Biometric devices what. Biometric technology

Andrey Borzenko

To identify the detainee,
   it was enough for the policeman
   just look into his eyes.
From the newspapers

As computer networks evolve and the areas of automation expand, the value of information is steadily increasing. State secrets, high-tech know-how, commercial, legal and medical secrets are increasingly being trusted by a computer, which is usually connected to local and corporate networks. The popularity of the global Internet, on the one hand, opens up enormous opportunities for e-commerce, but, on the other hand, creates the need for more reliable security tools to protect corporate data from outside access. Currently, more and more companies are faced with the need to prevent unauthorized access to their systems and protect transactions in the electronic business.

Almost until the end of the 90s, the main way to personify a user was to indicate his network name and password. In fairness, it should be noted that this approach is still followed in many institutions and organizations. The dangers associated with using a password are well known: passwords are forgotten, stored in the wrong place, and finally, they can simply be stolen. Some users write down the password on paper and keep these notes near their workstations. According to information technology groups of many companies, most of the calls to the support service are associated with forgotten or expired passwords.

It is known that the system can be deceived by posing as a stranger. To do this, you only need to know some identifying information, which, from the point of view of the security system, is possessed by a single person. An attacker, posing as an employee of the company, gets at his disposal all the resources available to this user in accordance with his authority and official duties. The result can be various illegal actions, ranging from theft of information and ending with the failure of the entire information complex.

Developers of traditional identification devices are already faced with the fact that standard methods are largely outdated. The problem, in particular, is that the generally accepted separation of methods for controlling physical access and controlling access to information is more untenable. Indeed, to gain access to the server sometimes it is not at all necessary to enter the room where it stands. The reason for this is the concept of distributed computing that has become comprehensive, combining both client-server technology and the Internet. To solve this problem, radically new methods based on a new ideology are required. Studies have shown that damage in cases of unauthorized access to company data can amount to millions of dollars.

Is there a way out of this situation? It turns out there is, and for a long time. Just to access the system you need to use identification methods that do not work in isolation from their media. The biometric characteristics of the human body meet this requirement. Modern biometric technologies make it possible to identify a person by physiological and psychological characteristics. By the way, mankind has known biometrics for a very long time - even the ancient Egyptians used identification by height.

Fundamentals of Biometric Identification

The main goal of biometric identification is to create a registration system that would rarely refuse access to legitimate users and at the same time completely exclude unauthorized access to computer information storages. Compared to passwords and cards, such a system provides much more reliable protection: you can neither forget nor lose your own body. Biometric recognition of an object is based on a comparison of the physiological or psychological characteristics of this object with its characteristics stored in the database of the system. A similar process constantly occurs in the human brain, allowing you to recognize, for example, your loved ones and distinguish them from strangers.

Biometric technologies can be divided into two broad categories - physiological and psychological (behavioral). In the first case, signs such as facial features, the structure of the eye (retina or iris), finger parameters (papillary lines, relief, joint length, etc.), palm (its imprint or topography), hand shape, vein pattern are analyzed. on the wrist or thermal picture. Psychological characteristics are a person’s voice, features of his signature, dynamic parameters of writing and features of text input from the keyboard.

The choice of the method that is most suitable in a given situation is influenced by a number of factors. The proposed technologies differ in efficiency, and their cost in most cases is directly proportional to the level of reliability. So, the use of specialized equipment sometimes increases the cost of each workplace by thousands of dollars.

Physiological features, such as a papillary finger pattern, palm geometry, or an iris pattern (model) are constant physical characteristics of a person. This type of measurement (verification) is practically unchanged, as well as the physiological characteristics themselves. Behavioral characteristics, for example, signature, voice or keyboard handwriting, are influenced by both controlled actions and less controlled psychological factors. Since behavioral characteristics may change over time, the registered biometric sample must be updated with every use. Behavioral biometrics are cheaper and pose less threat to users; but personal identification by physiological traits is more accurate and gives greater security. In any case, both methods provide a significantly higher level of identification than passwords or cards.

It is important to note that all biometric means of authentication in one form or another use the statistical properties of some qualities of the individual. This means that the results of their application are probabilistic in nature and will vary from time to time. In addition, all such funds are not immune to authentication errors. There are two kinds of errors: false refusal (did not recognize their own) and false admission (missed someone else's). I must say that this topic in probability theory has been well studied since the development of radar. The impact of errors on the authentication process is evaluated by comparing the average probabilities of false rejection and false tolerance, respectively. As practice shows, these two probabilities are inversely related, i.e. when you try to tighten control, it increases the likelihood of not letting your system in, and vice versa. Thus, in each case, it is necessary to seek a compromise. Nevertheless, even according to the most pessimistic assessments of experts, biometrics benefit from all comparisons, since it is much more reliable than other existing authentication methods.

In addition to efficiency and cost, companies should also consider employee responses to biometrics. An ideal system should be easy to use, fast, unobtrusive, convenient and socially acceptable. However, there is nothing ideal in nature, and each of the developed technologies only partially meets the entire set of requirements. But even the most inconvenient and unpopular means (for example, identification by the retina, which users do their best to avoid by protecting their eyes) bring undoubted benefit to the employer: they demonstrate proper attention to security issues.

The development of biometric devices goes in several directions, but the common features for them are the level of security unsurpassed today, the absence of traditional shortcomings of password and card security systems, and high reliability. The successes of biometric technologies so far are mainly associated with organizations where they are introduced in a prescribed manner, for example, to control access to protected areas or to identify persons who have attracted the attention of law enforcement agencies. Corporate users do not seem to have fully realized the potential of biometrics. Often, company managers do not risk deploying biometric systems at home, fearing that due to possible inaccuracies in measurements, users will be denied access to which they have rights. Nevertheless, new technologies are increasingly penetrating the corporate market. Already today, there are tens of thousands of computerized sites, storage facilities, research laboratories, blood banks, ATMs, military installations, access to which is controlled by devices that scan the individual physiological or behavioral characteristics of the individual.

Authentication methods

As you know, authentication involves verifying the authenticity of the subject, which in principle can be not only a person, but also a software process. Generally speaking, authentication of individuals is possible by presenting information stored in various forms. It could be:

• password, personal number, cryptographic key, network address of a computer on the network;
• smart card, electronic key;
• appearance, voice, drawing of the iris, fingerprints and other biometric characteristics of the user.

Authentication allows you to reasonably and reliably differentiate access rights to information that is in common use. However, on the other hand, the problem arises of ensuring the integrity and reliability of this information. The user must be sure that he is gaining access to information from a reliable source and that this information has not been modified without appropriate sanctions.

The search for a one-to-one match (by one attribute) is called verification. This method is characterized by high speed and imposes minimal requirements on the computing power of a computer. But the search for "one to many" is called identification. Implementing such an algorithm is usually not only difficult, but also expensive. Today, biometric devices are entering the market that use such individual characteristics of a person as fingerprints, facial features, iris and retina, palm shape, voice, speech and signature features to verify and identify computer users. At the stage of testing and trial operation are systems that allow authentication of users by the thermal field of the face, the pattern of blood vessels in the hands, body odor, skin temperature and even the shape of the ears.

Any biometric system allows you to recognize a certain pattern and establish the authenticity of specific physiological or behavioral characteristics of the user. Logically biometric system can be divided into two modules: registration module and identification module. The first is responsible for teaching the system to identify a specific person. At the registration stage, biometric sensors scan the necessary physiological or behavioral characteristics of a person and create their digital representation. A special module processes this representation in order to highlight the characteristic features and generate a more compact and expressive representation, called a template. For facial images, such characteristic features may be the size and relative position of the eyes, nose and mouth. A template for each user is stored in the database of the biometric system.

The identification module is responsible for recognizing a person. At the stage of identification, the biometric sensor takes the characteristics of the person who needs to be identified, and converts these characteristics into the same digital format in which the template is stored. The resulting template is compared with the stored one to determine if these templates match each other.

For example, in Microsoft Windows, two objects are required for user authentication - a username and password. When using fingerprints during authentication, the user name is entered for registration, and the fingerprint replaces the password (Fig. 1). This technology uses the username as a pointer to get the user account and check the one-to-one correspondence between the fingerprint read during registration and the template previously saved for this username. In the second case, the fingerprint template entered during registration must be compared with the entire set of saved templates.

When choosing an authentication method, it makes sense to consider several key factors:

• the value of information;
• authentication hardware and software cost;
• system performance;
• user attitudes to authentication methods used;
• specificity (purpose) of the protected information complex.

Obviously, the cost, and therefore the quality and reliability of authentication tools, should be directly related to the importance of information. In addition, increasing the productivity of the complex, as a rule, is also accompanied by its appreciation.

Fingerprints

In recent years, the fingerprint identification process has attracted attention as a biometric technology, which is likely to be most widely used in the future. According to the Gartner Group (http://www.gartnergroup.com), this technology dominates the corporate market and in the near future it can only compete with iris recognition technology.

Government and civil society organizations around the world have long been using fingerprints as their primary method of identifying themselves. In addition, fingerprints are the most accurate, user-friendly and economical biometric feature for use in a computer identification system. This technology in the USA is used, for example, by vehicle departments of several state administrations, MasterCard, FBI, Secret Service, National Security Agency, Ministry of Finance and Defense, etc. By eliminating the need for passwords for users, fingerprint recognition technology reduces the number of calls to support and reduces network administration costs.

Typically, fingerprint recognition systems are divided into two types: for identification - AFIS (Automatic Fingerprint Identification Systems) and for verification. In the first case, all ten fingerprints are used. Such systems are widely used in the judiciary. Verification devices usually operate with information about the prints of one, less often several fingers. Scanning devices are usually of three types: optical, ultrasonic and based on a microchip.

The advantages of fingerprint access are ease of use, convenience and reliability. Two fundamental fingerprint recognition algorithms are known: for individual details (characteristic points) and for the relief of the entire surface of the finger. Accordingly, in the first case, the device registers only some areas that are unique to a particular fingerprint and determines their relative position. In the second case, the image of the entire print is processed. In modern systems, a combination of these two methods is increasingly being used. This avoids the disadvantages of both and improves the reliability of identification. Simultaneous registration of a person’s fingerprint on an optical scanner takes a little time. A tiny CCD camera made as a standalone device or built into the keyboard takes a fingerprint. Then, using special algorithms, the resulting image is converted into a unique "template" - a map of the fingerprint microdots, which are determined by the breaks and intersections of lines in it. This template (and not the fingerprint itself) is then encrypted and written to the database for authentication of network users. A single template stores from several tens to hundreds of microdots. At the same time, users can not worry about the inviolability of their private life, since the fingerprint itself is not saved and cannot be recreated by microdots.

The advantage of ultrasound scanning is the ability to determine the required characteristics on dirty fingers and even through thin rubber gloves. It is worth noting that modern recognition systems cannot be fooled even by freshly chopped fingers (a microchip measures the physical parameters of the skin). The development of such systems involved in more than 50 different manufacturers.

Using a fingerprint to identify an individual is the most convenient of all biometric methods. The probability of error in user identification is much less in comparison with other biometric methods. The quality of fingerprint recognition and the possibility of its correct processing by the algorithm strongly depend on the state of the surface of the finger and its position relative to the scanning element. Different systems have different requirements for these two parameters. The nature of the requirements depends, in particular, on the algorithm used. For example, recognition by characteristic points gives a strong noise level when the surface of the finger is poor. Recognition over the entire surface is devoid of this drawback, but it requires very precise placement of the finger on the scanning element. The fingerprint identification device (scanner, Fig. 2) does not require much space and can be mounted in a pointing device (mouse) or keyboard.

Face geometry

Identification of a person by face in ordinary life, without a doubt, is the most common way of recognition. As for its technical implementation, it is a more complex (from a mathematical point of view) task than fingerprint recognition, and, in addition, requires more expensive equipment (you need a digital video or camera and a video capture card). This method has one significant plus: it takes very little memory to store data about one sample of the identification template. And all because, as it turned out, a human face can be "disassembled" into a relatively small number of areas that are unchanged in all people. For example, to calculate a unique template corresponding to a specific person, only 12 to 40 characteristic sections are required.

Typically, the camera is installed at a distance of several tens of centimeters from the object. Having received the image, the system analyzes various parameters of the face (for example, the distance between the eyes and nose). Most algorithms make it possible to compensate for the presence of glasses, a hat and a beard in the individual under study. An infrared scan of the face is usually used for this purpose. It would be naive to assume that such systems give a very accurate result. Despite this, in a number of countries they are quite successfully used to verify cashiers and users of deposit safes.

Hand geometry

Along with systems for evaluating face geometry, there is equipment for recognizing the outlines of the palms of the hands. In this case, more than 90 different characteristics are estimated, including the dimensions of the palm itself (three dimensions), the length and width of the fingers, the shape of the joints, etc. Currently, user identification by hand geometry is used in legislative bodies, international airports, hospitals, immigration services, etc. The advantages of palm geometry identification are comparable to the advantages of fingerprint identification in terms of reliability, although the palm reader takes more space.

Iris

Quite reliable recognition is provided by systems that analyze the pattern of the iris of the human eye. The fact is that this characteristic is quite stable, does not change practically throughout a person’s life, and is immune to pollution and wounds. We also note that the irises of the right and left eye in the drawing are significantly different.

Usually distinguish between active and passive recognition systems. In systems of the first type, the user must configure the camera himself, moving it for more accurate aiming. Passive systems are easier to use, since the camera in them is automatically configured. High reliability of this equipment allows its use even in correctional facilities.

The advantage of iris scanners is that they do not require the user to focus on the target because the spot pattern on the iris is on the surface of the eye. In fact, the video image of the eye can be scanned even at a distance of less than a meter, making the iris scanners suitable for ATMs.

Retina

The method of identification by the retina of the eye has received practical application relatively recently - somewhere in the mid-50s of the now past XX century. It was then that it was proved that even in twins, the pattern of blood vessels in the retina does not match. In order to register in a special device, it is enough to look into the camera peephole for less than a minute. During this time, the system manages to illuminate the retina and receive a reflected signal. To scan the retina, low-intensity infrared radiation is used, directed through the pupil to the blood vessels on the back of the eye. Several hundred initial characteristic points are extracted from the received signal, information about which is averaged and stored in an encoded file. The disadvantages of such systems include, first and foremost, the psychological factor: not every person dares to look into an unknown dark hole where something shines in the eye. In addition, it is necessary to monitor the position of the eye relative to the hole, since such systems are usually sensitive to incorrect orientation of the retina. Retinal scanners are widely used to organize access to top-secret systems, as they guarantee one of the lowest percent access denied for registered users and an almost zero percent error.

Voice and speech

Many companies release software that can identify a person by voice. Here, parameters such as pitch, modulation, intonation, etc. are evaluated. Unlike recognition of appearance, this method does not require expensive equipment - just a sound card and a microphone.

Voice identification is a convenient but not as reliable method as other biometric methods. For example, a cold person may have difficulty using such systems. The voice is formed from a combination of physiological and behavioral factors, so the main problem associated with this biometric approach is the accuracy of identification. Voice authentication is currently used to control access to a medium security room.

Signature

As it turned out, the signature is the same unique attribute of a person as his physiological characteristics. In addition, this is a more common identification method for any person, since, unlike fingerprinting, it is not associated with the criminal sphere. One of the promising authentication technologies is based on the uniqueness of the biometric characteristics of the movement of the human hand during writing. Usually, two methods of processing signature data are distinguished: simple comparison with a sample and dynamic verification. The first is very unreliable, as it is based on the usual comparison of the entered signature with the graphic samples stored in the database. Due to the fact that the signature cannot always be the same, this method gives a large percentage of errors. The method of dynamic verification requires much more complex calculations and allows real-time recording of the signature process parameters, such as the speed of the hand in different areas, pressure force and the duration of the various stages of the signature. This ensures that even an experienced graphologist cannot fake a signature, since no one is able to exactly copy the behavior of the hand of the owner of the signature.

The user, using a standard digitizer and pen, simulates his usual signature, and the system reads the motion parameters and compares them with those that were previously entered into the database. If the signature image coincides with the standard, the system attaches information to the document to be signed, including the user’s name, his email address, position, current time and date, signature parameters containing several dozen characteristics of the dynamics of movement (direction, speed, acceleration) and others. This data is encrypted, then a checksum is calculated for it, and then all this is encrypted again, forming the so-called biometric label. To configure the system, a newly registered user five to ten times performs the procedure of signing a document, which allows one to obtain averaged indicators and a confidence interval. For the first time this technology was used by PenOp.

Signature identification cannot be used everywhere - in particular, this method is not suitable for restricting access to premises or for access to computer networks. However, in some areas, for example, in the banking sector, as well as wherever important documents are processed, verification of the signature can be the most effective, and most importantly, an easy and inconspicuous way. So far, the financial community has been slow to accept automated methods for identifying signatures for credit cards and verifying applications, because signatures are still too easy to fake. This prevents the introduction of signature identification in high-tech security systems.

Prospects

I would like to note that the most effective protection is provided by systems in which biometric systems are combined with other authentication hardware, such as smart cards. By combining various methods of biometric and hardware authentication, you can get a very reliable security system (which is indirectly confirmed by the great interest shown by leading manufacturers in these technologies).

Note that smart cards form one of the largest and fastest growing segments of the electronic products market for users. According to the forecasts of Dataquest (http://www.dataquest.com), by the next year, the sales of smart cards will exceed half a billion dollars. The use of smart cards requires the presence of a special reader (terminal) device connected to a computer at each workplace, which eliminates the need for user involvement in the process of interaction between the card and the authentication server. The smart card itself provides two levels of authentication. In order for the system to work, the user must insert a smart card into the reader, and then correctly enter the personal identification number. In the Russian market, integrated solutions combining fingerprint identification and the use of smart cards (Fig. 3) are offered, for example, by Compaq (http://www.compaq.ru) and Fujitsu-Siemens (http: // www. fujitsu-siemens.ru).

Fig. 3. Combined system with scanner and smart card.

In addition to large computer companies, such as Fujitsu-Siemens, Motorola, Sony, Unisys, the development of biometric technologies is currently engaged mainly in small private companies that have joined in a biometric consortium - Biometric Consortium (http://www.biometrics.org). One of the most encouraging evidence that biometrics is finally flowing into the mainstream of the IT industry is the creation of the BioAPI (Biometrics API) application programming interface. Behind this development is a consortium of manufacturers, formed in 1998 by Compaq, IBM, Identicator Technology, Microsoft, Miros and Novell specifically to develop a standardized specification that supports existing biometric technologies that could be implemented in operating systems and application software. The BioAPI consortium today includes 78 large public and private companies.

Now corporate clients can use biometric products within the framework of standard computer and network technologies, thus avoiding significant material and time costs for the integration of all system components. Standard APIs provide access to a wide range of biometric devices and software products, as well as allow the joint use of products from several suppliers.

This year, the US government has already announced the introduction of an open standard BioAPI in government agencies. Innovations will affect primarily the US Department of Defense, where for several million military and civilian employees it is planned to introduce new smart cards that store fingerprints and a sample signature of the owner.

According to some analysts, biometric technologies are developing quite slowly so far, but the time is near when not only desktop and laptop computers, but also mobile phones will be inconceivable without such means of authentication. Great expectations are associated with the support of promising biometric technologies by the Microsoft Windows operating system.

Biometric identification is the presentation by the user of his unique biometric parameter and the process of comparing it with the entire database of available data. To extract this kind of personal data are used.

Biometric access control systems are convenient for users in that the storage media is always with them, cannot be lost or stolen. considered more reliable, because can not be transferred to third parties, copied.

Biometric Identification Technologies

Methods for biometric identification:

1. Static, based on the physiological characteristics of a person present with him throughout his life:

• Identification;
• Identification;
• Identification;
• Identification by hand geometry;
• Face thermogram identification;
• DNA identification.
• Identification
• Identification

Dynamic take as a basis the behavioral characteristics of people, namely subconscious movements in the process of repeating any ordinary action: handwriting, voice, gait.

• Identification;
• Handwritten identification;
• Keyboard Identification
• and others.

One of the priority types of behavioral biometrics is the style of typing on the keyboard. When determining it, the printing speed, pressure on the keys, the duration of pressing the key, the time intervals between presses are fixed.

A separate biometric factor may be the manner in which the mouse is used. In addition, behavioral biometry covers a large number of factors that are not related to a computer - gait, especially the way a person climbs stairs.

There are also combined identification systems using several biometric characteristics that can satisfy the most stringent requirements for the reliability and security of access control systems.

Biometric Identification Criteria

To determine the effectiveness of access control systems based on biometric identification, the following indicators are used:

•   - false pass coefficient;
• FMR - the probability that the system incorrectly compares the input sample with an inappropriate template in the database;
•   - false rejection rate;
• FNMR - the probability that the system will make a mistake in determining matches between the input sample and the corresponding template from the database;
• ROC chart - visualization of a compromise between the characteristics of FAR and FRR;
• Registration rejection ratio (FTE or FER) - the coefficient of unsuccessful attempts to create a template from the input data (with low quality of the latter);
• Error Retention Rate (FTC) - the probability that the automated system is not able to determine biometric input data when it is presented correctly;
• Template capacity - the maximum number of data sets that can be stored in the system.

In Russia, the use of biometric data is regulated by Article 11 of the Federal Law “On Personal Data” of July 27, 2006.

Comparative analysis of the main methods of biometric identification

Comparison of biometric authentication methods using mathematical statistics (FAR and FRR)

The main ones for evaluating any biometric system are two parameters:

FAR (False Acceptance Rate)- false pass coefficient, i.e. the percentage of situations when the system allows access to a user who is not registered in the system.

FRR (False Rejection Rate)   - false rejection rate, i.e. denial of access to the real user of the system.

Both characteristics are obtained by calculation based on the methods of mathematical statistics. The lower these indicators, the more accurate the recognition of the object.

For the most popular methods of biometric identification today, the average values \u200b\u200bof FAR and FRR are as follows:

But to build an effective access control system, FAR and FRR are not excellent enough. For example, it is difficult to imagine ACSs based on DNA analysis, although with this authentication method, these coefficients tend to zero. But the identification time is growing, the influence of the human factor is increasing, the cost of the system unreasonably increases.

Thus, for a qualitative analysis of the biometric access control system, it is necessary to use other data, which, sometimes, can only be obtained experimentally.

First of all, such data should include the possibility of falsifying biometric data for identification in the system and ways to increase the level of security.

Secondly, the stability of biometric factors: their immutability over time and independence from environmental conditions.

As a logical consequence, the authentication speed, the ability to quickly contactlessly capture biometric data for identification.

And, of course, the cost of implementing a biometric access control system based on the authentication method under consideration and the availability of components.

Comparison of biometric methods for resistance to data falsification

Biometric data fraud   in any case, this is a rather complicated process, often requiring special training and technical support. But if you can fake a fingerprint at home, then the successful falsification of the iris is not yet known. And for biometric authentication systems on the retina, creating a fake is simply impossible.

Comparison of biometric methods for strong authentication possible

Improving the security of the biometric system Access control, as a rule, is achieved by software and hardware methods. For example, the technology of the “live finger” for fingerprints, the analysis of involuntary shaking - for the eyes. To increase the security level, the biometric method can be one of the components of a multi-factor authentication system.

The inclusion of additional security tools in the hardware and software complex usually quite significantly increases its cost. However, for some methods, strong authentication based on standard components is possible: the use of several templates to identify the user (for example, fingerprints).

Comparison of authentication methods by the immutability of biometric characteristics

The constant biometric characteristics over time   The concept is also conditional: all biometric parameters can change due to a medical operation or an injury. But if the usual household cut, which can make it difficult to verify the user with a fingerprint, is a common situation, then an operation that changes the pattern of the iris is a rarity.

Comparison of sensitivity to external factors

The influence of environmental parameters on the performance of access control systemsdepends on the algorithms and work technologies implemented by the equipment manufacturer, and can vary significantly even within the framework of one biometric method. A striking example of such differences can serve as fingerprint readers, which are generally quite sensitive to the influence of external factors.

If we compare the other methods of biometric identification, the most sensitive will be 2D face recognition: here, the presence of glasses, a hat, a new hairstyle or an overgrown beard can become critical.

Systems using the retina authentication method require a rather rigid position of the eye relative to the scanner, immobility of the user and focusing of the eye itself.

User identification methods according to vein pattern and iris are relatively stable in operation if you do not try to use them in extreme working conditions (for example, contactless authentication at a great distance during "mushroom" rain).

Three-dimensional identification by the face is least sensitive to the influence of external factors. The only parameter that can affect the operation of such an ACS is excessive illumination.

Authentication Speed \u200b\u200bComparison

Authentication Rate depends on the time of data capture, the size of the template and the amount of resources allocated for its processing, and the main software algorithms used to implement a particular biometric method.

Contactless Authentication Comparison

Contactless authentication   gives a lot of advantages of using biometric methods in physical security systems at facilities with high sanitary and hygienic requirements (medicine, food industry, research institutes and laboratories). In addition, the ability to identify a remote object accelerates the verification procedure, which is important for large access control systems with high flow rate. And also, contactless identification can be used by law enforcement agencies for official purposes. That is why, but have not yet achieved sustainable results. Particularly effective methods that capture the biometric characteristics of the object at a great distance and during movement. With the spread of video surveillance, the implementation of such a principle of operation is becoming increasingly easier.

Comparison of biometric methods for the psychological comfort of the user

Psychological comfort of users- Also a fairly relevant indicator when choosing a security system. If in the case of two-dimensional face recognition or the iris - it happens unnoticed, then scanning the retina is a rather unpleasant process. And fingerprint identification, although it does not bring discomfort, can cause negative associations with forensic techniques.

Comparison of the cost of implementing biometric methods in access control systems

The cost of access control and accounting systems   Depending on the methods used, biometric identification is extremely different. However, the difference can be palpable within the same method, depending on the purpose of the system (functionality), production technologies, ways to increase protection against unauthorized access, etc.

Comparison of the availability of biometric identification methods in Russia

Identification-as-a-service

Identification as a Service in the market of biometric technologies is a fairly new concept, but promising a lot of obvious advantages: ease of use, time saving, security, convenience, versatility and scalability - like other systems based on Cloud storage and data processing.

First of all, Identification-as-a-service is of interest for large projects with a wide range of security tasks, in particular, for state and local law enforcement agencies, allowing the creation of innovative automated biometric identification systems that provide real-time identification of suspects and criminals.

Cloud Identification as the Technology of the Future

The development of biometric identification is parallel to the development of Cloud services. Modern technological solutions are aimed at integrating various segments into integrated solutions that satisfy all the needs of the client, and moreover, not only in ensuring physical security. So the combination of Cloud-services and biometrics as part of an ACS is a step that fully meets the spirit of the times and looks to the future.

What are the prospects for combining biometric technologies with cloud services?

The editors addressed this question to the largest Russian system integrator, the Technoserv company:

“To begin with, the intelligent integrated security systems that we demonstrate are, in fact, one of the options for the cloud. And the option from the movie: a person once walked past the camera and he was already entered into the system ... It will be. Over time, with an increase computing power, but will be.

   Now, for one identification in the stream, with guaranteed quality, you need at least eight computer cores: this is to digitize the image and quickly compare it with the database. Today it is technically possible, but impossible commercially - such a high cost is simply not commensurate. However, with an increase in capacities, we will come to the conclusion that they will still create a unified bio-identification base, "- replies Alexander Abramov, director of the department of multimedia and situational centers of the Technoserv company.

Identification as a Morpho Cloud Service

The adoption of Cloud Services as a convenient and secure solution is evidenced by the first deployment of an automated biometric identification system for government law enforcement in a commercial cloud that ended in September 2016 with goals: MorphoTrak, a subsidiary of Safran Identity & Security, and the Albuquerque Police Department successfully deployed MorphoBIS in Cloud MorphoCloud. Police officers have already noted a significant increase in processing speed, as well as the possibility of recognizing prints of much worse quality.

The service developed by MorphoTrak) is based on Microsoft Azure Government   and includes several biometric identification mechanisms: fingerprint biometrics, biometrics of the face and iris. In addition, recognition of tattoos, voice, services (VSaaS) is possible.

The cybersecurity of the system is partly guaranteed by hosting the Criminal Justice Information Services (CJIS) on the government's criminal justice server, and partly by the combined security experience of Morpho and Microsoft.

“We designed our solution to help law enforcement save time and increase efficiency. Security is a key element, of course. We wanted the cloud solution to comply with CJIS’s tight security policies and found Microsoft to be the ideal partner to ensure tight criminal control and national security data, within the geographically distributed environment of data centers. "   says Frank Barrett, director of Cloud Services at MorphoTrak, LLC.

As a result, Morpho Cloud is an outstanding example. outsourced identity management, which can ensure the effectiveness and cost-effectiveness of improvements in law enforcement security systems. Identification as a service provides benefits not available to most institutions. For example, geo-distributed disaster recovery is generally not feasible in terms of the high cost of the project, and increasing security in this way is only possible due to the scale of Microsoft Azure and Morpho Cloud.

Biometric authentication on mobile devices

Fingerprint Authentication on Mobile

Research by Biometrics Research Group, Inc. devoted to the analysis and forecast of the development of the biometric authentication market in mobile devices. The study is sponsored by leading manufacturers of the biometrics market. Cognitec, VoicePIN, and Applied Recognition.

Mobile biometrics market in numbers

According to the study, the volume of the mobile biometrics segment is estimated at $ 9 billion by 2018 and $ 45 billion by 2020 around the world. Moreover, the use of biometric characteristics for authentication will be used not only for unlocking mobile devices, but also for organizing multi-factor authentication and instant confirmation of electronic payments.

The development of the mobile biometrics market segment is associated with the active use of smartphones with pre-installed sensors. It is noted that by the end of 2015, at least 650 million people will use mobile devices with biometrics. The number of mobile users with biometric sensors is projected to grow by 20.1% per year and by 2020 will be at least 2 billion people.

Material of the special project "Keyless"

The keyless special project is an accumulator of information about access control systems, convergent access and personalization of cards

Annotation.

The article provides the basic biometric parameters. Identification methods that are widely used in Russia are considered. Biometric identification can solve the problem of combining all existing user passwords to one and apply it everywhere. The process of extracting fingerprint properties begins with an assessment of image quality: the orientation of the grooves is calculated, which in each pixel reflects the direction of the groove. Face recognition is the most acceptable biometric identification method in society. Identification of the person by the iris consists of obtaining an image on which the iris is localized and its code is compiled. As the two main characteristics of any biometric system, errors of the first and second kind can be used. Identification based on the pattern of the iris is one of the most reliable biometric methods. The non-contact method of obtaining data indicates ease of use and possible implementation in various fields.

Keywords:    biometric parameters, personal identification, fingerprints, face recognition, iris, biometric identification, algorithm, databases, biometric methods, password

10.7256/2306-4196.2013.2.8300

Date of referral to the editor:

24-05-2013

Review Date:

25-05-2013

Publication Date:

1-4-2013

Abstract

The article lists the main biometric parameters. The author reviews methods of identification that are used widely in Russia. Biometric identification helps to solve the problem of unification of all existing user passwords to one and apply it across the board. The process of extracting fingerprint features begins with an assessment of image quality is calculated orientation grooves which each pixel represents the direction of the grooves. Face Detection is the most acceptable method of biometric identification in society. Identification of the iris consists of image acquisition with localization of an iris and then forming a code of the iris. As the two main characteristics of any biometric system it is possible to use Type I and Type II errors. Identification based on the iris pattern of the eye is one of the most reliable biometric methods. Contactless method of obtaining data in this case suggests simplicity of use of this method in various areas.

Keywords:

Biometric identification, iris, face recognition, fingerprints, personal identification, biometrics, algorithm, database, biometric methods, password

Introduction

People in modern society are increasingly in need of personal security and the safety of their actions. For each of us, reliable authorization becomes a necessary attribute of everyday life: the widespread use of bank cards, email services, various transactions and the use of services - all this requires identification of a person. Already today we are forced to enter dozens of passwords, have a token or other identifying marker with us. In such a situation, the question arises sharply: "Is it possible to reduce all existing passwords to one and apply it everywhere without fear of theft or substitution?"

Biometric parameters

Biometric identification is able to solve this problem. Recognition of a person by biometric data is an automated method of identification based on physiological (they are physical characteristics and are measured at certain points in time) and behavioral (represent a sequence of actions and occur over a period of time) traits. Table 1 lists the main ones.

Table 1

Biometric parameters

Often applied		Rarely used
Physiological	Behavioral	Physiological	Behavioral
1. Fingerprints	1. Signature	1. The retina	1. Key handwriting
			2. Gait
3. Iris		3. The shape of the ears
4. Hand geometry
		5. Reflection from the skin
		6. Thermogram

Let us dwell on three common in Russia.

Fingerprints

Fingerprints (Fig. 1 a) are small grooves on the inner surface of the palm and foot of a person. The forensic examination is based on the assumption that there are no two identical fingerprints belonging to different people.

To compare fingerprints, experts use many details of papillary patterns that have the following features: the end of the groove, bifurcation of the groove, an independent groove, a lake, a branch, a cross, and others. Automatic comparison methods work in a similar way. The process of extracting fingerprint properties begins with an assessment of image quality: the orientation of the grooves is calculated, which in each pixel reflects the direction of the groove. Then there is a segmentation of grooves and localization of parts with subsequent recognition.

Face geometry

The task of face recognition has been going hand in hand with a person since time immemorial. A passport equipped with a photograph has become the ubiquitous and main document proving the identity of a person. This is the most acceptable biometric identification method in society. The ease of recording this biometric feature made it possible to compile large databases: photographs in law enforcement agencies, video surveillance cameras, social networks and so on.

The source of the image can be: digitizing documents; surveillance cameras; three-dimensional images; infrared images.

The face is localized on the resulting image (Fig. 1 b), then one of two methods is applied: the appearance of the face and the geometry of the face. Preferred is a method based on the analysis of the geometry of the face, the recognition history of which has a thirty-year history.

Iris

The iris is the colored part of the eye between the sclera and the pupil. It is, like fingerprints, a phenotypic feature of a person and develops during the first months of pregnancy.

The idea of \u200b\u200bidentifying a person by the iris of the eye was proposed by ophthalmologists as early as 1936. Later, the idea was reflected in some films. For example, in 1984 a James Bond movie, Never Say Never, was shot. It was only in 1994 that the first automated iris recognition algorithm appeared, developed by mathematician John Daugman. The algorithm has been patented and still underlies iris recognition systems.

A device for capturing an image of the eye, which will be user-friendly and invisible, is one of the problems. Indeed, at the same time, it should read the iris pattern regardless of the lighting conditions. There are several approaches. The first one is based on the search for the face and eyes, then the other camera with a magnifying lens receives a high-quality image of the iris. The second one requires that the human eye be inside a certain observation area of \u200b\u200bone camera.

On the image obtained, the iris is localized and its code is compiled (Fig. 1 c). Daugman used a two-dimensional Gabor filter. Additionally, a mask is created where the image is noisy (eyelash and eyelid overlays), which is superimposed on the source code of the iris. For identification, the Hamming distance (bit difference between two iris patterns) is calculated, which will be the smallest for identical irises.

Figure 1. Examples of biometric parameters

Statistical Characteristics

As the two main characteristics of any biometric system, errors of the first and second kind can be used. In the field of biometrics, the most well-established concepts are FAR (False Acceptance Rate) and FRR (False Rejection Rate). FAR characterizes the probability of a false coincidence of the biometric characteristics of two people. FRR - the probability of denial of access to an authorized person.

Table 2 shows the average for various biometric systems

table 2

Characteristics of biometric systems

It should be noted that these indicators vary depending on the biometric databases used and the algorithms used, but their qualitative ratio remains approximately the same. Analyzing these data, we can conclude that identification based on the pattern of the iris is one of the most reliable biometric methods. A non-contact way of obtaining data indicates ease of use and possible implementation in various fields.

Modern science does not stand still. More and more often, high-quality protection is required for devices so that someone who accidentally takes possession of them cannot take full advantage of the information. In addition, methods of protecting information from being used not only in everyday life.

In addition to entering passwords in digital form, more individualized biometric security systems are also used.

What it is?

Previously, such a system was used only in limited cases, to protect the most important strategic objects.

Then, after September 11, 2011, they came to the conclusion that such and access can be applied not only in these areas, but also in other areas.

Thus, human identification techniques have become indispensable in a number of methods to combat fraud and terrorism, as well as in such areas as:

Biometric access systems to communication technologies, network and computer bases;

Database;

Access control to information storages, etc.

Each person has a set of characteristics that do not change over time, or those that can be modified, but at the same time belong only to a specific person. In this regard, the following parameters of biometric systems that are used in these technologies can be distinguished:

Static - fingerprints, photographing the auricles, scanning the retina and others.

In the future, biometrics technologies will replace conventional methods for authenticating a person with a passport, since embedded chips, cards, and similar innovations in scientific technologies will be introduced not only in this document, but also in others.

A small digression about personality recognition methods:

- Identification   - one to many; the sample is compared with all available for certain parameters.

- Authentication   - one to one; the sample is compared with previously obtained material. In this case, the person may be known, the obtained data of the person are compared with the sample of the parameter of this person in the database;

How biometric security systems work

In order to create a base for a specific person, it is necessary to consider his biological individual parameters as a special device.

The system remembers the resulting sample biometric characteristics (recording process). In this case, it may be necessary to make several samples to draw up a more accurate control value of the parameter. Information that is received by the system is converted to mathematical code.

In addition to creating a sample, the system may request that additional steps be taken to combine a personal identifier (PIN or smart card) and a biometric sample. Further, when scanning for compliance, the system compares the data obtained, comparing the mathematical code with the already recorded ones. If they match, that means the authentication was successful.

Possible mistakes

The system may generate errors, in contrast to recognition by passwords or electronic keys. In this case, the following types of issuing incorrect information are distinguished:

Type 1 error: false access rate (FAR) - one person can be mistaken for another;

Type 2 error: false access denial ratio (FRR) - a person is not recognized in the system.

In order to exclude, for example, errors of this level, the intersection of the FAR and FRR indicators is necessary. However, this is impossible, since for this it would be necessary to carry out the identification of a person by DNA.

Fingerprints

At the moment, the best known method of biometrics. Upon receipt of a passport, modern citizens of Russia undergo mandatory fingerprinting to enter them in a personal card.

This method is based on the uniqueness of the fingers and has been used for quite a long time, starting with forensics (fingerprinting). By scanning fingers, the system translates the sample into a kind of code, which is then compared with the existing identifier.

As a rule, information processing algorithms use the individual arrangement of certain points that contain fingerprints - branches, the end of the pattern line, etc. The time it takes to translate the image into code and produce the result is usually about 1 second.

Equipment, including software for it, is currently being produced in a complex and are relatively inexpensive.

Errors when scanning fingers of a hand (or both hands) occur quite often if:

Unusual moisture or dry fingers present.

Hands are treated with chemical elements that make identification difficult.

There are microcracks or scratches.

There is a large and continuous flow of information. For example, this is possible at an enterprise where access to the workplace is carried out using a fingerprint. Since the flow of people is significant, the system may fail.

The most famous companies that are engaged in fingerprint recognition systems: Bayometric Inc., SecuGen. In Russia, they are working on this: Sonda, BioLink, SmartLock, etc.

Eye iris

The sheath pattern is formed at 36 weeks of fetal development, is established by two months and does not change throughout life. Biometric identification systems for the iris are not only the most accurate among others in this series, but also one of the most expensive.

The advantage of the method is that scanning, that is, capturing an image, can occur both at a distance of 10 cm and at a 10-meter distance.

When fixing the image, data on the location of certain points on the iris of the eye is transmitted to a computer, which then provides information about the possibility of admission. The processing speed of information about the human iris is about 500 ms.

At present, this recognition system in the biometric market occupies no more than 9% of the total number of such identification methods. At the same time, the market share of fingerprint technology is more than 50%.

Scanners that allow you to capture and process the iris of the eye have a rather complicated design and software, and therefore, such devices have a high price. In addition, Iridian was originally a monopolist in the production of human recognition systems. Then other large companies began to enter the market, which were already engaged in the production of components of various devices.

Thus, at the moment in Russia there are the following companies that form human recognition systems by the iris of the eye: AOptix, SRI International. However, these firms do not provide indicators for the number of errors of the 1st and 2nd kind, therefore, it is not a fact that the system is not protected from fakes.

Face geometry

There are biometric security systems associated with facial recognition in 2D and 3D modes. In general, it is believed that the facial features of each person are unique and do not change throughout life. Such characteristics as the distances between certain points, shape, etc. remain unchanged.

2D mode is a static way of identification. When fixing the image, it is necessary that the person did not move. The background, the presence of a mustache, beard, bright light and other factors that prevent the system from recognizing a face are also important. This means that with any inaccuracies, the result will be incorrect.

At the moment, this method is not particularly popular because of its low accuracy and is used only in multimodal (cross) biometry, which is a combination of methods for recognizing a person by face and voice at the same time. Biometric security systems can include other modules - for DNA, fingerprints and others. In addition, the cross-sectional method does not require contact with a person who needs to be identified, which allows people to be recognized by photo and voice recorded on technical devices.

The 3D method has completely different input parameters, so you cannot compare it with 2D technology. When recording an image, a face in dynamics is used. The system, fixing each image, creates a 3D model with which the obtained data are then compared.

In this case, a special grid is used, which is projected onto the person’s face. Biometric security systems, making several frames per second, process the image with the software included in them. At the first stage of creating the image, the software discards inappropriate images where the face is poorly visible or secondary objects are present.

Then the program determines and ignores excess items (glasses, hairstyle, etc.). Anthropometric features of the face are highlighted and remembered, generating a unique code that is recorded in a special data warehouse. Image capture time is about 2 seconds.

However, despite the advantage of the 3D method over the 2D method, any significant interference on the face or changes in facial expressions degrade the statistical reliability of this technology.

Today, biometric facial recognition technologies are used along with the most well-known methods described above, accounting for approximately 20% of the entire biometric technology market.

Companies that are engaged in the development and implementation of facial identification technology: Geometrix, Inc., Bioscrypt, Cognitec Systems GmbH. In Russia, the following companies are working on this issue: Artec Group, Vocord (2D method) and other, smaller manufacturers.

Veins of the palm

About 10-15 years ago, a new biometric identification technology came in - recognition by hand veins. This became possible due to the fact that the hemoglobin in the blood intensively absorbs infrared radiation.

A special IR camera photographs the palm of your hand, as a result of which a network of veins appears on the picture. This image is processed by the software, and the result is displayed.

The location of the veins on the arm is comparable to the features of the iris - their lines and structure do not change with time. The reliability of this method can also be correlated with the results obtained by identification using the iris.

It is not necessary to contact the reader to capture the image, however, using this real method requires certain conditions to be met, under which the result will be most accurate: it is impossible to get it if, for example, you take a photograph of your hand in the street. Also, the camera cannot be illuminated during scanning. The end result will be inaccurate if there are age-related diseases.

The distribution of the method on the market is only about 5%, however, it is shown great interest from large companies that have already developed biometric technologies: TDSi, Veid Pte. Ltd., Hitachi VeinID.

Retina

Scanning the pattern of capillaries on the surface of the retina is considered the most reliable method of identification. It combines the best characteristics of biometric technologies for recognizing a person by the iris and veins of the hand.

The only moment when the method can give inaccurate results is cataract. Basically, the retina has an unchanged structure throughout life.

The disadvantage of this system is that the retina is scanned when the person is not moving. The technology, complex in its application, provides a long time for processing the results.

Due to the high cost, the biometric system is not widespread, however, it gives the most accurate results of all the human features scanning methods offered on the market.

Hands

Previously, a popular method of identification by hand geometry is becoming less applicable, as it gives the lowest results compared to other methods. When scanning fingers are photographed, their length, the relationship between the nodes and other individual parameters are determined.

Ear shape

Experts say that all existing methods of identification are not as accurate as recognizing a person by. However, there is a way to determine a person by DNA, but in this case there is close contact with people, therefore it is considered unethical.

Researcher Mark Nixon from Great Britain claims that methods of this level are the next generation biometric systems, they give the most accurate results. Unlike the retina, iris or fingers, on which extraneous parameters that make identification more likely to appear, this does not happen on the ears. Formed in childhood, the ear only grows, without changing in its main points.

The inventor called the method of identifying a person by the organ of hearing “radiation image conversion”. This technology provides for the capture of images by rays of different colors, which then translates into mathematical code.

However, according to the scientist, his method also has negative aspects. For example, obtaining a clear image may be prevented by hair that covers the ears, the mistakenly chosen angle and other inaccuracies.

Ear scanning technology does not replace such a well-known and familiar identification method as fingerprints, but can be used along with it.

It is believed that this will increase the reliability of recognition of people. Especially important is the combination of various methods (multimodal) in the capture of criminals, the scientist believes. As a result of experiments and research, they hope to create software that will be used in court to uniquely identify perpetrators from an image.

Human voice

Identification can be carried out both locally and remotely using voice recognition technology.

When talking, for example, by phone, the system compares this parameter with those available in the database and finds similar samples in percentage terms. Full coincidence means that the identity is established, that is, identification by voice has occurred.

In order to access something in a traditional way, it is necessary to answer certain questions that ensure security. This is a digital code, mother's maiden name and other text passwords.

Modern research in this area shows that this information is quite easy to get hold of, so identification methods such as voice biometry can be used. At the same time, it is not knowledge of codes that is subject to verification, but a person’s personality.

To do this, the client needs to say a passphrase or start talking. The system recognizes the caller’s voice and verifies that the person belongs to that person — whether he is who he claims to be.

Biometric information protection systems of this type do not require expensive equipment, this is their advantage. In addition, to conduct a voice scan, the system does not need to have special knowledge, since the device independently produces a result of the type "true - false".

Handwriting

Identification of a person by the way of writing letters takes place in almost any area of \u200b\u200blife where it is necessary to put a signature. This happens, for example, in a bank, when a specialist compares the sample generated when opening an account with the signatures affixed at the next visit.

The accuracy of this method is not high, since identification does not occur with the help of a mathematical code, as in the previous ones, but with a simple comparison. There is a high level of subjective perception. In addition, handwriting changes greatly with age, which often makes recognition difficult.

In this case, it is better to use automatic systems that will allow you to determine not only visible matches, but also other distinguishing features of the spelling of words, such as slope, distance between points, and other characteristic features.

Mikhailov Alexey Alekseevich
  Head of Division, PKU Research Center "Protection" of the Ministry of Internal Affairs of Russia, Lieutenant Colonel of Police,

Koloskov Alexey Anatolyevich
  Senior Researcher, PKU Research Center “Protection” of the Ministry of Internal Affairs of Russia, Lieutenant Colonel,

Dronov Yuri Ivanovich
  Senior Researcher, PKU Research Center “Protection”, Ministry of Internal Affairs of Russia

INTRODUCTION

Currently, there is a rapid development of biometric control and access systems (hereinafter referred to as biometrics) both abroad and in Russia. Indeed, the use of biometrics for security purposes is extremely attractive. Any key, tablet - TouchMemory, Proxy-card or other material identifier can be stolen, made a duplicate and thus gain access to the object of protection.

A digital PIN code (entered by a person using the keyboard) can be fixed using a banal video camera, and then there is the possibility of blackmailing a person or threatening physical impact on him in order to obtain the code value. It is rare that one of the readers, either from their own experience or from the experience of their acquaintances, has encountered this method of fraud. There is even a term that denotes this method of withdrawing honestly earned money from citizens - skimming (skim for skim).

It is impossible to steal or obtain a biometric identifier through blackmail, which makes it very attractive in the future for security and access. True, you can try to create an imitator of a biological trait of a person, but here the biometric system should fully manifest itself and reject the fake.

The issue of “circumvention” of biometric systems is a big and separate topic, and within the framework of this article we will not touch on it, and creating an imitator of a human biological trait is not an easy task.

It is especially gratifying to note the active development of this area of \u200b\u200bsecurity equipment in Russia. For example, the “Russian Society for the Promotion of the Development of Biometric Technologies, Systems and Communications” has existed since 2002.

There is also a technical committee for standardization TC 098 “Biometry and Biomonitoring”, which works quite fruitfully (more than 30 GOSTs have been issued, see: http://www.rusbiometrics.com/), but we, as users, are most interested in GOST R ISO / IEC19795-1-2007 “Automatic identification. Biometric identification. Performance tests and test reports in biometrics. Part 1. Principles and structure. "

TERMS AND DEFINITIONS

In order to understand what they write about in normative documents, it is necessary to define in terms and definitions. Most often, according to their physical principle, they write about the same thing, but they call it completely differently. So, about the most significant parameters in biometrics:

VERIFICATION (verification) is a process in which a user-submitted sample is compared with a template registered in the database (GOST R ISO / IEC19795-1-2007). It is important here that one sample is compared with one template (one-to-one comparison with a biometric template), so any biometric system will have better indicators for verification compared to identification.

IDENTIFICATION (identification) is the process by which a search is carried out in the registration database and a list of candidates containing from zero to one or more identifiers is provided (GOST R ISO / IEC19795-1-2007). It is crucial here that one sample is compared with many patterns (one-to-many comparison), and the system error increases many times. Identification is becoming the most critical parameter for biometric systems based on the recognition of characteristic features of a person's face. For a car, people's faces are almost identical.

FAR (False Acceptance Rate) - the probability of unauthorized tolerance (error of the first kind), expressed as a percentage of the number of tolerances by the system of unauthorized persons (meaning verification). Probabilistic parameters are expressed either in absolute values \u200b\u200b(10-5), for the FAR parameter this means that 1 person out of 100 thousand will be unauthorized, this percentage will be (0.001%).

VLD - probability of false tolerance (FAR), (GOST R ISO / IEC19795-1-2007).

FRR (False Rejection Rate) - the probability of false detention (a mistake of the second kind), expressed as a percentage of the number of refusals of admission by the system of authorized persons (meaning verification).

VLND - probability of false underrun (FRR), (GOST R ISO / IEC19795-1-2007).

FMR (False Match Rate) - the probability of a false coincidence of parameters. Somewhere we already read it, see FAR, but in this case one sample is compared with many templates stored in the database, i.e. identification takes place.

VLAN - the probability of false coincidence (FMR), (GOST R ISO / IEC19795-1-2007).

FNMR (False Non-Match Rate) - the probability of false mismatch of parameters, in this case one sample is compared with many templates stored in the database, i.e. identification takes place.

VLNS - the probability of false mismatch (FNMR), (GOST R ISO / IEC19795-1-2007).

Parameters (like the others listed above) are interconnected (Fig. 1). Changing the threshold of FAR and FRR - “sensitivity” of the biometric system, we simultaneously change them, choosing the desired ratio. Indeed, it is possible to set up a biometric system in such a way that it is more likely to skip registered users, but it will also pass unregistered users with a high probability. Therefore, these parameters should be indicated simultaneously for the biometric system.

Fig. 1. FAR and FRR Charts

If only one parameter is specified, then you, as a user, should be alerted, since in this way it is very easy to overestimate the parameters in comparison with a competitor. Exaggerating, we can say that the lowest FAR coefficient will be a non-working system, certainly it will not allow anyone unauthorized.

A more or less objective parameter of a biometric system is the EER coefficient.

The EER coefficient (equal error rate) is the coefficient at which both errors (reception error and rejection error) are equivalent. The lower the EER, the higher the accuracy of the biometric system.

A similar graph is constructed for the FMR and FNMR parameters (Fig. 2). Please note that this graph should always be linked to the database size (usually numbers are selected in increments of 100, 1000, 10000 patterns, etc.).

Fig. 2. FMR and FNMR graphs

COO - curve compromise determination of error (Eng. DET - detection error trade-off curve; DET curve). A modified performance curve, the axes of which are the error probabilities (false positive on the X axis and false negative on the Y axis) (GOST R ISO / IEC19795-1-2007).

The COO curve (DET) is used to plot the probabilities of comparison errors (VLNS (FNMR) versus VLS (FMR)), decision error probabilities (VLND (FRR) versus VLD (FAR)) (Fig. 3-4) and identification probabilities on an open set (VLOI depending on VLPI), (GOST R ISO / IEC19795-1-2007).

Fig. 3. DET schedule

Fig. 4. Example of KOO curves (GOST R ISO / IEC19795-1-2007)

The graphs depicting the performance of biometric systems are quite numerous, sometimes it seems that their purpose is to confuse a gullible user. There are also PX curves of the operating characteristic (ROC - receiver operating characteristic curve) (Fig. 5-6), and, of course, you understand that these are far from the last curves and dependencies that exist in biometrics, but for the sake of clarity we will not dwell on them.

Fig. 5. An example of a set of curves PX (GOST R ISO / IEC19795-1-2007)

Fig. 6. Example ROC curve

PX curves (ROC) are independent of the threshold, which allows a comparison of the operational characteristics of various biometric systems used in similar conditions, or of a single biometric system used in different environmental conditions.

PX curves (ROC) are used to depict the performance of the comparison algorithm (1 - VLNS depending on the VLAN), (1 - FNMR depending on the FMR), operational characteristics of biometric verification systems (1 - VLD depending on the VLD), (1 - FRR depending on FAR), as well as the operational characteristics of biometric identification systems on an open set (the probability of identification depending on the VLPI).

Note: VLPI - probability of false positive identification (English FPIR - false-positive identification-error rate), i.e. the share of identification transactions of unregistered users in the system, as a result of which the identifier is returned (GOST R ISO / IEC19795-1-2007).

1) The parameters FAR (VLD), FRR (VLND) and FMR (VLS) FNMR (VLRS) it makes sense to consider only in aggregate.

2) The lower the EER coefficient, the higher the accuracy of the biometric system.

3) A good tone for a biometric system is the availability of DET (COO) and ROC (PX) graphs.

BOUNDARIES OF FAR AND FRR PARAMETERS OF BIOMETRIC SYSTEMS

Now let's estimate what parameters FAR and FRR should be in biometric systems. Let us look for an analogy to the requirements for a digital code set. According to GOST, the number of significant decimal digits must be at least 6, i.e. range 0-999999, or 107 code options. Then the probability of FAR is 10-7, and the probability of FRR is determined by the operability of the system, i.e. tends to zero.

ATMs use a 4-bit decimal code (which does not comply with GOST), and then the FAR will be 10-5. Take FAR \u003d 10-5 for the determining parameter. What value can be taken as acceptable for FRR? It depends on the tasks of the biometric system, but the lower limit should be in the range of 10-2, i.e. you, as a legal user, the system will not allow only once in a hundred attempts. For systems with high throughput, for example, a factory checkpoint, this value should be 10-3, otherwise the purpose of biometrics is not clear if we did not get rid of the “human” factor.

Many biometric systems claim similar and even an order of magnitude better characteristics, but since our values \u200b\u200bare probabilistic, it is necessary to indicate the confidence interval of this value. From this moment, biometric manufacturers prefer not to go into details and not to specify this parameter.

If the calculation procedure, experimental design, and confidence interval are not specified, then the default is the action of the “thirty” rule, which was put forward by J. F. Poter in his work “On the 30 error criterion)) (1997).

This is also evidenced by GOST R ISO / IEC19795-1-2007. The Rule of Thirty states that in order for the true probability of error to be within the range of ± 30% of the established probability of error with a confidence level of 90%, at least 30 errors must be recorded. For example, if 30 false mismatch errors were obtained in 3,000 independent trials, it can be stated with a 90% confidence that the true probability of error is in the range from 0.7% to 1.3%. The rule follows directly from the binomial distribution in independent trials and can be applied taking into account the expected performance to perform the assessment.

After this, a logical conclusion follows: to get a false access value of 10-5, you need to conduct 3x106 experiments, which is almost impossible to carry out physically with real testing of the biometric system. Here vague doubts begin to torment us.

It is hoped that such testing was carried out in the laboratory by comparing patterns of input biometric features with patterns of the database system. Laboratory tests make it possible to correctly assess the reliability of the embedded data processing algorithms, but not the actual operation of the system. Laboratory tests exclude such effects on the biometric system as electromagnetic interference (relevant for all biometric systems), dusting or contamination of contact or remote reading devices of the biometric parameter, real human behavior when interacting with biometric devices, lack or excess of lighting, periodic illumination etc., yes you never know what else can affect such a complex system as a biometrics system. If a person could foresee all negatively acting factors in advance, then it would be possible not to conduct full-scale tests.

From experience with other security systems, we can argue that even the operation of the security system for 45 days does not reveal the majority of hidden problems, and only trial operation for 1-1.5 years allows them to be eliminated. The developers even have a term - "childhood diseases." Any system should be ill with them.

Thus, in addition to laboratory tests, it is necessary to conduct full-scale tests, naturally, estimates of confidence intervals with a smaller number of experiments should be evaluated using other methods.

We turn to the textbook E.S. Wentzel, “Theory of Probabilities” (Moscow: “Nauka”, 1969. P. 334), which states if the probability P is very large or very small (which undoubtedly corresponds to the actual results of measuring probabilities for biometric systems), the confidence interval is built on the basis of not from the approximate, but from the exact law of the frequency distribution. It is easy to verify that this is a binomial distribution. Indeed, the number of occurrences of event A in n-experiments is distributed according to the binomial law: the probability that event A appears exactly m times is equal to

and the frequency p * is nothing but the number of occurrences of the event divided by the number of experiments.

This work gives a graphical dependence of the confidence interval on the number of experiments (Fig. 7) for a confidence probability of b \u003d 0.9.

Fig. 7. Graphic dependence of the confidence interval on the number of experiments

Consider an example. We conducted 100 field experiments, of which we obtained the probability of an event equal to 0.7. Then, on the abscissa axis, we postpone the frequency value p * \u003d 0.7, draw a straight line through this point parallel to the ordinate axis, and mark the points of intersection of the straight line with a pair of curves corresponding to a given number of experiments n \u003d 100; the projections of these points on the ordinate axis and give the boundaries p1 \u003d 0.63, p2 \u003d 0.77 confidence interval.

For those cases when the accuracy of constructing the graphical method is insufficient, one can use fairly detailed tabular dependencies (Fig. 8) of the confidence interval given in the work of I.V. Dunin-Barkovsky and N.V. Smirnova, “Probability Theory and Mathematical Statistics in Engineering” (Moscow: State Publishing House of Technical and Theoretical Literature, 1955). In this table, x-numerator, n-denominator of frequency. Probabilities multiplied by 1000.

Consider an example. We conducted 204 field experiments, of which the event occurred 4 times. The probability is P \u003d 4/204 \u003d 0.0196, the boundaries of the confidence interval are p1 \u003d 0.049, p2 \u003d 0.005.

Theoretically, it is understood that the parameters stated in the documentation should be confirmed by certificates. However, in almost all areas of life, Russia has a voluntary certification institute, therefore it is certified for those requirements for which they want or can receive a certificate.

We take the first certificate for a biometric system that comes across and we see 6 GOST items, of which none contain the parameters listed above. Thank God that they even relate to security equipment and safety standards. This is not the worst option, had to meet the receivers and transmitters of radio data transmission systems (RSPI), certified as electric cars.

Fig. 8. A fragment of the tabular dependence of the confidence interval on the number of experiments for a confidence probability of b \u003d 0.95

MOST IMPORTANT OF THE LIST

1) The FAR (VLD) parameters must be at least 10-5, and the FRR (VLD) must be in the range 10 "2-10" 3.

2) Do not unconditionally trust the probabilistic parameters specified in the documentation, they can be taken only as a guide.

3) In addition to laboratory tests, it is necessary to conduct field tests of biometric systems.

4) It is necessary to try to get as much information as possible from the developer, manufacturer, seller about the real biometric parameters of the system and the method of obtaining them.

5) Do not be lazy to decipher which GOST (s) and GOST (s) points the biometric system is certified.

In continuation of the topic we started on real biometric identification systems, we propose to talk in the article “Basic biometric systems”.

LITERATURE

1. http://www.1zagran.ru
2. http://fingerprint.com.ua/
3. http://habrahabr.ru/post/174397/
4. http://sonda.ru/
5. http://eyelock.com/index.php/ products / hbox
6. http://www.bmk.spb.ru/
7. http://www.avtelcom.ru/
8. http://www.nec.com/en/global/ solutions / security / products / hybrid_finger.html
9. http://www.ria-stk.ru/mi "World of measurements" 3/2014
10. http://www.biometria.sk/ru/ principles-of-biometrics.html
11. http://www.biometrics.ru
12. http://www.guardinfo.ru/firstPhysical Protection System (PPS) of nuclear materials and nuclear hazardous facilities "
13. http://cbsrus.ru/
14. http: www.speechpro.ru
15. Poter J F. On the 30 error criterion. 1997.
16. GOST R ISO / IEC19795-1-2007. Authentication Biometric identification. Performance tests and test reports in biometrics. Part 1. Principles and structure.
17. Ball R.M., Connel J.H., Ratha N.K., Senior E.U. Guide to biometrics. M .: CJSC RIC Technosphere, 2006.
18. Simonchik K.K., Belevitin D.O., Matveev Yu.N., Dyrmovsky D.V. Access to Internet banking based on bimodal biometrics // World of Measurements. 2014. No. 3.
19. 19. Dunin-Barkovsky I.V., Smirnov N.V. Probability theory and mathematical statistics in engineering. M .: State publishing house of technical and theoretical literature, 1955.