biometric system
being swapped to a card based one.
At a 500 employee company, a fingerprint recognition
system was deployed in 2004. After 3 months of the
installation, 70 employees could not use the system, and
this ratio existed during the whole lifetime of the system,
which was swapped to a card based one in 2010.
Based on the case studies, one should examine the
operation mechanisms and risks of biometric
identification systems in order to allow decision makers to
predict the possibilities and expected results in the
planning phase.
This study will explore the most
important properties of
the technologies on the security market.
III.
B
IOMETRIC IDENTIFICATION TECHNOLOGIES
Nowadays, in several areas, there is a strong need for
personal identification systems that operate with high
accuracy. One method for this is biometric identification,
where the unique features that are more or less
unmodifiable and unforgeable are being examined. Many
such feature exists, e.g. the well-known iris, fingerprint or
retina. While these technologies are not totally free from
weaknesses, they still provide far more security than
knowledge or possession based ones.
The biometric samples used for access control systems:
Fingerprint
Iris
Retina
Face
o
2D
o
3D
Hand geometry
Face heatmap
Vein patterns
o
Hand veins
o
Finger veins
Voice
There are many ways to categorise biometric
identification technologies, although from the user side,
there are three very important parameters, which are: how
much physical contact the device needs for operation,
identification time (including any additional time required
for positioning or other identification related actions) and
the amount of cooperation/effort the device requires from
the user for proper operation.
For the customer, the main parameters are the accuracy
and security, which guarantee a small percentage of false
acceptance.
Contactless technologies are often preferred, since many
users have (both founded and unfounded) hygienical fears
towards objects that many other people touch as well
(seemingly except for door knobs, for some reason). This
fear unjustly discriminates biometric identification
systems, however user acceptance is an important factor in
successful deployment of such system nevertheless.
Identification time is usually negligible in contrast of the
whole access cycle, however depend on the level of
cooperation required from the user, and this means it may
vary between large bounds. The algorithms in the systems
available nowadays perform generally under a second,
however a few seconds at most. The problems stem from
improper usage of the system. A single rejection is
frustrating for a user, and multiple rejections – depending
on the security protocols in place – may well require the
intervention of the guard force, causing jams in the entry
queue and significant inconveniency for the user involved.
We must accept that such situations will – every now and
then – occur, and they may not be 100% eliminated, so we
must prepare for handling them.
The required cooperation from a user shows us how much
effort must be put into the identification process by the
user, for example, proper positioning which involves a
specific sequence of actions.
The user may be supported in this with various surfaces
and signs. We may take away degrees of freedom,
reducing the error possibilities. A good example for this is
hand geometry identification, where the user is supported
by both signs and restrictive surfaces
that reduce degrees
of freedom to 1, and as such, unsuccessful identification is
extremely rare with that technology. On the flip side,
though, this means an increase of physical contact
requirements that may cause user dissatisfaction according
to the factors described above.
The systems requiring high user cooperation, however,
may be more difficult to use or require more attempts if
the user is not cooperative or may not cooperate.
An important factor for successful identification is how
well the system may adapt to changes in the particular
biometric features. In the case of face recognition systems,
a large change in the facial features (e.g. moustaches and
beards, different hairstyle or glasses) may significantly
influence the success levels. In the case of a fingerprint
recognition system, the contamination or injury of the
fingertips may cause problems.
Some systems may detect whether the sample is presented
by a living user or whether it’s fake, which will
improve
the security of the system significantly.
Based on the facts above, the success rate of identification
and the fluency of the process are all inversely
proportional to the convenience of the system. The more
we restrict the degrees of freedom for the user, the more
fluid and accurate the identification is, however user
satisfaction will most likely decrease. The more degrees of
freedom we give a user, however, the harder it is for the
system to perform successful identification on the first
attempt, and although the requirement for contactless
operation will be fulfilled, the longer identification times
and unsuccessful attempts will
also lead to decreased user
satisfaction. This is why educating the users, justification
of the deployment and fighting misconceptions are very
important.
IV.
C
OMPARISON OF BIOMETRIC TECHNOLOGIES
The biometric solutions mentioned in the previous point
may be categorised and compared by several factors and
indicators. Such a comparison will provide directions
when planning the deployment of a new system, and also
help predict the results.
The definition of the terms used in the tables:
FAR: False Acceptance Rate:
This shows how
often a system will recognise an unauthorised
person as an authorised one. Measured in
percentages.
FRR: False Rejection Rate: This shows how often
the system will mishandle an authorised person as
an unauthorised one and reject access. Measured
in percentages.
GFRR: Generalized FRR: This shows – with the
help and extensions
provided by the research of
[1] ABI - the FRR of a device under realistic
circumstances,
including
the
user
errors.
Measured in percentages.
FTE: Failure to enrol: This shows the amount of
people who may not be enrolled in the system and
thus are unable to use it. Measured in percentages.
Risk of spoof: It shows how easily may the system
be circumvented by some method (e.g. instead of
an actual fingerprint, showing only a photo of it to
an optical fingerprint scanner).
Live sample detection: This shows whether the
system may distinguish
a living user from a
spoofing attempt.
User acceptance: This shows a general acceptance
of the technology from a user standpoint,
including the willingness of cooperation and any
misconceptions or fears that influence said
acceptance.
Contact requirement: This shows whether the user
has to maintain physical contact with the device to
perform the identification.
Stability of the biometric sample:
This shows
whether the sample changes with time and if any
external factors may influence them.
Risks: Any risks that may arise during usage, that
affect operation negatively in a significant way